Solved Infected by rootkit zeroaccess

[Broni]

Hold on....

 

[Broni]

The above link should work now.

 

[nbabe]

could downloaded and pasted junction....pasted command in run box...but I get the error message I dont have access (im still in normal mode)

do I do it in safe mode?

now bunch of spaces enters immediatrely after I pasted that command....obviously a bug of somekind

 

[Broni]

Please download Inherit by sUBs

• Drag and drop Junction.exe onto Inherit
• This shall restore permissions to the application
• The application should now run normally

Please indicate in your next post if this was successful.

 

[nbabe]

nope same error message in normal mode.
I placed inherit on desktop tried to drag into it junction but got the error message still

 

[Broni]

No, drag junction to Inherit.

 

[nbabe]

thats what Idid didnt work got the error message

 

[Broni]

OK, try junction from safe mode.

 

[nbabe]

in safe mode:


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

..
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


.

...

...

...

...

\\?\c:\\WINDOWS\$NtUninstallKB11101$\1503483375: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

...

..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.

...

...

...

...

...

...

...

...

...

...

...

...

...

..

 

[Broni]

That's it or is there more coming?

 

[nbabe]

nope that was the entire log....
I could run another one maybe it went wrong?

 

[Broni]

I think you did fine.

I don't see any issue there though.
Possibly your account got corrupted but let's run one more check first.

You can run this in safe mode.

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[nbabe]

i ran it in safe mode here is the log...noting was found:

