Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

screen317 results


  • Please log in to reply
8 replies to this topic

#1 coachrob

coachrob

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 15 April 2012 - 01:30 PM

Results of screen317's Security Check version

0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is

not running! This report may not be

accurate!

Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
EasyCleaner
Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Edited by Budapest, 15 April 2012 - 03:03 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 15 April 2012 - 07:50 PM

Please run these next.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>>>
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Finally.... Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 coachrob

coachrob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 17 April 2012 - 09:19 PM

Sorry.. the tdds was closed by one of my kids after it found several items and removed it. I followed the rest of your instructions and here is the text files for the other two.

Eset:
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\37\37fa2325-5561156c Java/Exploit.Agent.NAT trojan deleted - quarantined
C:\TDSSKiller_Quarantine\17.04.2012_17.01.33\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.04.2012_17.01.33\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.04.2012_17.01.33\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.04.2012_17.01.33\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.04.2012_17.01.33\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.04.2012_17.01.33\zaea0001\svc0000\tsk0000.dta Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\DCamUSBGrandTek.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\g400.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\ggsemc.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\ipfilterdriver.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\keriomailserver.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\mcvsrte.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\ntlmssp.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\SQLAgent$ABBEYIIOFFLINE.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\tdrpman174.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\tvs.dll Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\netbt.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
F:\frostwire-4.21.6.windows.exe Win32/OpenCandy application deleted - quarantined
F:\winamp5601_full_bundle_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
F:\Resource Drive stuff\Backup\Internet\GetRight 5.02 (w-Crack).zip a variant of Win32/Keygen.CY application deleted - quarantined

Malwarebytes:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.18.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Rob :: QB [administrator]

4/17/2012 6:47:34 PM
mbam-log-2012-04-17 (18-47-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384385
Time elapsed: 26 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 17 April 2012 - 09:27 PM

That looks very good.. The TDSS log shoould be here..
By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Reboot the computer.. are you running the SAS and MINI scan??

Edited by boopme, 17 April 2012 - 09:27 PM.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 coachrob

coachrob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 17 April 2012 - 09:33 PM

SAS or MINI scan? I will if I know what those are..

