Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZAccess - Removal Logs


  • This topic is locked This topic is locked
5 replies to this topic

#1 wifey

wifey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 11 April 2012 - 11:01 AM

Hello! I've battled the rootkit zeroaccess the past several days, and finally was able to get into safe mode and get the computer stable (I think). I followed these - http://www.bleepingcomputer.com/forums/topic443728.html - instructions and the computer seems to be okay, but posting the logs just in case so I can be sure. Thank you in advance. The only thing I may have done differently was I left the default actions on TDDs whatever instead of turning all to skip because I wasn't sure, and figured the default were the way to go at this point.

TDDkiller thing:

10:19:27.0296 1988 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
10:19:27.0312 1988 ============================================================
10:19:27.0312 1988 Current date / time: 2012/04/11 10:19:27.0312
10:19:27.0312 1988 SystemInfo:
10:19:27.0312 1988
10:19:27.0312 1988 OS Version: 5.1.2600 ServicePack: 3.0
10:19:27.0312 1988 Product type: Workstation
10:19:27.0312 1988 ComputerName: PAAHOUIALI
10:19:27.0312 1988 UserName: MJLyle
10:19:27.0312 1988 Windows directory: C:\WINDOWS
10:19:27.0312 1988 System windows directory: C:\WINDOWS
10:19:27.0312 1988 Processor architecture: Intel x86
10:19:27.0312 1988 Number of processors: 2
10:19:27.0312 1988 Page size: 0x1000
10:19:27.0312 1988 Boot type: Safe boot with network
10:19:27.0312 1988 ============================================================
10:19:28.0656 1988 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:19:28.0656 1988 \Device\Harddisk0\DR0:
10:19:28.0656 1988 MBR used
10:19:28.0656 1988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x4E714, BlocksNum 0x94BFDAD
10:19:28.0718 1988 Initialize success
10:19:28.0718 1988 ============================================================
10:19:44.0937 2016 ============================================================
10:19:44.0937 2016 Scan started
10:19:44.0937 2016 Mode: Manual; SigCheck; TDLFS;
10:19:44.0937 2016 ============================================================
10:19:45.0109 2016 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:19:45.0734 2016 !SASCORE - ok
10:19:45.0828 2016 47593477 - ok
10:19:45.0859 2016 Abiosdsk - ok
10:19:45.0953 2016 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:19:47.0218 2016 abp480n5 - ok
10:19:47.0328 2016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:19:47.0468 2016 ACPI - ok
10:19:47.0515 2016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:19:47.0609 2016 ACPIEC - ok
10:19:47.0640 2016 adiloader - ok
10:19:47.0718 2016 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:19:47.0750 2016 AdobeFlashPlayerUpdateSvc - ok
10:19:47.0875 2016 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:19:47.0953 2016 adpu160m - ok
10:19:48.0046 2016 ADVService (7233688fc422ef657e082309e6180142) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
10:19:48.0062 2016 ADVService - ok
10:19:48.0093 2016 aeaudio - ok
10:19:48.0156 2016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:19:48.0234 2016 aec - ok
10:19:48.0328 2016 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys
10:19:48.0359 2016 AESTAud - ok
10:19:48.0406 2016 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
10:19:48.0421 2016 AFD - ok
10:19:48.0484 2016 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:19:48.0578 2016 agp440 - ok
10:19:48.0640 2016 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:19:48.0718 2016 agpCPQ - ok
10:19:48.0750 2016 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:19:48.0781 2016 Aha154x - ok
10:19:48.0796 2016 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:19:48.0890 2016 aic78u2 - ok
10:19:48.0906 2016 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:19:48.0968 2016 aic78xx - ok
10:19:49.0031 2016 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:19:49.0156 2016 Alerter - ok
10:19:49.0171 2016 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:19:49.0203 2016 ALG - ok
10:19:49.0281 2016 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:19:49.0343 2016 AliIde - ok
10:19:49.0484 2016 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:19:49.0562 2016 alim1541 - ok
10:19:49.0578 2016 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:19:49.0656 2016 amdagp - ok
10:19:49.0656 2016 amdppm - ok
10:19:49.0687 2016 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:19:49.0734 2016 amsint - ok
10:19:49.0781 2016 anydvd (c62f76344cd3a3a6314055b4929e529d) C:\WINDOWS\system32\BrSerIf.dll
10:19:49.0875 2016 anydvd - ok
10:19:49.0906 2016 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
10:19:50.0062 2016 ApfiltrService - ok
10:19:50.0140 2016 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:19:50.0156 2016 Apple Mobile Device - ok
10:19:50.0234 2016 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:19:50.0281 2016 AppMgmt - ok
10:19:50.0328 2016 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:19:50.0421 2016 Arp1394 - ok
10:19:50.0468 2016 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:19:50.0562 2016 asc - ok
10:19:50.0609 2016 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:19:50.0640 2016 asc3350p - ok
10:19:50.0734 2016 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:19:50.0812 2016 asc3550 - ok
10:19:50.0875 2016 ASFAgent (9ad6ef4d591211a93848103368125b41) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
10:19:50.0875 2016 ASFAgent - ok
10:19:50.0953 2016 AsfAlrt (acee9813685f4a03ee5a160057dd61a8) C:\WINDOWS\system32\Drivers\AsfAlrt.sys
10:19:50.0953 2016 AsfAlrt - ok
10:19:51.0015 2016 aspi32 - ok
10:19:51.0125 2016 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:19:51.0140 2016 aspnet_state - ok
10:19:51.0203 2016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:19:51.0281 2016 AsyncMac - ok
10:19:51.0343 2016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:19:51.0421 2016 atapi - ok
10:19:51.0484 2016 Atdisk - ok
10:19:51.0546 2016 atkkeyboardservice - ok
10:19:51.0609 2016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:19:51.0687 2016 Atmarpc - ok