22:04:36.0015 1204 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
22:04:36.0078 1204 ============================================================
22:04:36.0078 1204 Current date / time: 2012/04/08 22:04:36.0078
22:04:36.0078 1204 SystemInfo:
22:04:36.0078 1204
22:04:36.0078 1204 OS Version: 5.1.2600 ServicePack: 3.0
22:04:36.0078 1204 Product type: Workstation
22:04:36.0078 1204 ComputerName: NP
22:04:36.0078 1204 UserName: Owner
22:04:36.0078 1204 Windows directory: C:\WINDOWS
22:04:36.0078 1204 System windows directory: C:\WINDOWS
22:04:36.0078 1204 Processor architecture: Intel x86
22:04:36.0078 1204 Number of processors: 2
22:04:36.0078 1204 Page size: 0x1000
22:04:36.0078 1204 Boot type: Safe boot
22:04:36.0078 1204 ============================================================
22:04:46.0140 1204 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:04:46.0140 1204 Drive \Device\Harddisk1\DR4 - Size: 0x1DAC00000 (7.42 Gb), SectorSize: 0x200, Cylinders: 0x3C8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:04:46.0140 1204 \Device\Harddisk0\DR0:
22:04:46.0140 1204 MBR used
22:04:46.0140 1204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
22:04:46.0140 1204 \Device\Harddisk1\DR4:
22:04:46.0140 1204 MBR used
22:04:46.0140 1204 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xED4080
22:04:46.0171 1204 Initialize success
22:04:46.0171 1204 ============================================================
22:04:50.0375 1236 ============================================================
22:04:50.0375 1236 Scan started
22:04:50.0375 1236 Mode: Manual;
22:04:50.0375 1236 ============================================================
22:04:51.0828 1236 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:04:51.0859 1236 !SASCORE - ok
22:04:52.0359 1236 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:04:52.0359 1236 Aavmker4 - ok
22:04:52.0656 1236 Abiosdsk - ok
22:04:53.0000 1236 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:04:53.0000 1236 abp480n5 - ok
22:04:53.0343 1236 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:04:53.0390 1236 ACPI - ok
22:04:53.0703 1236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:04:53.0718 1236 ACPIEC - ok
22:04:54.0046 1236 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
22:04:54.0062 1236 adfs - ok
22:04:54.0390 1236 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:04:54.0421 1236 adpu160m - ok
22:04:54.0750 1236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:04:54.0781 1236 aec - ok
22:04:55.0125 1236 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:04:55.0171 1236 AFD - ok
22:04:55.0468 1236 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:04:55.0468 1236 agp440 - ok
22:04:55.0781 1236 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:04:55.0781 1236 agpCPQ - ok
22:04:56.0078 1236 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:04:56.0078 1236 Aha154x - ok
22:04:56.0390 1236 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:04:56.0406 1236 aic78u2 - ok
22:04:56.0718 1236 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:04:56.0734 1236 aic78xx - ok
22:04:57.0031 1236 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:04:57.0046 1236 Alerter - ok
22:04:57.0359 1236 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:04:57.0375 1236 ALG - ok
22:04:57.0656 1236 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:04:57.0671 1236 AliIde - ok
22:04:57.0968 1236 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:04:57.0984 1236 alim1541 - ok
22:04:58.0296 1236 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:04:58.0312 1236 amdagp - ok
22:04:58.0593 1236 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:04:58.0609 1236 amsint - ok
22:04:58.0875 1236 AppMgmt - ok
22:04:59.0187 1236 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:04:59.0203 1236 Arp1394 - ok
22:04:59.0500 1236 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:04:59.0500 1236 asc - ok
22:04:59.0812 1236 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:04:59.0828 1236 asc3350p - ok
22:05:00.0109 1236 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:05:00.0125 1236 asc3550 - ok
22:05:00.0406 1236 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:05:00.0421 1236 aspnet_state - ok
22:05:00.0734 1236 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
22:05:00.0750 1236 aswFsBlk - ok
22:05:01.0062 1236 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
22:05:01.0093 1236 aswMon2 - ok
22:05:01.0390 1236 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
22:05:01.0406 1236 aswRdr - ok
22:05:01.0734 1236 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
22:05:01.0765 1236 aswSP - ok
22:05:02.0109 1236 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
22:05:02.0125 1236 aswTdi - ok
22:05:02.0234 1236 aswUpdSv (5debc3519d489411073fa7e56ffb4a93) C:\Program Files\Avast4 antivirus\aswUpdSv.exe
22:05:02.0250 1236 aswUpdSv - ok
22:05:02.0562 1236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:05:02.0562 1236 AsyncMac - ok
22:05:02.0890 1236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:05:02.0890 1236 atapi - ok
22:05:03.0171 1236 Atdisk - ok
22:05:03.0453 1236 atkkeyboardservice - ok
22:05:03.0781 1236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:05:03.0796 1236 Atmarpc - ok
22:05:04.0109 1236 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:05:04.0125 1236 AudioSrv - ok
22:05:04.0437 1236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:05:04.0437 1236 audstub - ok