here is the TDDS scan:
17:01:32.0156 2708 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:01:33.0000 2708 ============================================================
17:01:33.0000 2708 Current date / time: 2012/04/17 17:01:33.0000
17:01:33.0000 2708 SystemInfo:
17:01:33.0000 2708
17:01:33.0000 2708 OS Version: 5.1.2600 ServicePack: 3.0
17:01:33.0000 2708 Product type: Workstation
17:01:33.0000 2708 ComputerName: QB
17:01:33.0015 2708 UserName: Rob
17:01:33.0015 2708 Windows directory: C:\WINDOWS
17:01:33.0015 2708 System windows directory: C:\WINDOWS
17:01:33.0015 2708 Processor architecture: Intel x86
17:01:33.0015 2708 Number of processors: 1
17:01:33.0015 2708 Page size: 0x1000
17:01:33.0015 2708 Boot type: Safe boot with network
17:01:33.0015 2708 ============================================================
17:01:33.0500 2708 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
17:01:33.0500 2708 \Device\Harddisk0\DR0:
17:01:33.0500 2708 MBR used
17:01:33.0500 2708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x927B5DA
17:01:33.0500 2708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x927B658, BlocksNum 0x3D08FC7E
17:01:33.0515 2708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4630B315, BlocksNum 0xC34F28D
17:01:33.0531 2708 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5265A5E1, BlocksNum 0x220AB3E0
17:01:33.0671 2708 Initialize success
17:01:33.0671 2708 ============================================================
17:01:47.0296 2768 ============================================================
17:01:47.0296 2768 Scan started
17:01:47.0296 2768 Mode: Manual;
17:01:47.0296 2768 ============================================================
17:01:47.0437 2768 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:01:47.0437 2768 !SASCORE - ok
17:01:47.0625 2768 a016bus - ok
17:01:47.0656 2768 aalogger - ok
17:01:47.0718 2768 aawservice - ok
17:01:47.0765 2768 Abiosdsk - ok
17:01:47.0796 2768 abp480n5 - ok
17:01:47.0875 2768 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:01:47.0875 2768 ACPI - ok
17:01:47.0921 2768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:01:47.0921 2768 ACPIEC - ok
17:01:47.0984 2768 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:01:47.0984 2768 AdobeFlashPlayerUpdateSvc - ok
17:01:48.0031 2768 adpu160m - ok
17:01:48.0078 2768 adpu320 - ok
17:01:48.0140 2768 AEAudioService - ok
17:01:48.0203 2768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:01:48.0203 2768 aec - ok
17:01:48.0234 2768 aexnsclient - ok
17:01:48.0296 2768 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:01:48.0296 2768 AFD - ok
17:01:48.0359 2768 Aha154x - ok
17:01:48.0390 2768 aic116x - ok
17:01:48.0437 2768 aic78u2 - ok
17:01:48.0468 2768 aic78xx - ok
17:01:48.0500 2768 ALABULK - ok
17:01:48.0562 2768 alcan5wn - ok
17:01:48.0609 2768 alcaudsl - ok
17:01:48.0656 2768 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:01:48.0671 2768 Alerter - ok
17:01:48.0703 2768 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:01:48.0703 2768 ALG - ok
17:01:48.0750 2768 AliIde - ok
17:01:48.0812 2768 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
17:01:48.0812 2768 AmdK7 - ok
17:01:48.0843 2768 amdk77 - ok
17:01:48.0890 2768 amsint - ok
17:01:48.0937 2768 anio - ok
17:01:48.0968 2768 appdrv - ok
17:01:49.0046 2768 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:01:49.0062 2768 Apple Mobile Device - ok
17:01:49.0109 2768 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:01:49.0109 2768 AppMgmt - ok
17:01:49.0156 2768 arrayssl_vpn_service3,0,1,9 - ok
17:01:49.0203 2768 As6frin - ok
17:01:49.0234 2768 asc - ok
17:01:49.0281 2768 asc3350p - ok
17:01:49.0312 2768 asc3550 - ok
17:01:49.0359 2768 ASLDRService - ok
17:01:49.0406 2768 aspi32 - ok
17:01:49.0453 2768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:01:49.0453 2768 AsyncMac - ok
17:01:49.0500 2768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:01:49.0500 2768 atapi - ok
17:01:49.0546 2768 Atdisk - ok
17:01:49.0593 2768 atiavaiw (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\g400.dll
17:01:49.0625 2768 atiavaiw ( Backdoor.Multi.ZAccess.gen ) - infected
17:01:49.0625 2768 atiavaiw - detected Backdoor.Multi.ZAccess.gen (0)
17:01:49.0671 2768 atierecord - ok
17:01:49.0703 2768 atikmdag - ok
17:01:49.0750 2768 ATIVXSTW - ok
17:01:49.0796 2768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:49.0796 2768 Atmarpc - ok
17:01:49.0843 2768 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:01:49.0843 2768 AudioSrv - ok
17:01:49.0890 2768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:49.0890 2768 audstub - ok
17:01:49.0937 2768 autostore - ok
17:01:49.0984 2768 AVerTV - ok
17:01:50.0031 2768 avgems - ok
17:01:50.0062 2768 avgio - ok
17:01:50.0109 2768 avupdsvc - ok
17:01:50.0140 2768 axskbus - ok
17:01:50.0234 2768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:01:50.0234 2768 Beep - ok
17:01:50.0265 2768 bglivesvc - ok
17:01:50.0328 2768 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:01:50.0359 2768 BITS - ok
17:01:50.0406 2768 Blfp - ok
17:01:50.0500 2768 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:01:50.0500 2768 Bonjour Service - ok
17:01:50.0531 2768 bridge - ok
17:01:50.0593 2768 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:01:50.0593 2768 Browser - ok
17:01:50.0687 2768 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
17:01:50.0718 2768 Browser Defender Update Service - ok
17:01:50.0765 2768 bt3cser - ok
17:01:50.0796 2768 bt3cusb - ok
17:01:50.0828 2768 bthmodem - ok
17:01:50.0875 2768 CamAv - ok
17:01:50.0906 2768 catchme - ok
17:01:50.0984 2768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:50.0984 2768 cbidf2k - ok
17:01:51.0015 2768 CBN - ok
17:01:51.0062 2768 ccalib8 - ok
17:01:51.0109 2768 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:01:51.0109 2768 CCDECODE - ok
17:01:51.0140 2768 ccsetmgr - ok
17:01:51.0187 2768 cd20xrnt - ok
17:01:51.0234 2768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:51.0234 2768 Cdaudio - ok
17:01:51.0296 2768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:51.0296 2768 Cdfs - ok
17:01:51.0343 2768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:51.0343 2768 Cdrom - ok
17:01:51.0375 2768 Changer - ok
17:01:51.0421 2768 cicssfs.scmmc223 - ok
17:01:51.0468 2768 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:01:51.0468 2768 CiSvc - ok
17:01:51.0500 2768 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:01:51.0500 2768 ClipSrv - ok
17:01:51.0546 2768 cmbatt - ok
17:01:51.0593 2768 CmdIde - ok
17:01:51.0640 2768 COMSysApp - ok
17:01:51.0703 2768 cpqalert - ok
17:01:51.0734 2768 Cpqarray - ok
17:01:51.0796 2768 cqmghost - ok
17:01:51.0828 2768 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:01:51.0843 2768 CryptSvc - ok
17:01:51.0875 2768 cs429x - ok
17:01:51.0921 2768 CTHWIUT.DLL - ok
17:01:51.0953 2768 ctxcpusched - ok
17:01:52.0000 2768 cvslock - ok
17:01:52.0046 2768 cwafadmincontroller - ok
17:01:52.0093 2768 cwbrxd - ok
17:01:52.0140 2768 dac2w2k - ok
17:01:52.0171 2768 dac960nt - ok
17:01:52.0218 2768 db2licd - ok
17:01:52.0281 2768 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:01:52.0281 2768 DcomLaunch - ok
17:01:52.0328 2768 Defrag32b - ok