10:19:51.0765 2016 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:19:51.0843 2016 AudioSrv - ok
10:19:51.0875 2016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:19:51.0953 2016 audstub - ok
10:19:51.0968 2016 AVerTV - ok
10:19:52.0046 2016 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:19:52.0234 2016 BCM43XX - ok
10:19:52.0359 2016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:19:52.0437 2016 Beep - ok
10:19:52.0500 2016 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:19:52.0671 2016 BITS - ok
10:19:52.0890 2016 BMFMySQL (13ef754225dcf6bf7f1525ca9189b99c) C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
10:19:53.0156 2016 BMFMySQL ( UnsignedFile.Multi.Generic ) - warning
10:19:53.0156 2016 BMFMySQL - detected UnsignedFile.Multi.Generic (1)
10:19:53.0265 2016 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
10:19:53.0281 2016 Bonjour Service - ok
10:19:53.0390 2016 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:19:53.0484 2016 Browser - ok
10:19:53.0546 2016 bthmodem (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cm102u32.dll
10:19:53.0546 2016 bthmodem ( Backdoor.Multi.ZAccess.gen ) - infected
10:19:53.0546 2016 bthmodem - detected Backdoor.Multi.ZAccess.gen (0)
10:19:53.0562 2016 bthport - ok
10:19:53.0625 2016 buttonsvc32 (81a395aab3c606d5f1667cc5fc02b3d2) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
10:19:53.0640 2016 buttonsvc32 - ok
10:19:53.0640 2016 bwcsrv - ok
10:19:53.0656 2016 c-dillasrv - ok
10:19:53.0750 2016 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:19:53.0828 2016 cbidf - ok
10:19:53.0890 2016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:19:53.0968 2016 cbidf2k - ok
10:19:54.0046 2016 CcmExec (92e1c6aa2baa06e255a52b64dd057b31) C:\WINDOWS\system32\CCM\CcmExec.exe
10:19:54.0125 2016 CcmExec - ok
10:19:54.0218 2016 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:19:54.0250 2016 cd20xrnt - ok
10:19:54.0343 2016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:19:54.0437 2016 Cdaudio - ok
10:19:54.0468 2016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:19:54.0546 2016 Cdfs - ok
10:19:54.0578 2016 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:19:54.0656 2016 Cdrom - ok
10:19:54.0671 2016 cercsr6 - ok
10:19:54.0703 2016 Changer - ok
10:19:54.0750 2016 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:19:54.0843 2016 CiSvc - ok
10:19:54.0906 2016 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:19:54.0984 2016 ClipSrv - ok
10:19:55.0046 2016 clr_optimization_v2.0.50215_32 - ok
10:19:55.0171 2016 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:19:55.0218 2016 clr_optimization_v2.0.50727_32 - ok
10:19:55.0296 2016 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:19:55.0390 2016 CmBatt - ok
10:19:55.0437 2016 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:19:55.0515 2016 CmdIde - ok
10:19:55.0609 2016 cmuda3 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\a016mgmt.dll
10:19:55.0609 2016 cmuda3 ( Backdoor.Multi.ZAccess.gen ) - infected
10:19:55.0609 2016 cmuda3 - detected Backdoor.Multi.ZAccess.gen (0)
10:19:55.0671 2016 CnxtHdAudService (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sisagp.dll
10:19:55.0687 2016 CnxtHdAudService ( Backdoor.Multi.ZAccess.gen ) - infected
10:19:55.0687 2016 CnxtHdAudService - detected Backdoor.Multi.ZAccess.gen (0)
10:19:55.0734 2016 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:19:55.0812 2016 Compbatt - ok
10:19:55.0828 2016 COMSysApp - ok
10:19:55.0937 2016 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:19:56.0031 2016 Cpqarray - ok
10:19:56.0078 2016 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:19:56.0156 2016 CryptSvc - ok
10:19:56.0187 2016 CSDriver - ok
10:19:56.0203 2016 ctxusbm - ok
10:19:56.0234 2016 cvusbdrv (6fdbd7618935247d24a84d673d796ad0) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
10:19:56.0250 2016 cvusbdrv - ok
10:19:56.0312 2016 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:19:56.0406 2016 dac2w2k - ok
10:19:56.0468 2016 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:19:56.0546 2016 dac960nt - ok
10:19:56.0625 2016 datasvr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\symredrv.dll
10:19:56.0625 2016 datasvr ( Backdoor.Multi.ZAccess.gen ) - infected
10:19:56.0625 2016 datasvr - detected Backdoor.Multi.ZAccess.gen (0)
10:19:56.0765 2016 DB2MGMTSVC_TACOM25 (2e4f0f57a466ea40530b489d1da6a907) C:\Program Files\Quest Software\Toad for Data Analysts 2.5\SQLLIB\BIN\db2mgmtsvc.exe
10:19:56.0781 2016 DB2MGMTSVC_TACOM25 - ok
10:19:56.0859 2016 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:19:56.0906 2016 DcomLaunch - ok
10:19:57.0046 2016 dcpsysmgrsvc (6125cb19708c94169880346e42b00ab0) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
10:19:57.0062 2016 dcpsysmgrsvc - ok
10:19:57.0187 2016 dcstor32 - ok
10:19:57.0250 2016 Dfs - ok
10:19:57.0359 2016 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:19:57.0453 2016 Dhcp - ok
10:19:57.0500 2016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:19:57.0578 2016 Disk - ok
10:19:57.0609 2016 DisplayLinkFilter (6ab4b3859d87dc40dc93f1427c366db8) C:\WINDOWS\system32\DRIVERS\DisplayLinkFilter.sys
10:19:57.0640 2016 DisplayLinkFilter - ok
10:19:57.0687 2016 DisplayLinkGA (a29e61ab672e3901b63d1df7592613b5) C:\WINDOWS\system32\DRIVERS\DisplayLinkGAport.sys
10:19:57.0703 2016 DisplayLinkGA - ok
10:19:57.0750 2016 DisplayLinkmirror (f974762414e831e3469fe4d14c378f2c) C:\WINDOWS\system32\DRIVERS\DisplayLinkmirrorport.sys
10:19:57.0765 2016 DisplayLinkmirror - ok
10:19:57.0937 2016 DisplayLinkService (9f07ffacd9bc7620369118410126fcef) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
10:19:58.0234 2016 DisplayLinkService - ok
10:19:58.0359 2016 DisplayLinkUsbPort (a978a92393a57d99817acaf5718fb3e0) C:\WINDOWS\system32\DRIVERS\DisplayLinkUsbPort_5.3.24903.0.sys
10:19:58.0437 2016 DisplayLinkUsbPort - ok
10:19:58.0453 2016 DivisCTS - ok
10:19:58.0468 2016 dmadmin - ok
10:19:58.0531 2016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:19:58.0703 2016 dmboot - ok
10:19:58.0796 2016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:19:58.0875 2016 dmio - ok
