Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit infection no internet conection


  • This topic is locked This topic is locked
23 replies to this topic

#1 warpie_7

warpie_7

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 23 March 2012 - 10:31 PM

My computer got a rootkit ZeroAccess and after running combofix I was not able to have access to internet.
It seems that tcp/ip stacks are still corrupted by ZeroAccess



here is the log created by DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by uids7279 at 17:45:56 on 2012-03-23
Microsoft Windows XP Professional 5.1.2600.3.1252.52.1033.18.2999.2213 [GMT -6:00]
.
FW: McAfee Host Intrusion Prevention Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\dsclient\1\STacSV.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\LANDesk\Shared Files\rainstall.exe
C:\Program Files\DCC Tools\CDA 6\CDASync\CDASync.exe
D:\Tool\Common\EASYCODE\EasyCODE License Server\LicenseServer.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6u26\bin\jqs.exe
C:\Program Files\Kickoff Service\KickoffService.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Lotus\Notes85\nsd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Lotus\Notes85\ntmulti.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\erl5.8.4\erts-5.8.4\bin\erlsrv.exe
C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs
C:\WINDOWS\DSClient\CMI\Bin\CMI.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\System32\accelerometerST.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
D:\tool\common\sti\bin\pc-win32\trackback.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\McAfee\VirusScan Enterprise\SCAN32.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\erl5.8.4\erts-5.8.4\bin\erl.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://c-inside.conti.de/generator/c-inside/Surf_Regions/en_US/regions_locations/na_sa/03_mexico/020_guadalajara/ov_main_en.html
uInternet Settings,ProxyServer = proxy1.an.us.conti.de:81
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120211191729.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6u26\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6u26\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [TrackBack] "d:\tool\common\sti\bin\pc-win32\trackback.exe"
uRun: [CANoe] "c:\program files\vector canoe 7.6\exec32\CANoe32.exe" -quickstart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [FreePDF Assistant] c:\program files\freepdf_xp\fpassist.exe
mRun: [DSInfoTool] c:\windows\dsclient\dsinfo\dsinfo.exe c:\windows\dsclient\dsinfo\ds.bgi /taskbar /accepteula
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\accelerometerST.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
mPolicies-explorer: NoPublishingWizard = 1 (0x1)
mPolicies-explorer: NoWebServices = 1 (0x1)
mPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)
mPolicies-system: MaxGPOScriptWait = 180 (0xb4)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: catscout.de
Trusted Zone: conti.de
Trusted Zone: contiwan.com
Trusted Zone: wallmedien-mall.com\muc
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxp://quickr.acme.com/qp2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} - hxxp://abhe335a.cw01.contiwan.com:8080/vminet_images/vmi660ie.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {E24A0015-C73F-4B57-B8DF-5EB84D2E9685} - msiexec /fup {E24A0015-C73F-4B57-B8DF-5EB84D2E9685} /qb-!
mASetup: {F60A10AE-E00A-4055-B3B8-EB2AC26A723B} - msiexec /fup {F60A10AE-E00A-4055-B3B8-EB2AC26A723B} /qb-!
mASetup: BackupLotusNotesFilesB02 - wscript.exe "c:\program files\lotus\notes85\lnuser\backupLotusNotes.vbs"
mASetup: OF0001030 - msiexec /fup {5969A237-6470-406A-84AF-68F5681022EB}
mASetup: OF0001068 - reg add "HKCU\Software\Microsoft\Office\Common\Offline\Options" /v "Local" /d 0 /t REG_DWORD /f
mASetup: OF0001099 - reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Excel\Options" /v "UndoHistory" /d 16 /t REG_DWORD /f
mASetup: SY0000483 - regedit.exe /s "c:\temp\HKCU_SY0000483.reg"
mASetup: SY0000484 - regedit.exe /s "c:\temp\HKCU_SY0000484.reg"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\uids7279\application data\mozilla\firefox\profiles\0a389tns.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6u26\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6u26\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv2010win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv90win32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2010-11-23 184888]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-13 463912]
R1 Kithara-Krts8;Kithara RealTime Suite 8 Runtime;c:\windows\system32\Krts8.sys [2010-12-21 378144]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-10-26 89528]
R2 CDASync;CDASync;c:\program files\dcc tools\cda 6\cdasync\CDASync.exe [2012-2-16 15360]
R2 CISMBIOS;CISMBIOS;c:\windows\system32\drivers\cismbios.sys [2011-12-8 14848]
R2 CMI Service;CMI Service;c:\windows\dsclient\cmi\bin\CMI.exe [2011-8-22 58880]
R2 EasyCODE License Server;EasyCODE License Server;d:\tool\common\easycode\easycode license server\LicenseServer.exe [2011-2-1 122880]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-2-16 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2010-8-2 35696]
R2 KickoffService;Kickoff Service;c:\program files\kickoff service\KickoffService.exe [2010-5-4 20480]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2011-12-8 207360]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files\landesk\ldclient\tmcsvc.exe [2011-12-8 178688]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes85\nsd.exe [2011-8-3 3405192]
R2 MAC_IBM;MAC_IBM;c:\windows\system32\drivers\mac_ibm.sys [2010-12-16 49348]
R2 MAC_MOT;MAC_MOT;c:\windows\system32\drivers\mac_mot.sys [2010-12-16 9504]
R2 McAfeeFramework;Servicio de registro de McAfee;c:\program files\mcafee\common framework\FrameworkService.exe [2011-2-3 120128]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-26 166024]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-8-2 148520]
R2 NIApplicationWebServer;NI Application Web Server;c:\program files\national instruments\shared\ni webserver\ApplicationWebServer.exe [2010-6-22 47776]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [2011-3-14 23296]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2011-12-8 392704]
R2 vcanv;Virtual CAN Bus Driver;c:\windows\system32\drivers\vcanv.sys [2008-11-27 49184]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [2011-3-14 5200]
R2 wde_srvc;wde;c:\program files\erl5.8.4\erts-5.8.4\bin\erlsrv.exe [2011-5-24 172032]
R2 Wireless_AutoSwitch;Wireless AutoSwitch;c:\program files\wireless autoswitch\WrlsAutoSW.exs [2010-10-14 146322]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-11-23 113664]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-11-23 228408]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-11-23 192168]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2010-8-2 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-8-2 107896]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-8-2 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-8-2 35584]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2010-11-23 41216]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2011-12-8 14336]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2011-12-8 5120]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-13 180328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2011-12-8 6144]
R3 NETwNx32;___ Controlador del adaptador Intel® Wireless WiFi Link para Windows XP de 32 bits;c:\windows\system32\drivers\NETwNx32.sys [2012-3-19 7471104]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-11-23 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-11-23 139648]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-11-23 57248]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-11-23 49152]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2011-5-26 147456]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2010-8-2 44680]
S3 fpusb;fpusb;c:\windows\system32\drivers\fpusb.sys [2012-1-13 36232]
S3 IEQB2V85;NEC Electronics V850 IECUBE2 USB Interface;c:\windows\system32\drivers\IEQB2V85.sys [2011-2-4 16000]
S3 IEQBV850;NEC Electronics V850 IECUBE USB Interface;c:\windows\system32\drivers\IEQBV850.sys [2011-1-31 10549]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-13 59192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-26 87392]
S3 MQBV850;NEC Electronics V850 MINICUBE USB Interface;c:\windows\system32\drivers\MQBV850.sys [2010-12-16 10516]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2010-7-13 65664]
S3 vcasexl;vcasexl;c:\windows\system32\drivers\vcasexl.sys [2011-1-18 512000]
S3 VEtherMp50;VEtherMp50 NDIS Protocol Driver;c:\windows\system32\drivers\VEtherMp50.sys [2009-8-24 36280]
S3 VEtherSp50;VEtherSp50 NDIS Protocol Driver;c:\windows\system32\drivers\VEtherSp50.sys [2009-8-24 35256]
S3 VPCASp50;VPCASp50 NDIS Protocol Driver;c:\windows\system32\drivers\VPCASp50.sys [2010-12-21 27072]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\tool\common\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
.
=============== Created Last 30 ================
.
2012-03-23 23:45:24 -------- d-s---w- C:\ComboFix
2012-03-23 23:43:25 40328 ----a-w- c:\windows\system32\HIPIS0e011b3.dll
2012-03-19 17:42:50 -------- d-----w- c:\documents and settings\uids7279\application data\FixZeroAccess
2012-03-19 17:42:42 -------- d-----w- c:\documents and settings\uids7279\application data\WinBatch
2012-03-19 17:13:56 7471104 ----a-w- c:\windows\system32\drivers\NETwNx32.sys
2012-03-19 17:13:56 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2012-03-19 17:13:56 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2012-03-19 17:13:52 270536 ----a-w- c:\windows\system32\PROUnstl.exe
2012-03-19 17:13:36 -------- d-----w- C:\SWSetup
2012-03-19 12:41:40 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-03-19 12:23:47 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-03-19 12:23:47 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-03-18 21:16:53 -------- d-----w- c:\windows\system32\Shared Memory
2012-03-18 19:00:48 -------- d-sh--w- c:\documents and settings\uids7279\IECompatCache
2012-03-18 17:40:54 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-03-18 17:40:54 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-03-18 17:40:54 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-03-18 17:40:54 598528 ----a-w- c:\windows\system32\ztv7z.dll
2012-03-18 17:40:54 178176 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-03-18 17:40:54 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-03-18 17:40:54 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-03-18 05:04:28 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-18 05:04:28 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-18 05:02:40 -------- d-----w- c:\documents and settings\uids7279\application data\smkits
2012-03-18 04:09:20 -------- d-----w- c:\documents and settings\uids7279\local settings\application data\Google
2012-03-18 02:53:44 -------- d-----w- c:\program files\Panda Security
2012-03-18 02:40:22 -------- d-----w- c:\documents and settings\uids7279\application data\PCPro
2012-03-18 02:40:22 -------- d-----w- c:\documents and settings\uids7279\application data\PC Cleaners
2012-03-17 21:18:52 -------- d-----w- c:\program files\VideoLAN
2012-03-13 21:50:09 765952 ----a-w- c:\windows\system32\icsneo40.dll
2012-03-13 21:50:09 178688 ----a-w- c:\windows\system32\vxlapi.dll
2012-03-13 12:20:21 -------- d-----w- c:\documents and settings\uids7279\Downloads
2012-03-13 12:19:58 -------- d-----w- c:\documents and settings\uids7279\local settings\application data\TomTom
2012-03-13 12:19:53 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2012-03-13 12:19:53 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2012-03-13 12:19:52 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2012-03-13 12:19:52 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-03-13 12:19:47 -------- d-----w- c:\program files\TomTom International B.V
2012-03-13 12:19:42 -------- d-----w- c:\program files\MyTomTom 3
2012-03-06 22:02:57 -------- d-----w- c:\documents and settings\uids7279\local settings\application data\assembly
2012-03-06 21:58:56 -------- d-----w- C:\National Instruments Downloads
2012-03-06 21:49:51 -------- d-----w- c:\program files\Test DS13
2012-03-06 21:48:33 -------- d-----w- c:\program files\National Instruments
2012-03-06 21:48:15 -------- d-----w- c:\documents and settings\all users\application data\National Instruments
2012-03-05 20:22:23 -------- d-----w- c:\documents and settings\all users\Chrysler
2012-03-03 00:09:16 -------- d-----w- c:\documents and settings\uids7279\local settings\application data\Vector Informatik GmbH
2012-03-03 00:09:16 -------- d-----w- c:\documents and settings\uids7279\application data\MozillaControl
2012-03-02 17:58:44 -------- d-----w- c:\documents and settings\uids7279\application data\com.chrysler.AppCDA
2012-03-02 17:58:02 -------- d-----w- c:\documents and settings\all users\CDA
2012-03-02 17:56:03 -------- d-----w- c:\documents and settings\uids7279\local settings\application data\Downloaded Installations
2012-03-02 17:54:58 -------- d-----w- c:\program files\erl5.8.4
2012-03-02 17:54:51 237056 ----a-w- c:\windows\system32\ssleay32.dll
2012-03-02 17:54:51 237056 ----a-w- c:\windows\system32\libssl32.dll
2012-03-02 17:54:51 1099776 ----a-w- c:\windows\system32\libeay32.dll
2012-03-02 17:54:38 -------- d-----w- C:\OpenSSL-Win32
2012-03-02 15:10:47 -------- d-----w- c:\program files\Wireless AutoSwitch
.
==================== Find3M ====================
.
2012-03-08 05:49:06 143008 ----a-w- c:\windows\system32\KevlarSigs.dll
2012-03-07 16:15:25 8376 ----a-w- c:\windows\setenv_host.bat
2012-02-12 01:14:38 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-02-12 01:14:38 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2009-06-04 13:17:14 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2009-06-04 13:17:14 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
2009-06-04 13:17:14 3145728 ----a-w- c:\program files\common files\sapxlhelper.dll
2009-06-04 13:17:14 192512 ----a-w- c:\program files\common files\sapconsr3.dll
.
============= FINISH: 17:46:51.67 ===============