22:05:04.0578 1236 avast! Antivirus (0aaf6b848185899cf76ae04e62eab3d2) C:\Program Files\Avast4 antivirus\ashServ.exe
22:05:04.0625 1236 avast! Antivirus - ok
22:05:04.0750 1236 avast! Mail Scanner (b2f564dc59b67763c73269e1a9da7f18) C:\Program Files\Avast4 antivirus\ashMaiSv.exe
22:05:04.0828 1236 avast! Mail Scanner - ok
22:05:04.0968 1236 avast! Web Scanner (d86010c96abadda75356834d6113d37d) C:\Program Files\Avast4 antivirus\ashWebSv.exe
22:05:05.0078 1236 avast! Web Scanner - ok
22:05:05.0265 1236 BackupService (68b86dd9d455a6a8de6d13c84fb5ce31) C:\Documents and Settings\Owner\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
22:05:05.0296 1236 BackupService - ok
22:05:05.0671 1236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:05:05.0671 1236 Beep - ok
22:05:06.0078 1236 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:05:06.0171 1236 BITS - ok
22:05:06.0484 1236 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:05:06.0500 1236 Browser - ok
22:05:06.0515 1236 catchme - ok
22:05:06.0828 1236 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:05:06.0828 1236 cbidf - ok
22:05:07.0109 1236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:05:07.0125 1236 cbidf2k - ok
22:05:07.0406 1236 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:05:07.0421 1236 cd20xrnt - ok
22:05:07.0734 1236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:05:07.0734 1236 Cdaudio - ok
22:05:08.0062 1236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:05:08.0078 1236 Cdfs - ok
22:05:08.0390 1236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:05:08.0406 1236 Cdrom - ok
22:05:08.0687 1236 Changer - ok
22:05:09.0000 1236 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:05:09.0015 1236 CiSvc - ok
22:05:09.0312 1236 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:05:09.0312 1236 ClipSrv - ok
22:05:09.0593 1236 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:05:09.0609 1236 clr_optimization_v2.0.50727_32 - ok
22:05:09.0906 1236 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:05:09.0906 1236 CmdIde - ok
22:05:10.0171 1236 COMSysApp - ok
22:05:10.0500 1236 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:05:10.0500 1236 Cpqarray - ok
22:05:10.0578 1236 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
22:05:10.0593 1236 cpudrv - ok
22:05:10.0906 1236 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:05:10.0906 1236 CryptSvc - ok
22:05:11.0234 1236 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:05:11.0250 1236 dac2w2k - ok
22:05:11.0562 1236 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:05:11.0562 1236 dac960nt - ok
22:05:11.0968 1236 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:05:12.0093 1236 DcomLaunch - ok
22:05:12.0421 1236 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:05:12.0453 1236 Dhcp - ok
22:05:12.0765 1236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:05:12.0781 1236 Disk - ok
22:05:13.0031 1236 dmadmin - ok
22:05:13.0421 1236 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:05:13.0484 1236 dmboot - ok
22:05:13.0812 1236 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:05:13.0843 1236 dmio - ok
22:05:14.0156 1236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:05:14.0156 1236 dmload - ok
22:05:14.0437 1236 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:05:14.0437 1236 dmserver - ok
22:05:14.0750 1236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:05:14.0765 1236 DMusic - ok
22:05:15.0062 1236 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:05:15.0078 1236 Dnscache - ok
22:05:15.0406 1236 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:05:15.0437 1236 Dot3svc - ok
22:05:15.0734 1236 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:05:15.0750 1236 dpti2o - ok
22:05:16.0046 1236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:05:16.0046 1236 drmkaud - ok
22:05:16.0328 1236 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:05:16.0343 1236 EapHost - ok
22:05:16.0625 1236 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:05:16.0625 1236 ERSvc - ok
22:05:16.0953 1236 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:05:16.0968 1236 Eventlog - ok
22:05:17.0328 1236 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:05:17.0406 1236 EventSystem - ok
22:05:17.0750 1236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:05:17.0781 1236 Fastfat - ok
22:05:18.0109 1236 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:05:18.0156 1236 FastUserSwitchingCompatibility - ok
22:05:18.0468 1236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:05:18.0468 1236 Fdc - ok
22:05:18.0781 1236 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:05:18.0796 1236 Fips - ok
22:05:19.0078 1236 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:05:19.0218 1236 FLEXnet Licensing Service - ok
22:05:19.0515 1236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:05:19.0515 1236 Flpydisk - ok
22:05:19.0859 1236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:05:19.0890 1236 FltMgr - ok
22:05:20.0156 1236 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:05:20.0156 1236 FontCache3.0.0.0 - ok
22:05:20.0484 1236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:05:20.0484 1236 Fs_Rec - ok
22:05:20.0812 1236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:05:20.0843 1236 Ftdisk - ok
22:05:21.0171 1236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:05:21.0171 1236 Gpc - ok
22:05:21.0484 1236 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys
22:05:21.0515 1236 HdAudAddService - ok
