Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirecting and popups in IE8


  • Please log in to reply
10 replies to this topic

#1 hostile17

hostile17

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 01 April 2012 - 04:49 AM

Hello. Redirects to 'search' and 'travel' sites, etc. I am using a DELL laptop with Windows XP. I run WinPatrol, and it keeps periodically warning me of programs wanting to 'run on/at startup.' Please help. Thank you very much for your time.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 01 April 2012 - 08:51 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 hostile17

hostile17
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 01 April 2012 - 08:04 PM

Thanks for your reply. Here are the logs:

TDSS proceeded to attempt to 'cure' my system, telling me to restart to finish the process (I didn't)

16:17:21.0375 2792 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
16:17:22.0234 2792 ============================================================
16:17:22.0234 2792 Current date / time: 2012/04/01 16:17:22.0234
16:17:22.0234 2792 SystemInfo:
16:17:22.0234 2792
16:17:22.0234 2792 OS Version: 5.1.2600 ServicePack: 3.0
16:17:22.0234 2792 Product type: Workstation
16:17:22.0234 2792 ComputerName: LAPTOP
16:17:22.0234 2792 UserName: laptop 2
16:17:22.0234 2792 Windows directory: C:\WINDOWS
16:17:22.0234 2792 System windows directory: C:\WINDOWS
16:17:22.0234 2792 Processor architecture: Intel x86
16:17:22.0234 2792 Number of processors: 1
16:17:22.0234 2792 Page size: 0x1000
16:17:22.0234 2792 Boot type: Normal boot
16:17:22.0234 2792 ============================================================
16:17:24.0437 2792 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:17:24.0437 2792 \Device\Harddisk0\DR0:
16:17:24.0437 2792 MBR used
16:17:24.0437 2792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
16:17:24.0453 2792 Initialize success
16:17:24.0453 2792 ============================================================
16:18:17.0171 3104 ============================================================
16:18:17.0171 3104 Scan started
16:18:17.0171 3104 Mode: Manual; TDLFS;
16:18:17.0171 3104 ============================================================
16:18:17.0640 3104 Abiosdsk - ok
16:18:17.0671 3104 abp480n5 - ok
16:18:17.0765 3104 Access Utility Service (89d193edc63b8f194c889ef06c51f0cb) C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
16:18:17.0765 3104 Access Utility Service - ok
16:18:17.0843 3104 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:18:17.0843 3104 ACPI - ok
16:18:17.0906 3104 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:18:17.0906 3104 ACPIEC - ok
16:18:17.0953 3104 ADIDTSFiltService (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MSCamSvc.dll
16:18:17.0984 3104 ADIDTSFiltService ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:17.0984 3104 ADIDTSFiltService - detected Backdoor.Multi.ZAccess.gen (0)
16:18:18.0000 3104 adpu160m - ok
16:18:18.0046 3104 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:18:18.0046 3104 aec - ok
16:18:18.0109 3104 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:18:18.0125 3104 AFD - ok
16:18:18.0265 3104 Aha154x - ok
16:18:18.0281 3104 aic78u2 - ok
16:18:18.0296 3104 aic78xx - ok
16:18:18.0343 3104 akshhl (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\nwdls.dll
16:18:18.0343 3104 akshhl ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:18.0343 3104 akshhl - detected Backdoor.Multi.ZAccess.gen (0)
16:18:18.0390 3104 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:18:18.0390 3104 Alerter - ok
16:18:18.0421 3104 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:18:18.0421 3104 ALG - ok
16:18:18.0437 3104 AliIde - ok
16:18:18.0453 3104 amsint - ok
16:18:18.0515 3104 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
16:18:18.0531 3104 APPDRV - ok
16:18:18.0671 3104 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:18:18.0671 3104 Apple Mobile Device - ok
16:18:18.0734 3104 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:18:18.0734 3104 AppMgmt - ok
16:18:18.0765 3104 asc - ok
16:18:18.0781 3104 asc3350p - ok
16:18:18.0796 3104 asc3550 - ok
16:18:18.0859 3104 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:18:18.0859 3104 aspnet_state - ok
16:18:19.0046 3104 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:18:19.0046 3104 atapi - ok
16:18:19.0062 3104 Atdisk - ok
16:18:19.0093 3104 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:18:19.0109 3104 Atmarpc - ok
16:18:19.0156 3104 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:18:19.0156 3104 AudioSrv - ok
16:18:19.0218 3104 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:18:19.0218 3104 audstub - ok
16:18:19.0265 3104 avc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\amdk8.dll
16:18:19.0265 3104 avc ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:19.0265 3104 avc - detected Backdoor.Multi.ZAccess.gen (0)
16:18:19.0281 3104 AVRec - ok
16:18:19.0343 3104 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:18:19.0343 3104 b57w2k - ok
16:18:19.0562 3104 BCM43XX (4eda899a470c7912b090e38f20fe1c3f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:18:19.0625 3104 BCM43XX - ok
16:18:19.0796 3104 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:18:19.0796 3104 Beep - ok
16:18:19.0875 3104 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:18:19.0875 3104 BITS - ok
16:18:19.0937 3104 BlueletAudio (b77f00b776f53a470adfda3c81651807) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
16:18:19.0937 3104 BlueletAudio - ok
16:18:19.0984 3104 BlueletSCOAudio (bd91afc523fd59f881e1763c38fb772f) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
16:18:19.0984 3104 BlueletSCOAudio - ok
16:18:20.0156 3104 BlueSoleilCS (6a2f1a0787139a28f93b7cdab830e354) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
16:18:20.0187 3104 BlueSoleilCS - ok
16:18:20.0265 3104 Bluetooth Hid Switch Service (b26e18adaa16e507166e3b61e79a1e25) C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
16:18:20.0265 3104 Bluetooth Hid Switch Service - ok
16:18:20.0375 3104 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
16:18:20.0375 3104 Bonjour Service - ok
16:18:20.0562 3104 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:18:20.0562 3104 Browser - ok
16:18:20.0671 3104 BsHelpCS (43fad5549b09e769b61bbeb58c02ab59) C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
16:18:20.0671 3104 BsHelpCS - ok
16:18:20.0734 3104 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
16:18:20.0734 3104 BT - ok
16:18:20.0781 3104 Btcsrusb (fb2abc6d08d9f8d5ed8e02cbd18b39bb) C:\WINDOWS\system32\Drivers\btcusb.sys
16:18:20.0781 3104 Btcsrusb - ok
16:18:20.0843 3104 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:18:20.0843 3104 BthEnum - ok
16:18:20.0875 3104 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
16:18:20.0875 3104 BTHidEnum - ok
16:18:20.0890 3104 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
16:18:20.0906 3104 BTHidMgr - ok
16:18:20.0937 3104 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:18:20.0953 3104 BthPan - ok
16:18:21.0015 3104 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
16:18:21.0046 3104 BTHPORT - ok
16:18:21.0218 3104 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
16:18:21.0218 3104 BthServ - ok
16:18:21.0234 3104 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:18:21.0234 3104 BTHUSB - ok
16:18:21.0250 3104 BTKRNL - ok
16:18:21.0406 3104 BTMUSB (66613f790a6d2b4ef3aed0925e4b116c) C:\WINDOWS\system32\Drivers\btmusb.sys
16:18:21.0406 3104 BTMUSB - ok
16:18:21.0453 3104 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:18:21.0453 3104 cbidf2k - ok
16:18:21.0500 3104 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:18:21.0500 3104 CCDECODE - ok
16:18:21.0515 3104 cd20xrnt - ok
16:18:21.0578 3104 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:18:21.0578 3104 Cdaudio - ok
16:18:21.0656 3104 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:18:21.0656 3104 Cdfs - ok
16:18:21.0875 3104 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:18:21.0875 3104 Cdrom - ok
16:18:21.0921 3104 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
16:18:21.0937 3104 cercsr6 - ok
16:18:21.0953 3104 Changer - ok
16:18:22.0000 3104 cics.region1 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\alcxwdm.dll
16:18:22.0000 3104 cics.region1 ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:22.0000 3104 cics.region1 - detected Backdoor.Multi.ZAccess.gen (0)
16:18:22.0046 3104 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:18:22.0046 3104 CiSvc - ok
16:18:22.0078 3104 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:18:22.0078 3104 ClipSrv - ok
16:18:22.0125 3104 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:18:22.0140 3104 clr_optimization_v2.0.50727_32 - ok
16:18:22.0171 3104 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:18:22.0171 3104 CmBatt - ok
16:18:22.0187 3104 CmdIde - ok
16:18:22.0218 3104 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:18:22.0218 3104 Compbatt - ok
16:18:22.0234 3104 COMSysApp - ok
16:18:22.0265 3104 Cpqarray - ok
16:18:22.0312 3104 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:18:22.0312 3104 CryptSvc - ok
16:18:22.0500 3104 CVPND (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\VCAM.dll
16:18:22.0500 3104 CVPND ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:22.0500 3104 CVPND - detected Backdoor.Multi.ZAccess.gen (0)
16:18:22.0515 3104 CYUSB - ok
16:18:22.0531 3104 dac2w2k - ok
16:18:22.0546 3104 dac960nt - ok
16:18:22.0671 3104 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:18:22.0687 3104 DcomLaunch - ok
16:18:22.0750 3104 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:18:22.0750 3104 Dhcp - ok
16:18:22.0812 3104 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:18:22.0812 3104 Disk - ok
16:18:22.0843 3104 djsnetcn - ok
16:18:22.0890 3104 dlaudfam (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\W55U01.dll
16:18:22.0890 3104 dlaudfam ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:22.0890 3104 dlaudfam - detected Backdoor.Multi.ZAccess.gen (0)
16:18:22.0906 3104 dmadmin - ok
16:18:22.0968 3104 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:18:22.0984 3104 dmboot - ok
16:18:23.0281 3104 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:18:23.0281 3104 dmio - ok
16:18:23.0328 3104 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:18:23.0359 3104 dmload - ok
16:18:23.0390 3104 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:18:23.0390 3104 dmserver - ok
16:18:23.0437 3104 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:18:23.0437 3104 DMusic - ok
16:18:23.0515 3104 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:18:23.0515 3104 Dnscache - ok
16:18:23.0562 3104 dnserver32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\USRpdA.dll
16:18:23.0578 3104 dnserver32 ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:23.0578 3104 dnserver32 - detected Backdoor.Multi.ZAccess.gen (0)
16:18:23.0687 3104 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:18:23.0687 3104 Dot3svc - ok
16:18:24.0093 3104 dpti2o - ok
16:18:24.0171 3104 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:18:24.0171 3104 drmkaud - ok
16:18:24.0218 3104 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:18:24.0218 3104 EapHost - ok
16:18:24.0265 3104 eelsservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\usbbus.dll
16:18:24.0281 3104 eelsservice ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:24.0281 3104 eelsservice - detected Backdoor.Multi.ZAccess.gen (0)
16:18:24.0328 3104 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:18:24.0328 3104 ERSvc - ok
16:18:24.0406 3104 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:18:24.0421 3104 Eventlog - ok
16:18:24.0546 3104 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:18:24.0546 3104 EventSystem - ok
16:18:24.0687 3104 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:18:24.0687 3104 Fastfat - ok
16:18:24.0859 3104 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:18:24.0859 3104 FastUserSwitchingCompatibility - ok
16:18:24.0890 3104 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:18:24.0890 3104 Fdc - ok
16:18:24.0921 3104 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:18:24.0921 3104 Fips - ok
16:18:24.0937 3104 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:18:24.0937 3104 Flpydisk - ok
16:18:24.0984 3104 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:18:24.0984 3104 FltMgr - ok
16:18:25.0062 3104 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:18:25.0062 3104 FontCache3.0.0.0 - ok
16:18:25.0156 3104 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:18:25.0156 3104 Fs_Rec - ok
16:18:25.0203 3104 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:18:25.0218 3104 Ftdisk - ok
16:18:25.0328 3104 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:18:25.0328 3104 GEARAspiWDM - ok
16:18:25.0437 3104 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:18:25.0437 3104 Gpc - ok
16:18:25.0484 3104 GTIPCI21 (cea72ac01892b12514d15e21ef1bc75d) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
16:18:25.0484 3104 GTIPCI21 - ok
16:18:25.0546 3104 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:18:25.0546 3104 helpsvc - ok
16:18:25.0562 3104 HidServ - ok
16:18:25.0609 3104 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:18:25.0609 3104 HidUsb - ok
16:18:25.0671 3104 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:18:25.0671 3104 hkmsvc - ok
16:18:25.0687 3104 hpn - ok
16:18:25.0765 3104 HpqKbFiltr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\megamonitorsrv.dll
16:18:25.0765 3104 HpqKbFiltr ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:25.0765 3104 HpqKbFiltr - detected Backdoor.Multi.ZAccess.gen (0)
16:18:25.0875 3104 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:18:25.0875 3104 HSFHWICH - ok
16:18:26.0031 3104 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
16:18:26.0062 3104 HSF_DPV - ok
16:18:26.0156 3104 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:18:26.0156 3104 HTTP - ok
16:18:26.0265 3104 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:18:26.0281 3104 HTTPFilter - ok
16:18:26.0296 3104 i2omgmt - ok
16:18:26.0312 3104 i2omp - ok
16:18:26.0359 3104 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:18:26.0359 3104 i8042prt - ok
16:18:26.0656 3104 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:18:26.0687 3104 ialm - ok
16:18:26.0859 3104 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:18:26.0875 3104 idsvc - ok
16:18:27.0062 3104 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:18:27.0062 3104 Imapi - ok
16:18:27.0156 3104 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:18:27.0156 3104 ImapiService - ok
16:18:27.0203 3104 incdpass (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\IFPUSB.dll
