Jump to content

rootkit.0 help request

Rigmund55
 Share

Recommended Posts

Rigmund55

Rigmund55

Posted
Posted

I discovered I have a problem with my computer, malware anti-virus turned up rootkit.0Access.h, trojan dropper, trojan agent. I have run ComboFix, TDSSKiller and OTL several times, resetting the computer after each scan. I cannot seem to shake the Rootkit virus. Attached please find the logs from these scans. Any direction would be greatly appreciated.

thanks

Rigmund

TDSSKiller Log

09:39:56.0718 3548 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47

09:39:59.0937 3548 ============================================================

09:39:59.0937 3548 Current date / time: 2012/04/24 09:39:59.0937

09:39:59.0937 3548 SystemInfo:

09:39:59.0937 3548

09:39:59.0937 3548 OS Version: 5.1.2600 ServicePack: 3.0

09:39:59.0937 3548 Product type: Workstation

09:39:59.0937 3548 ComputerName: KAREN-PA4QAZFO1

09:39:59.0937 3548 UserName: Karen

09:39:59.0937 3548 Windows directory: C:\WINDOWS

09:39:59.0937 3548 System windows directory: C:\WINDOWS

09:39:59.0937 3548 Processor architecture: Intel x86

09:39:59.0937 3548 Number of processors: 2

09:39:59.0937 3548 Page size: 0x1000

09:39:59.0937 3548 Boot type: Normal boot

09:39:59.0937 3548 ============================================================

09:40:02.0281 3548 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

09:40:02.0281 3548 \Device\Harddisk0\DR0:

09:40:02.0281 3548 MBR partitions:

09:40:02.0281 3548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1

09:40:02.0328 3548 C: <-> \Device\Harddisk0\DR0\Partition0

09:40:02.0328 3548 Initialize success

09:40:02.0328 3548 ============================================================

09:40:04.0281 3244 ============================================================

09:40:04.0281 3244 Scan started

09:40:04.0281 3244 Mode: Manual;

09:40:04.0281 3244 ============================================================

09:40:05.0359 3244 Abiosdsk - ok

09:40:05.0375 3244 abp480n5 - ok

09:40:05.0453 3244 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:40:05.0453 3244 ACPI - ok

09:40:05.0500 3244 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:40:05.0515 3244 ACPIEC - ok

09:40:05.0515 3244 adpu160m - ok

09:40:05.0546 3244 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:40:05.0546 3244 aec - ok

09:40:05.0593 3244 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

09:40:05.0593 3244 AFD - ok

09:40:05.0609 3244 Aha154x - ok

09:40:05.0609 3244 aic78u2 - ok

09:40:05.0625 3244 aic78xx - ok

09:40:05.0671 3244 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

09:40:05.0671 3244 Alerter - ok

09:40:05.0750 3244 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

09:40:05.0750 3244 ALG - ok

09:40:05.0796 3244 AliIde - ok

09:40:05.0812 3244 amsint - ok

09:40:05.0812 3244 AppMgmt - ok

09:40:05.0843 3244 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:40:05.0843 3244 Arp1394 - ok

09:40:05.0921 3244 asc - ok

09:40:05.0937 3244 asc3350p - ok

09:40:05.0953 3244 asc3550 - ok

09:40:06.0109 3244 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

09:40:06.0109 3244 aspnet_state - ok

09:40:06.0140 3244 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:40:06.0140 3244 AsyncMac - ok

09:40:06.0187 3244 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:40:06.0187 3244 atapi - ok

09:40:06.0203 3244 Atdisk - ok

09:40:06.0281 3244 Ati HotKey Poller (3b11be07af444314794372af5d7c9a5a) C:\WINDOWS\system32\Ati2evxx.exe

09:40:06.0296 3244 Ati HotKey Poller - ok

09:40:06.0609 3244 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:40:07.0078 3244 ati2mtag - ok

09:40:07.0281 3244 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:40:07.0281 3244 Atmarpc - ok