I also attached the logs from dds and gmer

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:55 AM

Posted 28 March 2012 - 06:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 warpie_7

warpie_7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 29 March 2012 - 10:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti






I still have the problem with my computer.
I am using windows xp sp3 (32 bits)

The problem started when I was surfing the web and Mcafee Antivirus shown an alert that a virus was found!

I ran panda virus online scan. It told me that I was infected with ZeroAccess rootkit.

I felt desesperated and ran combofix which tried to remove ZeroAccess with no success.
After restarting the computer I could not connect the wireless lan and wired lan either.

Currently I am using another computer that's why I did not attach the log you required.
AS soon as I arrive to home I will attach the log

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:55 AM

Posted 29 March 2012 - 12:30 PM

Hi,

thanks for letting me know. When you're home can you please also attach the log ComboFix made when you first ran it?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 warpie_7

warpie_7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 30 March 2012 - 06:39 PM

Sorry for the late again,


here are the logs from combofix and OTL

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:55 AM

Posted 01 April 2012 - 11:32 AM

Hi,

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 warpie_7

warpie_7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 April 2012 - 03:52 PM

Hi Myrti,

I just ran TDDSkiller following your indications but when tool found the ZeroAccess, It did not permit me to press enter.
There was a menu with the folowing options: cure, quarantine and other that I can not remember(by default option was cure)

I just closed the program, then it asked me to restart.

After restarting internet is now available :) :).
I copy and paste TDDSkiller log anyway.