16:18:27.0203 3104 incdpass ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:27.0203 3104 incdpass - detected Backdoor.Multi.ZAccess.gen (0)
16:18:27.0234 3104 ini910u - ok
16:18:27.0265 3104 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:18:27.0281 3104 IntelIde - ok
16:18:27.0328 3104 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:18:27.0328 3104 intelppm - ok
16:18:27.0375 3104 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:18:27.0375 3104 Ip6Fw - ok
16:18:27.0437 3104 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:18:27.0468 3104 IpFilterDriver - ok
16:18:27.0609 3104 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:18:27.0609 3104 IpInIp - ok
16:18:27.0875 3104 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:18:27.0875 3104 IpNat - ok
16:18:28.0265 3104 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
16:18:28.0281 3104 iPod Service - ok
16:18:28.0968 3104 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:18:29.0078 3104 IPSec - ok
16:18:29.0218 3104 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:18:29.0234 3104 IRENUM - ok
16:18:29.0312 3104 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:18:29.0312 3104 isapnp - ok
16:18:29.0484 3104 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
16:18:29.0500 3104 JavaQuickStarterService - ok
16:18:29.0546 3104 k750mdfl - ok
16:18:29.0593 3104 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:18:29.0609 3104 Kbdclass - ok
16:18:29.0750 3104 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:18:29.0781 3104 kmixer - ok
16:18:29.0906 3104 KMWDFILTER - ok
16:18:30.0015 3104 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:18:30.0015 3104 KSecDD - ok
16:18:30.0078 3104 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:18:30.0078 3104 lanmanserver - ok
16:18:30.0156 3104 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:18:30.0156 3104 lanmanworkstation - ok
16:18:30.0250 3104 lbrtfdc - ok
16:18:30.0296 3104 ldlcserv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\dimension4.dll
16:18:30.0296 3104 ldlcserv ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:30.0296 3104 ldlcserv - detected Backdoor.Multi.ZAccess.gen (0)
16:18:30.0343 3104 lemsgt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\getPlusHelper.dll
16:18:30.0343 3104 lemsgt ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:30.0343 3104 lemsgt - detected Backdoor.Multi.ZAccess.gen (0)
16:18:30.0390 3104 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:18:30.0390 3104 LmHosts - ok
16:18:30.0578 3104 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
16:18:30.0578 3104 LVUSBSta - ok
16:18:30.0656 3104 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:18:30.0656 3104 mdmxsdk - ok
16:18:30.0718 3104 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:18:30.0734 3104 Messenger - ok
16:18:30.0875 3104 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:18:30.0875 3104 mnmdd - ok
16:18:30.0984 3104 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:18:30.0984 3104 mnmsrvc - ok
16:18:31.0046 3104 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:18:31.0062 3104 Modem - ok
16:18:31.0171 3104 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:18:31.0171 3104 Mouclass - ok
16:18:31.0203 3104 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:18:31.0218 3104 MountMgr - ok
16:18:31.0234 3104 mraid35x - ok
16:18:31.0265 3104 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:18:31.0265 3104 MRxDAV - ok
16:18:31.0343 3104 MRxSmb (07780b8edbf92ef3b5bdc9e2659d37d1) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:18:31.0343 3104 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: 07780b8edbf92ef3b5bdc9e2659d37d1, Fake md5: 7d304a5eb4344ebeeab53a2fe3ffb9f0
16:18:31.0343 3104 MRxSmb ( Virus.Win32.ZAccess.k ) - infected
16:18:31.0343 3104 MRxSmb - detected Virus.Win32.ZAccess.k (0)
16:18:31.0437 3104 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:18:31.0437 3104 MSDTC - ok
16:18:31.0484 3104 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:18:31.0484 3104 Msfs - ok
16:18:31.0500 3104 MSIServer - ok
16:18:31.0546 3104 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:18:31.0546 3104 MSKSSRV - ok
16:18:31.0578 3104 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:18:31.0578 3104 MSPCLOCK - ok
16:18:31.0640 3104 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:18:31.0640 3104 MSPQM - ok
16:18:31.0984 3104 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:18:32.0015 3104 mssmbios - ok
16:18:32.0109 3104 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:18:32.0109 3104 MSTEE - ok
16:18:32.0203 3104 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:18:32.0203 3104 Mup - ok
16:18:32.0265 3104 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:18:32.0265 3104 NABTSFEC - ok
16:18:32.0328 3104 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:18:32.0328 3104 napagent - ok
16:18:32.0453 3104 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:18:32.0453 3104 NDIS - ok
16:18:32.0531 3104 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:18:32.0546 3104 NdisIP - ok
16:18:32.0625 3104 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:18:32.0625 3104 NdisTapi - ok
16:18:32.0687 3104 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:18:32.0687 3104 Ndisuio - ok
16:18:32.0703 3104 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:18:32.0703 3104 NdisWan - ok
16:18:32.0921 3104 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:18:32.0968 3104 NDProxy - ok
16:18:33.0031 3104 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:18:33.0062 3104 NetBIOS - ok
16:18:33.0296 3104 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:18:33.0296 3104 NetBT - ok
16:18:33.0359 3104 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:18:33.0359 3104 NetDDE - ok
16:18:33.0375 3104 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:18:33.0375 3104 NetDDEdsdm - ok
16:18:33.0406 3104 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:18:33.0421 3104 Netlogon - ok
16:18:33.0500 3104 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:18:33.0500 3104 Netman - ok
16:18:33.0593 3104 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:18:33.0593 3104 NetTcpPortSharing - ok
16:18:33.0984 3104 NICCONFIGSVC (c82dcfcc00c10b91346abb953ff79ee8) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
16:18:34.0156 3104 NICCONFIGSVC - ok
16:18:35.0453 3104 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:18:35.0468 3104 Nla - ok
16:18:35.0562 3104 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:18:35.0562 3104 Npfs - ok
16:18:35.0593 3104 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:18:35.0609 3104 Ntfs - ok
16:18:35.0734 3104 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:18:35.0734 3104 NtLmSsp - ok
16:18:36.0000 3104 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:18:36.0062 3104 NtmsSvc - ok
16:18:36.0203 3104 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:18:36.0203 3104 Null - ok
16:18:36.0281 3104 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:18:36.0281 3104 NwlnkFlt - ok
16:18:36.0312 3104 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:18:36.0312 3104 NwlnkFwd - ok
16:18:36.0359 3104 oracleformsserver-forms60server-oraform (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\k750mgmt.dll
16:18:36.0375 3104 oracleformsserver-forms60server-oraform ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:36.0375 3104 oracleformsserver-forms60server-oraform - detected Backdoor.Multi.ZAccess.gen (0)
16:18:36.0437 3104 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:18:36.0453 3104 Parport - ok
16:18:36.0500 3104 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:18:36.0531 3104 PartMgr - ok
16:18:36.0578 3104 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:18:36.0578 3104 ParVdm - ok
16:18:36.0781 3104 PcdrNt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SGIR.dll
16:18:36.0781 3104 PcdrNt ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:36.0781 3104 PcdrNt - detected Backdoor.Multi.ZAccess.gen (0)
16:18:37.0062 3104 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:18:37.0078 3104 PCI - ok
16:18:37.0093 3104 PCIDump - ok
16:18:37.0140 3104 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
16:18:37.0140 3104 PCIIde - ok
16:18:37.0187 3104 pclepci (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\FireHook.dll
16:18:37.0187 3104 pclepci ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:37.0187 3104 pclepci - detected Backdoor.Multi.ZAccess.gen (0)
16:18:37.0218 3104 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:18:37.0218 3104 Pcmcia - ok
16:18:37.0281 3104 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
16:18:37.0281 3104 pcouffin - ok
16:18:37.0328 3104 PDCOMP - ok
16:18:37.0343 3104 PDFRAME - ok
16:18:37.0390 3104 pdlnctdl (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bcoreusb.dll
16:18:37.0390 3104 pdlnctdl ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:37.0390 3104 pdlnctdl - detected Backdoor.Multi.ZAccess.gen (0)
16:18:37.0468 3104 PDRELI - ok
16:18:37.0484 3104 PDRFRAME - ok
16:18:37.0515 3104 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
16:18:37.0515 3104 pepifilter - ok
16:18:37.0656 3104 perc2 - ok
16:18:37.0671 3104 perc2hib - ok
16:18:37.0890 3104 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
16:18:37.0921 3104 PID_08A0 - ok
16:18:38.0140 3104 PID_PEPI - ok
16:18:38.0234 3104 pimsgss (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tones.dll
16:18:38.0234 3104 pimsgss ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:38.0234 3104 pimsgss - detected Backdoor.Multi.ZAccess.gen (0)
16:18:38.0406 3104 plsremotesvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\rimusb.dll
16:18:38.0421 3104 plsremotesvc ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:38.0421 3104 plsremotesvc - detected Backdoor.Multi.ZAccess.gen (0)
16:18:38.0468 3104 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:18:38.0484 3104 PlugPlay - ok
16:18:38.0515 3104 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:18:38.0515 3104 PolicyAgent - ok
16:18:38.0609 3104 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:18:38.0625 3104 PptpMiniport - ok
16:18:38.0984 3104 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:18:38.0984 3104 ProtectedStorage - ok
16:18:39.0078 3104 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:18:39.0140 3104 PSched - ok
16:18:40.0484 3104 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
16:18:40.0484 3104 PSI - ok
16:18:40.0546 3104 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:18:40.0562 3104 Ptilink - ok
16:18:40.0609 3104 qbposdbextservices (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\raidmagt.dll
16:18:40.0609 3104 qbposdbextservices ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:40.0609 3104 qbposdbextservices - detected Backdoor.Multi.ZAccess.gen (0)
16:18:40.0625 3104 ql1080 - ok
16:18:40.0656 3104 Ql10wnt - ok
16:18:40.0671 3104 ql12160 - ok
16:18:40.0687 3104 ql1240 - ok
16:18:40.0718 3104 ql1280 - ok
16:18:40.0765 3104 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:18:40.0765 3104 RasAcd - ok
16:18:40.0859 3104 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:18:40.0859 3104 RasAuto - ok
16:18:40.0890 3104 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:18:40.0890 3104 Rasl2tp - ok
16:18:40.0968 3104 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:18:40.0968 3104 RasMan - ok
16:18:40.0984 3104 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:18:40.0984 3104 RasPppoe - ok
16:18:41.0015 3104 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:18:41.0015 3104 Raspti - ok
16:18:41.0046 3104 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:18:41.0046 3104 Rdbss - ok
16:18:41.0062 3104 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:18:41.0062 3104 RDPCDD - ok
16:18:41.0109 3104 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:18:41.0109 3104 rdpdr - ok
16:18:41.0203 3104 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:18:41.0218 3104 RDPWD - ok
16:18:41.0453 3104 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:18:41.0453 3104 RDSessMgr - ok
16:18:41.0562 3104 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:18:41.0578 3104 redbook - ok
16:18:42.0343 3104 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:18:42.0343 3104 RemoteAccess - ok
16:18:42.0468 3104 remotelyanywhere (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\APLMp50.dll
16:18:42.0468 3104 remotelyanywhere ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:42.0468 3104 remotelyanywhere - detected Backdoor.Multi.ZAccess.gen (0)
16:18:42.0531 3104 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:18:42.0531 3104 RemoteRegistry - ok
16:18:42.0640 3104 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
16:18:42.0656 3104 Revoflt - ok
16:18:42.0796 3104 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:18:42.0796 3104 RFCOMM - ok
16:18:42.0968 3104 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:18:42.0984 3104 RpcLocator - ok
16:18:43.0093 3104 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:18:43.0093 3104 RpcSs - ok
16:18:43.0156 3104 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:18:43.0171 3104 RSVP - ok
16:18:43.0328 3104 s116mdm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\symsecureport.dll
16:18:43.0328 3104 s116mdm ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:43.0328 3104 s116mdm - detected Backdoor.Multi.ZAccess.gen (0)
16:18:43.0484 3104 s716bus (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Dell1100_FUService.dll
16:18:43.0484 3104 s716bus ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:43.0484 3104 s716bus - detected Backdoor.Multi.ZAccess.gen (0)
16:18:43.0531 3104 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:18:43.0531 3104 SamSs - ok
16:18:43.0796 3104 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:18:43.0796 3104 SASDIFSV - ok
16:18:43.0906 3104 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:18:43.0906 3104 SASKUTIL - ok
16:18:45.0062 3104 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:18:45.0203 3104 SCardSvr - ok
16:18:46.0171 3104 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:18:46.0171 3104 Schedule - ok
16:18:46.0296 3104 sdbus (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll
16:18:46.0296 3104 sdbus ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:46.0296 3104 sdbus - detected Backdoor.Multi.ZAccess.gen (0)
16:18:46.0375 3104 SDTHelper (e81d58e1b9b6d1158cb1a9da867179d7) C:\Program Files\Usec Radix\sdthlpr.sys
16:18:46.0375 3104 SDTHelper - ok
16:18:46.0453 3104 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:18:46.0468 3104 Secdrv - ok
16:18:46.0515 3104 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:18:46.0515 3104 seclogon - ok
16:18:46.0671 3104 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files\Secunia\PSI\PSIA.exe