09:40:07.0421 3244 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

09:40:07.0421 3244 AudioSrv - ok

09:40:07.0656 3244 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:40:07.0656 3244 audstub - ok

09:40:07.0703 3244 avg7rsw - ok

09:40:07.0828 3244 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

09:40:07.0859 3244 BCM43XX - ok

09:40:07.0984 3244 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

09:40:07.0984 3244 bcm4sbxp - ok

09:40:08.0031 3244 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:40:08.0031 3244 Beep - ok

09:40:08.0109 3244 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

09:40:08.0140 3244 BITS - ok

09:40:08.0218 3244 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

09:40:08.0218 3244 Browser - ok

09:40:08.0296 3244 btaudio (8893ae0b6b9b60e0521a60e8b2160216) C:\WINDOWS\system32\drivers\btaudio.sys

09:40:08.0296 3244 btaudio - ok

09:40:08.0421 3244 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys

09:40:08.0421 3244 BTDriver - ok

09:40:08.0484 3244 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

09:40:08.0515 3244 BTKRNL - ok

09:40:08.0531 3244 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\System32\drivers\btserial.sys

09:40:08.0546 3244 BTSERIAL - ok

09:40:08.0671 3244 btwdins (3a462eba453d84d036046772104cfbcb) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

09:40:08.0671 3244 btwdins - ok

09:40:08.0750 3244 BTWDNDIS (28531ab3183f498e58d93d585e6a6b70) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

09:40:08.0750 3244 BTWDNDIS - ok

09:40:08.0796 3244 btwhid (c5c0e21c67089f053b964e0a8b8adbac) C:\WINDOWS\system32\DRIVERS\btwhid.sys

09:40:08.0796 3244 btwhid - ok

09:40:08.0890 3244 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys

09:40:08.0890 3244 btwmodem - ok

09:40:08.0953 3244 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys

09:40:08.0968 3244 BTWUSB - ok

09:40:08.0968 3244 CAMCAUD - ok

09:40:09.0109 3244 catchme - ok

09:40:09.0171 3244 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:40:09.0171 3244 cbidf2k - ok

09:40:09.0171 3244 cd20xrnt - ok

09:40:09.0218 3244 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:40:09.0218 3244 Cdaudio - ok

09:40:09.0328 3244 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:40:09.0328 3244 Cdfs - ok

09:40:09.0406 3244 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:40:09.0406 3244 Cdrom - ok

09:40:09.0421 3244 Changer - ok

09:40:09.0453 3244 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

09:40:09.0453 3244 CiSvc - ok

09:40:09.0468 3244 citrixxteserver - ok

09:40:09.0500 3244 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

09:40:09.0500 3244 ClipSrv - ok

09:40:09.0593 3244 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:40:09.0609 3244 clr_optimization_v2.0.50727_32 - ok

09:40:09.0687 3244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:40:09.0703 3244 clr_optimization_v4.0.30319_32 - ok

09:40:09.0781 3244 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:40:09.0781 3244 CmBatt - ok

09:40:09.0875 3244 CmdIde - ok

09:40:09.0921 3244 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:40:09.0921 3244 Compbatt - ok

09:40:09.0937 3244 COMSysApp - ok

09:40:09.0953 3244 Cpqarray - ok

09:40:10.0031 3244 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

09:40:10.0062 3244 CryptSvc - ok

09:40:10.0109 3244 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

09:40:10.0109 3244 ctsfm2k - ok

09:40:10.0140 3244 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys

09:40:10.0140 3244 CTUSFSYN - ok

09:40:10.0171 3244 dac2w2k - ok

09:40:10.0203 3244 dac960nt - ok

09:40:10.0250 3244 DCamUSBEMPIA - ok

09:40:10.0343 3244 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

09:40:10.0375 3244 DcomLaunch - ok

09:40:10.0718 3244 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

09:40:10.0734 3244 Dhcp - ok

09:40:10.0812 3244 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:40:10.0812 3244 Disk - ok

09:40:11.0046 3244 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

09:40:11.0093 3244 DiskDoctorService - ok

09:40:11.0125 3244 dmadmin - ok

09:40:11.0296 3244 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:40:11.0328 3244 dmboot - ok