17:01:52.0375 2768 defragfs - ok
17:01:52.0421 2768 DELL_A02 - ok
17:01:52.0468 2768 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:01:52.0468 2768 Dhcp - ok
17:01:52.0515 2768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:52.0515 2768 Disk - ok
17:01:52.0609 2768 Diskeeper (8de63889d8d406eeeff7f9bd5e51a901) C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
17:01:52.0625 2768 Diskeeper - ok
17:01:52.0656 2768 dkeysync - ok
17:01:52.0687 2768 dlaifs_m - ok
17:01:52.0734 2768 dlaudf_m - ok
17:01:52.0765 2768 dlbu_device - ok
17:01:52.0796 2768 dlcg_device - ok
17:01:52.0843 2768 dmadmin - ok
17:01:52.0921 2768 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:01:52.0937 2768 dmboot - ok
17:01:53.0000 2768 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:01:53.0000 2768 dmio - ok
17:01:53.0062 2768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:01:53.0062 2768 dmload - ok
17:01:53.0109 2768 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:01:53.0109 2768 dmserver - ok
17:01:53.0171 2768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:01:53.0171 2768 DMusic - ok
17:01:53.0218 2768 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:01:53.0218 2768 Dnscache - ok
17:01:53.0265 2768 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:01:53.0281 2768 Dot3svc - ok
17:01:53.0312 2768 dot4scan - ok
17:01:53.0343 2768 dpti2o - ok
17:01:53.0406 2768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:53.0421 2768 drmkaud - ok
17:01:53.0453 2768 DSXUSB - ok
17:01:53.0484 2768 EACSys - ok
17:01:53.0546 2768 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:01:53.0546 2768 EapHost - ok
17:01:53.0578 2768 elservice - ok
17:01:53.0625 2768 epson_pm_rpcv4_01 - ok
17:01:53.0656 2768 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:01:53.0671 2768 ERSvc - ok
17:01:53.0718 2768 eskerlicensecontrol - ok
17:01:53.0765 2768 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:01:53.0765 2768 Eventlog - ok
17:01:53.0828 2768 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:01:53.0828 2768 EventSystem - ok
17:01:53.0875 2768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:01:53.0875 2768 Fastfat - ok
17:01:53.0937 2768 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:01:53.0953 2768 FastUserSwitchingCompatibility - ok
17:01:53.0984 2768 Fd16_700 - ok
17:01:54.0031 2768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:01:54.0031 2768 Fdc - ok
17:01:54.0062 2768 FiltUSBEMPIA - ok
17:01:54.0093 2768 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:01:54.0109 2768 Fips - ok
17:01:54.0187 2768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:01:54.0187 2768 Flpydisk - ok
17:01:54.0218 2768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:01:54.0234 2768 FltMgr - ok
17:01:54.0265 2768 FreeTdi - ok
17:01:54.0328 2768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:01:54.0328 2768 Fs_Rec - ok
17:01:54.0375 2768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:01:54.0390 2768 Ftdisk - ok
17:01:54.0437 2768 ftrtsvc - ok
17:01:54.0515 2768 fuj02b1 - ok
17:01:54.0562 2768 gameenum - ok
17:01:54.0609 2768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:01:54.0609 2768 GEARAspiWDM - ok
17:01:54.0640 2768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:01:54.0640 2768 Gpc - ok
17:01:54.0671 2768 grmnusb - ok
17:01:54.0703 2768 GT890x - ok
17:01:54.0796 2768 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:01:54.0796 2768 gupdate - ok
17:01:54.0828 2768 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:01:54.0828 2768 gupdatem - ok
17:01:54.0859 2768 gusvc - ok
17:01:54.0906 2768 ha20x2k - ok
17:01:54.0953 2768 HabuFltr - ok
17:01:55.0000 2768 hclinetd - ok
17:01:55.0046 2768 helpsvc - ok
17:01:55.0078 2768 HFACSVC - ok
17:01:55.0125 2768 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:01:55.0125 2768 HidServ - ok
17:01:55.0156 2768 HIDSwvd - ok
17:01:55.0218 2768 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:55.0218 2768 hidusb - ok
17:01:55.0281 2768 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:01:55.0281 2768 hkmsvc - ok
17:01:55.0312 2768 houdiniserver - ok
17:01:55.0359 2768 hpn - ok
17:01:55.0437 2768 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:01:55.0437 2768 HPZid412 - ok
17:01:55.0484 2768 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:01:55.0484 2768 HPZipr12 - ok
17:01:55.0546 2768 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:01:55.0546 2768 HPZius12 - ok
17:01:55.0593 2768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:55.0609 2768 HTTP - ok
17:01:55.0656 2768 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:01:55.0656 2768 HTTPFilter - ok
17:01:55.0703 2768 i2omgmt - ok
17:01:55.0750 2768 i2omp - ok
17:01:55.0796 2768 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:55.0796 2768 i8042prt - ok
17:01:55.0828 2768 iaimtv0 - ok
17:01:55.0875 2768 ibmcicstransactiongateway - ok
17:01:55.0906 2768 ICM10USB - ok
17:01:55.0953 2768 icollectservice - ok
17:01:56.0000 2768 id2scaps - ok
17:01:56.0093 2768 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:01:56.0109 2768 IDriverT - ok
17:01:56.0140 2768 ifp800 - ok
17:01:56.0218 2768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:56.0218 2768 Imapi - ok
17:01:56.0281 2768 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
17:01:56.0281 2768 ImapiService - ok
17:01:56.0328 2768 ini910u - ok
17:01:56.0390 2768 IntelC51 - ok
17:01:56.0437 2768 IntelIde - ok
17:01:56.0484 2768 InterBaseGuardian - ok
17:01:56.0531 2768 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:01:56.0546 2768 ip6fw - ok
17:01:56.0578 2768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:56.0578 2768 IpFilterDriver - ok
17:01:56.0625 2768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:56.0625 2768 IpInIp - ok
17:01:56.0671 2768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:56.0687 2768 IpNat - ok
17:01:56.0765 2768 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
17:01:56.0781 2768 iPod Service - ok
17:01:56.0828 2768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:56.0828 2768 IPSec - ok
17:01:56.0859 2768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:56.0875 2768 IRENUM - ok
17:01:56.0937 2768 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:56.0937 2768 isapnp - ok
17:01:57.0000 2768 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
17:01:57.0000 2768 JavaQuickStarterService - ok
17:01:57.0046 2768 JL2005C - ok
17:01:57.0093 2768 k750mdm - ok
17:01:57.0140 2768 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:57.0140 2768 Kbdclass - ok
17:01:57.0203 2768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:01:57.0203 2768 kmixer - ok
17:01:57.0250 2768 KMW_KBD - ok
17:01:57.0328 2768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:57.0328 2768 KSecDD - ok
17:01:57.0359 2768 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:01:57.0375 2768 lanmanserver - ok
17:01:57.0421 2768 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:01:57.0437 2768 lanmanworkstation - ok
17:01:57.0468 2768 lbrtfdc - ok
17:01:57.0546 2768 lightscribeservice - ok
17:01:57.0593 2768 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:01:57.0593 2768 LmHosts - ok