16:18:46.0750 3104 Secunia PSI Agent - ok
16:18:47.0296 3104 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:18:47.0625 3104 SENS - ok
16:18:47.0734 3104 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:18:47.0734 3104 serenum - ok
16:18:47.0796 3104 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:18:47.0812 3104 Serial - ok
16:18:47.0937 3104 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:18:47.0937 3104 Sfloppy - ok
16:18:48.0015 3104 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:18:48.0031 3104 SharedAccess - ok
16:18:48.0109 3104 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:18:48.0125 3104 ShellHWDetection - ok
16:18:48.0156 3104 Simbad - ok
16:18:48.0203 3104 sisidex (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\paamsrv.dll
16:18:48.0203 3104 sisidex ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:48.0203 3104 sisidex - detected Backdoor.Multi.ZAccess.gen (0)
16:18:48.0265 3104 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:18:48.0265 3104 SLIP - ok
16:18:48.0375 3104 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\WINDOWS\system32\DRIVERS\smserial.sys
16:18:48.0390 3104 smserial - ok
16:18:48.0656 3104 SNP2UVC (4e225e5876714bb0a594a6440d154800) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
16:18:48.0734 3104 SNP2UVC - ok
16:18:48.0890 3104 Sparrow - ok
16:18:49.0031 3104 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:18:49.0031 3104 splitter - ok
16:18:49.0078 3104 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:18:49.0078 3104 Spooler - ok
16:18:49.0140 3104 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:18:49.0140 3104 sr - ok
16:18:49.0218 3104 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:18:49.0218 3104 srservice - ok
16:18:49.0281 3104 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:18:49.0296 3104 Srv - ok
16:18:49.0328 3104 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:18:49.0328 3104 SSDPSRV - ok
16:18:49.0375 3104 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
16:18:49.0390 3104 STAC97 - ok
16:18:49.0562 3104 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:18:49.0578 3104 stisvc - ok
16:18:49.0640 3104 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:18:49.0640 3104 streamip - ok
16:18:49.0656 3104 STV672 - ok
16:18:49.0718 3104 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:18:49.0718 3104 swenum - ok
16:18:49.0828 3104 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:18:49.0828 3104 swmidi - ok
16:18:49.0843 3104 SwPrv - ok
16:18:49.0859 3104 symc810 - ok
16:18:49.0875 3104 symc8xx - ok
16:18:49.0937 3104 symproxysvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\penrendezvous.dll
16:18:49.0937 3104 symproxysvc ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:49.0937 3104 symproxysvc - detected Backdoor.Multi.ZAccess.gen (0)
16:18:49.0953 3104 sym_hi - ok
16:18:49.0968 3104 sym_u3 - ok
16:18:50.0015 3104 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:18:50.0015 3104 sysaudio - ok
16:18:50.0062 3104 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:18:50.0062 3104 SysmonLog - ok
16:18:50.0109 3104 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:18:50.0109 3104 TapiSrv - ok
16:18:50.0234 3104 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:18:50.0234 3104 Tcpip - ok
16:18:50.0468 3104 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:18:50.0484 3104 TDPIPE - ok
16:18:50.0500 3104 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:18:50.0500 3104 TDTCP - ok
16:18:50.0546 3104 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:18:50.0546 3104 TermDD - ok
16:18:50.0625 3104 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:18:50.0625 3104 TermService - ok
16:18:50.0718 3104 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:18:50.0718 3104 Themes - ok
16:18:50.0843 3104 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:18:50.0843 3104 TlntSvr - ok
16:18:50.0921 3104 TosIde - ok
16:18:51.0218 3104 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:18:51.0218 3104 TrkWks - ok
16:18:51.0281 3104 tvtpktfilter (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ASMMAP.dll
16:18:51.0281 3104 tvtpktfilter ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:51.0281 3104 tvtpktfilter - detected Backdoor.Multi.ZAccess.gen (0)
16:18:51.0328 3104 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:18:51.0328 3104 Udfs - ok
16:18:51.0343 3104 UIUSys - ok
16:18:51.0359 3104 ultra - ok
16:18:51.0453 3104 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
16:18:51.0453 3104 UnlockerDriver5 - ok
16:18:51.0515 3104 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:18:51.0531 3104 Update - ok
16:18:51.0609 3104 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:18:51.0609 3104 upnphost - ok
16:18:52.0078 3104 upperdev (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\spcstb.dll
16:18:52.0078 3104 upperdev ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:52.0078 3104 upperdev - detected Backdoor.Multi.ZAccess.gen (0)
16:18:52.0187 3104 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:18:52.0187 3104 UPS - ok
16:18:52.0281 3104 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:18:52.0281 3104 USBAAPL - ok
16:18:52.0421 3104 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:18:52.0453 3104 usbaudio - ok
16:18:52.0531 3104 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:18:52.0531 3104 usbccgp - ok
16:18:52.0578 3104 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:18:52.0578 3104 usbehci - ok
16:18:52.0609 3104 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:18:52.0609 3104 usbhub - ok
16:18:52.0703 3104 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:18:52.0703 3104 USBSTOR - ok
16:18:52.0781 3104 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:18:52.0796 3104 usbuhci - ok
16:18:52.0937 3104 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
16:18:52.0953 3104 usb_rndisx - ok
16:18:53.0328 3104 useraccess7 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\s125mgmt.dll
16:18:53.0328 3104 useraccess7 ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:53.0328 3104 useraccess7 - detected Backdoor.Multi.ZAccess.gen (0)
16:18:53.0421 3104 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
16:18:53.0421 3104 VComm - ok
16:18:53.0453 3104 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
16:18:53.0453 3104 VcommMgr - ok
16:18:53.0500 3104 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:18:53.0500 3104 VgaSave - ok
16:18:53.0515 3104 ViaIde - ok
16:18:53.0531 3104 VIAudio - ok
16:18:53.0578 3104 videoacceleratorengine (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\service1.dll
16:18:53.0578 3104 videoacceleratorengine ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:53.0578 3104 videoacceleratorengine - detected Backdoor.Multi.ZAccess.gen (0)
16:18:53.0640 3104 vmnetuserif (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\oraclesnmppeerencapsulator.dll
16:18:53.0640 3104 vmnetuserif ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:53.0640 3104 vmnetuserif - detected Backdoor.Multi.ZAccess.gen (0)
16:18:53.0734 3104 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:18:53.0734 3104 VolSnap - ok
16:18:53.0859 3104 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:18:53.0875 3104 VSS - ok
16:18:54.0093 3104 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:18:54.0093 3104 W32Time - ok
16:18:54.0140 3104 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:18:54.0140 3104 Wanarp - ok
16:18:54.0187 3104 WaveEnrollmentService (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\vmnetadapter.dll
16:18:54.0187 3104 WaveEnrollmentService ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:54.0187 3104 WaveEnrollmentService - detected Backdoor.Multi.ZAccess.gen (0)
16:18:54.0250 3104 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:18:54.0265 3104 Wdf01000 - ok
16:18:54.0312 3104 WDICA - ok
16:18:54.0375 3104 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:18:54.0375 3104 wdmaud - ok
16:18:54.0406 3104 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:18:54.0406 3104 WebClient - ok
16:18:54.0453 3104 wg4n - ok
16:18:54.0578 3104 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:18:54.0593 3104 winachsf - ok
16:18:54.0906 3104 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:18:54.0921 3104 winmgmt - ok
16:18:55.0062 3104 winproxy (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cwafadminmonitor.dll
16:18:55.0062 3104 winproxy ( Backdoor.Multi.ZAccess.gen ) - infected
16:18:55.0062 3104 winproxy - detected Backdoor.Multi.ZAccess.gen (0)
16:18:55.0187 3104 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:18:55.0187 3104 WinUSB - ok
16:18:55.0203 3104 wltrysvc - ok
16:18:55.0250 3104 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
16:18:55.0250 3104 WmdmPmSN - ok
16:18:55.0328 3104 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:18:55.0343 3104 Wmi - ok
16:18:55.0468 3104 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:18:55.0468 3104 WmiApSrv - ok
16:18:55.0625 3104 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:18:55.0640 3104 WMPNetworkSvc - ok
16:18:55.0781 3104 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) c:\Program Files\Zune\WMZuneComm.exe
16:18:55.0796 3104 WMZuneComm - ok
16:18:56.0125 3104 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:18:56.0125 3104 WpdUsb - ok
16:18:56.0187 3104 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:18:56.0203 3104 wscsvc - ok
16:18:56.0265 3104 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:18:56.0281 3104 WSTCODEC - ok
16:18:56.0312 3104 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:18:56.0312 3104 wuauserv - ok
16:18:56.0375 3104 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:18:56.0375 3104 WudfPf - ok
16:18:56.0421 3104 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:18:56.0421 3104 WudfRd - ok
16:18:56.0484 3104 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
16:18:56.0484 3104 WudfSvc - ok
16:18:56.0593 3104 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:18:56.0609 3104 WZCSVC - ok
16:18:56.0953 3104 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:18:56.0953 3104 xmlprov - ok
16:18:57.0296 3104 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:18:57.0312 3104 YahooAUService - ok
16:18:57.0453 3104 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
16:18:57.0468 3104 zumbus - ok
16:18:57.0562 3104 ZuneBusEnum (dee869820c3483ec7b92a9fd9ba332a7) c:\Program Files\Zune\ZuneBusEnum.exe
16:18:57.0562 3104 ZuneBusEnum - ok
16:18:58.0015 3104 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) c:\Program Files\Zune\ZuneNss.exe
16:19:00.0046 3104 ZuneNetworkSvc - ok
16:19:00.0187 3104 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
16:19:00.0203 3104 ZuneWlanCfgSvc - ok
16:19:00.0390 3104 ZY202_XP (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\si3114r.dll
16:19:00.0390 3104 ZY202_XP ( Backdoor.Multi.ZAccess.gen ) - infected
16:19:00.0390 3104 ZY202_XP - detected Backdoor.Multi.ZAccess.gen (0)
16:19:00.0421 3104 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok
16:19:00.0437 3104 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:19:00.0703 3104 \Device\Harddisk0\DR0 - ok
16:19:00.0703 3104 Boot (0x1200) (fd2a610b772ea60f2c6123c3b3285ba5) \Device\Harddisk0\DR0\Partition0
16:19:00.0703 3104 \Device\Harddisk0\DR0\Partition0 - ok
16:19:00.0718 3104 ============================================================
16:19:00.0718 3104 Scan finished
16:19:00.0718 3104 ============================================================
16:19:00.0734 3096 Detected object count: 34
16:19:00.0734 3096 Actual detected object count: 34
16:19:55.0640 3096 C:\WINDOWS\system32\MSCamSvc.dll - copied to quarantine
16:19:55.0640 3096 HKLM\SYSTEM\ControlSet001\services\ADIDTSFiltService - will be deleted on reboot
16:19:55.0640 3096 HKLM\SYSTEM\ControlSet003\services\ADIDTSFiltService - will be deleted on reboot
16:19:55.0656 3096 C:\WINDOWS\system32\MSCamSvc.dll - will be deleted on reboot
16:19:55.0656 3096 ADIDTSFiltService ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:55.0718 3096 C:\WINDOWS\system32\nwdls.dll - copied to quarantine
16:19:55.0718 3096 HKLM\SYSTEM\ControlSet001\services\akshhl - will be deleted on reboot
16:19:55.0718 3096 HKLM\SYSTEM\ControlSet003\services\akshhl - will be deleted on reboot
16:19:55.0718 3096 C:\WINDOWS\system32\nwdls.dll - will be deleted on reboot
16:19:55.0718 3096 akshhl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:55.0765 3096 C:\WINDOWS\system32\amdk8.dll - copied to quarantine
16:19:55.0765 3096 HKLM\SYSTEM\ControlSet001\services\avc - will be deleted on reboot
16:19:55.0765 3096 HKLM\SYSTEM\ControlSet003\services\avc - will be deleted on reboot
16:19:55.0765 3096 C:\WINDOWS\system32\amdk8.dll - will be deleted on reboot
16:19:55.0765 3096 avc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:55.0843 3096 C:\WINDOWS\system32\alcxwdm.dll - copied to quarantine
16:19:55.0843 3096 HKLM\SYSTEM\ControlSet001\services\cics.region1 - will be deleted on reboot
16:19:55.0843 3096 HKLM\SYSTEM\ControlSet003\services\cics.region1 - will be deleted on reboot
16:19:55.0859 3096 C:\WINDOWS\system32\alcxwdm.dll - will be deleted on reboot
16:19:55.0859 3096 cics.region1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:55.0937 3096 C:\WINDOWS\system32\VCAM.dll - copied to quarantine
16:19:55.0937 3096 HKLM\SYSTEM\ControlSet001\services\CVPND - will be deleted on reboot
16:19:55.0937 3096 HKLM\SYSTEM\ControlSet003\services\CVPND - will be deleted on reboot
16:19:55.0937 3096 C:\WINDOWS\system32\VCAM.dll - will be deleted on reboot
16:19:55.0937 3096 CVPND ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:56.0000 3096 C:\WINDOWS\system32\W55U01.dll - copied to quarantine
16:19:56.0000 3096 HKLM\SYSTEM\ControlSet001\services\dlaudfam - will be deleted on reboot
16:19:56.0000 3096 HKLM\SYSTEM\ControlSet003\services\dlaudfam - will be deleted on reboot
16:19:56.0015 3096 C:\WINDOWS\system32\W55U01.dll - will be deleted on reboot
16:19:56.0015 3096 dlaudfam ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:56.0109 3096 C:\WINDOWS\system32\USRpdA.dll - copied to quarantine
16:19:56.0109 3096 HKLM\SYSTEM\ControlSet001\services\dnserver32 - will be deleted on reboot
16:19:56.0125 3096 HKLM\SYSTEM\ControlSet003\services\dnserver32 - will be deleted on reboot
16:19:56.0125 3096 C:\WINDOWS\system32\USRpdA.dll - will be deleted on reboot
16:19:56.0125 3096 dnserver32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:56.0171 3096 C:\WINDOWS\system32\usbbus.dll - copied to quarantine
16:19:56.0171 3096 HKLM\SYSTEM\ControlSet001\services\eelsservice - will be deleted on reboot
16:19:56.0171 3096 HKLM\SYSTEM\ControlSet003\services\eelsservice - will be deleted on reboot
16:19:56.0171 3096 C:\WINDOWS\system32\usbbus.dll - will be deleted on reboot