15:24:26.0984 1036 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:24:27.0015 1036 ============================================================
15:24:27.0015 1036 Current date / time: 2012/04/01 15:24:27.0015
15:24:27.0015 1036 SystemInfo:
15:24:27.0015 1036
15:24:27.0015 1036 OS Version: 5.1.2600 ServicePack: 3.0
15:24:27.0015 1036 Product type: Workstation
15:24:27.0015 1036 ComputerName: TQL7077D
15:24:27.0015 1036 UserName: uids7279
15:24:27.0015 1036 Windows directory: C:\WINDOWS
15:24:27.0015 1036 System windows directory: C:\WINDOWS
15:24:27.0015 1036 Processor architecture: Intel x86
15:24:27.0015 1036 Number of processors: 8
15:24:27.0015 1036 Page size: 0x1000
15:24:27.0015 1036 Boot type: Normal boot
15:24:27.0015 1036 ============================================================
15:24:27.0218 1036 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:24:27.0218 1036 Drive \Device\Harddisk1\DR5 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:24:27.0218 1036 \Device\Harddisk0\DR0:
15:24:27.0218 1036 MBR used
15:24:27.0218 1036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7D338AD
15:24:27.0234 1036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7D3392B, BlocksNum 0x1D6F9D96
15:24:27.0234 1036 \Device\Harddisk1\DR5:
15:24:27.0234 1036 MBR used
15:24:27.0234 1036 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x74E8C0
15:24:27.0343 1036 Initialize success
15:24:27.0343 1036 ============================================================
15:24:59.0703 3712 ============================================================
15:24:59.0703 3712 Scan started
15:24:59.0703 3712 Mode: Manual;
15:24:59.0703 3712 ============================================================
15:25:00.0218 3712 46556252 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\22425152.sys
15:25:00.0234 3712 Abiosdsk - ok
15:25:00.0250 3712 abp480n5 - ok
15:25:00.0281 3712 Accelerometer (a0baabb7d3549460e3f8c5ad6f778683) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
15:25:00.0281 3712 Accelerometer - ok
15:25:00.0312 3712 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:25:00.0312 3712 ACPI - ok
15:25:00.0328 3712 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:25:00.0328 3712 ACPIEC - ok
15:25:00.0343 3712 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\drivers\adpu160m.sys
15:25:00.0343 3712 adpu160m - ok
15:25:00.0359 3712 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:25:00.0375 3712 aec - ok
15:25:00.0390 3712 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
15:25:00.0390 3712 AESTAud - ok
15:25:00.0421 3712 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:25:00.0421 3712 AFD - ok
15:25:00.0453 3712 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
15:25:00.0453 3712 AgereModemAudio - ok
15:25:00.0484 3712 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:25:00.0500 3712 AgereSoftModem - ok
15:25:00.0500 3712 Aha154x - ok
15:25:00.0546 3712 ahcix86 (14bd6cffdb2adb40563aa60abc561303) C:\WINDOWS\system32\DRIVERS\ahcix86.sys
15:25:00.0546 3712 ahcix86 - ok
15:25:00.0546 3712 aic78u2 - ok
15:25:00.0562 3712 aic78xx - ok
15:25:00.0593 3712 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys
15:25:00.0593 3712 akshasp - ok
15:25:00.0625 3712 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys
15:25:00.0625 3712 aksusb - ok
15:25:00.0656 3712 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:25:00.0656 3712 Alerter - ok
15:25:00.0687 3712 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:25:00.0687 3712 ALG - ok
15:25:00.0687 3712 AliIde - ok
15:25:00.0703 3712 amsint - ok
15:25:00.0718 3712 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:25:00.0718 3712 AppMgmt - ok
15:25:00.0750 3712 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:25:00.0750 3712 Arp1394 - ok
15:25:00.0765 3712 asc - ok
15:25:00.0765 3712 asc3350p - ok
15:25:00.0781 3712 asc3550 - ok
15:25:00.0843 3712 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:25:00.0843 3712 aspnet_state - ok
15:25:00.0875 3712 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:25:00.0875 3712 AsyncMac - ok
15:25:00.0875 3712 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:25:00.0890 3712 atapi - ok
15:25:00.0890 3712 Atdisk - ok
15:25:00.0921 3712 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:25:00.0921 3712 Atmarpc - ok
15:25:00.0921 3712 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:25:00.0921 3712 AudioSrv - ok
15:25:00.0953 3712 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:25:00.0953 3712 audstub - ok
15:25:00.0953 3712 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:25:00.0953 3712 Beep - ok
15:25:01.0000 3712 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:25:01.0000 3712 BITS - ok
15:25:01.0015 3712 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:25:01.0015 3712 Browser - ok
15:25:01.0093 3712 CBA8 (ee493c9471abae7319271af4d59fbcc0) C:\Program Files\LANDesk\Shared Files\residentagent.exe
15:25:01.0093 3712 CBA8 - ok
15:25:01.0109 3712 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:25:01.0109 3712 cbidf2k - ok
15:25:01.0125 3712 cd20xrnt - ok
15:25:01.0171 3712 CDASync (b482c60c0e3a5e873aaa24d738812d18) C:\Program Files\DCC Tools\CDA 6\CDASync\CDASync.exe
15:25:01.0171 3712 CDASync - ok
15:25:01.0187 3712 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:25:01.0187 3712 Cdaudio - ok
15:25:01.0203 3712 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:25:01.0203 3712 Cdfs - ok
15:25:01.0218 3712 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:25:01.0218 3712 Cdrom - ok
15:25:01.0218 3712 Changer - ok
15:25:01.0234 3712 CISMBIOS (8acabab9bf4742840c51331b6573a94e) C:\WINDOWS\system32\drivers\cismbios.sys
15:25:01.0250 3712 CISMBIOS - ok
15:25:01.0265 3712 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:25:01.0265 3712 CiSvc - ok
15:25:01.0296 3712 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:25:01.0296 3712 ClipSrv - ok
15:25:01.0343 3712 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:25:01.0359 3712 clr_optimization_v2.0.50727_32 - ok
15:25:01.0375 3712 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:25:01.0375 3712 CmBatt - ok
15:25:01.0390 3712 CmdIde - ok
15:25:01.0437 3712 CMI Service (295e9f52762754898207a5393b115d6d) C:\WINDOWS\DSClient\CMI\Bin\CMI.exe
15:25:01.0437 3712 CMI Service - ok
15:25:01.0515 3712 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:25:01.0515 3712 Com4QLBEx - ok
15:25:01.0531 3712 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:25:01.0531 3712 Compbatt - ok
15:25:01.0546 3712 COMSysApp - ok
15:25:01.0546 3712 Cpqarray - ok
15:25:01.0562 3712 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:25:01.0578 3712 CryptSvc - ok
15:25:01.0593 3712 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys
15:25:01.0593 3712 cvintdrv - ok
15:25:01.0609 3712 dac2w2k - ok
15:25:01.0609 3712 dac960nt - ok
15:25:01.0640 3712 DC21x4 (bb005cb49d0638039703ac4f67fe0a05) C:\WINDOWS\system32\DRIVERS\dc21x4.sys
15:25:01.0640 3712 DC21x4 - ok
15:25:01.0687 3712 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:25:01.0687 3712 DcomLaunch - ok
15:25:01.0718 3712 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:25:01.0734 3712 Dhcp - ok
15:25:01.0734 3712 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:25:01.0734 3712 Disk - ok
15:25:01.0750 3712 dmadmin - ok
15:25:01.0796 3712 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:25:01.0812 3712 dmboot - ok
15:25:01.0828 3712 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:25:01.0828 3712 dmio - ok
15:25:01.0828 3712 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:25:01.0828 3712 dmload - ok
15:25:01.0859 3712 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:25:01.0859 3712 dmserver - ok
15:25:01.0906 3712 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:25:01.0906 3712 DMusic - ok
15:25:01.0937 3712 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:25:01.0937 3712 Dnscache - ok
15:25:01.0953 3712 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:25:01.0968 3712 Dot3svc - ok
15:25:01.0968 3712 dpti2o - ok
15:25:02.0000 3712 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:25:02.0000 3712 drmkaud - ok
15:25:02.0015 3712 DS1410D - ok
15:25:02.0031 3712 DWMRCS - ok
15:25:02.0078 3712 e1kexpress (bf7be4e4bf26dc828d4a6493546da250) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