17:01:57.0640 2768 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
17:01:57.0640 2768 LVPr2Mon - ok
17:01:57.0718 2768 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
17:01:57.0734 2768 LVPrcSrv - ok
17:01:57.0765 2768 lvupdtio - ok
17:01:57.0812 2768 lxbt_device - ok
17:01:57.0843 2768 MA8032U - ok
17:01:57.0890 2768 MASPINT - ok
17:01:57.0921 2768 maxbackserviceint - ok
17:01:57.0968 2768 McciCMService - ok
17:01:58.0000 2768 mclogmanagerservice - ok
17:01:58.0046 2768 mcontrol - ok
17:01:58.0093 2768 merakpop3 - ok
17:01:58.0140 2768 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:01:58.0140 2768 Messenger - ok
17:01:58.0187 2768 mgisvr - ok
17:01:58.0234 2768 mi-raysat_3dsMax2008_32 - ok
17:01:58.0296 2768 Microsoft SharePoint Workspace Audit Service - ok
17:01:58.0343 2768 MMRTKRNL - ok
17:01:58.0406 2768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:01:58.0406 2768 mnmdd - ok
17:01:58.0453 2768 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
17:01:58.0468 2768 mnmsrvc - ok
17:01:58.0500 2768 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:01:58.0500 2768 Modem - ok
17:01:58.0546 2768 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:01:58.0546 2768 Mouclass - ok
17:01:58.0609 2768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:01:58.0609 2768 mouhid - ok
17:01:58.0656 2768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:01:58.0656 2768 MountMgr - ok
17:01:58.0703 2768 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:01:58.0718 2768 MpFilter - ok
17:01:58.0750 2768 mpfservice - ok
17:01:58.0843 2768 MpKsl707e6b44 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{930CEF82-AEC5-4C7E-8E5E-325AC930A4B9}\MpKsl707e6b44.sys
17:01:58.0843 2768 MpKsl707e6b44 - ok
17:01:58.0890 2768 mps9 - ok
17:01:58.0921 2768 mraid35x - ok
17:01:58.0968 2768 MRENDIS5 - ok
17:01:59.0000 2768 mrpostman - ok
17:01:59.0046 2768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:01:59.0046 2768 MRxDAV - ok
17:01:59.0109 2768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:01:59.0125 2768 MRxSmb - ok
17:01:59.0156 2768 MS1000 - ok
17:01:59.0203 2768 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
17:01:59.0203 2768 MSDTC - ok
17:01:59.0250 2768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:01:59.0250 2768 Msfs - ok
17:01:59.0296 2768 msgsrvservice - ok
17:01:59.0328 2768 MSIServer - ok
17:01:59.0375 2768 msk80service - ok
17:01:59.0437 2768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:01:59.0437 2768 MSKSSRV - ok
17:01:59.0531 2768 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:01:59.0531 2768 MsMpSvc - ok
17:01:59.0578 2768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:01:59.0578 2768 MSPCLOCK - ok
17:01:59.0640 2768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:01:59.0640 2768 MSPQM - ok
17:01:59.0687 2768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:01:59.0687 2768 mssmbios - ok
17:01:59.0734 2768 mssql$microsoftsmlbiz - ok
17:01:59.0781 2768 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:01:59.0781 2768 MSTEE - ok
17:01:59.0828 2768 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:01:59.0828 2768 Mup - ok
17:01:59.0875 2768 mwagent - ok
17:01:59.0921 2768 mwssched - ok
17:01:59.0984 2768 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:01:59.0984 2768 NABTSFEC - ok
17:02:00.0015 2768 naimagent32 - ok
17:02:00.0093 2768 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:02:00.0093 2768 napagent - ok
17:02:00.0140 2768 ndasscsi - ok
17:02:00.0203 2768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:02:00.0218 2768 NDIS - ok
17:02:00.0250 2768 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:02:00.0250 2768 NdisIP - ok
17:02:00.0312 2768 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:02:00.0312 2768 NdisTapi - ok
17:02:00.0359 2768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:02:00.0359 2768 Ndisuio - ok
17:02:00.0406 2768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:02:00.0406 2768 NdisWan - ok
17:02:00.0468 2768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:02:00.0468 2768 NDProxy - ok
17:02:00.0500 2768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:02:00.0515 2768 NetBIOS - ok
17:02:00.0562 2768 NetBT (d33ac9743481d89e0a17601992630e70) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:02:00.0562 2768 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: d33ac9743481d89e0a17601992630e70, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
17:02:00.0562 2768 NetBT ( Virus.Win32.ZAccess.k ) - infected
17:02:00.0562 2768 NetBT - detected Virus.Win32.ZAccess.k (0)
17:02:00.0609 2768 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:02:00.0625 2768 NetDDE - ok
17:02:00.0656 2768 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:02:00.0656 2768 NetDDEdsdm - ok
17:02:00.0703 2768 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:02:00.0703 2768 Netlogon - ok
17:02:00.0750 2768 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:02:00.0750 2768 Netman - ok
17:02:00.0796 2768 nimxdfk - ok
17:02:00.0828 2768 NIPALK - ok
17:02:00.0890 2768 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:02:00.0906 2768 Nla - ok
17:02:00.0953 2768 nod32krn - ok
17:02:01.0000 2768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:02:01.0000 2768 Npfs - ok
17:02:01.0031 2768 NTACCESS - ok
17:02:01.0093 2768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:02:01.0109 2768 Ntfs - ok
17:02:01.0125 2768 ntgrip - ok
17:02:01.0171 2768 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:02:01.0187 2768 NtLmSsp - ok
17:02:01.0250 2768 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:02:01.0250 2768 NtmsSvc - ok
17:02:01.0296 2768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:02:01.0312 2768 Null - ok
17:02:01.0500 2768 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:02:01.0625 2768 nv - ok
17:02:01.0687 2768 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
17:02:01.0687 2768 nvatabus - ok
17:02:01.0734 2768 nvax (47b3852808dd579a463fce7085b77413) C:\WINDOWS\system32\drivers\nvax.sys
17:02:01.0750 2768 nvax - ok
17:02:01.0781 2768 NVENET - ok
17:02:01.0828 2768 nvenetfd - ok
17:02:01.0875 2768 nvlddmkm - ok
17:02:01.0937 2768 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\WINDOWS\system32\drivers\nvapu.sys
17:02:01.0937 2768 nvnforce - ok
17:02:01.0968 2768 NVR0FLASHDev - ok
17:02:02.0031 2768 nvraid - ok
17:02:02.0078 2768 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\WINDOWS\system32\nvsvc32.exe
17:02:02.0078 2768 NVSvc - ok
17:02:02.0125 2768 NVXBAR - ok
17:02:02.0203 2768 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
17:02:02.0203 2768 nv_agp - ok
17:02:02.0234 2768 NWDHCP - ok
17:02:02.0312 2768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:02:02.0312 2768 NwlnkFlt - ok
17:02:02.0359 2768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:02:02.0359 2768 NwlnkFwd - ok
17:02:02.0390 2768 NWUSBModem - ok
17:02:02.0437 2768 odserv - ok
17:02:02.0468 2768 OEM02Dev - ok
17:02:02.0515 2768 ooclevercacheagent - ok
17:02:02.0562 2768 oracle%oracle_home_service%clientcache80 - ok
17:02:02.0593 2768 oracle_load_balancer_60_client-forms6i - ok
17:02:02.0640 2768 oracle_load_balancer_60_client-forms6ip9 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Pnp680r.dll