16:19:56.0171 3096 eelsservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:56.0718 3096 C:\WINDOWS\system32\megamonitorsrv.dll - copied to quarantine
16:19:56.0718 3096 HKLM\SYSTEM\ControlSet001\services\HpqKbFiltr - will be deleted on reboot
16:19:56.0718 3096 HKLM\SYSTEM\ControlSet003\services\HpqKbFiltr - will be deleted on reboot
16:19:56.0718 3096 C:\WINDOWS\system32\megamonitorsrv.dll - will be deleted on reboot
16:19:56.0718 3096 HpqKbFiltr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:56.0765 3096 C:\WINDOWS\system32\IFPUSB.dll - copied to quarantine
16:19:56.0765 3096 HKLM\SYSTEM\ControlSet001\services\incdpass - will be deleted on reboot
16:19:56.0765 3096 HKLM\SYSTEM\ControlSet003\services\incdpass - will be deleted on reboot
16:19:56.0765 3096 C:\WINDOWS\system32\IFPUSB.dll - will be deleted on reboot
16:19:56.0765 3096 incdpass ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:56.0843 3096 C:\WINDOWS\system32\dimension4.dll - copied to quarantine
16:19:56.0843 3096 HKLM\SYSTEM\ControlSet001\services\ldlcserv - will be deleted on reboot
16:19:56.0843 3096 HKLM\SYSTEM\ControlSet003\services\ldlcserv - will be deleted on reboot
16:19:56.0843 3096 C:\WINDOWS\system32\dimension4.dll - will be deleted on reboot
16:19:56.0843 3096 ldlcserv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:56.0890 3096 C:\WINDOWS\system32\getPlusHelper.dll - copied to quarantine
16:19:56.0890 3096 HKLM\SYSTEM\ControlSet001\services\lemsgt - will be deleted on reboot
16:19:56.0890 3096 HKLM\SYSTEM\ControlSet003\services\lemsgt - will be deleted on reboot
16:19:56.0890 3096 C:\WINDOWS\system32\getPlusHelper.dll - will be deleted on reboot
16:19:56.0890 3096 lemsgt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:19:57.0000 3096 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
16:19:57.0140 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\@ - copied to quarantine
16:19:57.0140 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\cfg.ini - copied to quarantine
16:19:57.0140 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\Desktop.ini - copied to quarantine
16:19:57.0187 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\L\cqoogsdv - copied to quarantine
16:19:57.0531 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\oemid - copied to quarantine
16:19:57.0531 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\00000001.@ - copied to quarantine
16:19:57.0578 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\00000002.@ - copied to quarantine
16:19:57.0593 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\00000004.@ - copied to quarantine
16:19:57.0625 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\80000000.@ - copied to quarantine
16:19:57.0625 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\80000004.@ - copied to quarantine
16:19:57.0656 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\80000032.@ - copied to quarantine
16:19:57.0656 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\version - copied to quarantine
16:19:59.0140 3096 Backup copy found, using it..
16:19:59.0156 3096 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
16:20:03.0125 3096 C:\WINDOWS\$NtUninstallKB1534$\2397682444 - will be deleted on reboot
16:20:03.0125 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\@ - will be deleted on reboot
16:20:03.0125 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\cfg.ini - will be deleted on reboot
16:20:03.0125 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\Desktop.ini - will be deleted on reboot
16:20:03.0171 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\oemid - will be deleted on reboot
16:20:03.0171 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\00000001.@ - will be deleted on reboot
16:20:03.0171 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\00000002.@ - will be deleted on reboot
16:20:03.0171 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\00000004.@ - will be deleted on reboot
16:20:03.0171 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\80000000.@ - will be deleted on reboot
16:20:03.0171 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\80000004.@ - will be deleted on reboot
16:20:03.0171 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\U\80000032.@ - will be deleted on reboot
16:20:03.0171 3096 C:\WINDOWS\$NtUninstallKB1534$\3347694199\version - will be deleted on reboot
16:20:03.0171 3096 MRxSmb ( Virus.Win32.ZAccess.k ) - User select action: Cure
16:20:03.0359 3096 C:\WINDOWS\system32\k750mgmt.dll - copied to quarantine
16:20:03.0359 3096 HKLM\SYSTEM\ControlSet001\services\oracleformsserver-forms60server-oraform - will be deleted on reboot
16:20:03.0359 3096 HKLM\SYSTEM\ControlSet003\services\oracleformsserver-forms60server-oraform - will be deleted on reboot
16:20:03.0359 3096 C:\WINDOWS\system32\k750mgmt.dll - will be deleted on reboot
16:20:03.0359 3096 oracleformsserver-forms60server-oraform ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:03.0421 3096 C:\WINDOWS\system32\SGIR.dll - copied to quarantine
16:20:03.0421 3096 HKLM\SYSTEM\ControlSet001\services\PcdrNt - will be deleted on reboot
16:20:03.0421 3096 HKLM\SYSTEM\ControlSet003\services\PcdrNt - will be deleted on reboot
16:20:03.0421 3096 C:\WINDOWS\system32\SGIR.dll - will be deleted on reboot
16:20:03.0421 3096 PcdrNt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:03.0500 3096 C:\WINDOWS\system32\FireHook.dll - copied to quarantine
16:20:03.0500 3096 HKLM\SYSTEM\ControlSet001\services\pclepci - will be deleted on reboot
16:20:03.0500 3096 HKLM\SYSTEM\ControlSet003\services\pclepci - will be deleted on reboot
16:20:03.0500 3096 C:\WINDOWS\system32\FireHook.dll - will be deleted on reboot
16:20:03.0500 3096 pclepci ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:03.0546 3096 C:\WINDOWS\system32\bcoreusb.dll - copied to quarantine
16:20:03.0546 3096 HKLM\SYSTEM\ControlSet001\services\pdlnctdl - will be deleted on reboot
16:20:03.0546 3096 HKLM\SYSTEM\ControlSet003\services\pdlnctdl - will be deleted on reboot
16:20:03.0546 3096 C:\WINDOWS\system32\bcoreusb.dll - will be deleted on reboot
16:20:03.0546 3096 pdlnctdl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:03.0640 3096 C:\WINDOWS\system32\tones.dll - copied to quarantine
16:20:03.0640 3096 HKLM\SYSTEM\ControlSet001\services\pimsgss - will be deleted on reboot
16:20:03.0640 3096 HKLM\SYSTEM\ControlSet003\services\pimsgss - will be deleted on reboot
16:20:03.0640 3096 C:\WINDOWS\system32\tones.dll - will be deleted on reboot
16:20:03.0640 3096 pimsgss ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:03.0687 3096 C:\WINDOWS\system32\rimusb.dll - copied to quarantine
16:20:03.0687 3096 HKLM\SYSTEM\ControlSet001\services\plsremotesvc - will be deleted on reboot
16:20:03.0687 3096 HKLM\SYSTEM\ControlSet003\services\plsremotesvc - will be deleted on reboot
16:20:03.0703 3096 C:\WINDOWS\system32\rimusb.dll - will be deleted on reboot
16:20:03.0703 3096 plsremotesvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:03.0765 3096 C:\WINDOWS\system32\raidmagt.dll - copied to quarantine
16:20:03.0781 3096 HKLM\SYSTEM\ControlSet001\services\qbposdbextservices - will be deleted on reboot
16:20:03.0781 3096 HKLM\SYSTEM\ControlSet003\services\qbposdbextservices - will be deleted on reboot
16:20:03.0781 3096 C:\WINDOWS\system32\raidmagt.dll - will be deleted on reboot
16:20:03.0781 3096 qbposdbextservices ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:03.0812 3096 C:\WINDOWS\system32\APLMp50.dll - copied to quarantine
16:20:03.0812 3096 HKLM\SYSTEM\ControlSet001\services\remotelyanywhere - will be deleted on reboot
16:20:03.0812 3096 HKLM\SYSTEM\ControlSet003\services\remotelyanywhere - will be deleted on reboot
16:20:03.0828 3096 C:\WINDOWS\system32\APLMp50.dll - will be deleted on reboot
16:20:03.0828 3096 remotelyanywhere ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:03.0984 3096 C:\WINDOWS\system32\symsecureport.dll - copied to quarantine
16:20:03.0984 3096 HKLM\SYSTEM\ControlSet001\services\s116mdm - will be deleted on reboot
16:20:04.0000 3096 C:\WINDOWS\system32\symsecureport.dll - will be deleted on reboot
16:20:04.0000 3096 s116mdm ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:04.0593 3096 C:\WINDOWS\system32\Dell1100_FUService.dll - copied to quarantine
16:20:04.0593 3096 HKLM\SYSTEM\ControlSet001\services\s716bus - will be deleted on reboot
16:20:04.0593 3096 HKLM\SYSTEM\ControlSet003\services\s716bus - will be deleted on reboot
16:20:04.0609 3096 C:\WINDOWS\system32\Dell1100_FUService.dll - will be deleted on reboot
16:20:04.0609 3096 s716bus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:04.0703 3096 C:\WINDOWS\system32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll - copied to quarantine
16:20:04.0703 3096 HKLM\SYSTEM\ControlSet001\services\sdbus - will be deleted on reboot
16:20:04.0703 3096 HKLM\SYSTEM\ControlSet003\services\sdbus - will be deleted on reboot
16:20:04.0703 3096 C:\WINDOWS\system32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll - will be deleted on reboot
16:20:04.0703 3096 sdbus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:04.0781 3096 C:\WINDOWS\system32\paamsrv.dll - copied to quarantine
16:20:04.0781 3096 HKLM\SYSTEM\ControlSet001\services\sisidex - will be deleted on reboot
16:20:04.0781 3096 HKLM\SYSTEM\ControlSet003\services\sisidex - will be deleted on reboot
16:20:04.0781 3096 C:\WINDOWS\system32\paamsrv.dll - will be deleted on reboot
16:20:04.0781 3096 sisidex ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:04.0859 3096 C:\WINDOWS\system32\penrendezvous.dll - copied to quarantine
16:20:04.0859 3096 HKLM\SYSTEM\ControlSet001\services\symproxysvc - will be deleted on reboot
16:20:04.0859 3096 HKLM\SYSTEM\ControlSet003\services\symproxysvc - will be deleted on reboot
16:20:04.0875 3096 C:\WINDOWS\system32\penrendezvous.dll - will be deleted on reboot
16:20:04.0875 3096 symproxysvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:05.0031 3096 C:\WINDOWS\system32\ASMMAP.dll - copied to quarantine
16:20:05.0031 3096 HKLM\SYSTEM\ControlSet001\services\tvtpktfilter - will be deleted on reboot
16:20:05.0031 3096 HKLM\SYSTEM\ControlSet003\services\tvtpktfilter - will be deleted on reboot
16:20:05.0031 3096 C:\WINDOWS\system32\ASMMAP.dll - will be deleted on reboot
16:20:05.0031 3096 tvtpktfilter ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:05.0109 3096 C:\WINDOWS\system32\spcstb.dll - copied to quarantine
16:20:05.0109 3096 HKLM\SYSTEM\ControlSet001\services\upperdev - will be deleted on reboot
16:20:05.0109 3096 HKLM\SYSTEM\ControlSet003\services\upperdev - will be deleted on reboot
16:20:05.0109 3096 C:\WINDOWS\system32\spcstb.dll - will be deleted on reboot
16:20:05.0109 3096 upperdev ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:05.0234 3096 C:\WINDOWS\system32\s125mgmt.dll - copied to quarantine
16:20:05.0234 3096 HKLM\SYSTEM\ControlSet001\services\useraccess7 - will be deleted on reboot
16:20:05.0234 3096 HKLM\SYSTEM\ControlSet003\services\useraccess7 - will be deleted on reboot
16:20:05.0234 3096 C:\WINDOWS\system32\s125mgmt.dll - will be deleted on reboot
16:20:05.0234 3096 useraccess7 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:05.0328 3096 C:\WINDOWS\system32\service1.dll - copied to quarantine
16:20:05.0343 3096 HKLM\SYSTEM\ControlSet001\services\videoacceleratorengine - will be deleted on reboot
16:20:05.0343 3096 HKLM\SYSTEM\ControlSet003\services\videoacceleratorengine - will be deleted on reboot
16:20:05.0343 3096 C:\WINDOWS\system32\service1.dll - will be deleted on reboot
16:20:05.0343 3096 videoacceleratorengine ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:05.0437 3096 C:\WINDOWS\system32\oraclesnmppeerencapsulator.dll - copied to quarantine
16:20:05.0437 3096 HKLM\SYSTEM\ControlSet001\services\vmnetuserif - will be deleted on reboot
16:20:05.0453 3096 HKLM\SYSTEM\ControlSet003\services\vmnetuserif - will be deleted on reboot
16:20:05.0453 3096 C:\WINDOWS\system32\oraclesnmppeerencapsulator.dll - will be deleted on reboot
16:20:05.0453 3096 vmnetuserif ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:05.0500 3096 C:\WINDOWS\system32\vmnetadapter.dll - copied to quarantine
16:20:05.0500 3096 HKLM\SYSTEM\ControlSet001\services\WaveEnrollmentService - will be deleted on reboot
16:20:05.0500 3096 HKLM\SYSTEM\ControlSet003\services\WaveEnrollmentService - will be deleted on reboot
16:20:05.0500 3096 C:\WINDOWS\system32\vmnetadapter.dll - will be deleted on reboot
16:20:05.0500 3096 WaveEnrollmentService ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:05.0640 3096 C:\WINDOWS\system32\cwafadminmonitor.dll - copied to quarantine
16:20:05.0640 3096 HKLM\SYSTEM\ControlSet001\services\winproxy - will be deleted on reboot
16:20:05.0640 3096 HKLM\SYSTEM\ControlSet003\services\winproxy - will be deleted on reboot
16:20:05.0656 3096 C:\WINDOWS\system32\cwafadminmonitor.dll - will be deleted on reboot
16:20:05.0656 3096 winproxy ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:05.0734 3096 C:\WINDOWS\system32\si3114r.dll - copied to quarantine
16:20:05.0734 3096 HKLM\SYSTEM\ControlSet001\services\ZY202_XP - will be deleted on reboot
16:20:05.0734 3096 HKLM\SYSTEM\ControlSet003\services\ZY202_XP - will be deleted on reboot
16:20:05.0734 3096 C:\WINDOWS\system32\si3114r.dll - will be deleted on reboot
16:20:05.0750 3096 ZY202_XP ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:20:25.0234 2948 Deinitialize success
====================================================================================================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-01 17:29:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541040G9AT00 rev.MB2OA61A
Running: gmer.exe; Driver: C:\DOCUME~1\LAPTOP~1\LOCALS~1\Temp\uxtdapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text mrxsmb.sys!?HideMutex@@IJPAFGHPAI@X AA5C5000 103 Bytes JMP AA5C5C0D \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
.text mrxsmb.sys!?HideMutex@@IJPAFGHPAI@X AA5C5068 30 Bytes [C2, 04, 00, BB, C0, 09, 00, ...]
.text mrxsmb.sys!?HideMutex@@IJPAFGHPAI@X AA5C5088 110 Bytes CALL AA5C454F \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
.text mrxsmb.sys!?HideMutex@@IJPAFGHPAI@X AA5C50F7 1 Byte [8B]
.text mrxsmb.sys!?HideMutex@@IJPAFGHPAI@X AA5C50F7 96 Bytes [8B, FF, 55, 8B, EC, 51, 83, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\mrxsmb.sys suspicious PE modification
? system32\drivers\83849783.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F52 7 Bytes JMP 02441A30
.text C:\Program Files\Internet Explorer\iexplore.exe[2592] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B751 7 Bytes JMP 02441A10
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F52 7 Bytes JMP 02451A30
.text C:\Program Files\Internet Explorer\iexplore.exe[3144] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B751 7 Bytes JMP 02451A10