22:05:21.0859 1236 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:05:21.0859 1236 HDAudBus - ok
22:05:22.0046 1236 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:05:22.0046 1236 helpsvc - ok
22:05:22.0343 1236 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:05:22.0359 1236 HidServ - ok
22:05:22.0687 1236 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:05:22.0687 1236 HidUsb - ok
22:05:22.0812 1236 HitmanProScheduler (f32005e90110de39032c9657a39e45ed) C:\Program Files\HitmanPro\hmpsched.exe
22:05:22.0843 1236 HitmanProScheduler - ok
22:05:23.0140 1236 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:05:23.0156 1236 hkmsvc - ok
22:05:23.0468 1236 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:05:23.0484 1236 hpn - ok
22:05:23.0812 1236 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:05:23.0828 1236 HPZid412 - ok
22:05:24.0125 1236 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:05:24.0125 1236 HPZipr12 - ok
22:05:24.0437 1236 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:05:24.0437 1236 HPZius12 - ok
22:05:24.0781 1236 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:05:24.0828 1236 HSFHWBS2 - ok
22:05:25.0359 1236 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:05:25.0562 1236 HSF_DP - ok
22:05:25.0937 1236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:05:25.0984 1236 HTTP - ok
22:05:26.0281 1236 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:05:26.0296 1236 HTTPFilter - ok
22:05:26.0609 1236 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:05:26.0609 1236 i2omgmt - ok
22:05:26.0906 1236 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:05:26.0906 1236 i2omp - ok
22:05:27.0234 1236 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:05:27.0250 1236 i8042prt - ok
22:05:27.0656 1236 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:05:27.0812 1236 idsvc - ok
22:05:28.0125 1236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:05:28.0140 1236 Imapi - ok
22:05:28.0468 1236 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:05:28.0500 1236 ImapiService - ok
22:05:28.0828 1236 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:05:28.0828 1236 ini910u - ok
22:05:29.0625 1236 IntcAzAudAddService (6364d8679b751e388036b517ae897b1c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:05:30.0093 1236 IntcAzAudAddService - ok
22:05:30.0375 1236 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:05:30.0375 1236 IntelIde - ok
22:05:30.0703 1236 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:05:30.0718 1236 intelppm - ok
22:05:31.0015 1236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:05:31.0031 1236 Ip6Fw - ok
22:05:31.0328 1236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:05:31.0343 1236 IpFilterDriver - ok
22:05:31.0656 1236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:05:31.0671 1236 IpInIp - ok
22:05:32.0000 1236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:05:32.0015 1236 IpNat - ok
22:05:32.0359 1236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:05:32.0375 1236 IPSec - ok
22:05:32.0687 1236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:05:32.0687 1236 IRENUM - ok
22:05:33.0000 1236 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:05:33.0015 1236 isapnp - ok
22:05:33.0234 1236 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
22:05:33.0265 1236 JavaQuickStarterService - ok
22:05:33.0593 1236 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:05:33.0593 1236 Kbdclass - ok
22:05:33.0890 1236 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:05:33.0906 1236 kbdhid - ok
22:05:34.0234 1236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:05:34.0281 1236 kmixer - ok
22:05:34.0609 1236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:05:34.0625 1236 KSecDD - ok
22:05:34.0953 1236 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:05:34.0984 1236 lanmanserver - ok
22:05:35.0312 1236 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:05:35.0359 1236 lanmanworkstation - ok
22:05:35.0640 1236 lbrtfdc - ok
22:05:35.0937 1236 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:05:35.0953 1236 LmHosts - ok
22:05:36.0265 1236 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:05:36.0281 1236 mdmxsdk - ok
22:05:36.0562 1236 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:05:36.0578 1236 Messenger - ok
22:05:36.0890 1236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:05:36.0890 1236 mnmdd - ok
22:05:37.0203 1236 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:05:37.0218 1236 mnmsrvc - ok
22:05:37.0515 1236 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:05:37.0531 1236 Modem - ok
22:05:37.0828 1236 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:05:37.0843 1236 Mouclass - ok
22:05:38.0125 1236 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:05:38.0140 1236 mouhid - ok
22:05:38.0453 1236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:05:38.0468 1236 MountMgr - ok
22:05:38.0750 1236 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:05:38.0765 1236 mraid35x - ok
22:05:39.0109 1236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:05:39.0140 1236 MRxDAV - ok
22:05:39.0609 1236 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:05:39.0750 1236 MRxSmb - ok
22:05:40.0015 1236 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:05:40.0015 1236 MSDTC - ok
22:05:40.0312 1236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:05:40.0328 1236 Msfs - ok
22:05:40.0593 1236 MSIServer - ok