17:02:02.0656 2768 oracle_load_balancer_60_client-forms6ip9 ( Backdoor.Multi.ZAccess.gen ) - infected
17:02:02.0656 2768 oracle_load_balancer_60_client-forms6ip9 - detected Backdoor.Multi.ZAccess.gen (0)
17:02:02.0687 2768 oracle_load_balancer_60_server-forms6ip9 - ok
17:02:02.0750 2768 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:02:02.0750 2768 ose - ok
17:02:02.0890 2768 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:02:02.0984 2768 osppsvc - ok
17:02:03.0046 2768 paamsrv - ok
17:02:03.0093 2768 PAC7302 - ok
17:02:03.0359 2768 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:02:03.0359 2768 Parport - ok
17:02:03.0421 2768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:02:03.0421 2768 PartMgr - ok
17:02:03.0468 2768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:02:03.0468 2768 ParVdm - ok
17:02:03.0500 2768 pavagente - ok
17:02:03.0546 2768 pavprsrv - ok
17:02:03.0593 2768 pavreport - ok
17:02:03.0640 2768 PBADRV - ok
17:02:03.0671 2768 Pcatip - ok
17:02:03.0718 2768 PcdrNt - ok
17:02:03.0750 2768 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:02:03.0750 2768 PCI - ok
17:02:03.0781 2768 PciBus - ok
17:02:03.0843 2768 PCIDump - ok
17:02:03.0906 2768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:02:03.0906 2768 PCIIde - ok
17:02:03.0921 2768 PCISys - ok
17:02:03.0984 2768 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:02:04.0000 2768 Pcmcia - ok
17:02:04.0046 2768 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
17:02:04.0046 2768 PCTBD - ok
17:02:04.0125 2768 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
17:02:04.0140 2768 PCTCore - ok
17:02:04.0187 2768 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\WINDOWS\system32\drivers\pctDS.sys
17:02:04.0203 2768 pctDS - ok
17:02:04.0250 2768 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\WINDOWS\system32\Drivers\PCTSD.sys
17:02:04.0250 2768 PCTSD - ok
17:02:04.0296 2768 PDCOMP - ok
17:02:04.0328 2768 PDFRAME - ok
17:02:04.0375 2768 pdlnemap - ok
17:02:04.0421 2768 PDRELI - ok
17:02:04.0453 2768 PDRFRAME - ok
17:02:04.0500 2768 pdscheduler - ok
17:02:04.0531 2768 perc2 - ok
17:02:04.0562 2768 perc2hib - ok
17:02:04.0718 2768 pfmodnt - ok
17:02:04.0750 2768 pid_0928 - ok
17:02:04.0828 2768 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
17:02:04.0875 2768 PID_PEPI - ok
17:02:04.0937 2768 pivot - ok
17:02:04.0984 2768 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:02:04.0984 2768 PlugPlay - ok
17:02:05.0046 2768 Pml Driver HPZ12 (fb03f341ff5380394bf2ee52f1979925) C:\WINDOWS\system32\HPZipm12.exe
17:02:05.0046 2768 Pml Driver HPZ12 - ok
17:02:05.0093 2768 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
17:02:05.0109 2768 PolicyAgent - ok
17:02:05.0140 2768 portio - ok
17:02:05.0218 2768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:02:05.0218 2768 PptpMiniport - ok
17:02:05.0250 2768 prevxagent - ok
17:02:05.0296 2768 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:02:05.0296 2768 Processor - ok
17:02:05.0328 2768 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:02:05.0328 2768 ProtectedStorage - ok
17:02:05.0375 2768 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:02:05.0390 2768 PSched - ok
17:02:05.0437 2768 PSDFilter - ok
17:02:05.0484 2768 PSSdk23 - ok
17:02:05.0531 2768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:02:05.0531 2768 Ptilink - ok
17:02:05.0562 2768 puscsrvc - ok
17:02:05.0609 2768 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:02:05.0609 2768 PxHelp20 - ok
17:02:05.0656 2768 qhwscsvc - ok
17:02:05.0703 2768 ql1080 - ok
17:02:05.0750 2768 Ql10wnt - ok
17:02:05.0781 2768 ql12160 - ok
17:02:05.0812 2768 ql1240 - ok
17:02:05.0859 2768 ql1280 - ok
17:02:05.0906 2768 qmofiltr - ok
17:02:05.0953 2768 QPSched - ok
17:02:05.0984 2768 quickbooksdb - ok
17:02:06.0031 2768 QWAVE - ok
17:02:06.0062 2768 radiosvr - ok
17:02:06.0109 2768 RapiMgr - ok
17:02:06.0156 2768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:02:06.0156 2768 RasAcd - ok
17:02:06.0187 2768 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:02:06.0203 2768 RasAuto - ok
17:02:06.0250 2768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:02:06.0265 2768 Rasl2tp - ok
17:02:06.0312 2768 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:02:06.0312 2768 RasMan - ok
17:02:06.0359 2768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:02:06.0359 2768 RasPppoe - ok
17:02:06.0406 2768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:02:06.0406 2768 Raspti - ok
17:02:06.0453 2768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:02:06.0453 2768 Rdbss - ok
17:02:06.0500 2768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:02:06.0500 2768 RDPCDD - ok
17:02:06.0578 2768 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:02:06.0578 2768 rdpdr - ok
17:02:06.0640 2768 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:02:06.0640 2768 RDPWD - ok
17:02:06.0687 2768 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:02:06.0703 2768 RDSessMgr - ok
17:02:06.0781 2768 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:02:06.0781 2768 redbook - ok
17:02:06.0812 2768 regsrvc - ok
17:02:06.0859 2768 relational - ok
17:02:06.0906 2768 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:02:06.0906 2768 RemoteAccess - ok
17:02:06.0953 2768 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:02:06.0953 2768 RemoteRegistry - ok
17:02:07.0000 2768 RMCAST - ok
17:02:07.0046 2768 roxliveshare - ok
17:02:07.0093 2768 rp32service - ok
17:02:07.0140 2768 rpaservice - ok
17:02:07.0187 2768 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
17:02:07.0187 2768 RpcLocator - ok
17:02:07.0250 2768 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:02:07.0250 2768 RpcSs - ok
17:02:07.0296 2768 rp_fws - ok
17:02:07.0343 2768 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
17:02:07.0359 2768 RSVP - ok
17:02:07.0406 2768 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:02:07.0421 2768 RTL8023xp - ok
17:02:07.0453 2768 rupsmon - ok
17:02:07.0484 2768 s3twistr - ok
17:02:07.0546 2768 s616mgmt - ok
17:02:07.0593 2768 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:02:07.0593 2768 SamSs - ok
17:02:07.0671 2768 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:02:07.0671 2768 SASDIFSV - ok
17:02:07.0718 2768 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:02:07.0718 2768 SASKUTIL - ok
17:02:07.0750 2768 SbcpHid - ok
17:02:07.0796 2768 scanexplicit - ok
17:02:07.0843 2768 scanwscs - ok
17:02:07.0906 2768 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:02:07.0906 2768 SCardSvr - ok
17:02:07.0937 2768 ScFBPNT3 - ok
17:02:08.0000 2768 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:02:08.0000 2768 Schedule - ok
17:02:08.0125 2768 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
17:02:08.0125 2768 sdAuxService - ok
17:02:08.0187 2768 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
17:02:08.0203 2768 sdCoreService - ok
17:02:08.0234 2768 se26nd5 - ok
17:02:08.0281 2768 SE2Bmdfl - ok
17:02:08.0312 2768 SE2Bmdm - ok
17:02:08.0359 2768 SE2Bmgmt - ok
17:02:08.0406 2768 se58bus - ok
17:02:08.0437 2768 se58unic - ok
17:02:08.0468 2768 se59mdm - ok