10:19:58.0906 2016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:19:58.0968 2016 dmload - ok
10:19:59.0031 2016 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:19:59.0140 2016 dmserver - ok
10:19:59.0171 2016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:19:59.0265 2016 DMusic - ok
10:19:59.0296 2016 DNE (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bridgemp.dll
10:19:59.0296 2016 DNE ( Backdoor.Multi.ZAccess.gen ) - infected
10:19:59.0296 2016 DNE - detected Backdoor.Multi.ZAccess.gen (0)
10:19:59.0359 2016 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
10:19:59.0437 2016 Dnscache - ok
10:19:59.0468 2016 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:19:59.0562 2016 Dot3svc - ok
10:19:59.0609 2016 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:19:59.0687 2016 dpti2o - ok
10:19:59.0718 2016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:19:59.0812 2016 drmkaud - ok
10:19:59.0828 2016 ds1 - ok
10:19:59.0906 2016 DS1410D - ok
10:19:59.0968 2016 DSXUSB - ok
10:20:00.0031 2016 dtsrvc - ok
10:20:00.0093 2016 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
10:20:00.0093 2016 e1yexpress - ok
10:20:00.0156 2016 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:20:00.0234 2016 EapHost - ok
10:20:00.0281 2016 elbydelay - ok
10:20:00.0375 2016 ELkbd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SRVLOC.dll
10:20:00.0375 2016 ELkbd ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:00.0375 2016 ELkbd - detected Backdoor.Multi.ZAccess.gen (0)
10:20:00.0484 2016 ENDFORCE Agent API (d877c7db2d82e366ec806affc53fb828) C:\Program Files\ENDFORCE\AgentAPI.exe
10:20:00.0718 2016 ENDFORCE Agent API ( UnsignedFile.Multi.Generic ) - warning
10:20:00.0718 2016 ENDFORCE Agent API - detected UnsignedFile.Multi.Generic (1)
10:20:00.0796 2016 Eplpdx02 - ok
10:20:00.0859 2016 epson_pm_rpcv2_01 - ok
10:20:00.0937 2016 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:20:01.0015 2016 ERSvc - ok
10:20:01.0031 2016 eSettingsService - ok
10:20:01.0078 2016 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:20:01.0109 2016 Eventlog - ok
10:20:01.0218 2016 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:20:01.0250 2016 EventSystem - ok
10:20:01.0312 2016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:20:01.0390 2016 Fastfat - ok
10:20:01.0421 2016 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:20:01.0500 2016 FastUserSwitchingCompatibility - ok
10:20:01.0546 2016 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
10:20:01.0640 2016 Fax - ok
10:20:01.0734 2016 Fd16_700 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mi-raysat_3dsmax8.dll
10:20:01.0734 2016 Fd16_700 ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:01.0734 2016 Fd16_700 - detected Backdoor.Multi.ZAccess.gen (0)
10:20:01.0796 2016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:20:01.0875 2016 Fdc - ok
10:20:01.0937 2016 FET5X86V - ok
10:20:01.0984 2016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:20:02.0062 2016 Fips - ok
10:20:02.0109 2016 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:20:02.0171 2016 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:20:02.0171 2016 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:20:02.0250 2016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:20:02.0343 2016 Flpydisk - ok
10:20:02.0359 2016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:20:02.0437 2016 FltMgr - ok
10:20:02.0515 2016 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:20:02.0531 2016 FontCache3.0.0.0 - ok
10:20:02.0546 2016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:20:02.0640 2016 Fs_Rec - ok
10:20:02.0687 2016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:20:02.0765 2016 Ftdisk - ok
10:20:02.0796 2016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:20:02.0796 2016 GEARAspiWDM - ok
10:20:02.0843 2016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:20:02.0921 2016 Gpc - ok
10:20:02.0968 2016 HCLInetd (4ea3eaf80e8ee19ff005003fec4f51de) C:\Program Files\Hummingbird\Connectivity\13.00\InetD\inetd32.exe
10:20:02.0968 2016 HCLInetd - ok
10:20:03.0000 2016 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:20:03.0062 2016 HDAudBus - ok
10:20:03.0125 2016 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:20:03.0218 2016 helpsvc - ok
10:20:03.0296 2016 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:20:03.0375 2016 HidServ - ok
10:20:03.0421 2016 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:20:03.0500 2016 hidusb - ok
10:20:03.0531 2016 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:20:03.0625 2016 hkmsvc - ok
10:20:03.0703 2016 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:20:03.0781 2016 hpn - ok
10:20:03.0828 2016 HSFHWAZL (f25bb78b0063a8e8fceff33493c305e0) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:20:03.0875 2016 HSFHWAZL - ok
10:20:03.0921 2016 hsfhwbs2 - ok
10:20:03.0984 2016 HSF_DPV (04d872629e0afcb07ba9088eaa308c11) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:20:04.0062 2016 HSF_DPV - ok
10:20:04.0125 2016 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:20:04.0218 2016 HTTP - ok
10:20:04.0281 2016 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:20:04.0375 2016 HTTPFilter - ok
10:20:04.0437 2016 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:20:04.0515 2016 i2omgmt - ok
10:20:04.0578 2016 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:20:04.0656 2016 i2omp - ok
10:20:04.0734 2016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:20:04.0812 2016 i8042prt - ok
10:20:04.0890 2016 IAANTMON (f79525634b192f5a18de503568f94ef3) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:20:04.0906 2016 IAANTMON - ok
10:20:04.0984 2016 iaimfp1 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cpqalert.dll
10:20:04.0984 2016 iaimfp1 ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:04.0984 2016 iaimfp1 - detected Backdoor.Multi.ZAccess.gen (0)
10:20:05.0062 2016 iAimTV6 - ok
10:20:05.0296 2016 ialm (4f3139829f1ac202ff0d29c2fd6c15b6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:20:05.0765 2016 ialm - ok
10:20:05.0843 2016 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
10:20:05.0859 2016 iaStor - ok
10:20:05.0890 2016 icollectservice - ok