22:05:40.0906 1236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:05:40.0906 1236 MSKSSRV - ok
22:05:41.0187 1236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:05:41.0187 1236 MSPCLOCK - ok
22:05:41.0515 1236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:05:41.0515 1236 MSPQM - ok
22:05:41.0843 1236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:05:41.0843 1236 mssmbios - ok
22:05:42.0171 1236 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:05:42.0203 1236 Mup - ok
22:05:42.0515 1236 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
22:05:42.0531 1236 mxnic - ok
22:05:42.0875 1236 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:05:42.0937 1236 napagent - ok
22:05:43.0296 1236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:05:43.0343 1236 NDIS - ok
22:05:43.0640 1236 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:05:43.0656 1236 NdisTapi - ok
22:05:43.0953 1236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:05:43.0953 1236 Ndisuio - ok
22:05:44.0281 1236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:05:44.0312 1236 NdisWan - ok
22:05:44.0625 1236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:05:44.0640 1236 NDProxy - ok
22:05:44.0968 1236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:05:44.0984 1236 NetBIOS - ok
22:05:45.0343 1236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:05:45.0390 1236 NetBT - ok
22:05:45.0718 1236 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:05:45.0734 1236 NetDDE - ok
22:05:45.0781 1236 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:05:45.0781 1236 NetDDEdsdm - ok
22:05:46.0062 1236 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:05:46.0062 1236 Netlogon - ok
22:05:46.0421 1236 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:05:46.0484 1236 Netman - ok
22:05:46.0718 1236 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:05:46.0750 1236 NetTcpPortSharing - ok
22:05:47.0078 1236 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:05:47.0093 1236 NIC1394 - ok
22:05:47.0468 1236 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:05:47.0531 1236 Nla - ok
22:05:47.0843 1236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:05:47.0843 1236 Npfs - ok
22:05:48.0312 1236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:05:48.0453 1236 Ntfs - ok
22:05:48.0765 1236 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:05:48.0765 1236 NtLmSsp - ok
22:05:49.0156 1236 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:05:49.0250 1236 NtmsSvc - ok
22:05:49.0562 1236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:05:49.0562 1236 Null - ok
22:05:50.0281 1236 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:05:50.0671 1236 nv - ok
22:05:50.0984 1236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:05:50.0984 1236 NwlnkFlt - ok
22:05:51.0281 1236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:05:51.0296 1236 NwlnkFwd - ok
22:05:51.0796 1236 OAcat (e39c22f9970f70adea735546ba4850c9) C:\Program Files\Online Armor\OAcat.exe
22:05:52.0187 1236 OAcat - ok
22:05:52.0546 1236 OADevice (57b641cd45e3dbd784aba7174724f4e0) C:\WINDOWS\system32\drivers\OADriver.sys
22:05:52.0593 1236 OADevice - ok
22:05:52.0890 1236 OAmon (f21b332dab65c9601267d8fc8c04899b) C:\WINDOWS\system32\drivers\OAmon.sys
22:05:52.0890 1236 OAmon - ok
22:05:53.0187 1236 OAnet (5577a7f637f02621cb643f0f470872fc) C:\WINDOWS\system32\drivers\OAnet.sys
22:05:53.0203 1236 OAnet - ok
22:05:53.0468 1236 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:05:53.0593 1236 odserv - ok
22:05:53.0906 1236 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:05:53.0937 1236 ohci1394 - ok
22:05:54.0046 1236 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:05:54.0093 1236 ose - ok
22:05:54.0421 1236 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
22:05:54.0437 1236 P3 - ok
22:05:54.0750 1236 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:05:54.0781 1236 Parport - ok
22:05:55.0062 1236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:05:55.0078 1236 PartMgr - ok
22:05:55.0375 1236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:05:55.0390 1236 ParVdm - ok
22:05:55.0718 1236 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:05:55.0734 1236 PCI - ok
22:05:56.0031 1236 PCIDump - ok
22:05:56.0343 1236 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:05:56.0343 1236 PCIIde - ok
22:05:56.0656 1236 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:05:56.0687 1236 Pcmcia - ok
22:05:56.0968 1236 PDCOMP - ok
22:05:57.0265 1236 PDFRAME - ok
22:05:57.0546 1236 PDRELI - ok
22:05:57.0843 1236 PDRFRAME - ok
22:05:58.0140 1236 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:05:58.0156 1236 perc2 - ok
22:05:58.0453 1236 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:05:58.0453 1236 perc2hib - ok
22:05:58.0812 1236 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:05:58.0812 1236 PlugPlay - ok
22:05:59.0109 1236 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:05:59.0109 1236 PolicyAgent - ok
22:05:59.0437 1236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:05:59.0437 1236 PptpMiniport - ok
22:05:59.0718 1236 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:05:59.0718 1236 ProtectedStorage - ok
22:06:00.0015 1236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:06:00.0015 1236 Ptilink - ok
22:06:00.0328 1236 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:06:00.0343 1236 PxHelp20 - ok
22:06:00.0640 1236 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:06:00.0656 1236 ql1080 - ok