17:02:08.0531 2768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:02:08.0546 2768 Secdrv - ok
17:02:08.0593 2768 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:02:08.0593 2768 seclogon - ok
17:02:08.0640 2768 SenFiltService - ok
17:02:08.0703 2768 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
17:02:08.0703 2768 SENS - ok
17:02:08.0734 2768 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:02:08.0750 2768 Serial - ok
17:02:08.0781 2768 SerTVOutCtlr - ok
17:02:08.0828 2768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:02:08.0828 2768 Sfloppy - ok
17:02:08.0875 2768 sgeclient - ok
17:02:08.0906 2768 SGIR - ok
17:02:08.0968 2768 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:02:08.0968 2768 SharedAccess - ok
17:02:09.0031 2768 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:02:09.0031 2768 ShellHWDetection - ok
17:02:09.0078 2768 si3112r (3da2f680bfc8e92a535cea5a5d80ac37) C:\WINDOWS\system32\drivers\si3112r.sys
17:02:09.0093 2768 si3112r - ok
17:02:09.0140 2768 Si3132 - ok
17:02:09.0171 2768 Si3132r5 - ok
17:02:09.0218 2768 SiFilter (d893aa1d1ee007b7ab1b16e1099e9f17) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
17:02:09.0234 2768 SiFilter - ok
17:02:09.0250 2768 Simbad - ok
17:02:09.0296 2768 SiRemFil - ok
17:02:09.0343 2768 SiS300i - ok
17:02:09.0390 2768 sisperf - ok
17:02:09.0421 2768 sit_mdm - ok
17:02:09.0468 2768 sit_prt - ok
17:02:09.0500 2768 SiWinAcc (d893aa1d1ee007b7ab1b16e1099e9f17) C:\WINDOWS\system32\drivers\SiWinAcc.sys
17:02:09.0500 2768 SiWinAcc - ok
17:02:09.0546 2768 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:02:09.0546 2768 SLIP - ok
17:02:09.0593 2768 smbios - ok
17:02:09.0640 2768 SMCB000 - ok
17:02:09.0687 2768 SMNDIS5 - ok
17:02:09.0718 2768 smtpd32 - ok
17:02:09.0765 2768 snmptrapdservice - ok
17:02:09.0796 2768 soma - ok
17:02:09.0828 2768 sonypvs1 - ok
17:02:09.0890 2768 sonypvu1 - ok
17:02:09.0921 2768 Sparrow - ok
17:02:09.0968 2768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:02:09.0968 2768 splitter - ok
17:02:10.0031 2768 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:02:10.0031 2768 Spooler - ok
17:02:10.0078 2768 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
17:02:10.0078 2768 sr - ok
17:02:10.0125 2768 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:02:10.0140 2768 srservice - ok
17:02:10.0203 2768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:02:10.0203 2768 Srv - ok
17:02:10.0250 2768 ssdiagn - ok
17:02:10.0296 2768 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:02:10.0296 2768 SSDPSRV - ok
17:02:10.0343 2768 SSHDRV61 - ok
17:02:10.0375 2768 StillCam - ok
17:02:10.0421 2768 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:02:10.0453 2768 stisvc - ok
17:02:10.0500 2768 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:02:10.0500 2768 streamip - ok
17:02:10.0546 2768 STV672 - ok
17:02:10.0593 2768 Sunkfiltp - ok
17:02:10.0625 2768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:02:10.0625 2768 swenum - ok
17:02:10.0671 2768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:02:10.0687 2768 swmidi - ok
17:02:10.0734 2768 SwPrv - ok
17:02:10.0765 2768 swupdtmr - ok
17:02:10.0812 2768 symc810 - ok
17:02:10.0859 2768 symc8xx - ok
17:02:10.0906 2768 SymIMMP - ok
17:02:10.0953 2768 sym_hi - ok
17:02:10.0984 2768 sym_u3 - ok
17:02:11.0046 2768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:02:11.0046 2768 sysaudio - ok
17:02:11.0109 2768 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:02:11.0109 2768 SysmonLog - ok
17:02:11.0140 2768 sysplant - ok
17:02:11.0187 2768 tap0901 - ok
17:02:11.0250 2768 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:02:11.0250 2768 TapiSrv - ok
17:02:11.0281 2768 tbaspi - ok
17:02:11.0359 2768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:02:11.0375 2768 Tcpip - ok
17:02:11.0406 2768 tcsd_win32.exe - ok
17:02:11.0500 2768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:02:11.0500 2768 TDPIPE - ok
17:02:11.0593 2768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:02:11.0609 2768 TDTCP - ok
17:02:11.0687 2768 telnet - ok
17:02:11.0765 2768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:02:11.0781 2768 TermDD - ok
17:02:11.0828 2768 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:02:11.0828 2768 TermService - ok
17:02:11.0875 2768 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:02:11.0875 2768 Themes - ok
17:02:11.0921 2768 TICalc - ok
17:02:11.0953 2768 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
17:02:11.0953 2768 TlntSvr - ok
17:02:11.0984 2768 tmcomm - ok
17:02:12.0031 2768 TosIde - ok
17:02:12.0062 2768 tosporte - ok
17:02:12.0093 2768 tos_sps32 - ok
17:02:12.0140 2768 tphdexlgsvc - ok
17:02:12.0187 2768 tpsrv - ok
17:02:12.0218 2768 TPwSav - ok
17:02:12.0296 2768 transbaseservice (e634abb8346e8c70c7c90c9311993819) C:\WINDOWS\system32\ati.dll
17:02:12.0296 2768 transbaseservice - ok
17:02:12.0343 2768 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:02:12.0343 2768 TrkWks - ok
17:02:12.0390 2768 tvald - ok
17:02:12.0421 2768 tvalz - ok
17:02:12.0468 2768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:02:12.0468 2768 Udfs - ok
17:02:12.0500 2768 ufad-ws60 - ok
17:02:12.0546 2768 uhcd - ok
17:02:12.0562 2768 ultra - ok
17:02:12.0609 2768 unlockerdriver5 - ok
17:02:12.0656 2768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:02:12.0671 2768 Update - ok
17:02:12.0703 2768 UpdateCenterService - ok
17:02:12.0750 2768 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:02:12.0750 2768 upnphost - ok
17:02:12.0796 2768 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:02:12.0812 2768 UPS - ok
17:02:12.0828 2768 USA49W2KP - ok
17:02:12.0890 2768 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:02:12.0890 2768 usbaudio - ok
17:02:12.0953 2768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:02:12.0953 2768 usbccgp - ok
17:02:12.0984 2768 USBDeviceService - ok
17:02:13.0031 2768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:02:13.0046 2768 usbehci - ok
17:02:13.0078 2768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:02:13.0078 2768 usbhub - ok
17:02:13.0125 2768 USBModem - ok
17:02:13.0156 2768 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:02:13.0156 2768 usbohci - ok
17:02:13.0203 2768 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:02:13.0203 2768 usbprint - ok
17:02:13.0250 2768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:02:13.0250 2768 usbscan - ok
17:02:13.0296 2768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:02:13.0296 2768 USBSTOR - ok
17:02:13.0328 2768 USIUDF - ok
17:02:13.0375 2768 usr11g - ok
17:02:13.0406 2768 VAIOMediaPlatform-MusicServer-HTTP - ok
17:02:13.0437 2768 vet-rec - ok
17:02:13.0484 2768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:02:13.0484 2768 VgaSave - ok
17:02:13.0781 2768 ViaIde - ok
17:02:13.0875 2768 viamraid - ok
17:02:13.0906 2768 vncmirror - ok
17:02:13.0921 2768 vnxservice - ok
17:02:13.0953 2768 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:02:13.0953 2768 VolSnap - ok
17:02:13.0968 2768 vpcnets2 - ok
17:02:14.0000 2768 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:02:14.0015 2768 VSS - ok
17:02:14.0031 2768 vsserv - ok
17:02:14.0046 2768 vusbbus - ok