15:25:02.0078 3712 e1kexpress - ok
15:25:02.0109 3712 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:25:02.0109 3712 EapHost - ok
15:25:02.0171 3712 EasyCODE License Server (8bf8857f5135407b8e215a778950c87f) D:\Tool\Common\EASYCODE\EasyCODE License Server\LicenseServer.exe
15:25:02.0187 3712 EasyCODE License Server - ok
15:25:02.0296 3712 enterceptAgent (e411c3d86d3fce8373f4f73041cb3040) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
15:25:02.0296 3712 enterceptAgent - ok
15:25:02.0328 3712 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:25:02.0328 3712 ERSvc - ok
15:25:02.0359 3712 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:25:02.0359 3712 Eventlog - ok
15:25:02.0375 3712 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:25:02.0390 3712 EventSystem - ok
15:25:02.0406 3712 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:25:02.0406 3712 Fastfat - ok
15:25:02.0437 3712 fasttx2k (b62ba9f5e991d64c28dd75121aa38c81) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
15:25:02.0437 3712 fasttx2k - ok
15:25:02.0468 3712 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
15:25:02.0468 3712 FastUserSwitchingCompatibility - ok
15:25:02.0500 3712 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:25:02.0500 3712 Fdc - ok
15:25:02.0515 3712 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:25:02.0515 3712 Fips - ok
15:25:02.0531 3712 Firehk (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
15:25:02.0531 3712 Firehk - ok
15:25:02.0546 3712 FirehkMP (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
15:25:02.0546 3712 FirehkMP - ok
15:25:02.0562 3712 firelm01 (7e661e34cce11472fd468f9a9383b391) C:\WINDOWS\system32\drivers\firelm01.sys
15:25:02.0562 3712 firelm01 - ok
15:25:02.0562 3712 FirePM (f0a996a78cf4fc361b319f2fc2abcefe) C:\WINDOWS\system32\Drivers\FirePM.sys
15:25:02.0578 3712 FirePM - ok
15:25:02.0609 3712 FireTDI (91cbe1e5d61819d290b3471cab620fe3) C:\WINDOWS\system32\Drivers\FireTDI.sys
15:25:02.0609 3712 FireTDI - ok
15:25:02.0656 3712 FLEXnet Licensing Service (c29e0b833c7466bd185892ae3cdcd27d) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:25:02.0671 3712 FLEXnet Licensing Service - ok
15:25:02.0703 3712 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:25:02.0703 3712 Flpydisk - ok
15:25:02.0703 3712 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:25:02.0703 3712 FltMgr - ok
15:25:02.0765 3712 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:25:02.0765 3712 FontCache3.0.0.0 - ok
15:25:02.0796 3712 fpusb (e8cb5085cf0b907cb64ff8467e5ddc38) C:\WINDOWS\system32\Drivers\fpusb.sys
15:25:02.0796 3712 fpusb - ok
15:25:02.0796 3712 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:25:02.0812 3712 Fs_Rec - ok
15:25:02.0812 3712 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:25:02.0812 3712 Ftdisk - ok
15:25:02.0843 3712 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:25:02.0843 3712 gameenum - ok
15:25:02.0875 3712 GIVEIO (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\drivers\GIVEIO.sys
15:25:02.0875 3712 GIVEIO - ok
15:25:02.0906 3712 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:25:02.0906 3712 Gpc - ok
15:25:02.0953 3712 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
15:25:02.0953 3712 Hardlock - ok
15:25:03.0000 3712 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
15:25:03.0000 3712 Haspnt - ok
15:25:03.0015 3712 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:25:03.0015 3712 HDAudBus - ok
15:25:03.0031 3712 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
15:25:03.0046 3712 HECI - ok
15:25:03.0078 3712 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:25:03.0078 3712 helpsvc - ok
15:25:03.0093 3712 HidServ - ok
15:25:03.0109 3712 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:25:03.0109 3712 HidUsb - ok
15:25:03.0156 3712 HIPK (c61656628f974bbe152d971b34a3e74c) C:\WINDOWS\system32\drivers\HIPK.sys
15:25:03.0156 3712 HIPK - ok
15:25:03.0171 3712 HIPPSK (cbabea2348172968a7b4ff54c382893f) C:\WINDOWS\system32\drivers\HIPPSK.sys
15:25:03.0171 3712 HIPPSK - ok
15:25:03.0171 3712 HIPQK (f44af553d6291317daaa428ad65ad3e7) C:\WINDOWS\system32\drivers\HIPQK.sys
15:25:03.0171 3712 HIPQK - ok
15:25:03.0250 3712 hips (b12494de8f241c37069d8034f89e8167) C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
15:25:03.0250 3712 hips - ok
15:25:03.0281 3712 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:25:03.0281 3712 hkmsvc - ok
15:25:03.0312 3712 hpdskflt (9f620e11b80b74f4dab50a81a5df357f) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
15:25:03.0312 3712 hpdskflt - ok
15:25:03.0328 3712 hpn - ok
15:25:03.0343 3712 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
15:25:03.0343 3712 HpqKbFiltr - ok
15:25:03.0375 3712 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:25:03.0375 3712 hpqwmiex - ok
15:25:03.0406 3712 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
15:25:03.0406 3712 HTTP - ok
15:25:03.0437 3712 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:25:03.0437 3712 HTTPFilter - ok
15:25:03.0453 3712 i2omgmt - ok
15:25:03.0453 3712 i2omp - ok
15:25:03.0484 3712 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:25:03.0484 3712 i8042prt - ok
15:25:03.0515 3712 iaStor (eb3a2c773e202ced30595bbfad24febf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:25:03.0515 3712 iaStor - ok
15:25:03.0609 3712 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:25:03.0625 3712 idsvc - ok
15:25:03.0656 3712 IEQB2V85 (1e2580c322e249faabf086b1951c4fb3) C:\WINDOWS\system32\Drivers\IEQB2V85.sys
15:25:03.0656 3712 IEQB2V85 - ok
15:25:03.0687 3712 IEQBV850 (d9ba1582945b704304547c352e606859) C:\WINDOWS\system32\Drivers\IEQBV850.sys
15:25:03.0687 3712 IEQBV850 - ok
15:25:03.0703 3712 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
15:25:03.0703 3712 IFXTPM - ok
15:25:03.0718 3712 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:25:03.0718 3712 Imapi - ok
15:25:03.0750 3712 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:25:03.0750 3712 ImapiService - ok
15:25:03.0781 3712 ini910u - ok
15:25:03.0859 3712 Intel Local Scheduler Service (02e51c0a7b69b0355748cf3aa368c558) C:\Program Files\LANDesk\LDClient\LocalSch.EXE
15:25:03.0859 3712 Intel Local Scheduler Service - ok
15:25:03.0906 3712 Intel PDS (7c234b88f1f1e5ffaf5a701148c095e8) C:\WINDOWS\system32\CBA\pds.exe
15:25:03.0906 3712 Intel PDS - ok
15:25:03.0921 3712 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:25:03.0921 3712 IntelIde - ok
15:25:03.0937 3712 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:25:03.0937 3712 intelppm - ok
15:25:03.0984 3712 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:25:03.0984 3712 Ip6Fw - ok
15:25:04.0000 3712 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:25:04.0000 3712 IpFilterDriver - ok
15:25:04.0031 3712 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:25:04.0031 3712 IpInIp - ok
15:25:04.0046 3712 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:25:04.0046 3712 IpNat - ok
15:25:04.0078 3712 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\drivers\tsk65.tmp
15:25:04.0078 3712 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk65.tmp. md5: 23c74d75e36e7158768dd63d92789a91
15:25:04.0109 3712 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:25:04.0109 3712 IRENUM - ok
15:25:04.0125 3712 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:25:04.0125 3712 isapnp - ok
15:25:04.0140 3712 ISSUSER - ok
15:25:04.0187 3712 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6u26\bin\jqs.exe
15:25:04.0187 3712 JavaQuickStarterService - ok
15:25:04.0234 3712 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:25:04.0234 3712 Kbdclass - ok
15:25:04.0265 3712 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:25:04.0265 3712 kbdhid - ok
15:25:04.0281 3712 KickoffService (694af0f39805140f297ef8bb9ec141ea) C:\Program Files\Kickoff Service\KickoffService.exe
15:25:04.0281 3712 KickoffService - ok
15:25:04.0312 3712 Kithara-Krts8 (c00e86daf2055b182f0e4a61088e2568) C:\WINDOWS\system32\Krts8.sys
15:25:04.0312 3712 Kithara-Krts8 - ok
15:25:04.0343 3712 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:25:04.0343 3712 kmixer - ok
15:25:04.0359 3712 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
15:25:04.0359 3712 KSecDD - ok