10:20:06.0015 2016 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:20:06.0031 2016 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:20:06.0031 2016 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:20:06.0125 2016 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:20:06.0171 2016 idsvc - ok
10:20:06.0250 2016 imagedrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\lhidusb.dll
10:20:06.0265 2016 imagedrv ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:06.0265 2016 imagedrv - detected Backdoor.Multi.ZAccess.gen (0)
10:20:06.0312 2016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:20:06.0406 2016 Imapi - ok
10:20:06.0640 2016 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:20:06.0734 2016 ImapiService - ok
10:20:06.0765 2016 incdfs - ok
10:20:06.0875 2016 incdrec (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\blueletaudio.dll
10:20:06.0875 2016 incdrec ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:06.0875 2016 incdrec - detected Backdoor.Multi.ZAccess.gen (0)
10:20:06.0921 2016 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:20:07.0000 2016 ini910u - ok
10:20:07.0062 2016 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys
10:20:07.0078 2016 IntcHdmiAddService - ok
10:20:07.0140 2016 IntelC51 - ok
10:20:07.0218 2016 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:20:07.0312 2016 IntelIde - ok
10:20:07.0375 2016 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:20:07.0453 2016 intelppm - ok
10:20:07.0562 2016 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
10:20:07.0562 2016 IntuitUpdateService - ok
10:20:07.0609 2016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:20:07.0687 2016 Ip6Fw - ok
10:20:07.0718 2016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:20:07.0796 2016 IpFilterDriver - ok
10:20:07.0812 2016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:20:07.0875 2016 IpInIp - ok
10:20:07.0937 2016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:20:08.0000 2016 IpNat - ok
10:20:08.0078 2016 iPod Service (630d74599070824af3dc63a894adcdfc) C:\Program Files\iPod\bin\iPodService.exe
10:20:08.0109 2016 iPod Service - ok
10:20:08.0171 2016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:20:08.0250 2016 IPSec - ok
10:20:08.0265 2016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:20:08.0312 2016 IRENUM - ok
10:20:08.0343 2016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:20:08.0421 2016 isapnp - ok
10:20:08.0484 2016 ispwdsvc - ok
10:20:08.0578 2016 JavaQuickStarterService (09417134f248dfceea15c72bcc87f592) C:\Program Files\Java\jre1.6.0_16\bin\jqs.exe
10:20:08.0593 2016 JavaQuickStarterService - ok
10:20:08.0656 2016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:20:08.0750 2016 Kbdclass - ok
10:20:08.0781 2016 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:20:08.0843 2016 kbdhid - ok
10:20:08.0890 2016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:20:08.0968 2016 kmixer - ok
10:20:09.0062 2016 kpf4 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\LPCFilter.dll
10:20:09.0062 2016 kpf4 ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:09.0062 2016 kpf4 - detected Backdoor.Multi.ZAccess.gen (0)
10:20:09.0140 2016 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
10:20:09.0218 2016 KSecDD - ok
10:20:09.0250 2016 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
10:20:09.0343 2016 LanmanServer - ok
10:20:09.0359 2016 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:20:09.0421 2016 lanmanworkstation - ok
10:20:09.0484 2016 lbrtfdc - ok
10:20:09.0531 2016 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:20:09.0609 2016 LmHosts - ok
10:20:09.0687 2016 ltxred (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ibmpmdrv.dll
10:20:09.0687 2016 ltxred ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:09.0687 2016 ltxred - detected Backdoor.Multi.ZAccess.gen (0)
10:20:09.0703 2016 lvpopflt - ok
10:20:09.0734 2016 lxdm_device - ok
10:20:09.0781 2016 mapserver6.3 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\UDFReadr.dll
10:20:09.0796 2016 mapserver6.3 ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:09.0796 2016 mapserver6.3 - detected Backdoor.Multi.ZAccess.gen (0)
10:20:09.0859 2016 mcrdsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\{a7447300-8075-4b0d-83f1-3d75c8ebc623}.dll
10:20:09.0875 2016 mcrdsvc ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:09.0875 2016 mcrdsvc - detected Backdoor.Multi.ZAccess.gen (0)
10:20:09.0937 2016 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:20:09.0953 2016 MDM - ok
10:20:10.0015 2016 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:20:10.0031 2016 mdmxsdk - ok
10:20:10.0046 2016 MEMSWEEP2 - ok
10:20:10.0078 2016 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:20:10.0156 2016 Messenger - ok
10:20:10.0171 2016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:20:10.0265 2016 mnmdd - ok
10:20:10.0296 2016 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:20:10.0359 2016 mnmsrvc - ok
10:20:10.0406 2016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:20:10.0484 2016 Modem - ok
10:20:10.0546 2016 MOSUMAC (5dc5fd9916bd233843e53d35bd6e0699) C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS
10:20:10.0593 2016 MOSUMAC - ok
10:20:10.0671 2016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:20:10.0750 2016 Mouclass - ok
10:20:10.0781 2016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:20:10.0859 2016 mouhid - ok
10:20:10.0890 2016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:20:10.0968 2016 MountMgr - ok
10:20:11.0046 2016 mpservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\se45unic.dll
10:20:11.0046 2016 mpservice ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:11.0046 2016 mpservice - detected Backdoor.Multi.ZAccess.gen (0)
10:20:11.0078 2016 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:20:11.0140 2016 mraid35x - ok
10:20:11.0218 2016 mrvw245 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sgectl.dll
10:20:11.0218 2016 mrvw245 ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:11.0218 2016 mrvw245 - detected Backdoor.Multi.ZAccess.gen (0)
10:20:11.0265 2016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:20:11.0343 2016 MRxDAV - ok