22:06:00.0968 1236 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:06:00.0984 1236 Ql10wnt - ok
22:06:01.0281 1236 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:06:01.0296 1236 ql12160 - ok
22:06:01.0609 1236 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:06:01.0609 1236 ql1240 - ok
22:06:01.0921 1236 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:06:01.0937 1236 ql1280 - ok
22:06:02.0250 1236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:06:02.0250 1236 RasAcd - ok
22:06:02.0562 1236 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:06:02.0593 1236 RasAuto - ok
22:06:02.0906 1236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:06:02.0921 1236 Rasl2tp - ok
22:06:03.0265 1236 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:06:03.0328 1236 RasMan - ok
22:06:03.0625 1236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:06:03.0640 1236 RasPppoe - ok
22:06:03.0921 1236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:06:03.0937 1236 Raspti - ok
22:06:04.0281 1236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:06:04.0312 1236 Rdbss - ok
22:06:04.0609 1236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:06:04.0609 1236 RDPCDD - ok
22:06:04.0984 1236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:06:05.0031 1236 rdpdr - ok
22:06:05.0406 1236 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:06:05.0437 1236 RDPWD - ok
22:06:05.0781 1236 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:06:05.0812 1236 RDSessMgr - ok
22:06:06.0109 1236 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:06:06.0125 1236 redbook - ok
22:06:06.0421 1236 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:06:06.0437 1236 RemoteAccess - ok
22:06:06.0750 1236 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:06:06.0765 1236 RpcLocator - ok
22:06:07.0187 1236 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:06:07.0203 1236 RpcSs - ok
22:06:07.0531 1236 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:06:07.0562 1236 RSVP - ok
22:06:07.0875 1236 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:06:07.0875 1236 SamSs - ok
22:06:08.0015 1236 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:06:08.0031 1236 SASDIFSV - ok
22:06:08.0078 1236 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:06:08.0093 1236 SASKUTIL - ok
22:06:08.0406 1236 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:06:08.0437 1236 SCardSvr - ok
22:06:08.0765 1236 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:06:08.0828 1236 Schedule - ok
22:06:09.0000 1236 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:06:09.0078 1236 SeaPort - ok
22:06:09.0421 1236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:06:09.0437 1236 Secdrv - ok
22:06:09.0734 1236 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:06:09.0734 1236 seclogon - ok
22:06:10.0015 1236 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:06:10.0031 1236 SENS - ok
22:06:10.0343 1236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:06:10.0359 1236 serenum - ok
22:06:10.0656 1236 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:06:10.0671 1236 Serial - ok
22:06:11.0015 1236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:06:11.0015 1236 Sfloppy - ok
22:06:11.0375 1236 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:06:11.0437 1236 SharedAccess - ok
22:06:11.0781 1236 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:06:11.0796 1236 ShellHWDetection - ok
22:06:12.0062 1236 Simbad - ok
22:06:12.0390 1236 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:06:12.0406 1236 sisagp - ok
22:06:12.0734 1236 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:06:12.0734 1236 Sparrow - ok
22:06:13.0046 1236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:06:13.0046 1236 splitter - ok
22:06:13.0359 1236 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:06:13.0375 1236 Spooler - ok
22:06:13.0687 1236 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:06:13.0703 1236 sr - ok
22:06:14.0046 1236 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:06:14.0093 1236 srservice - ok
22:06:14.0515 1236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:06:14.0625 1236 Srv - ok
22:06:14.0921 1236 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:06:14.0953 1236 SSDPSRV - ok
22:06:15.0296 1236 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:06:15.0359 1236 stisvc - ok
22:06:16.0468 1236 SvcOnlineArmor (05cc0b4927e9110afe68212771601a2f) C:\Program Files\Online Armor\oasrv.exe
22:06:17.0515 1236 SvcOnlineArmor - ok
22:06:17.0875 1236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:06:17.0875 1236 swenum - ok
22:06:18.0203 1236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:06:18.0218 1236 swmidi - ok
22:06:18.0468 1236 SwPrv - ok
22:06:18.0812 1236 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:06:18.0828 1236 symc810 - ok
22:06:19.0125 1236 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:06:19.0125 1236 symc8xx - ok
22:06:19.0421 1236 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:06:19.0437 1236 sym_hi - ok
22:06:19.0734 1236 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:06:19.0734 1236 sym_u3 - ok
22:06:20.0062 1236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:06:20.0078 1236 sysaudio - ok
22:06:20.0390 1236 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:06:20.0406 1236 SysmonLog - ok
22:06:20.0781 1236 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:06:20.0859 1236 TapiSrv - ok