09:40:11.0406 3244 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:40:11.0406 3244 dmio - ok

09:40:11.0437 3244 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:40:11.0437 3244 dmload - ok

09:40:11.0484 3244 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

09:40:11.0484 3244 dmserver - ok

09:40:11.0515 3244 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:40:11.0515 3244 DMusic - ok

09:40:11.0578 3244 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

09:40:11.0578 3244 Dnscache - ok

09:40:11.0656 3244 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

09:40:11.0671 3244 Dot3svc - ok

09:40:11.0875 3244 dpti2o - ok

09:40:11.0953 3244 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:40:11.0953 3244 drmkaud - ok

09:40:11.0968 3244 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

09:40:11.0968 3244 EapHost - ok

09:40:12.0031 3244 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

09:40:12.0031 3244 ERSvc - ok

09:40:12.0093 3244 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:40:12.0109 3244 Eventlog - ok

09:40:12.0187 3244 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

09:40:12.0187 3244 EventSystem - ok

09:40:12.0281 3244 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:40:12.0281 3244 Fastfat - ok

09:40:12.0453 3244 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:40:12.0453 3244 FastUserSwitchingCompatibility - ok

09:40:12.0484 3244 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

09:40:12.0484 3244 Fdc - ok

09:40:12.0531 3244 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:40:12.0531 3244 Fips - ok

09:40:12.0546 3244 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:40:12.0546 3244 Flpydisk - ok

09:40:12.0593 3244 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:40:12.0609 3244 FltMgr - ok

09:40:12.0671 3244 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

09:40:12.0671 3244 FontCache3.0.0.0 - ok

09:40:12.0765 3244 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:40:12.0765 3244 Fs_Rec - ok

09:40:12.0781 3244 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:40:12.0781 3244 Ftdisk - ok

09:40:12.0828 3244 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:40:12.0828 3244 Gpc - ok

09:40:12.0859 3244 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:40:12.0875 3244 HDAudBus - ok

09:40:13.0031 3244 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:40:13.0031 3244 helpsvc - ok

09:40:13.0093 3244 HidServ - ok

09:40:13.0125 3244 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

09:40:13.0125 3244 hkmsvc - ok

09:40:13.0156 3244 hpn - ok

09:40:13.0218 3244 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

09:40:13.0218 3244 HSFHWAZL - ok

09:40:13.0328 3244 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

09:40:13.0375 3244 HSF_DPV - ok

09:40:13.0484 3244 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:40:13.0484 3244 HTTP - ok

09:40:13.0593 3244 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

09:40:13.0609 3244 HTTPFilter - ok

09:40:13.0609 3244 i2omgmt - ok

09:40:13.0625 3244 i2omp - ok

09:40:13.0671 3244 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:40:13.0671 3244 i8042prt - ok

09:40:13.0796 3244 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:40:13.0828 3244 idsvc - ok

09:40:13.0906 3244 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:40:13.0921 3244 Imapi - ok

09:40:14.0031 3244 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

09:40:14.0046 3244 ImapiService - ok

09:40:14.0109 3244 ini910u - ok

09:40:14.0125 3244 IntelIde - ok

09:40:14.0171 3244 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:40:14.0171 3244 intelppm - ok

09:40:14.0203 3244 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:40:14.0218 3244 ip6fw - ok

09:40:14.0265 3244 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:40:14.0265 3244 IpFilterDriver - ok

09:40:14.0296 3244 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:40:14.0296 3244 IpInIp - ok

09:40:14.0375 3244 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:40:14.0390 3244 IpNat - ok

09:40:14.0421 3244 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:40:14.0421 3244 IPSec - ok

09:40:14.0468 3244 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:40:14.0468 3244 IRENUM - ok

09:40:14.0531 3244 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:40:14.0531 3244 isapnp - ok

09:40:14.0687 3244 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe

09:40:14.0703 3244 JavaQuickStarterService - ok

09:40:14.0781 3244 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:40:14.0781 3244 Kbdclass - ok