10:20:11.0390 2016 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:20:11.0453 2016 MRxSmb - ok
10:20:11.0531 2016 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:20:11.0593 2016 MSDTC - ok
10:20:11.0671 2016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:20:11.0750 2016 Msfs - ok
10:20:11.0796 2016 MSFWHLPR - ok
10:20:11.0828 2016 MSIServer - ok
10:20:11.0859 2016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:20:11.0953 2016 MSKSSRV - ok
10:20:11.0984 2016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:20:12.0046 2016 MSPCLOCK - ok
10:20:12.0109 2016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:20:12.0187 2016 MSPQM - ok
10:20:12.0218 2016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:20:12.0296 2016 mssmbios - ok
10:20:12.0328 2016 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:20:12.0406 2016 Mup - ok
10:20:12.0421 2016 naimagent32 - ok
10:20:12.0515 2016 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\WINDOWS\system32\Drivers\iqvw32.sys
10:20:12.0531 2016 NAL - ok
10:20:12.0609 2016 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:20:12.0703 2016 napagent - ok
10:20:12.0750 2016 nchssvad (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\isapnp.dll
10:20:12.0750 2016 nchssvad ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:12.0750 2016 nchssvad - detected Backdoor.Multi.ZAccess.gen (0)
10:20:12.0796 2016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:20:12.0875 2016 NDIS - ok
10:20:12.0968 2016 NdisFilt - ok
10:20:13.0000 2016 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:20:13.0078 2016 NdisTapi - ok
10:20:13.0125 2016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:20:13.0187 2016 Ndisuio - ok
10:20:13.0281 2016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:20:13.0375 2016 NdisWan - ok
10:20:13.0421 2016 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:20:13.0500 2016 NDProxy - ok
10:20:13.0531 2016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:20:13.0593 2016 NetBIOS - ok
10:20:13.0640 2016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:20:13.0718 2016 NetBT - ok
10:20:13.0765 2016 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:20:13.0843 2016 NetDDE - ok
10:20:13.0859 2016 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:20:13.0921 2016 NetDDEdsdm - ok
10:20:13.0984 2016 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:20:14.0062 2016 Netlogon - ok
10:20:14.0109 2016 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:20:14.0187 2016 Netman - ok
10:20:14.0296 2016 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:20:14.0312 2016 NetTcpPortSharing - ok
10:20:14.0375 2016 NETw4v32 - ok
10:20:14.0406 2016 NetworkLog (65f5103187c53999c8fc9872f7496dcf) C:\WINDOWS\svcs.exe
10:20:14.0453 2016 NetworkLog ( UnsignedFile.Multi.Generic ) - warning
10:20:14.0453 2016 NetworkLog - detected UnsignedFile.Multi.Generic (1)
10:20:14.0531 2016 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:20:14.0609 2016 NIC1394 - ok
10:20:14.0671 2016 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
10:20:14.0703 2016 Nla - ok
10:20:14.0781 2016 nmwcd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\trufos.dll
10:20:14.0781 2016 nmwcd ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:14.0781 2016 nmwcd - detected Backdoor.Multi.ZAccess.gen (0)
10:20:14.0859 2016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:20:14.0937 2016 Npfs - ok
10:20:14.0984 2016 Nsynas32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\e1express.dll
10:20:14.0984 2016 Nsynas32 ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:14.0984 2016 Nsynas32 - detected Backdoor.Multi.ZAccess.gen (0)
10:20:15.0031 2016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:20:15.0125 2016 Ntfs - ok
10:20:15.0203 2016 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:20:15.0265 2016 NtLmSsp - ok
10:20:15.0312 2016 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:20:15.0406 2016 NtmsSvc - ok
10:20:15.0468 2016 NuidFltr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Alpham1.dll
10:20:15.0468 2016 NuidFltr ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:15.0468 2016 NuidFltr - detected Backdoor.Multi.ZAccess.gen (0)
10:20:15.0484 2016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:20:15.0562 2016 Null - ok
10:20:15.0578 2016 NvtSp50 - ok
10:20:15.0625 2016 NVXBAR (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ndproxy.dll
10:20:15.0625 2016 NVXBAR ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:15.0625 2016 NVXBAR - detected Backdoor.Multi.ZAccess.gen (0)
10:20:15.0703 2016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:20:15.0765 2016 NwlnkFlt - ok
10:20:15.0796 2016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:20:15.0859 2016 NwlnkFwd - ok
10:20:15.0875 2016 NWUSBModem - ok
10:20:15.0906 2016 odclientservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ccevtmgr.dll
10:20:15.0906 2016 odclientservice ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:15.0906 2016 odclientservice - detected Backdoor.Multi.ZAccess.gen (0)
10:20:15.0984 2016 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:20:16.0062 2016 ohci1394 - ok
10:20:16.0093 2016 omnidrv - ok
10:20:16.0218 2016 OracleClientCache80 (ecb4976c878946290679f8e1724dc130) C:\Oracle_Dev6i\BIN\ONRSD80.EXE
10:20:16.0250 2016 OracleClientCache80 ( UnsignedFile.Multi.Generic ) - warning
10:20:16.0250 2016 OracleClientCache80 - detected UnsignedFile.Multi.Generic (1)
10:20:16.0296 2016 oracleorahomedatagatherer - ok
10:20:16.0390 2016 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:20:16.0390 2016 ose - ok
10:20:16.0468 2016 OVT511Plus - ok
10:20:16.0484 2016 p2k - ok
10:20:16.0546 2016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:20:16.0625 2016 Parport - ok
10:20:16.0718 2016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:20:16.0812 2016 PartMgr - ok
10:20:16.0828 2016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:20:16.0890 2016 ParVdm - ok
10:20:16.0906 2016 PBADRV - ok
10:20:16.0921 2016 PCASp50 - ok
10:20:16.0953 2016 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:20:17.0015 2016 PCI - ok
10:20:17.0078 2016 PCIDump - ok