22:06:21.0234 1236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:06:21.0328 1236 Tcpip - ok
22:06:21.0625 1236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:06:21.0625 1236 TDPIPE - ok
22:06:21.0921 1236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:06:21.0937 1236 TDTCP - ok
22:06:22.0250 1236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:06:22.0250 1236 TermDD - ok
22:06:22.0625 1236 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:06:22.0718 1236 TermService - ok
22:06:23.0046 1236 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:06:23.0046 1236 Themes - ok
22:06:23.0359 1236 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:06:23.0375 1236 TosIde - ok
22:06:23.0656 1236 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:06:23.0687 1236 TrkWks - ok
22:06:24.0031 1236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:06:24.0046 1236 Udfs - ok
22:06:24.0343 1236 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:06:24.0359 1236 ultra - ok
22:06:24.0687 1236 UMAXPCLS (931e8cafcaa536e8252cd7a375ff9794) C:\WINDOWS\system32\DRIVERS\umaxpcls.sys
22:06:24.0687 1236 UMAXPCLS - ok
22:06:25.0125 1236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:06:25.0218 1236 Update - ok
22:06:25.0546 1236 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:06:25.0593 1236 upnphost - ok
22:06:25.0890 1236 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:06:25.0890 1236 UPS - ok
22:06:26.0203 1236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:06:26.0218 1236 usbccgp - ok
22:06:26.0531 1236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:06:26.0531 1236 usbehci - ok
22:06:26.0859 1236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:06:26.0875 1236 usbhub - ok
22:06:27.0203 1236 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:06:27.0203 1236 usbprint - ok
22:06:27.0515 1236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:06:27.0531 1236 usbscan - ok
22:06:27.0812 1236 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:06:27.0828 1236 USBSTOR - ok
22:06:28.0140 1236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:06:28.0140 1236 usbuhci - ok
22:06:28.0453 1236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:06:28.0468 1236 VgaSave - ok
22:06:28.0765 1236 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:06:28.0765 1236 viaagp - ok
22:06:29.0062 1236 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:06:29.0062 1236 ViaIde - ok
22:06:29.0359 1236 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:06:29.0375 1236 VolSnap - ok
22:06:29.0718 1236 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:06:29.0765 1236 VSS - ok
22:06:30.0125 1236 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:06:30.0187 1236 W32Time - ok
22:06:30.0515 1236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:06:30.0531 1236 Wanarp - ok
22:06:30.0812 1236 WDICA - ok
22:06:31.0140 1236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:06:31.0156 1236 wdmaud - ok
22:06:31.0468 1236 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:06:31.0500 1236 WebClient - ok
22:06:31.0921 1236 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:06:32.0046 1236 winachsf - ok
22:06:32.0453 1236 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:06:32.0484 1236 winmgmt - ok
22:06:32.0625 1236 WLSetupSvc - ok
22:06:32.0921 1236 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:06:32.0921 1236 WmdmPmSN - ok
22:06:33.0281 1236 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:06:33.0312 1236 WmiApSrv - ok
22:06:33.0671 1236 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:06:33.0953 1236 WMPNetworkSvc - ok
22:06:34.0281 1236 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:06:34.0296 1236 WpdUsb - ok
22:06:34.0625 1236 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:06:34.0625 1236 WS2IFSL - ok
22:06:34.0953 1236 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:06:34.0984 1236 wscsvc - ok
22:06:35.0281 1236 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:06:35.0281 1236 wuauserv - ok
22:06:35.0625 1236 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:06:35.0640 1236 WudfPf - ok
22:06:35.0968 1236 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:06:35.0984 1236 WudfRd - ok
22:06:36.0281 1236 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:06:36.0296 1236 WudfSvc - ok
22:06:36.0750 1236 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:06:36.0921 1236 WZCSVC - ok
22:06:37.0218 1236 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:06:37.0250 1236 xmlprov - ok
22:06:37.0593 1236 yukonwxp (121805040c826638ceb541bf968e7c5b) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
22:06:37.0640 1236 yukonwxp - ok
22:06:37.0703 1236 MBR (0x1B8) (a9bc6085158a2785b9eb6a494a4b11f1) \Device\Harddisk0\DR0
22:06:37.0890 1236 \Device\Harddisk0\DR0 - ok
22:06:37.0906 1236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
22:06:37.0921 1236 \Device\Harddisk1\DR4 - ok
22:06:37.0937 1236 Boot (0x1200) (04e9bcc2622f97ca73ad319b7648ccf5) \Device\Harddisk0\DR0\Partition0
22:06:37.0937 1236 \Device\Harddisk0\DR0\Partition0 - ok
22:06:37.0953 1236 Boot (0x1200) (c32e21daf64bb3d4177e8869e25bae7d) \Device\Harddisk1\DR4\Partition0
22:06:37.0953 1236 \Device\Harddisk1\DR4\Partition0 - ok
22:06:37.0953 1236 ============================================================
22:06:37.0953 1236 Scan finished
22:06:37.0953 1236 ============================================================
22:06:37.0984 1228 Detected object count: 0
22:06:37.0984 1228 Actual detected object count: 0