09:40:14.0859 3244 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:40:14.0859 3244 kbdhid - ok

09:40:14.0937 3244 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:40:14.0937 3244 kmixer - ok

09:40:15.0000 3244 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:40:15.0000 3244 KSecDD - ok

09:40:15.0125 3244 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

09:40:15.0125 3244 lanmanserver - ok

09:40:15.0218 3244 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

09:40:15.0218 3244 lanmanworkstation - ok

09:40:15.0296 3244 lbrtfdc - ok

09:40:15.0359 3244 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

09:40:15.0359 3244 LmHosts - ok

09:40:15.0531 3244 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

09:40:15.0546 3244 LMIGuardianSvc - ok

09:40:15.0593 3244 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

09:40:15.0593 3244 LMIInfo - ok

09:40:15.0625 3244 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe

09:40:15.0625 3244 LMIMaint - ok

09:40:15.0750 3244 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

09:40:15.0750 3244 lmimirr - ok

09:40:15.0875 3244 LMIRfsClientNP - ok

09:40:15.0937 3244 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

09:40:15.0937 3244 LMIRfsDriver - ok

09:40:16.0109 3244 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe

09:40:16.0125 3244 LogMeIn - ok

09:40:16.0218 3244 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

09:40:16.0234 3244 MDM - ok

09:40:16.0359 3244 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

09:40:16.0359 3244 mdmxsdk - ok

09:40:16.0437 3244 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

09:40:16.0437 3244 Messenger - ok

09:40:16.0609 3244 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:40:16.0609 3244 mnmdd - ok

09:40:16.0703 3244 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

09:40:16.0703 3244 mnmsrvc - ok

09:40:16.0750 3244 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:40:16.0750 3244 Modem - ok

09:40:16.0843 3244 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

09:40:16.0906 3244 monfilt - ok

09:40:17.0000 3244 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:40:17.0015 3244 Mouclass - ok

09:40:17.0109 3244 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:40:17.0109 3244 mouhid - ok

09:40:17.0203 3244 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:40:17.0203 3244 MountMgr - ok

09:40:17.0234 3244 mraid35x - ok

09:40:17.0296 3244 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:40:17.0296 3244 MRxDAV - ok

09:40:17.0375 3244 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:40:17.0375 3244 MRxSmb - ok

09:40:17.0421 3244 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

09:40:17.0437 3244 MSDTC - ok

09:40:17.0515 3244 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:40:17.0515 3244 Msfs - ok

09:40:17.0531 3244 MSIServer - ok

09:40:17.0562 3244 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:40:17.0562 3244 MSKSSRV - ok

09:40:17.0656 3244 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:40:17.0656 3244 MSPCLOCK - ok

09:40:17.0718 3244 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:40:17.0718 3244 MSPQM - ok

09:40:17.0765 3244 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:40:17.0765 3244 mssmbios - ok

09:40:17.0812 3244 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

09:40:17.0812 3244 Mup - ok

09:40:17.0906 3244 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

09:40:17.0921 3244 napagent - ok

09:40:17.0984 3244 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:40:17.0984 3244 NDIS - ok

09:40:18.0046 3244 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:40:18.0046 3244 NdisTapi - ok

09:40:18.0140 3244 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:40:18.0140 3244 Ndisuio - ok

09:40:18.0218 3244 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:40:18.0234 3244 NdisWan - ok

09:40:18.0265 3244 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

09:40:18.0265 3244 NDProxy - ok

09:40:18.0328 3244 NEC Usb3 - ok

09:40:18.0500 3244 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:40:18.0500 3244 NetBIOS - ok

09:40:18.0625 3244 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:40:18.0625 3244 NetBT - ok

09:40:18.0718 3244 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:40:18.0718 3244 NetDDE - ok

09:40:18.0734 3244 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

09:40:18.0734 3244 NetDDEdsdm - ok

09:40:18.0765 3244 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:40:18.0765 3244 Netlogon - ok