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3144] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\76126400 \Device\KLMD16012012_207010 83849783.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) AA65A000-AA675000 (110592 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 1892

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 12

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\SAMRTEBW.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\87UCA85C.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\EN8W9K2L.txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\613WPK4I\background_gradient[2] 453 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\613WPK4I\amf[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\90CT3878\ErrorPageTemplate[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\90CT3878\JS[9].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\90CT3878\20120401232956[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZGIUGX3Q\ErrorPageTemplate[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZGIUGX3Q\httpErrorPagesScripts[2] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZGIUGX3Q\20120401233018[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZGIUGX3Q\7761[6].js 0 bytes

---- EOF - GMER 1.0.15 ----
=====================================================================================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 17:20:12
-----------------------------
17:20:12.015 OS Version: Windows 5.1.2600 Service Pack 3
17:20:12.015 Number of processors: 1 586 0xD08
17:20:12.046 ComputerName: LAPTOP UserName:
17:20:22.218 Initialize success
17:20:48.328 AVAST engine defs: 12040101
17:20:54.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:20:54.609 Disk 0 Vendor: Hitachi_HTS541040G9AT00 MB2OA61A Size: 38154MB BusType: 3
17:20:54.718 Disk 0 MBR read successfully
17:20:54.718 Disk 0 MBR scan
17:20:54.781 Disk 0 Windows XP default MBR code
17:20:54.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
17:20:54.859 Disk 0 scanning sectors +78140160
17:20:55.250 Disk 0 scanning C:\WINDOWS\system32\drivers
17:21:51.781 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Rootkit-gen [Rtk]
17:22:52.015 Disk 0 trace - called modules:
17:22:52.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8663afd0]<<
17:22:52.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d19ab8]
17:22:52.093 3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> [0x86ac1ab8]
17:22:52.109 \Driver\00001607[0x86a3c248] -> IRP_MJ_CREATE -> 0x8663afd0
17:23:02.750 AVAST engine scan C:\WINDOWS
17:23:43.437 AVAST engine scan C:\WINDOWS\system32
17:35:14.062 AVAST engine scan C:\WINDOWS\system32\drivers
17:35:47.187 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Rootkit-gen [Rtk]
17:36:36.328 AVAST engine scan C:\Documents and Settings\laptop 2
17:46:55.062 AVAST engine scan C:\Documents and Settings\All Users
17:47:50.234 Scan finished successfully
17:48:40.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\laptop 2\Desktop\MBR.dat"
17:48:40.390 The log file has been saved successfully to "C:\Documents and Settings\laptop 2\Desktop\aswMBR.txt"


=====================================================================================================================

Thanks again.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 01 April 2012 - 10:19 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

IMPORTANT:Reboot the PC and scan MBAM in regular mode until you get a clean log


After you get a clean log,run TDSSkiller again and aswmbr again and post the logs

Download

http://download.sysinternals.com/files/AutoRuns.zip

Extract and launch autoruns.exe

Allow it to scan

Click on FILE-SAVE AS

save it as autoruns.txt

Upload it to www.mediafire.com and post the link here

good luck

#5 hostile17

hostile17
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 02 April 2012 - 01:34 AM

After one reboot, MBAM log came up clean. Here are the other two logs:

22:55:57.0984 0512 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:56:00.0015 0512 ============================================================
22:56:00.0015 0512 Current date / time: 2012/04/01 22:56:00.0015
22:56:00.0015 0512 SystemInfo:
22:56:00.0015 0512
22:56:00.0015 0512 OS Version: 5.1.2600 ServicePack: 3.0
22:56:00.0015 0512 Product type: Workstation
22:56:00.0015 0512 ComputerName: LAPTOP
22:56:00.0015 0512 UserName: laptop 2
22:56:00.0015 0512 Windows directory: C:\WINDOWS
22:56:00.0015 0512 System windows directory: C:\WINDOWS
22:56:00.0015 0512 Processor architecture: Intel x86
22:56:00.0015 0512 Number of processors: 1
22:56:00.0015 0512 Page size: 0x1000
22:56:00.0015 0512 Boot type: Normal boot
22:56:00.0015 0512 ============================================================
22:56:02.0625 0512 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:56:02.0640 0512 \Device\Harddisk0\DR0:
22:56:02.0640 0512 MBR used
22:56:02.0640 0512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
22:56:02.0687 0512 Initialize success
22:56:02.0687 0512 ============================================================
22:56:13.0953 1628 ============================================================
22:56:13.0953 1628 Scan started
22:56:13.0953 1628 Mode: Manual; TDLFS;
22:56:13.0953 1628 ============================================================
22:56:14.0312 1628 Abiosdsk - ok
22:56:14.0328 1628 abp480n5 - ok
22:56:14.0421 1628 Access Utility Service (89d193edc63b8f194c889ef06c51f0cb) C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
22:56:14.0421 1628 Access Utility Service - ok
22:56:14.0484 1628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:56:14.0500 1628 ACPI - ok
22:56:14.0546 1628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:56:14.0546 1628 ACPIEC - ok
22:56:14.0562 1628 adpu160m - ok
22:56:14.0625 1628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:56:14.0625 1628 aec - ok
22:56:14.0687 1628 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:56:14.0687 1628 AFD - ok
22:56:14.0718 1628 Aha154x - ok
22:56:14.0734 1628 aic78u2 - ok
22:56:14.0750 1628 aic78xx - ok
22:56:14.0796 1628 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:56:14.0796 1628 Alerter - ok
22:56:14.0828 1628 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:56:14.0828 1628 ALG - ok
22:56:14.0859 1628 AliIde - ok
22:56:14.0875 1628 amsint - ok
22:56:14.0890 1628 apfiltrservice - ok
22:56:14.0937 1628 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:56:14.0937 1628 APPDRV - ok
22:56:15.0046 1628 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:56:15.0046 1628 Apple Mobile Device - ok
22:56:15.0250 1628 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:56:15.0265 1628 AppMgmt - ok
22:56:15.0281 1628 asapiw2k - ok
22:56:15.0296 1628 asc - ok
22:56:15.0312 1628 asc3350p - ok
22:56:15.0328 1628 asc3550 - ok
22:56:15.0390 1628 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:56:15.0390 1628 aspnet_state - ok
22:56:15.0437 1628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:56:15.0437 1628 atapi - ok
22:56:15.0484 1628 Atdisk - ok
22:56:15.0515 1628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:56:15.0515 1628 Atmarpc - ok
22:56:15.0562 1628 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:56:15.0562 1628 AudioSrv - ok
22:56:15.0625 1628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:56:15.0625 1628 audstub - ok
22:56:15.0640 1628 AVRec - ok
22:56:15.0687 1628 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:56:15.0687 1628 b57w2k - ok
22:56:15.0906 1628 BCM43XX (4eda899a470c7912b090e38f20fe1c3f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:56:15.0937 1628 BCM43XX - ok
22:56:16.0125 1628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:56:16.0125 1628 Beep - ok
22:56:16.0218 1628 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:56:16.0234 1628 BITS - ok
22:56:16.0296 1628 BlueletAudio (b77f00b776f53a470adfda3c81651807) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
22:56:16.0296 1628 BlueletAudio - ok
22:56:16.0359 1628 BlueletSCOAudio (bd91afc523fd59f881e1763c38fb772f) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
22:56:16.0359 1628 BlueletSCOAudio - ok
22:56:16.0515 1628 BlueSoleilCS (6a2f1a0787139a28f93b7cdab830e354) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
22:56:16.0546 1628 BlueSoleilCS - ok
22:56:16.0593 1628 Bluetooth Hid Switch Service (b26e18adaa16e507166e3b61e79a1e25) C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
22:56:16.0593 1628 Bluetooth Hid Switch Service - ok
22:56:16.0656 1628 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
22:56:16.0671 1628 Bonjour Service - ok
22:56:16.0843 1628 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:56:16.0843 1628 Browser - ok
22:56:16.0968 1628 BsHelpCS (43fad5549b09e769b61bbeb58c02ab59) C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
22:56:16.0968 1628 BsHelpCS - ok
22:56:17.0015 1628 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
22:56:17.0015 1628 BT - ok
22:56:17.0046 1628 Btcsrusb (fb2abc6d08d9f8d5ed8e02cbd18b39bb) C:\WINDOWS\system32\Drivers\btcusb.sys
22:56:17.0046 1628 Btcsrusb - ok
22:56:17.0109 1628 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
22:56:17.0109 1628 BthEnum - ok
22:56:17.0156 1628 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
22:56:17.0156 1628 BTHidEnum - ok
22:56:17.0171 1628 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
22:56:17.0171 1628 BTHidMgr - ok
22:56:17.0203 1628 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:56:17.0218 1628 BthPan - ok
22:56:17.0250 1628 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
22:56:17.0250 1628 BTHPORT - ok
22:56:17.0421 1628 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
22:56:17.0421 1628 BthServ - ok
22:56:17.0437 1628 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
22:56:17.0453 1628 BTHUSB - ok
22:56:17.0468 1628 BTKRNL - ok
22:56:17.0515 1628 BTMUSB (66613f790a6d2b4ef3aed0925e4b116c) C:\WINDOWS\system32\Drivers\btmusb.sys
22:56:17.0531 1628 BTMUSB - ok
22:56:17.0578 1628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:56:17.0578 1628 cbidf2k - ok
22:56:17.0625 1628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:56:17.0625 1628 CCDECODE - ok
22:56:17.0640 1628 cd20xrnt - ok
22:56:17.0703 1628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:56:17.0703 1628 Cdaudio - ok
22:56:17.0765 1628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:56:17.0765 1628 Cdfs - ok
22:56:17.0828 1628 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:56:17.0828 1628 Cdrom - ok
22:56:17.0875 1628 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:56:17.0875 1628 cercsr6 - ok
22:56:18.0015 1628 Changer - ok
22:56:18.0062 1628 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:56:18.0062 1628 CiSvc - ok
22:56:18.0078 1628 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:56:18.0078 1628 ClipSrv - ok
22:56:18.0140 1628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:56:18.0140 1628 clr_optimization_v2.0.50727_32 - ok
22:56:18.0203 1628 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:56:18.0203 1628 CmBatt - ok
22:56:18.0218 1628 CmdIde - ok
22:56:18.0250 1628 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:56:18.0250 1628 Compbatt - ok
22:56:18.0265 1628 COMSysApp - ok
22:56:18.0296 1628 Cpqarray - ok
22:56:18.0328 1628 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:56:18.0328 1628 CryptSvc - ok
22:56:18.0343 1628 cusrvc - ok
22:56:18.0375 1628 CYUSB - ok
22:56:18.0390 1628 dac2w2k - ok
22:56:18.0406 1628 dac960nt - ok
22:56:18.0468 1628 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:56:18.0484 1628 DcomLaunch - ok
22:56:18.0546 1628 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:56:18.0546 1628 Dhcp - ok
22:56:18.0625 1628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:56:18.0625 1628 Disk - ok
22:56:18.0765 1628 djsnetcn - ok
22:56:18.0781 1628 dmadmin - ok
22:56:18.0843 1628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:56:18.0843 1628 dmboot - ok
22:56:18.0890 1628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:56:18.0890 1628 dmio - ok
22:56:18.0953 1628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:56:18.0953 1628 dmload - ok
22:56:18.0984 1628 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:56:18.0984 1628 dmserver - ok
22:56:19.0046 1628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:56:19.0046 1628 DMusic - ok
22:56:19.0109 1628 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:56:19.0109 1628 Dnscache - ok
22:56:19.0187 1628 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:56:19.0187 1628 Dot3svc - ok
22:56:19.0328 1628 dpti2o - ok
22:56:19.0343 1628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:56:19.0359 1628 drmkaud - ok
22:56:19.0375 1628 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:56:19.0375 1628 EapHost - ok
22:56:19.0421 1628 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:56:19.0421 1628 ERSvc - ok
22:56:19.0500 1628 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:56:19.0500 1628 Eventlog - ok
22:56:19.0578 1628 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:56:19.0593 1628 EventSystem - ok
22:56:19.0656 1628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:56:19.0656 1628 Fastfat - ok
22:56:19.0703 1628 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:56:19.0718 1628 FastUserSwitchingCompatibility - ok
22:56:19.0734 1628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:56:19.0734 1628 Fdc - ok
22:56:19.0765 1628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:56:19.0765 1628 Fips - ok
22:56:19.0781 1628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:56:19.0781 1628 Flpydisk - ok
22:56:19.0828 1628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:56:19.0828 1628 FltMgr - ok
22:56:19.0906 1628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:56:19.0906 1628 FontCache3.0.0.0 - ok
22:56:20.0062 1628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:56:20.0062 1628 Fs_Rec - ok
22:56:20.0078 1628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:56:20.0078 1628 Ftdisk - ok
22:56:20.0140 1628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:56:20.0140 1628 GEARAspiWDM - ok
22:56:20.0187 1628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:56:20.0187 1628 Gpc - ok
22:56:20.0281 1628 GTIPCI21 (cea72ac01892b12514d15e21ef1bc75d) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
22:56:20.0281 1628 GTIPCI21 - ok
22:56:20.0343 1628 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:56:20.0343 1628 helpsvc - ok
22:56:20.0359 1628 HidServ - ok
22:56:20.0406 1628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:56:20.0406 1628 HidUsb - ok
22:56:20.0453 1628 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:56:20.0453 1628 hkmsvc - ok
22:56:20.0468 1628 hpn - ok
22:56:20.0484 1628 hpt3xx - ok
22:56:20.0531 1628 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
22:56:20.0531 1628 HSFHWICH - ok
22:56:20.0609 1628 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
22:56:20.0625 1628 HSF_DPV - ok
22:56:20.0812 1628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:56:20.0812 1628 HTTP - ok
22:56:20.0843 1628 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:56:20.0843 1628 HTTPFilter - ok
22:56:20.0875 1628 i2omgmt - ok
22:56:20.0890 1628 i2omp - ok
22:56:20.0937 1628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:56:20.0937 1628 i8042prt - ok
22:56:21.0015 1628 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:56:21.0031 1628 ialm - ok
22:56:21.0203 1628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:56:21.0203 1628 idsvc - ok
22:56:21.0406 1628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:56:21.0406 1628 Imapi - ok
22:56:21.0468 1628 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:56:21.0468 1628 ImapiService - ok
22:56:21.0484 1628 ini910u - ok
22:56:21.0515 1628 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:56:21.0515 1628 IntelIde - ok
22:56:21.0578 1628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:56:21.0578 1628 intelppm - ok
22:56:21.0609 1628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:56:21.0609 1628 Ip6Fw - ok
22:56:21.0671 1628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:56:21.0671 1628 IpFilterDriver - ok
22:56:21.0703 1628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:56:21.0703 1628 IpInIp - ok
22:56:21.0734 1628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:56:21.0750 1628 IpNat - ok
22:56:21.0843 1628 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
22:56:21.0859 1628 iPod Service - ok
22:56:22.0046 1628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:56:22.0046 1628 IPSec - ok
22:56:22.0093 1628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:56:22.0093 1628 IRENUM - ok
22:56:22.0140 1628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:56:22.0140 1628 isapnp - ok
22:56:22.0281 1628 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
22:56:22.0296 1628 JavaQuickStarterService - ok
22:56:22.0312 1628 k750mdfl - ok
22:56:22.0343 1628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:56:22.0343 1628 Kbdclass - ok
22:56:22.0406 1628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:56:22.0406 1628 kmixer - ok
22:56:22.0421 1628 KMWDFILTER - ok
22:56:22.0453 1628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:56:22.0468 1628 KSecDD - ok
22:56:22.0515 1628 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:56:22.0515 1628 lanmanserver - ok
22:56:22.0578 1628 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:56:22.0593 1628 lanmanworkstation - ok
22:56:22.0734 1628 lbrtfdc - ok
22:56:22.0796 1628 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:56:22.0796 1628 LmHosts - ok
22:56:22.0843 1628 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
22:56:22.0843 1628 LVUSBSta - ok
22:56:22.0921 1628 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:56:22.0921 1628 mdmxsdk - ok
22:56:22.0968 1628 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:56:22.0968 1628 Messenger - ok
22:56:23.0015 1628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:56:23.0015 1628 mnmdd - ok
22:56:23.0078 1628 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:56:23.0078 1628 mnmsrvc - ok
22:56:23.0125 1628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:56:23.0125 1628 Modem - ok
22:56:23.0156 1628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:56:23.0156 1628 Mouclass - ok
22:56:23.0187 1628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:56:23.0187 1628 MountMgr - ok
22:56:23.0218 1628 mraid35x - ok
22:56:23.0250 1628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:56:23.0250 1628 MRxDAV - ok
22:56:23.0437 1628 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:56:23.0437 1628 MRxSmb - ok
22:56:23.0468 1628 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:56:23.0484 1628 MSDTC - ok
22:56:23.0515 1628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:56:23.0515 1628 Msfs - ok
22:56:23.0531 1628 MSIServer - ok
22:56:23.0562 1628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:56:23.0562 1628 MSKSSRV - ok
22:56:23.0593 1628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:56:23.0593 1628 MSPCLOCK - ok
22:56:23.0625 1628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:56:23.0625 1628 MSPQM - ok
22:56:23.0687 1628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:56:23.0687 1628 mssmbios - ok
22:56:23.0750 1628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:56:23.0750 1628 MSTEE - ok
22:56:23.0765 1628 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:56:23.0781 1628 Mup - ok
22:56:23.0796 1628 mwlsvc - ok
22:56:23.0828 1628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:56:23.0828 1628 NABTSFEC - ok
22:56:24.0015 1628 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:56:24.0031 1628 napagent - ok
22:56:24.0031 1628 navap - ok
22:56:24.0109 1628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:56:24.0109 1628 NDIS - ok
22:56:24.0140 1628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:56:24.0140 1628 NdisIP - ok
22:56:24.0218 1628 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:56:24.0218 1628 NdisTapi - ok
22:56:24.0234 1628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:56:24.0234 1628 Ndisuio - ok
22:56:24.0265 1628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:56:24.0265 1628 NdisWan - ok
22:56:24.0328 1628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:56:24.0328 1628 NDProxy - ok