15:25:04.0406 3712 LANDesk Policy Invoker (7671ff864b25be6015c9e4f79347ce6d) C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
15:25:04.0406 3712 LANDesk Policy Invoker - ok
15:25:04.0437 3712 LANDesk Targeted Multicast (1a34e04e00e3b9417cc8c5c2f7c64cff) C:\Program Files\LANDesk\LDClient\tmcsvc.exe
15:25:04.0437 3712 LANDesk Targeted Multicast - ok
15:25:04.0468 3712 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
15:25:04.0468 3712 LanmanServer - ok
15:25:04.0515 3712 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:25:04.0515 3712 lanmanworkstation - ok
15:25:04.0515 3712 lbrtfdc - ok
15:25:04.0546 3712 ldblank (b42d0d37f8c76ed9a462404afe520edb) C:\WINDOWS\system32\DRIVERS\ldblank.sys
15:25:04.0546 3712 ldblank - ok
15:25:04.0578 3712 ldmirror (a3b89beb5fb3ad3bef5e58a5885aea63) C:\WINDOWS\system32\DRIVERS\ldmirror.sys
15:25:04.0578 3712 ldmirror - ok
15:25:04.0625 3712 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\WINDOWS\system32\lkcitdl.exe
15:25:04.0625 3712 LkCitadelServer - ok
15:25:04.0640 3712 lkClassAds (3db54101997c28b17c5a11493d08a28f) C:\WINDOWS\system32\lkads.exe
15:25:04.0640 3712 lkClassAds - ok
15:25:04.0656 3712 lkTimeSync (85e862ca8269dd111b7960cc79b9aaf9) C:\WINDOWS\system32\lktsrv.exe
15:25:04.0656 3712 lkTimeSync - ok
15:25:04.0687 3712 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:25:04.0687 3712 LmHosts - ok
15:25:04.0781 3712 Lotus Notes Diagnostics (1bfdcc17fd8b06f92b048c615c17bf9f) C:\Program Files\Lotus\Notes85\nsd.exe
15:25:04.0812 3712 Lotus Notes Diagnostics - ok
15:25:04.0828 3712 MAC_IBM (bdbe9b616de2868b782c73dc0630cdbe) C:\WINDOWS\system32\drivers\MAC_IBM.sys
15:25:04.0828 3712 MAC_IBM - ok
15:25:04.0859 3712 MAC_MOT (b9f5d26ef93178e956e524170d8a66cf) C:\WINDOWS\system32\drivers\MAC_MOT.sys
15:25:04.0859 3712 MAC_MOT - ok
15:25:04.0875 3712 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
15:25:04.0890 3712 MBAMProtector - ok
15:25:04.0921 3712 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:25:04.0921 3712 MBAMService - ok
15:25:04.0984 3712 McAfeeFramework (1fff77143e2625c8e27a0d51b21cddc5) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
15:25:04.0984 3712 McAfeeFramework - ok
15:25:05.0031 3712 McShield (c7a9f5343373f389de64c625c5f93d96) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:25:05.0031 3712 McShield - ok
15:25:05.0046 3712 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
15:25:05.0062 3712 McTaskManager - ok
15:25:05.0093 3712 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:25:05.0093 3712 Messenger - ok
15:25:05.0125 3712 mfeapfk (fca77f9c5d9f19992ae02538181236a6) C:\WINDOWS\system32\drivers\mfeapfk.sys
15:25:05.0125 3712 mfeapfk - ok
15:25:05.0171 3712 mfeavfk (ed6c0825f98bcfa05ee10db9d9ca8391) C:\WINDOWS\system32\drivers\mfeavfk.sys
15:25:05.0171 3712 mfeavfk - ok
15:25:05.0171 3712 mfeavfk01 - ok
15:25:05.0203 3712 mfebopk (4957d3b3f35f583a2b11eacb651bff9f) C:\WINDOWS\system32\drivers\mfebopk.sys
15:25:05.0203 3712 mfebopk - ok
15:25:05.0250 3712 mfehidk (a8ee8d930600f1fd25583f8aefc9ca73) C:\WINDOWS\system32\drivers\mfehidk.sys
15:25:05.0250 3712 mfehidk - ok
15:25:05.0281 3712 mferkdet (fa3b7b57562e58c39564abac538aaecf) C:\WINDOWS\system32\drivers\mferkdet.sys
15:25:05.0281 3712 mferkdet - ok
15:25:05.0296 3712 mferkdk - ok
15:25:05.0328 3712 mfetdi2k (09aaf8e41a1e965fea21700ce69c408c) C:\WINDOWS\system32\drivers\mfetdi2k.sys
15:25:05.0328 3712 mfetdi2k - ok
15:25:05.0359 3712 mfetdik (6c76ed388421494cc6d22f0f25e181ec) C:\WINDOWS\system32\drivers\Mfetdik.sys
15:25:05.0359 3712 mfetdik - ok
15:25:05.0375 3712 mfevtp (c0e297727a6f804a2ae26d6a441baa0d) C:\WINDOWS\system32\mfevtps.exe
15:25:05.0375 3712 mfevtp - ok
15:25:05.0406 3712 mirrorflt (aadae4ec10f7075217e87c5cfc0580c9) C:\WINDOWS\system32\DRIVERS\mirrorflt.sys
15:25:05.0406 3712 mirrorflt - ok
15:25:05.0437 3712 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:25:05.0437 3712 mnmdd - ok
15:25:05.0468 3712 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:25:05.0468 3712 mnmsrvc - ok
15:25:05.0500 3712 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:25:05.0500 3712 Modem - ok
15:25:05.0531 3712 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:25:05.0531 3712 Mouclass - ok
15:25:05.0546 3712 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:25:05.0546 3712 mouhid - ok
15:25:05.0562 3712 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:25:05.0562 3712 MountMgr - ok
15:25:05.0609 3712 MQBV850 (47c20616151ea0f6e75685bbda78e844) C:\WINDOWS\system32\Drivers\MQBV850.sys
15:25:05.0609 3712 MQBV850 - ok
15:25:05.0625 3712 mraid35x - ok
15:25:05.0640 3712 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:25:05.0640 3712 MRxDAV - ok
15:25:05.0687 3712 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:25:05.0687 3712 MRxSmb - ok
15:25:05.0718 3712 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:25:05.0718 3712 MSDTC - ok
15:25:05.0734 3712 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:25:05.0750 3712 Msfs - ok
15:25:05.0750 3712 MSIServer - ok
15:25:05.0796 3712 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:25:05.0796 3712 MSKSSRV - ok
15:25:05.0828 3712 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:25:05.0828 3712 MSPCLOCK - ok
15:25:05.0843 3712 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:25:05.0843 3712 MSPQM - ok
15:25:05.0859 3712 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:25:05.0859 3712 mssmbios - ok
15:25:06.0125 3712 msvsmon80 (4c63cae8d026f5cfa96f8b21780d49ad) d:\Tool\Common\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
15:25:06.0140 3712 msvsmon80 - ok
15:25:06.0234 3712 Multi-user Cleanup Service (218d58976c01c60657818ed0eac81602) C:\Program Files\Lotus\Notes85\ntmulti.exe
15:25:06.0234 3712 Multi-user Cleanup Service - ok
15:25:06.0250 3712 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:25:06.0250 3712 Mup - ok
15:25:06.0281 3712 mxssvr (a3ba8a14490fdbf106939c37a125e82c) C:\Program Files\National Instruments\MAX\nimxs.exe
15:25:06.0281 3712 mxssvr - ok
15:25:06.0312 3712 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:25:06.0312 3712 napagent - ok
15:25:06.0359 3712 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:25:06.0359 3712 NDIS - ok
15:25:06.0390 3712 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:25:06.0390 3712 NdisTapi - ok
15:25:06.0421 3712 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:25:06.0421 3712 Ndisuio - ok
15:25:06.0437 3712 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:25:06.0437 3712 NdisWan - ok
15:25:06.0468 3712 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:25:06.0468 3712 NDProxy - ok
15:25:06.0484 3712 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:25:06.0484 3712 NetBIOS - ok
15:25:06.0500 3712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:25:06.0500 3712 NetBT - ok
15:25:06.0531 3712 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:25:06.0531 3712 NetDDE - ok
15:25:06.0531 3712 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:25:06.0531 3712 NetDDEdsdm - ok
15:25:06.0578 3712 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:25:06.0578 3712 Netlogon - ok
15:25:06.0593 3712 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:25:06.0593 3712 Netman - ok
15:25:06.0687 3712 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:25:06.0687 3712 NetTcpPortSharing - ok
15:25:06.0812 3712 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
15:25:06.0843 3712 NETw5x32 - ok
15:25:07.0000 3712 NETwNx32 (347f6d9719647f49e7d1b5eebbac2a86) C:\WINDOWS\system32\DRIVERS\NETwNx32.sys
15:25:07.0046 3712 NETwNx32 - ok
15:25:07.0125 3712 NIApplicationWebServer (ef5225ed8671d406e4a84769b26147f0) C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
15:25:07.0125 3712 NIApplicationWebServer - ok
15:25:07.0156 3712 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:25:07.0156 3712 NIC1394 - ok
15:25:07.0187 3712 NIDomainService (afe2ab6fd9bbd9686dbeaf165a48cc6a) C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
15:25:07.0187 3712 NIDomainService - ok
15:25:07.0250 3712 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
15:25:07.0250 3712 NILM License Manager - ok
15:25:07.0281 3712 niSvcLoc (3105cbac21608cdf2caffe9e1a1c8632) C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe
15:25:07.0281 3712 niSvcLoc - ok
15:25:07.0296 3712 NITaggerService (ad0203c2e2afaf92be528e79a38c64b5) C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
15:25:07.0312 3712 NITaggerService - ok
15:25:07.0343 3712 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:25:07.0359 3712 Nla - ok
15:25:07.0390 3712 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
15:25:07.0390 3712 NMSAccessU - ok
15:25:07.0421 3712 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:25:07.0421 3712 Npfs - ok
15:25:07.0453 3712 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:25:07.0453 3712 Ntfs - ok
15:25:07.0484 3712 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:25:07.0484 3712 NtLmSsp - ok
15:25:07.0531 3712 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:25:07.0531 3712 NtmsSvc - ok
15:25:07.0562 3712 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:25:07.0562 3712 Null - ok
15:25:07.0593 3712 nusb3hub (9a3879b890f395ef8007a69543b56e8d) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
15:25:07.0593 3712 nusb3hub - ok
15:25:07.0640 3712 nusb3xhc (61c3a3c6b35f596831358d954d20712f) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
15:25:07.0640 3712 nusb3xhc - ok
15:25:07.0812 3712 nv (82e90a1ec7a889678b7806000ecf44d7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:25:07.0875 3712 nv - ok
15:25:07.0953 3712 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
15:25:07.0953 3712 nvata - ok
15:25:07.0968 3712 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
15:25:07.0968 3712 nvatabus - ok
15:25:08.0000 3712 NVHDA (cf68bcac297b4c98c1d25b81e4011de4) C:\WINDOWS\system32\drivers\nvhda32.sys
15:25:08.0000 3712 NVHDA - ok
15:25:08.0015 3712 nvraid (b65ce56c36f573113ff2f6d0f07b7563) C:\WINDOWS\system32\DRIVERS\nvraid.sys
15:25:08.0015 3712 nvraid - ok
15:25:08.0031 3712 nvsvc (b8cdf72e3b83221404a70e73c0f78c6e) C:\WINDOWS\system32\nvsvc32.exe
15:25:08.0046 3712 nvsvc - ok
15:25:08.0062 3712 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:25:08.0062 3712 NwlnkFlt - ok
15:25:08.0078 3712 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:25:08.0093 3712 NwlnkFwd - ok
15:25:08.0171 3712 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:25:08.0171 3712 odserv - ok
15:25:08.0187 3712 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:25:08.0187 3712 ohci1394 - ok
15:25:08.0218 3712 OpcEnum (eae6208900e2986f66f68b30aef86e4d) C:\WINDOWS\system32\OpcEnum.exe
15:25:08.0218 3712 OpcEnum - ok
15:25:08.0250 3712 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:25:08.0250 3712 ose - ok
15:25:08.0265 3712 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:25:08.0265 3712 Parport - ok
15:25:08.0265 3712 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:25:08.0265 3712 PartMgr - ok
15:25:08.0281 3712 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:25:08.0281 3712 ParVdm - ok
15:25:08.0296 3712 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:25:08.0296 3712 PCI - ok
15:25:08.0312 3712 PCIDump - ok
15:25:08.0312 3712 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
15:25:08.0312 3712 PCIIde - ok
15:25:08.0343 3712 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:25:08.0343 3712 Pcmcia - ok
15:25:08.0343 3712 PDCOMP - ok
15:25:08.0359 3712 PDFRAME - ok
15:25:08.0375 3712 PDRELI - ok
15:25:08.0375 3712 PDRFRAME - ok
15:25:08.0406 3712 PEDRV (346d96d42790ad07458a11d317f4cd4b) C:\WINDOWS\system32\drivers\PEDRV.sys
15:25:08.0406 3712 PEDRV - ok
15:25:08.0421 3712 perc2 - ok
15:25:08.0421 3712 perc2hib - ok
15:25:08.0468 3712 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:25:08.0484 3712 PlugPlay - ok
15:25:08.0515 3712 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:25:08.0515 3712 PolicyAgent - ok
15:25:08.0515 3712 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:25:08.0515 3712 PptpMiniport - ok
15:25:08.0531 3712 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:25:08.0531 3712 ProtectedStorage - ok
15:25:08.0546 3712 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:25:08.0546 3712 Ptilink - ok
15:25:08.0562 3712 ql1080 - ok
15:25:08.0562 3712 Ql10wnt - ok
15:25:08.0578 3712 ql12160 - ok
15:25:08.0593 3712 ql1240 - ok
15:25:08.0593 3712 ql1280 - ok
15:25:08.0609 3712 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:25:08.0609 3712 RasAcd - ok
15:25:08.0640 3712 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:25:08.0640 3712 RasAuto - ok
15:25:08.0640 3712 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:25:08.0640 3712 Rasl2tp - ok
15:25:08.0671 3712 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:25:08.0671 3712 RasMan - ok
15:25:08.0687 3712 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:25:08.0687 3712 RasPppoe - ok
15:25:08.0687 3712 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:25:08.0687 3712 Raspti - ok
15:25:08.0718 3712 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:25:08.0718 3712 Rdbss - ok
15:25:08.0734 3712 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:25:08.0734 3712 RDPCDD - ok
15:25:08.0750 3712 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:25:08.0750 3712 rdpdr - ok
15:25:08.0796 3712 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:25:08.0796 3712 RDPWD - ok
15:25:08.0812 3712 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:25:08.0812 3712 RDSessMgr - ok
15:25:08.0828 3712 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:25:08.0828 3712 redbook - ok
15:25:08.0859 3712 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:25:08.0859 3712 RemoteAccess - ok
15:25:08.0875 3712 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:25:08.0875 3712 RemoteRegistry - ok
15:25:08.0890 3712 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:25:08.0890 3712 rimmptsk - ok
15:25:08.0906 3712 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:25:08.0906 3712 rimsptsk - ok
15:25:08.0921 3712 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\WINDOWS\system32\DRIVERS\rismc32.sys
15:25:08.0921 3712 rismc32 - ok
15:25:08.0953 3712 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:25:08.0953 3712 rismxdp - ok
15:25:08.0968 3712 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:25:08.0968 3712 RpcLocator - ok
15:25:08.0984 3712 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:25:09.0000 3712 RpcSs - ok
15:25:09.0031 3712 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:25:09.0031 3712 RSVP - ok
15:25:09.0046 3712 s3legacy (4294fdf954125ce9e39e68f826415c29) C:\WINDOWS\system32\DRIVERS\s3legacy.sys
15:25:09.0046 3712 s3legacy - ok
15:25:09.0078 3712 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:25:09.0078 3712 SamSs - ok
15:25:09.0093 3712 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:25:09.0109 3712 SCardSvr - ok
15:25:09.0109 3712 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:25:09.0125 3712 Schedule - ok
15:25:09.0125 3712 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:25:09.0125 3712 sdbus - ok
15:25:09.0156 3712 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:25:09.0156 3712 Secdrv - ok
15:25:09.0171 3712 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:25:09.0171 3712 seclogon - ok
15:25:09.0187 3712 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:25:09.0187 3712 SENS - ok
15:25:09.0218 3712 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
15:25:09.0218 3712 Sentinel - ok
15:25:09.0234 3712 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:25:09.0234 3712 serenum - ok
15:25:09.0250 3712 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:25:09.0265 3712 Serial - ok
15:25:09.0281 3712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:25:09.0281 3712 Sfloppy - ok
15:25:09.0312 3712 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:25:09.0312 3712 SharedAccess - ok
15:25:09.0343 3712 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
15:25:09.0343 3712 ShellHWDetection - ok
15:25:09.0375 3712 SI3114r (53ee85fa0b48eb64031a190adf23c8d8) C:\WINDOWS\system32\DRIVERS\SI3114R.sys
15:25:09.0375 3712 SI3114r - ok
15:25:09.0390 3712 Simbad - ok
15:25:09.0484 3712 Softmon (2d2385f1254969ff773f2679dfef1842) C:\Program Files\LANDesk\LDClient\softmon.exe
15:25:09.0484 3712 Softmon - ok
15:25:09.0500 3712 Sparrow - ok
15:25:09.0531 3712 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:25:09.0531 3712 splitter - ok