17:02:14.0078 2768 VX1000 (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\system32\irmon.dll
17:02:14.0078 2768 VX1000 - ok
17:02:14.0093 2768 w22n51 - ok
17:02:14.0125 2768 w29n51 - ok
17:02:14.0156 2768 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:02:14.0156 2768 W32Time - ok
17:02:14.0187 2768 w800obex - ok
17:02:14.0218 2768 W8100PCI - ok
17:02:14.0234 2768 w810mgmt - ok
17:02:14.0250 2768 W8335XP - ok
17:02:14.0265 2768 wampapache - ok
17:02:14.0296 2768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:02:14.0296 2768 Wanarp - ok
17:02:14.0312 2768 Wbutton - ok
17:02:14.0328 2768 wceusbsh - ok
17:02:14.0359 2768 WDICA - ok
17:02:14.0390 2768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:02:14.0390 2768 wdmaud - ok
17:02:14.0515 2768 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:02:14.0515 2768 WebClient - ok
17:02:14.0640 2768 webrootcommagentservice - ok
17:02:14.0796 2768 websenseusagemonitor - ok
17:02:14.0875 2768 windrvNT - ok
17:02:14.0906 2768 WinHttpAutoProxySvc - ok
17:02:15.0031 2768 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:02:15.0046 2768 winmgmt - ok
17:02:15.0593 2768 wlancig - ok
17:02:15.0812 2768 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:02:15.0828 2768 WmdmPmSN - ok
17:02:16.0437 2768 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:02:16.0468 2768 Wmi - ok
17:02:16.0812 2768 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:02:16.0812 2768 WmiApSrv - ok
17:02:19.0140 2768 wmp54gv4svc - ok
17:02:19.0312 2768 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:02:19.0828 2768 WMPNetworkSvc - ok
17:02:20.0250 2768 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:02:20.0265 2768 WpdUsb - ok
17:02:20.0593 2768 wpshelper - ok
17:02:20.0890 2768 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:02:20.0906 2768 WS2IFSL - ok
17:02:21.0125 2768 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:02:21.0156 2768 WSTCODEC - ok
17:02:21.0437 2768 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:02:21.0468 2768 wuauserv - ok
17:02:21.0703 2768 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:02:21.0734 2768 WudfPf - ok
17:02:21.0906 2768 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:02:21.0937 2768 WudfRd - ok
17:02:22.0312 2768 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:02:22.0328 2768 WudfSvc - ok
17:02:22.0515 2768 wuolservice - ok
17:02:22.0734 2768 wwsecsvc - ok
17:02:22.0968 2768 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:02:23.0031 2768 WZCSVC - ok
17:02:23.0234 2768 xaudioservice - ok
17:02:23.0328 2768 xcomm - ok
17:02:23.0500 2768 XilinxPC4Driver - ok
17:02:23.0781 2768 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:02:23.0953 2768 xmlprov - ok
17:02:24.0140 2768 yukonwlh - ok
17:02:24.0328 2768 yukonwxp - ok
17:02:24.0671 2768 z525obex - ok
17:02:24.0968 2768 ziptoa - ok
17:02:25.0171 2768 ZTEusbnmea - ok
17:02:25.0390 2768 _iomega_active_disk_service_ - ok
17:02:25.0484 2768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:02:29.0328 2768 \Device\Harddisk0\DR0 - ok
17:02:29.0375 2768 Boot (0x1200) (f45ff9771519f0cb1d65cacfefefc5ba) \Device\Harddisk0\DR0\Partition0
17:02:29.0390 2768 \Device\Harddisk0\DR0\Partition0 - ok
17:02:29.0453 2768 Boot (0x1200) (87a4e38381b5eb3cb3625798be8373bd) \Device\Harddisk0\DR0\Partition1
17:02:29.0484 2768 \Device\Harddisk0\DR0\Partition1 - ok
17:02:29.0546 2768 Boot (0x1200) (2b407481fb261925c63b29e63b364816) \Device\Harddisk0\DR0\Partition2
17:02:29.0562 2768 \Device\Harddisk0\DR0\Partition2 - ok
17:02:29.0687 2768 Boot (0x1200) (0df6f66732fb5e994faea497a5a70dcb) \Device\Harddisk0\DR0\Partition3
17:02:29.0718 2768 \Device\Harddisk0\DR0\Partition3 - ok
17:02:29.0734 2768 ============================================================
17:02:29.0734 2768 Scan finished
17:02:29.0734 2768 ============================================================
17:02:29.0796 2760 Detected object count: 3
17:02:29.0796 2760 Actual detected object count: 3
17:03:06.0968 2760 C:\WINDOWS\system32\g400.dll - copied to quarantine
17:03:06.0984 2760 HKLM\SYSTEM\ControlSet001\services\atiavaiw - will be deleted on reboot
17:03:07.0015 2760 HKLM\SYSTEM\ControlSet002\services\atiavaiw - will be deleted on reboot
17:03:07.0062 2760 C:\WINDOWS\system32\g400.dll - will be deleted on reboot
17:03:07.0062 2760 atiavaiw ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:03:07.0390 2760 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
17:03:07.0687 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\@ - copied to quarantine
17:03:07.0687 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\cfg.ini - copied to quarantine
17:03:07.0687 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\Desktop.ini - copied to quarantine
17:03:07.0734 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\L\gsdjoqpu - copied to quarantine
17:03:07.0734 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\oemid - copied to quarantine
17:03:07.0734 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000001.@ - copied to quarantine
17:03:07.0828 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000002.@ - copied to quarantine
17:03:07.0843 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000004.@ - copied to quarantine
17:03:07.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000000.@ - copied to quarantine
17:03:07.0937 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000004.@ - copied to quarantine
17:03:07.0953 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000032.@ - copied to quarantine
17:03:07.0968 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\version - copied to quarantine
17:03:12.0921 2760 Backup copy found, using it..
17:03:13.0046 2760 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
17:03:30.0906 2760 C:\WINDOWS\$NtUninstallKB17157$\4118572428 - will be deleted on reboot
17:03:30.0906 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\@ - will be deleted on reboot
17:03:30.0906 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\cfg.ini - will be deleted on reboot
17:03:30.0906 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\Desktop.ini - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\oemid - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000001.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000002.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000004.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000000.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000004.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000032.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\version - will be deleted on reboot
17:03:30.0921 2760 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
17:03:30.0984 2760 C:\WINDOWS\system32\Pnp680r.dll - copied to quarantine
17:03:30.0984 2760 HKLM\SYSTEM\ControlSet001\services\oracle_load_balancer_60_client-forms6ip9 - will be deleted on reboot
17:03:31.0000 2760 HKLM\SYSTEM\ControlSet002\services\oracle_load_balancer_60_client-forms6ip9 - will be deleted on reboot
17:03:31.0859 2760 C:\WINDOWS\system32\Pnp680r.dll - will be deleted on reboot
17:03:31.0859 2760 oracle_load_balancer_60_client-forms6ip9 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:04:51.0562 2704 Deinitialize success