22:56:24.0343 1628 NeroMediaHomeService.4 - ok
22:56:24.0375 1628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:56:24.0375 1628 NetBIOS - ok
22:56:24.0406 1628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:56:24.0406 1628 NetBT - ok
22:56:24.0468 1628 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:56:24.0468 1628 NetDDE - ok
22:56:24.0468 1628 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:56:24.0484 1628 NetDDEdsdm - ok
22:56:24.0640 1628 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:24.0640 1628 Netlogon - ok
22:56:24.0671 1628 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:56:24.0671 1628 Netman - ok
22:56:24.0765 1628 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:56:24.0765 1628 NetTcpPortSharing - ok
22:56:24.0906 1628 NICCONFIGSVC (c82dcfcc00c10b91346abb953ff79ee8) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
22:56:24.0921 1628 NICCONFIGSVC - ok
22:56:25.0000 1628 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:56:25.0000 1628 Nla - ok
22:56:25.0046 1628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:56:25.0046 1628 Npfs - ok
22:56:25.0218 1628 nsvclog - ok
22:56:25.0281 1628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:56:25.0296 1628 Ntfs - ok
22:56:25.0359 1628 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:25.0359 1628 NtLmSsp - ok
22:56:25.0406 1628 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:56:25.0421 1628 NtmsSvc - ok
22:56:25.0484 1628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:56:25.0484 1628 Null - ok
22:56:25.0531 1628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:56:25.0531 1628 NwlnkFlt - ok
22:56:25.0562 1628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:56:25.0562 1628 NwlnkFwd - ok
22:56:25.0578 1628 ohci1394 - ok
22:56:25.0593 1628 OVT511Plus - ok
22:56:25.0609 1628 p1110vid - ok
22:56:25.0671 1628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:56:25.0671 1628 Parport - ok
22:56:25.0828 1628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:56:25.0828 1628 PartMgr - ok
22:56:25.0875 1628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:56:25.0875 1628 ParVdm - ok
22:56:25.0906 1628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:56:25.0906 1628 PCI - ok
22:56:25.0921 1628 PCIDump - ok
22:56:25.0968 1628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
22:56:25.0968 1628 PCIIde - ok
22:56:25.0984 1628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:56:25.0984 1628 Pcmcia - ok
22:56:26.0031 1628 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:56:26.0031 1628 pcouffin - ok
22:56:26.0046 1628 pctfw1 - ok
22:56:26.0062 1628 PDCOMP - ok
22:56:26.0078 1628 PDFRAME - ok
22:56:26.0093 1628 PDRELI - ok
22:56:26.0125 1628 PDRFRAME - ok
22:56:26.0187 1628 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
22:56:26.0187 1628 pepifilter - ok
22:56:26.0203 1628 perc2 - ok
22:56:26.0234 1628 perc2hib - ok
22:56:26.0250 1628 pgfilter - ok
22:56:26.0359 1628 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
22:56:26.0359 1628 PID_08A0 - ok
22:56:26.0421 1628 PID_PEPI - ok
22:56:26.0500 1628 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:56:26.0500 1628 PlugPlay - ok
22:56:26.0625 1628 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:26.0625 1628 PolicyAgent - ok
22:56:26.0671 1628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:56:26.0671 1628 PptpMiniport - ok
22:56:26.0687 1628 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:26.0687 1628 ProtectedStorage - ok
22:56:26.0703 1628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:56:26.0703 1628 PSched - ok
22:56:26.0765 1628 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
22:56:26.0765 1628 PSI - ok
22:56:26.0796 1628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:56:26.0796 1628 Ptilink - ok
22:56:26.0812 1628 ql1080 - ok
22:56:26.0828 1628 Ql10wnt - ok
22:56:26.0843 1628 ql12160 - ok
22:56:26.0859 1628 ql1240 - ok
22:56:26.0875 1628 ql1280 - ok
22:56:26.0921 1628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:56:26.0921 1628 RasAcd - ok
22:56:26.0953 1628 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:56:26.0953 1628 RasAuto - ok
22:56:27.0000 1628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:56:27.0000 1628 Rasl2tp - ok
22:56:27.0062 1628 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:56:27.0062 1628 RasMan - ok
22:56:27.0078 1628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:56:27.0078 1628 RasPppoe - ok
22:56:27.0093 1628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:56:27.0093 1628 Raspti - ok
22:56:27.0125 1628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:56:27.0140 1628 Rdbss - ok
22:56:27.0156 1628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:56:27.0156 1628 RDPCDD - ok
22:56:27.0203 1628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:56:27.0203 1628 rdpdr - ok
22:56:27.0265 1628 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:56:27.0265 1628 RDPWD - ok
22:56:27.0421 1628 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:56:27.0421 1628 RDSessMgr - ok
22:56:27.0484 1628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:56:27.0484 1628 redbook - ok
22:56:27.0546 1628 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:56:27.0546 1628 RemoteAccess - ok
22:56:27.0593 1628 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:56:27.0593 1628 RemoteRegistry - ok
22:56:27.0656 1628 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
22:56:27.0656 1628 Revoflt - ok
22:56:27.0703 1628 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:56:27.0703 1628 RFCOMM - ok
22:56:27.0734 1628 roxliveshare - ok
22:56:27.0750 1628 roxupnpserver - ok
22:56:27.0796 1628 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:56:27.0796 1628 RpcLocator - ok
22:56:27.0875 1628 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:56:27.0875 1628 RpcSs - ok
22:56:28.0062 1628 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:56:28.0078 1628 RSVP - ok
22:56:28.0093 1628 s24trans - ok
22:56:28.0109 1628 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:56:28.0125 1628 SamSs - ok
22:56:28.0281 1628 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:56:28.0281 1628 SASDIFSV - ok
22:56:28.0296 1628 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:56:28.0296 1628 SASKUTIL - ok
22:56:28.0343 1628 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:56:28.0343 1628 SCardSvr - ok
22:56:28.0421 1628 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:56:28.0421 1628 Schedule - ok
22:56:28.0515 1628 SDTHelper (e81d58e1b9b6d1158cb1a9da867179d7) C:\Program Files\Usec Radix\sdthlpr.sys
22:56:28.0515 1628 SDTHelper - ok
22:56:28.0562 1628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:56:28.0562 1628 Secdrv - ok
22:56:28.0703 1628 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:56:28.0718 1628 seclogon - ok
22:56:28.0796 1628 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files\Secunia\PSI\PSIA.exe
22:56:28.0812 1628 Secunia PSI Agent - ok
22:56:28.0875 1628 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:56:28.0875 1628 SENS - ok
22:56:28.0906 1628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:56:28.0906 1628 serenum - ok
22:56:28.0937 1628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:56:28.0937 1628 Serial - ok
22:56:29.0015 1628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:56:29.0015 1628 Sfloppy - ok
22:56:29.0218 1628 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:56:29.0218 1628 SharedAccess - ok
22:56:29.0296 1628 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:56:29.0296 1628 ShellHWDetection - ok
22:56:29.0312 1628 Simbad - ok
22:56:29.0359 1628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:56:29.0359 1628 SLIP - ok
22:56:29.0468 1628 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\WINDOWS\system32\DRIVERS\smserial.sys
22:56:29.0484 1628 smserial - ok
22:56:29.0546 1628 snoopfree - ok
22:56:29.0734 1628 SNP2UVC (4e225e5876714bb0a594a6440d154800) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
22:56:29.0781 1628 SNP2UVC - ok
22:56:29.0906 1628 Sparrow - ok
22:56:29.0984 1628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:56:29.0984 1628 splitter - ok
22:56:30.0046 1628 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:56:30.0046 1628 Spooler - ok
22:56:30.0109 1628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:56:30.0109 1628 sr - ok
22:56:30.0203 1628 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:56:30.0218 1628 srservice - ok
22:56:30.0281 1628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:56:30.0281 1628 Srv - ok
22:56:30.0312 1628 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:56:30.0312 1628 SSDPSRV - ok
22:56:30.0328 1628 ssoftservice - ok
22:56:30.0359 1628 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
22:56:30.0375 1628 STAC97 - ok
22:56:30.0437 1628 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:56:30.0437 1628 stisvc - ok
22:56:30.0593 1628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:56:30.0593 1628 streamip - ok
22:56:30.0640 1628 STV672 - ok
22:56:30.0656 1628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:56:30.0656 1628 swenum - ok
22:56:30.0718 1628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:56:30.0718 1628 swmidi - ok
22:56:30.0734 1628 SwPrv - ok
22:56:30.0765 1628 symc810 - ok
22:56:30.0781 1628 symc8xx - ok
22:56:30.0796 1628 sym_hi - ok
22:56:30.0812 1628 sym_u3 - ok
22:56:30.0875 1628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:56:30.0875 1628 sysaudio - ok
22:56:30.0906 1628 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:56:30.0906 1628 SysmonLog - ok
22:56:30.0953 1628 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:56:30.0968 1628 TapiSrv - ok
22:56:31.0031 1628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:56:31.0046 1628 Tcpip - ok
22:56:31.0093 1628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:56:31.0093 1628 TDPIPE - ok
22:56:31.0140 1628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:56:31.0140 1628 TDTCP - ok
22:56:31.0296 1628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:56:31.0296 1628 TermDD - ok
22:56:31.0359 1628 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:56:31.0359 1628 TermService - ok
22:56:31.0437 1628 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:56:31.0437 1628 Themes - ok
22:56:31.0500 1628 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:56:31.0500 1628 TlntSvr - ok
22:56:31.0515 1628 TosIde - ok
22:56:31.0546 1628 trcboot - ok
22:56:31.0593 1628 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:56:31.0593 1628 TrkWks - ok
22:56:31.0625 1628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:56:31.0625 1628 Udfs - ok
22:56:31.0640 1628 UIUSys - ok
22:56:31.0656 1628 ultra - ok
22:56:31.0750 1628 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
22:56:31.0750 1628 UnlockerDriver5 - ok
22:56:31.0828 1628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:56:31.0828 1628 Update - ok
22:56:31.0859 1628 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:56:31.0859 1628 upnphost - ok
22:56:31.0984 1628 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:56:32.0000 1628 UPS - ok
22:56:32.0046 1628 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:56:32.0062 1628 USBAAPL - ok
22:56:32.0140 1628 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:56:32.0140 1628 usbaudio - ok
22:56:32.0187 1628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:56:32.0187 1628 usbccgp - ok
22:56:32.0250 1628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:56:32.0250 1628 usbehci - ok
22:56:32.0265 1628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:56:32.0281 1628 usbhub - ok
22:56:32.0328 1628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:56:32.0328 1628 USBSTOR - ok
22:56:32.0406 1628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:56:32.0406 1628 usbuhci - ok
22:56:32.0453 1628 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:56:32.0468 1628 usb_rndisx - ok
22:56:32.0578 1628 V0070VID - ok
22:56:32.0625 1628 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
22:56:32.0625 1628 VComm - ok
22:56:32.0687 1628 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
22:56:32.0687 1628 VcommMgr - ok
22:56:32.0703 1628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:56:32.0703 1628 VgaSave - ok
22:56:32.0718 1628 ViaIde - ok
22:56:32.0734 1628 VIAudio - ok
22:56:32.0765 1628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:56:32.0765 1628 VolSnap - ok
22:56:32.0843 1628 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:56:32.0859 1628 VSS - ok
22:56:32.0890 1628 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:56:32.0906 1628 W32Time - ok
22:56:32.0937 1628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:56:32.0937 1628 Wanarp - ok
22:56:33.0015 1628 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:56:33.0015 1628 Wdf01000 - ok
22:56:33.0078 1628 WDICA - ok
22:56:33.0140 1628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:56:33.0140 1628 wdmaud - ok
22:56:33.0250 1628 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:56:33.0250 1628 WebClient - ok
22:56:33.0265 1628 wfxsvc - ok
22:56:33.0281 1628 wg4n - ok
22:56:33.0375 1628 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:56:33.0375 1628 winachsf - ok
22:56:33.0484 1628 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:56:33.0484 1628 winmgmt - ok
22:56:33.0546 1628 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
22:56:33.0546 1628 WinUSB - ok
22:56:33.0562 1628 wltrysvc - ok
22:56:33.0609 1628 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:56:33.0609 1628 WmdmPmSN - ok
22:56:33.0687 1628 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:56:33.0703 1628 Wmi - ok
22:56:33.0828 1628 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:56:33.0828 1628 WmiApSrv - ok
22:56:33.0984 1628 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:56:34.0000 1628 WMPNetworkSvc - ok
22:56:34.0093 1628 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) c:\Program Files\Zune\WMZuneComm.exe
22:56:34.0093 1628 WMZuneComm - ok
22:56:34.0187 1628 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:56:34.0187 1628 WpdUsb - ok
22:56:34.0359 1628 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:56:34.0359 1628 wscsvc - ok
22:56:34.0421 1628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:56:34.0421 1628 WSTCODEC - ok
22:56:34.0453 1628 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:56:34.0468 1628 wuauserv - ok
22:56:34.0515 1628 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:56:34.0515 1628 WudfPf - ok
22:56:34.0562 1628 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:56:34.0562 1628 WudfRd - ok
22:56:34.0609 1628 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
22:56:34.0609 1628 WudfSvc - ok
22:56:34.0625 1628 WUSB54GPV4SRV - ok
22:56:34.0703 1628 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:56:34.0718 1628 WZCSVC - ok
22:56:34.0796 1628 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:56:34.0796 1628 xmlprov - ok
22:56:34.0937 1628 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:56:34.0953 1628 YahooAUService - ok
22:56:35.0093 1628 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
22:56:35.0093 1628 zumbus - ok
22:56:35.0203 1628 ZuneBusEnum (dee869820c3483ec7b92a9fd9ba332a7) c:\Program Files\Zune\ZuneBusEnum.exe
22:56:35.0203 1628 ZuneBusEnum - ok
22:56:35.0484 1628 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) c:\Program Files\Zune\ZuneNss.exe
22:56:35.0734 1628 ZuneNetworkSvc - ok
22:56:35.0875 1628 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
22:56:35.0890 1628 ZuneWlanCfgSvc - ok
22:56:36.0046 1628 {a7447300-8075-4b0d-83f1-3d75c8ebc623} - ok
22:56:36.0078 1628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:56:36.0328 1628 \Device\Harddisk0\DR0 - ok
22:56:36.0343 1628 Boot (0x1200) (fd2a610b772ea60f2c6123c3b3285ba5) \Device\Harddisk0\DR0\Partition0
22:56:36.0343 1628 \Device\Harddisk0\DR0\Partition0 - ok
22:56:36.0343 1628 ============================================================
22:56:36.0343 1628 Scan finished
22:56:36.0343 1628 ============================================================
22:56:36.0359 2360 Detected object count: 0
22:56:36.0359 2360 Actual detected object count: 0
22:57:15.0718 2456 Deinitialize success
======================================================================================================================