15:25:09.0578 3712 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:25:09.0578 3712 Spooler - ok
15:25:09.0609 3712 SQLWriter (d37b8ce340b71d9e0ab2440addb2fdbf) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:25:09.0609 3712 SQLWriter - ok
15:25:09.0656 3712 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:25:09.0656 3712 sr - ok
15:25:09.0671 3712 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:25:09.0671 3712 srservice - ok
15:25:09.0687 3712 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:25:09.0687 3712 Srv - ok
15:25:09.0718 3712 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:25:09.0718 3712 SSDPSRV - ok
15:25:09.0750 3712 STacSV (43dc7ada838f6a24b93b7c7ff2fcd08d) c:\windows\dsclient\1\STacSV.exe
15:25:09.0750 3712 STacSV - ok
15:25:09.0812 3712 STHDA (517746e78da290700d82976a5b7e99a7) C:\WINDOWS\system32\drivers\sthda.sys
15:25:09.0828 3712 STHDA - ok
15:25:09.0859 3712 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:25:09.0859 3712 stisvc - ok
15:25:09.0906 3712 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:25:09.0906 3712 swenum - ok
15:25:09.0921 3712 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:25:09.0921 3712 swmidi - ok
15:25:09.0937 3712 SwPrv - ok
15:25:09.0953 3712 symc810 - ok
15:25:09.0968 3712 symc8xx - ok
15:25:10.0015 3712 SYMMPI (a42f863305943869ba00a613c8ee8c7e) C:\WINDOWS\system32\DRIVERS\symmpi.sys
15:25:10.0015 3712 SYMMPI - ok
15:25:10.0031 3712 sym_hi - ok
15:25:10.0046 3712 sym_u3 - ok
15:25:10.0078 3712 SynTP (069e5728e565bd401347cb94732c4733) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:25:10.0078 3712 SynTP - ok
15:25:10.0093 3712 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:25:10.0109 3712 sysaudio - ok
15:25:10.0125 3712 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:25:10.0125 3712 SysmonLog - ok
15:25:10.0171 3712 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:25:10.0171 3712 TapiSrv - ok
15:25:10.0218 3712 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:25:10.0218 3712 Tcpip - ok
15:25:10.0234 3712 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:25:10.0234 3712 TDPIPE - ok
15:25:10.0250 3712 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:25:10.0250 3712 TDTCP - ok
15:25:10.0265 3712 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:25:10.0265 3712 TermDD - ok
15:25:10.0296 3712 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:25:10.0296 3712 TermService - ok
15:25:10.0312 3712 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
15:25:10.0328 3712 Themes - ok
15:25:10.0343 3712 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:25:10.0343 3712 TlntSvr - ok
15:25:10.0343 3712 TosIde - ok
15:25:10.0359 3712 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:25:10.0375 3712 TrkWks - ok
15:25:10.0390 3712 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:25:10.0390 3712 Udfs - ok
15:25:10.0390 3712 ultra - ok
15:25:10.0421 3712 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:25:10.0421 3712 Update - ok
15:25:10.0437 3712 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:25:10.0437 3712 upnphost - ok
15:25:10.0453 3712 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:25:10.0453 3712 UPS - ok
15:25:10.0500 3712 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:25:10.0500 3712 usbehci - ok
15:25:10.0515 3712 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:25:10.0531 3712 usbhub - ok
15:25:10.0562 3712 usbio (3d6887fa84a847c1708147707d225fd5) C:\WINDOWS\system32\Drivers\usbio.sys
15:25:10.0562 3712 usbio - ok
15:25:10.0593 3712 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:25:10.0593 3712 USBSTOR - ok
15:25:10.0640 3712 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
15:25:10.0640 3712 usb_rndisx - ok
15:25:10.0671 3712 vcanv (6e70a3f2fb8d5ece77c71fb550ae24a1) C:\WINDOWS\system32\Drivers\vcanv.sys
15:25:10.0671 3712 vcanv - ok
15:25:10.0718 3712 vcasexl (4e6a8fed8e036e35c2399a068ddaa50f) C:\WINDOWS\system32\drivers\vcasexl.sys
15:25:10.0718 3712 vcasexl - ok
15:25:10.0750 3712 VEtherMp50 (89edd5afc1a028eb48c3425752ad6187) C:\WINDOWS\system32\Drivers\VEtherMp50.sys
15:25:10.0750 3712 VEtherMp50 - ok
15:25:10.0781 3712 VEtherSp50 (716b62030a01dd78a5e0ce3b693eccca) C:\WINDOWS\system32\Drivers\VEtherSp50.sys
15:25:10.0781 3712 VEtherSp50 - ok
15:25:10.0812 3712 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:25:10.0812 3712 VgaSave - ok
15:25:10.0828 3712 ViaIde - ok
15:25:10.0859 3712 VICHW11 (4d3d87d2e3d2fb59c7c75f025d8485c3) C:\WINDOWS\system32\drivers\VICHW11.sys
15:25:10.0859 3712 VICHW11 - ok
15:25:10.0875 3712 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:25:10.0875 3712 VolSnap - ok
15:25:10.0906 3712 VPCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\VPCASp50.sys
15:25:10.0906 3712 VPCASp50 - ok
15:25:10.0937 3712 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:25:10.0937 3712 VSS - ok
15:25:10.0953 3712 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:25:10.0968 3712 W32Time - ok
15:25:10.0984 3712 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:25:10.0984 3712 Wanarp - ok
15:25:11.0031 3712 wde_srvc (2bac77b32475d53c19dd670d526d0e52) C:\Program Files\erl5.8.4\erts-5.8.4\bin\erlsrv.exe
15:25:11.0031 3712 wde_srvc - ok
15:25:11.0062 3712 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:25:11.0062 3712 Wdf01000 - ok
15:25:11.0078 3712 WDICA - ok
15:25:11.0109 3712 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:25:11.0109 3712 wdmaud - ok
15:25:11.0140 3712 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:25:11.0140 3712 WebClient - ok
15:25:11.0171 3712 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:25:11.0171 3712 winmgmt - ok
15:25:11.0234 3712 Wireless_AutoSwitch (d90a53d48f11a91d4f0427f6bd0f2352) C:\Program Files\Wireless AutoSwitch\WrlsAutoSW.exs
15:25:11.0234 3712 Wireless_AutoSwitch - ok
15:25:11.0265 3712 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:25:11.0265 3712 WmdmPmSN - ok
15:25:11.0312 3712 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:25:11.0312 3712 Wmi - ok
15:25:11.0343 3712 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:25:11.0343 3712 WmiAcpi - ok
15:25:11.0375 3712 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:25:11.0375 3712 WmiApSrv - ok
15:25:11.0437 3712 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:25:11.0453 3712 WMPNetworkSvc - ok
15:25:11.0484 3712 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:25:11.0484 3712 WpdUsb - ok
15:25:11.0500 3712 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:25:11.0500 3712 WS2IFSL - ok
15:25:11.0531 3712 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:25:11.0531 3712 wscsvc - ok
15:25:11.0546 3712 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:25:11.0546 3712 wuauserv - ok
15:25:11.0578 3712 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:25:11.0578 3712 WudfPf - ok
15:25:11.0593 3712 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:25:11.0593 3712 WudfRd - ok
15:25:11.0609 3712 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:25:11.0609 3712 WudfSvc - ok
15:25:11.0656 3712 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:25:11.0656 3712 WZCSVC - ok
15:25:11.0687 3712 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:25:11.0687 3712 xmlprov - ok
15:25:11.0734 3712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:25:11.0937 3712 \Device\Harddisk0\DR0 - ok
15:25:11.0937 3712 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR5
15:25:14.0687 3712 \Device\Harddisk1\DR5 - ok
15:25:14.0687 3712 Boot (0x1200) (089808e0aac827121b569ae4a2f8881f) \Device\Harddisk0\DR0\Partition0
15:25:14.0703 3712 \Device\Harddisk0\DR0\Partition0 - ok
15:25:14.0734 3712 Boot (0x1200) (c480643e0806ce2a993da29e95c8b0de) \Device\Harddisk0\DR0\Partition1
15:25:14.0734 3712 \Device\Harddisk0\DR0\Partition1 - ok
15:25:14.0734 3712 Boot (0x1200) (3cfc26361920061581cb416772c33909) \Device\Harddisk1\DR5\Partition0
15:25:14.0734 3712 \Device\Harddisk1\DR5\Partition0 - ok
15:25:14.0734 3712 ============================================================
15:25:14.0734 3712 Scan finished
15:25:14.0734 3712 ============================================================
15:25:14.0750 4272 Detected object count: 0
15:25:14.0750 4272 Actual detected object count: 0
15:25:26.0703 5396 Deinitialize success