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 17 April 2012 - 09:47 PM

Sorry MiniToolbox and SUPERAntispyware ,which I did not post yet :whistle:

ALL this was removed by TDSS and you neede a Reboot,very important

17:02:29.0796 2760 Detected object count: 3
17:02:29.0796 2760 Actual detected object count: 3
17:03:06.0968 2760 C:\WINDOWS\system32\g400.dll - copied to quarantine
17:03:06.0984 2760 HKLM\SYSTEM\ControlSet001\services\atiavaiw - will be deleted on reboot
17:03:07.0015 2760 HKLM\SYSTEM\ControlSet002\services\atiavaiw - will be deleted on reboot
17:03:07.0062 2760 C:\WINDOWS\system32\g400.dll - will be deleted on reboot
17:03:07.0062 2760 atiavaiw ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:03:07.0390 2760 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
17:03:07.0687 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\@ - copied to quarantine
17:03:07.0687 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\cfg.ini - copied to quarantine
17:03:07.0687 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\Desktop.ini - copied to quarantine
17:03:07.0734 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\L\gsdjoqpu - copied to quarantine
17:03:07.0734 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\oemid - copied to quarantine
17:03:07.0734 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000001.@ - copied to quarantine
17:03:07.0828 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000002.@ - copied to quarantine
17:03:07.0843 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000004.@ - copied to quarantine
17:03:07.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000000.@ - copied to quarantine
17:03:07.0937 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000004.@ - copied to quarantine
17:03:07.0953 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000032.@ - copied to quarantine
17:03:07.0968 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\version - copied to quarantine
17:03:12.0921 2760 Backup copy found, using it..
17:03:13.0046 2760 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
17:03:30.0906 2760 C:\WINDOWS\$NtUninstallKB17157$\4118572428 - will be deleted on reboot
17:03:30.0906 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\@ - will be deleted on reboot
17:03:30.0906 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\cfg.ini - will be deleted on reboot
17:03:30.0906 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\Desktop.ini - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\oemid - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000001.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000002.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\00000004.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000000.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000004.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\U\80000032.@ - will be deleted on reboot
17:03:30.0921 2760 C:\WINDOWS\$NtUninstallKB17157$\745893744\version - will be deleted on reboot
17:03:30.0921 2760 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
17:03:30.0984 2760 C:\WINDOWS\system32\Pnp680r.dll - copied to quarantine
17:03:30.0984 2760 HKLM\SYSTEM\ControlSet001\services\oracle_load_balancer_60_client-forms6ip9 - will be deleted on reboot
17:03:31.0000 2760 HKLM\SYSTEM\ControlSet002\services\oracle_load_balancer_60_client-forms6ip9 - will be deleted on reboot
17:03:31.0859 2760 C:\WINDOWS\system32\Pnp680r.dll - will be deleted on reboot
17:03:31.0859 2760 oracle_load_balancer_60_client-forms6ip9 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:04:51.0562 2704 Deinitialize success




The machine should be much improved..
Let's get anything else..

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.


You are doing great!!
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#7 coachrob

coachrob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 17 April 2012 - 10:51 PM

SAS results:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/17/2012 at 08:29 PM

Application Version : 5.0.1146

Core Rules Database Version : 8472
Trace Rules Database Version: 6284

Scan type : Complete Scan
Total Scan Time : 00:11:24

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 466
Memory threats detected : 0
Registry items scanned : 35907
Registry threats detected : 0
File items scanned : 10369
File threats detected : 51

Adware.Tracking Cookie
C:\Documents and Settings\Rob\Cookies\AQBXRZKW.txt [ /atdmt.com ]
C:\Documents and Settings\Rob\Cookies\ON4KME94.txt [ /eset.122.2o7.net ]
C:\Documents and Settings\Rob\Cookies\M2HKSPUL.txt [ /zedo.com ]
C:\Documents and Settings\Rob\Cookies\B1IK73SG.txt [ /h.atdmt.com ]
C:\Documents and Settings\Rob\Cookies\XD2WANX3.txt [ /questionmarket.com ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2SL9GULU.txt [ Cookie:[email protected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\00SXUIE8.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\J81WT3NZ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MBW4OZ4Y.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W4H1IK7M.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IJ8MTJ6J.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8JLRFBVK.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2L0E1ZD1.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TNZUPMM8.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XV75H3IE.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GGF8EB6L.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\76RUZMM8.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HB0VBRGV.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DHTGQW59.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CSGLX1JT.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\53LSS5T5.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QWCOTSYI.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6SV7ONS6.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TPXMLHSC.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4OBNCJPS.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C2DIHGPA.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\299N6WOJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\95IMSLUS.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8ACB46Q8.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AWBHZLCT.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LOUOK2JE.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RGTPTWRN.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9D2U7RF0.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PSQMEEG0.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L361XPHZ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZRPPYTDL.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YBZEBNH8.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\N06RQJR6.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\P2V9VAHA.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M8X9AFCN.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\88BEB0XT.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OW0KMNPI.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HUZQJTJF.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9UJKTVSV.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K4BDSYBQ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JXQ7PJDJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\H39FLRC6.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AAM1IZLF.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GCEYU93U.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9WJ155KE.txt [ Cookie:[email protected]/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DFBGJCA0.txt [ Cookie:[email protected]/ ]




#8 coachrob

coachrob
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 17 April 2012 - 10:54 PM

Thank you so much for your assistance. It's been greatly appreciated.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 60,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 18 April 2012 - 07:50 PM

You're welcome...
Now you need to change any passwords here,especially if you have any financials.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users