10:20:17.0125 2016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:20:17.0203 2016 PCIIde - ok
10:20:17.0234 2016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:20:17.0312 2016 Pcmcia - ok
10:20:17.0359 2016 PDCOMP - ok
10:20:17.0437 2016 PDFProFiltSrv (34e3696102334ce84367336e309f1a0d) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
10:20:17.0453 2016 PDFProFiltSrv - ok
10:20:17.0468 2016 PDFRAME - ok
10:20:17.0515 2016 pdlnafac - ok
10:20:17.0562 2016 pdlndtdl (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MA_CMIDI.dll
10:20:17.0562 2016 pdlndtdl ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:17.0562 2016 pdlndtdl - detected Backdoor.Multi.ZAccess.gen (0)
10:20:17.0609 2016 PDRELI - ok
10:20:17.0625 2016 PDRFRAME - ok
10:20:17.0703 2016 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:20:17.0781 2016 perc2 - ok
10:20:17.0828 2016 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:20:17.0906 2016 perc2hib - ok
10:20:18.0046 2016 PESRV (b59eeddc09e923a8f2819f4b362eb980) C:\Program Files\Hummingbird\Connectivity\13.00\HostExplorer\PrintServices\PESRV.exe
10:20:18.0046 2016 PESRV - ok
10:20:18.0140 2016 PGPsdkDriver - ok
10:20:18.0218 2016 PhilCam8116 - ok
10:20:18.0281 2016 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:20:18.0296 2016 PlugPlay - ok
10:20:18.0328 2016 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:20:18.0406 2016 PolicyAgent - ok
10:20:18.0437 2016 pop3d32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\PD0620VID.dll
10:20:18.0437 2016 pop3d32 ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:18.0437 2016 pop3d32 - detected Backdoor.Multi.ZAccess.gen (0)
10:20:18.0515 2016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:20:18.0593 2016 PptpMiniport - ok
10:20:18.0656 2016 prepdrvr (3909be53ad8e2bfcac9d9148e4b2b270) C:\WINDOWS\system32\CCM\prepdrv.sys
10:20:18.0671 2016 prepdrvr - ok
10:20:18.0718 2016 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:20:18.0781 2016 ProtectedStorage - ok
10:20:18.0843 2016 ProxyEngine (b41f14d489f47154b871825f3839e390) C:\Program Files\Hummingbird\Connectivity\13.00\Accessories\ProxyEngine.exe
10:20:18.0875 2016 ProxyEngine - ok
10:20:18.0968 2016 proxyhostservice - ok
10:20:19.0031 2016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:20:19.0109 2016 PSched - ok
10:20:19.0125 2016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:20:19.0203 2016 Ptilink - ok
10:20:19.0234 2016 puscsrvc - ok
10:20:19.0265 2016 pxfhserd - ok
10:20:19.0312 2016 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:20:19.0312 2016 PxHelp20 - ok
10:20:19.0390 2016 qbreminderflash (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\splitter.dll
10:20:19.0390 2016 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:19.0390 2016 qbreminderflash - detected Backdoor.Multi.ZAccess.gen (0)
10:20:19.0437 2016 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:20:19.0500 2016 ql1080 - ok
10:20:19.0531 2016 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:20:19.0625 2016 Ql10wnt - ok
10:20:19.0656 2016 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:20:19.0734 2016 ql12160 - ok
10:20:19.0750 2016 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:20:19.0828 2016 ql1240 - ok
10:20:19.0890 2016 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:20:19.0968 2016 ql1280 - ok
10:20:20.0015 2016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:20:20.0078 2016 RasAcd - ok
10:20:20.0140 2016 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:20:20.0234 2016 RasAuto - ok
10:20:20.0265 2016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:20:20.0343 2016 Rasl2tp - ok
10:20:20.0421 2016 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:20:20.0484 2016 RasMan - ok
10:20:20.0546 2016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:20:20.0625 2016 RasPppoe - ok
10:20:20.0656 2016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:20:20.0734 2016 Raspti - ok
10:20:20.0765 2016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:20:20.0843 2016 Rdbss - ok
10:20:20.0921 2016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:20:20.0984 2016 RDPCDD - ok
10:20:21.0031 2016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:20:21.0109 2016 rdpdr - ok
10:20:21.0140 2016 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:20:21.0218 2016 RDPWD - ok
10:20:21.0250 2016 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:20:21.0312 2016 RDSessMgr - ok
10:20:21.0328 2016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:20:21.0406 2016 redbook - ok
10:20:21.0546 2016 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:20:21.0625 2016 RemoteAccess - ok
10:20:21.0625 2016 remoterecord - ok
10:20:21.0687 2016 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:20:21.0765 2016 RemoteRegistry - ok
10:20:21.0812 2016 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:20:21.0828 2016 rimmptsk - ok
10:20:21.0906 2016 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
10:20:21.0937 2016 RimUsb - ok
10:20:22.0046 2016 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
10:20:22.0078 2016 RimVSerPort - ok
10:20:22.0093 2016 RivaTuner32 - ok
10:20:22.0156 2016 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
10:20:22.0234 2016 ROOTMODEM - ok
10:20:22.0296 2016 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
10:20:22.0296 2016 Roxio UPnP Renderer 9 - ok
10:20:22.0343 2016 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
10:20:22.0359 2016 Roxio Upnp Server 9 - ok
10:20:22.0406 2016 RoxLiveShare9 (31ea73c68bdd11137a97abc5dd17e628) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
10:20:22.0421 2016 RoxLiveShare9 - ok
10:20:22.0500 2016 RoxMediaDB9 (406142c640624256cf7014e84bf69876) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
10:20:22.0578 2016 RoxMediaDB9 - ok
10:20:22.0609 2016 RoxWatch9 (38a219e2ee43a3604da53e344b9f875f) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
10:20:22.0625 2016 RoxWatch9 - ok
10:20:22.0703 2016 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:20:22.0765 2016 RpcLocator - ok
10:20:22.0859 2016 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:20:22.0937 2016 RpcSs - ok
10:20:23.0000 2016 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:20:23.0062 2016 RSVP - ok