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:55 AM

Posted 01 April 2012 - 04:33 PM

Hi,

is that the log from the scan or did you run a fresh scan after the reboot?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 warpie_7

warpie_7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 April 2012 - 04:40 PM

It is after the rebot.

Please let know if you need another log.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:55 AM

Posted 01 April 2012 - 04:57 PM

Hi,

I was just wondering why the logs showed no sign of zero access. But if this is after the removal, that makes sense.

Please run a new scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 warpie_7

warpie_7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 02 April 2012 - 06:05 PM

Myrti,


I could not disable my antivirus:

McAfee VirusScan Enterprise + AntiSpyware Enterprise
Version: 8.8.0 (8.8.0.849)

I tried to disable it following the instructions http://www.bleepingcomputer.com/forums/topic114351.html
but I could not find the way to do it.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:55 AM

Posted 03 April 2012 - 04:00 AM

Hi,

in that case could you please run the gmer scan from safe mode? The anti virus will be disabled there.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 warpie_7

warpie_7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 04 April 2012 - 07:42 AM

Sorry Myrti, I have not been able to run gmer because infected computer is at work.

Is there any problem to post log results next week?

Thanks for your help, I really apreciate your attention

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:55 AM

Posted 05 April 2012 - 06:26 AM

Hi,

no, i'll keep the threat opened until then.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 warpie_7

warpie_7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 05 April 2012 - 09:18 AM

Thanks again




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users