09:40:18.0843 3244 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

09:40:18.0859 3244 Netman - ok

09:40:19.0140 3244 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:40:19.0140 3244 NetTcpPortSharing - ok

09:40:19.0250 3244 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:40:19.0250 3244 NIC1394 - ok

09:40:19.0375 3244 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

09:40:19.0390 3244 Nla - ok

09:40:19.0453 3244 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:40:19.0453 3244 Npfs - ok

09:40:19.0515 3244 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:40:19.0531 3244 Ntfs - ok

09:40:19.0718 3244 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

09:40:19.0718 3244 NtLmSsp - ok

09:40:19.0843 3244 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

09:40:19.0875 3244 NtmsSvc - ok

09:40:19.0968 3244 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:40:19.0968 3244 Null - ok

09:40:20.0015 3244 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:40:20.0015 3244 NwlnkFlt - ok

09:40:20.0078 3244 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:40:20.0078 3244 NwlnkFwd - ok

09:40:20.0140 3244 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:40:20.0140 3244 ohci1394 - ok

09:40:20.0203 3244 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

09:40:20.0203 3244 ossrv - ok

09:40:20.0437 3244 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

09:40:20.0437 3244 Parport - ok

09:40:20.0484 3244 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:40:20.0500 3244 PartMgr - ok

09:40:20.0546 3244 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:40:20.0546 3244 ParVdm - ok

09:40:20.0578 3244 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:40:20.0578 3244 PCI - ok

09:40:20.0593 3244 PCIDump - ok

09:40:20.0609 3244 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:40:20.0609 3244 PCIIde - ok

09:40:20.0625 3244 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:40:20.0640 3244 Pcmcia - ok

09:40:20.0671 3244 PDCOMP - ok

09:40:20.0718 3244 PDFRAME - ok

09:40:20.0750 3244 PDRELI - ok

09:40:20.0781 3244 PDRFRAME - ok

09:40:20.0812 3244 perc2 - ok

09:40:20.0968 3244 perc2hib - ok

09:40:21.0062 3244 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

09:40:21.0062 3244 PlugPlay - ok

09:40:21.0125 3244 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:40:21.0140 3244 PolicyAgent - ok

09:40:21.0171 3244 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:40:21.0171 3244 PptpMiniport - ok

09:40:21.0234 3244 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:40:21.0234 3244 Processor - ok

09:40:21.0250 3244 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:40:21.0250 3244 ProtectedStorage - ok

09:40:21.0328 3244 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:40:21.0328 3244 PSched - ok

09:40:21.0468 3244 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:40:21.0468 3244 Ptilink - ok

09:40:21.0484 3244 ql1080 - ok

09:40:21.0484 3244 Ql10wnt - ok

09:40:21.0500 3244 ql12160 - ok

09:40:21.0515 3244 ql1240 - ok

09:40:21.0531 3244 ql1280 - ok

09:40:21.0562 3244 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:40:21.0578 3244 RasAcd - ok

09:40:21.0609 3244 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

09:40:21.0609 3244 RasAuto - ok

09:40:21.0687 3244 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:40:21.0687 3244 Rasl2tp - ok

09:40:21.0750 3244 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

09:40:21.0750 3244 RasMan - ok

09:40:21.0828 3244 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:40:21.0828 3244 RasPppoe - ok

09:40:21.0906 3244 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:40:21.0906 3244 Raspti - ok

09:40:22.0015 3244 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:40:22.0015 3244 Rdbss - ok

09:40:22.0062 3244 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:40:22.0062 3244 RDPCDD - ok

09:40:22.0109 3244 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

09:40:22.0109 3244 RDPWD - ok

09:40:22.0203 3244 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

09:40:22.0218 3244 RDSessMgr - ok

09:40:22.0296 3244 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:40:22.0296 3244 redbook - ok