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 22:57:21
-----------------------------
22:57:21.125 OS Version: Windows 5.1.2600 Service Pack 3
22:57:21.125 Number of processors: 1 586 0xD08
22:57:21.125 ComputerName: LAPTOP UserName:
22:57:21.640 Initialize success
23:12:53.343 AVAST engine defs: 12040101
23:13:01.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:13:01.375 Disk 0 Vendor: Hitachi_HTS541040G9AT00 MB2OA61A Size: 38154MB BusType: 3
23:13:01.406 Disk 0 MBR read successfully
23:13:01.406 Disk 0 MBR scan
23:13:01.453 Disk 0 Windows XP default MBR code
23:13:01.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
23:13:01.468 Disk 0 scanning sectors +78140160
23:13:01.687 Disk 0 scanning C:\WINDOWS\system32\drivers
23:13:16.765 Service scanning
23:13:38.671 Modules scanning
23:13:45.906 Disk 0 trace - called modules:
23:13:45.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:13:45.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dcbab8]
23:13:46.421 3 CLASSPNP.SYS[f75d7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d92940]
23:13:46.984 AVAST engine scan C:\WINDOWS
23:13:49.750 AVAST engine scan C:\WINDOWS\system32
23:16:08.593 AVAST engine scan C:\WINDOWS\system32\drivers
23:16:27.890 AVAST engine scan C:\Documents and Settings\laptop 2
23:18:39.640 AVAST engine scan C:\Documents and Settings\All Users
23:18:54.828 Scan finished successfully
23:25:14.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\laptop 2\Desktop\MBR.dat"
23:25:14.625 The log file has been saved successfully to "C:\Documents and Settings\laptop 2\Desktop\aswMBR.txt"


here is the final item(hope i did everything right):
http://www.mediafire.com/?drxvlly6dxy9v09

thanks.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 02 April 2012 - 10:24 AM

Delete the TDSSkiller quarantine folder located in C drive

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 hostile17

hostile17
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 02 April 2012 - 10:27 PM

private

Edited by hostile17, 03 April 2012 - 04:03 AM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 02 April 2012 - 10:38 PM

Download HOSTS fix

http://go.microsoft.com/?linkid=9668866

Run it

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 hostile17

hostile17
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 03 April 2012 - 12:30 AM

done and done. will that be all? if so, thank you. everything seems to be working soundly. appreciate your efforts, mate.

#10 merepete

merepete

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 03 April 2012 - 12:53 AM

Hello, In google, keep getting 404 not found nginx, and being redirected to other sites It started a few weeks ago and now I cannot use google at all as my homepage without getting 404 message!What to do please....

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 03 April 2012 - 01:01 AM

hostile17

You're PC is clean now :thumbup2:

merepete

Create a new topic to avoid confusions :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users