 

[Broni]

OK I need some explanation then.
You can run some programs as I can see.

What you CAN NOT run?

 

[nbabe]

in safe mode I have acccess to my programs and files (i just checked) but in normal mode I have access to nothing except (since you helped me this afternoon) internet. Which was acting up (couldnt drag the page up or down). thats it. its as if in normal mode im blocked

oups I always was able this week to run mbam in normal mode. so internet and mbam but no other software (although I didnt try them all) and not my documents (tried a few in case it was only software attacked?) I always get this error message as if im not authorized or have no access

update I will log out now and bbl tomorrow early am. illboot again first in normal mode in case something changed and let u know but I think somehow I am block as if my account isnt admin no more (but some software should work the no?) dnt forget all the test were run in safe mode since I could nt run nothing in normal mode (might it change anything?)

 

[Broni]

You're able to run TDSSKiller from normal mode somehow.
Also when your internet connection came back you said:

google page came up

Came up where?

 

[nbabe]

Nope Tdssiller was run in safe mode like all the other software.

This morning I double checked what I could use now in normal mode.
Internet works, my burning sofware nero, microsoft word, excel, powerpoint documents and still mbam (since now it would update I updated it but did not run it). I just opened them did not use them..

NOthing from pdf, not my plan software (home plans nor can I open just the plans or any pdf documents) ai, and lots of other software such as mgi (photo edition software), winxp manager, or any antivirus (rkiller, tdsskiller, combo fix) real player windows player, aesoft dvd creator, tried 2 games etc.

Basically I went to see (example my home plans program) if it was still in programs and it was. I tried to click on the exe there to open it (in case it would have been the icon on my desktop that would be corrupted ....and it still gave me that error message I told u about 2-3 days ago.

Then in safe mode I didnt try all but I could open pdf files and other softwares of which im block in normal mode.

I attached the error message I keep getting. Hope this helps to understand the problem.


Any ideas?

 

[Broni]

OK. Create new profile with administrator rights, login to it and see if you have same problem there.

 

[nbabe]

I created in normal mode another log on with admin. when it opened Ireceved this error message.

Then I tried 2 sofwares I know i couldnt open and received the same error message that Icant access it. BTW im still using the laptop internets connections since I still hve problems with the other computer(just letting u know why im slow sometimes to reply)

ok heres the message
wouldnt save too big a file moret hen 200kb

 

[Broni]

Can you re-run Combofix from normal mode?

 

[nbabe]

no and tried mine and new log and changed the name of combo fix

 

[Broni]

What happens when you try to run it?

 

[nbabe]

I get the eternal message I attached this morning.

windows cannot access the specified deveice path or file. you may not have the appropriate permission to access the item

 

[Broni]

Do you have Windows XP CD?

 

[nbabe]

this is a gateway computer. I have gateway cds but they dont givea separate cd for xp...its intalled with everything whne you load gateway