10:20:23.0093 2016 s217obex - ok
10:20:23.0140 2016 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:20:23.0203 2016 SamSs - ok
10:20:23.0265 2016 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:20:23.0265 2016 SASDIFSV - ok
10:20:23.0296 2016 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:20:23.0296 2016 SASKUTIL - ok
10:20:23.0375 2016 SAVAdminService (bd57b12fa4c21b1ce7da3570410bf12d) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
10:20:23.0406 2016 SAVAdminService - ok
10:20:23.0453 2016 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
10:20:23.0484 2016 SAVOnAccessControl - ok
10:20:23.0515 2016 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
10:20:23.0593 2016 SAVOnAccessFilter - ok
10:20:23.0703 2016 SAVService (836aec603665f6db83965ee57b3dcf57) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
10:20:23.0718 2016 SAVService - ok
10:20:23.0781 2016 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:20:23.0875 2016 SCardSvr - ok
10:20:23.0921 2016 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:20:24.0000 2016 Schedule - ok
10:20:24.0031 2016 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:20:24.0125 2016 sdbus - ok
10:20:24.0187 2016 se59unic (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\client32.dll
10:20:24.0187 2016 se59unic ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:24.0187 2016 se59unic - detected Backdoor.Multi.ZAccess.gen (0)
10:20:24.0265 2016 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:20:24.0265 2016 SeaPort - ok
10:20:24.0359 2016 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:20:24.0421 2016 Secdrv - ok
10:20:24.0484 2016 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:20:24.0562 2016 seclogon - ok
10:20:24.0593 2016 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:20:24.0671 2016 SENS - ok
10:20:24.0734 2016 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:20:24.0796 2016 Serenum - ok
10:20:24.0843 2016 Serial (2e2fc3a9d9f5f9a938cf3e1af52ce8f2) C:\WINDOWS\system32\DRIVERS\serial.sys
10:20:24.0843 2016 Serial ( Virus.Win32.ZAccess.c ) - infected
10:20:24.0843 2016 Serial - detected Virus.Win32.ZAccess.c (0)
10:20:24.0937 2016 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:20:25.0015 2016 Sfloppy - ok
10:20:25.0062 2016 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:20:25.0171 2016 SharedAccess - ok
10:20:25.0234 2016 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:20:25.0296 2016 ShellHWDetection - ok
10:20:25.0312 2016 Simbad - ok
10:20:25.0390 2016 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:20:25.0453 2016 sisagp - ok
10:20:25.0546 2016 Sk9920nt - ok
10:20:25.0593 2016 smcservice - ok
10:20:25.0625 2016 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
10:20:25.0640 2016 smsmdd - ok
10:20:25.0687 2016 smstsmgr - ok
10:20:25.0750 2016 Sophos Agent (f33b53cfc7f1e366ec00cad02d7d64bb) C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
10:20:25.0781 2016 Sophos Agent ( UnsignedFile.Multi.Generic ) - warning
10:20:25.0781 2016 Sophos Agent - detected UnsignedFile.Multi.Generic (1)
10:20:25.0812 2016 Sophos AutoUpdate Service (e4a3cffd81b4169128f187729e137417) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
10:20:25.0828 2016 Sophos AutoUpdate Service - ok
10:20:25.0875 2016 Sophos Message Router (8941dd79f5700fb6a05cdbab15481962) C:\Program Files\Sophos\Remote Management System\RouterNT.exe
10:20:25.0906 2016 Sophos Message Router ( UnsignedFile.Multi.Generic ) - warning
10:20:25.0906 2016 Sophos Message Router - detected UnsignedFile.Multi.Generic (1)
10:20:25.0984 2016 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
10:20:26.0031 2016 SophosBootDriver - ok
10:20:26.0125 2016 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:20:26.0187 2016 Sparrow - ok
10:20:26.0250 2016 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:20:26.0328 2016 splitter - ok
10:20:26.0359 2016 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
10:20:26.0437 2016 Spooler - ok
10:20:26.0468 2016 SQLBrowser - ok
10:20:26.0562 2016 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:20:26.0609 2016 sr - ok
10:20:26.0625 2016 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:20:26.0671 2016 srservice - ok
10:20:26.0734 2016 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
10:20:26.0859 2016 Srv - ok
10:20:26.0906 2016 sscdserd - ok
10:20:26.0953 2016 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:20:26.0984 2016 SSDPSRV - ok
10:20:27.0015 2016 STacSV (cb2449150a5ea17caa0b94363d9440cc) c:\drivers\audio\r205445\stacsv.exe
10:20:27.0046 2016 STacSV - ok
10:20:27.0109 2016 STHDA (886c708c91db573656d64c626468d707) C:\WINDOWS\system32\drivers\sthda.sys
10:20:27.0250 2016 STHDA - ok
10:20:27.0296 2016 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:20:27.0390 2016 stisvc - ok
10:20:27.0468 2016 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:20:27.0500 2016 stllssvr ( UnsignedFile.Multi.Generic ) - warning
10:20:27.0500 2016 stllssvr - detected UnsignedFile.Multi.Generic (1)
10:20:27.0531 2016 Sunkfiltp - ok
10:20:27.0609 2016 svv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\navapel.dll
10:20:27.0609 2016 svv ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:27.0609 2016 svv - detected Backdoor.Multi.ZAccess.gen (0)
10:20:27.0656 2016 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:20:27.0734 2016 swenum - ok
10:20:27.0921 2016 swi_service (ab22d10457bb1b8bb587c61af03f909f) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
10:20:28.0031 2016 swi_service - ok
10:20:28.0109 2016 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:20:28.0171 2016 swmidi - ok
10:20:28.0218 2016 SwPrv - ok
10:20:28.0312 2016 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:20:28.0375 2016 symc810 - ok
10:20:28.0453 2016 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:20:28.0562 2016 symc8xx - ok
10:20:28.0656 2016 symevent (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ni_nic.dll
10:20:28.0656 2016 symevent ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:28.0656 2016 symevent - detected Backdoor.Multi.ZAccess.gen (0)
10:20:28.0718 2016 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:20:28.0828 2016 sym_hi - ok