09:40:22.0453 3244 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

09:40:22.0453 3244 RemoteAccess - ok

09:40:22.0531 3244 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

09:40:22.0531 3244 rimmptsk - ok

09:40:22.0656 3244 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

09:40:22.0656 3244 rimsptsk - ok

09:40:22.0671 3244 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

09:40:22.0671 3244 rismxdp - ok

09:40:22.0718 3244 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

09:40:22.0718 3244 RpcLocator - ok

09:40:22.0812 3244 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

09:40:22.0812 3244 RpcSs - ok

09:40:22.0890 3244 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

09:40:22.0890 3244 RSVP - ok

09:40:22.0921 3244 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

09:40:22.0921 3244 SamSs - ok

09:40:23.0078 3244 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

09:40:23.0078 3244 SCardSvr - ok

09:40:23.0265 3244 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

09:40:23.0281 3244 Schedule - ok

09:40:23.0390 3244 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

09:40:23.0390 3244 sdbus - ok

09:40:23.0437 3244 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:40:23.0437 3244 Secdrv - ok

09:40:23.0468 3244 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

09:40:23.0484 3244 seclogon - ok

09:40:23.0484 3244 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

09:40:23.0500 3244 SENS - ok

09:40:23.0515 3244 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

09:40:23.0515 3244 Serial - ok

09:40:23.0593 3244 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:40:23.0593 3244 Sfloppy - ok

09:40:23.0656 3244 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

09:40:23.0671 3244 SharedAccess - ok

09:40:23.0828 3244 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:40:23.0828 3244 ShellHWDetection - ok

09:40:23.0890 3244 Simbad - ok

09:40:23.0906 3244 Sparrow - ok

09:40:24.0093 3244 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

09:40:24.0140 3244 SpeedDiskService - ok

09:40:24.0218 3244 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:40:24.0218 3244 splitter - ok

09:40:24.0328 3244 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

09:40:24.0328 3244 Spooler - ok

09:40:24.0484 3244 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:40:24.0484 3244 sr - ok

09:40:24.0546 3244 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

09:40:24.0562 3244 srservice - ok

09:40:24.0640 3244 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

09:40:24.0640 3244 Srv - ok

09:40:24.0718 3244 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

09:40:24.0734 3244 SSDPSRV - ok

09:40:24.0906 3244 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

09:40:24.0968 3244 STHDA - ok

09:40:25.0109 3244 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

09:40:25.0109 3244 stisvc - ok

09:40:25.0125 3244 Subsonic - ok

09:40:25.0203 3244 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:40:25.0218 3244 swenum - ok

09:40:25.0234 3244 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:40:25.0250 3244 swmidi - ok

09:40:25.0265 3244 SwPrv - ok

09:40:25.0281 3244 symc810 - ok

09:40:25.0296 3244 symc8xx - ok

09:40:25.0343 3244 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\WINDOWS\system32\drivers\SymDSMon.sys

09:40:25.0343 3244 SymDSMon - ok

09:40:25.0421 3244 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\WINDOWS\system32\drivers\SymSpeedDisk.sys

09:40:25.0437 3244 SYMSpeedDisk - ok

09:40:25.0437 3244 sym_hi - ok

09:40:25.0453 3244 sym_u3 - ok

09:40:25.0500 3244 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys

09:40:25.0515 3244 SynTP - ok

09:40:25.0656 3244 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:40:25.0671 3244 sysaudio - ok

09:40:25.0687 3244 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

09:40:25.0703 3244 SysmonLog - ok

09:40:25.0750 3244 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

09:40:25.0750 3244 TapiSrv - ok

09:40:25.0843 3244 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:40:25.0843 3244 Tcpip - ok

09:40:25.0921 3244 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:40:25.0921 3244 TDPIPE - ok

09:40:25.0937 3244 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:40:25.0953 3244 TDTCP - ok

09:40:25.0968 3244 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:40:25.0968 3244 TermDD - ok

09:40:26.0015 3244 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

09:40:26.0031 3244 TermService - ok

09:40:26.0171 3244 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

09:40:26.0187 3244 Themes - ok

09:40:26.0203 3244 TosIde - ok

09:40:26.0265 3244 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

09:40:26.0281 3244 TrkWks - ok

09:40:26.0359 3244 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:40:26.0359 3244 Udfs - ok

09:40:26.0406 3244 ultra - ok

09:40:26.0453 3244 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:40:26.0468 3244 Update - ok

09:40:26.0593 3244 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

09:40:26.0593 3244 upnphost - ok

09:40:26.0625 3244 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

09:40:26.0640 3244 UPS - ok

09:40:26.0671 3244 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:40:26.0687 3244 usbehci - ok

09:40:26.0843 3244 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:40:26.0843 3244 usbhub - ok

09:40:26.0859 3244 usbohci - ok

09:40:26.0906 3244 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:40:26.0906 3244 usbprint - ok

09:40:26.0937 3244 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:40:26.0937 3244 USBSTOR - ok

09:40:27.0046 3244 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:40:27.0046 3244 usbuhci - ok

09:40:27.0062 3244 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:40:27.0062 3244 VgaSave - ok

09:40:27.0078 3244 ViaIde - ok

09:40:27.0109 3244 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:40:27.0125 3244 VolSnap - ok

09:40:27.0171 3244 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

09:40:27.0187 3244 VSS - ok

09:40:27.0328 3244 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

09:40:27.0328 3244 W32Time - ok

09:40:27.0437 3244 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:40:27.0437 3244 Wanarp - ok

09:40:27.0453 3244 WDICA - ok

09:40:27.0500 3244 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:40:27.0500 3244 wdmaud - ok

09:40:27.0578 3244 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

09:40:27.0593 3244 WebClient - ok

09:40:27.0656 3244 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

09:40:27.0687 3244 winachsf - ok

09:40:27.0796 3244 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

09:40:27.0796 3244 winmgmt - ok

09:40:27.0984 3244 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll

09:40:28.0031 3244 WinRM - ok

09:40:28.0093 3244 wltrysvc - ok

09:40:28.0250 3244 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

09:40:28.0250 3244 WmdmPmSN - ok

09:40:28.0375 3244 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

09:40:28.0375 3244 WmiAcpi - ok

09:40:28.0515 3244 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

09:40:28.0515 3244 WmiApSrv - ok

09:40:28.0625 3244 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

09:40:28.0671 3244 WMPNetworkSvc - ok

09:40:28.0828 3244 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:40:28.0859 3244 WPFFontCache_v0400 - ok

09:40:29.0046 3244 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:40:29.0046 3244 WS2IFSL - ok

09:40:29.0156 3244 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

09:40:29.0171 3244 wscsvc - ok

09:40:29.0234 3244 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

09:40:29.0234 3244 wuauserv - ok

09:40:29.0375 3244 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:40:29.0375 3244 WudfPf - ok

09:40:29.0406 3244 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:40:29.0421 3244 WudfRd - ok

09:40:29.0453 3244 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

09:40:29.0453 3244 WudfSvc - ok

09:40:29.0546 3244 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

09:40:29.0578 3244 WZCSVC - ok

09:40:29.0703 3244 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

09:40:29.0718 3244 xmlprov - ok

09:40:29.0750 3244 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

09:40:29.0968 3244 \Device\Harddisk0\DR0 - ok

09:40:29.0984 3244 Boot (0x1200) (30448e951b8987c7c4849e54dd7d8b78) \Device\Harddisk0\DR0\Partition0

09:40:29.0984 3244 \Device\Harddisk0\DR0\Partition0 - ok

09:40:29.0984 3244 ============================================================

09:40:29.0984 3244 Scan finished

09:40:29.0984 3244 ============================================================

09:40:30.0000 4068 Detected object count: 0

09:40:30.0000 4068 Actual detected object count: 0

eula.txt

ComboFix3.txt

ComboFix.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello,

The Zero Access rootkit is an extremely serious infection. We cannot help you to remove it in this particular sub-forum.

Let me suggest, if you're an MBAM customer, you contact the help desk at support@malwarebytes.org

Alternatively, Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Follow this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Please post there the contents of MBAM scan log & the DDS logs

Don't post your logs here.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.