10:20:28.0906 2016 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:20:28.0968 2016 sym_u3 - ok
10:20:29.0093 2016 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:20:29.0156 2016 sysaudio - ok
10:20:29.0187 2016 sysmgmthp - ok
10:20:29.0250 2016 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:20:29.0328 2016 SysmonLog - ok
10:20:29.0359 2016 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:20:29.0421 2016 TapiSrv - ok
10:20:29.0500 2016 Tb2RCAssist - ok
10:20:29.0593 2016 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:20:29.0640 2016 Tcpip - ok
10:20:29.0734 2016 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:20:29.0796 2016 TDPIPE - ok
10:20:29.0828 2016 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:20:29.0890 2016 TDTCP - ok
10:20:29.0937 2016 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:20:30.0000 2016 TermDD - ok
10:20:30.0109 2016 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:20:30.0203 2016 TermService - ok
10:20:30.0218 2016 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:20:30.0296 2016 Themes - ok
10:20:30.0312 2016 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:20:30.0343 2016 TlntSvr - ok
10:20:30.0406 2016 tmtdi - ok
10:20:30.0531 2016 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:20:30.0593 2016 TosIde - ok
10:20:30.0671 2016 tosporte - ok
10:20:30.0703 2016 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:20:30.0796 2016 TrkWks - ok
10:20:30.0859 2016 tvald (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ROB_V.dll
10:20:30.0859 2016 tvald ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:30.0859 2016 tvald - detected Backdoor.Multi.ZAccess.gen (0)
10:20:30.0875 2016 twotrack - ok
10:20:30.0890 2016 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:20:30.0968 2016 Udfs - ok
10:20:31.0078 2016 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:20:31.0109 2016 ultra - ok
10:20:31.0140 2016 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:20:31.0218 2016 Update - ok
10:20:31.0281 2016 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:20:31.0328 2016 upnphost - ok
10:20:31.0359 2016 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:20:31.0437 2016 UPS - ok
10:20:31.0531 2016 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:20:31.0609 2016 usbaudio - ok
10:20:31.0656 2016 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:20:31.0671 2016 usbccgp - ok
10:20:31.0734 2016 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
10:20:31.0750 2016 USBCCID - ok
10:20:31.0781 2016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:20:31.0859 2016 usbehci - ok
10:20:31.0890 2016 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:20:31.0968 2016 usbhub - ok
10:20:32.0031 2016 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:20:32.0093 2016 usbscan - ok
10:20:32.0203 2016 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:20:32.0281 2016 USBSTOR - ok
10:20:32.0312 2016 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:20:32.0375 2016 usbuhci - ok
10:20:32.0390 2016 USR1806V - ok
10:20:32.0421 2016 vaiomediaplatform-mobile-gateway - ok
10:20:32.0453 2016 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:20:32.0531 2016 VgaSave - ok
10:20:32.0625 2016 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:20:32.0734 2016 viaagp - ok
10:20:32.0796 2016 viaagp1 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\apache.dll
10:20:32.0796 2016 viaagp1 ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:32.0796 2016 viaagp1 - detected Backdoor.Multi.ZAccess.gen (0)
10:20:32.0859 2016 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:20:32.0937 2016 ViaIde - ok
10:20:32.0968 2016 vmnetbridge - ok
10:20:33.0015 2016 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
10:20:33.0046 2016 vncmirror - ok
10:20:33.0109 2016 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:20:33.0187 2016 VolSnap - ok
10:20:33.0234 2016 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:20:33.0281 2016 VSS - ok
10:20:33.0390 2016 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:20:33.0484 2016 w32time - ok
10:20:33.0578 2016 w810mdfl (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\iPassPeriodicUpdateService.dll
10:20:33.0578 2016 w810mdfl ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:33.0578 2016 w810mdfl - detected Backdoor.Multi.ZAccess.gen (0)
10:20:33.0640 2016 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:20:33.0718 2016 Wanarp - ok
10:20:33.0781 2016 WcesComm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cfsvcs.dll
10:20:33.0781 2016 WcesComm ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:33.0781 2016 WcesComm - detected Backdoor.Multi.ZAccess.gen (0)
10:20:33.0828 2016 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:20:33.0843 2016 Wdf01000 - ok
10:20:33.0875 2016 WDICA - ok
10:20:33.0906 2016 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:20:33.0984 2016 wdmaud - ok
10:20:34.0015 2016 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:20:34.0109 2016 WebClient - ok
10:20:34.0156 2016 winachsf (2760c329ac300ed64c3dba8cda599cda) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:20:34.0218 2016 winachsf - ok
10:20:34.0328 2016 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:20:34.0406 2016 winmgmt - ok
10:20:34.0437 2016 winpowermanager - ok
10:20:34.0593 2016 WinVNC4 (0de4be346217fe574b3ded0650aecff8) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
10:20:34.0703 2016 WinVNC4 - ok
10:20:34.0812 2016 wltrysvc - ok
10:20:34.0859 2016 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:20:34.0906 2016 WmdmPmSN - ok
10:20:34.0937 2016 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:20:35.0046 2016 Wmi - ok
10:20:35.0140 2016 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:20:35.0203 2016 WmiAcpi - ok
10:20:35.0281 2016 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:20:35.0359 2016 WmiApSrv - ok
10:20:35.0468 2016 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:20:35.0593 2016 WMPNetworkSvc - ok
10:20:35.0640 2016 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:20:35.0718 2016 WS2IFSL - ok
10:20:35.0812 2016 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:20:35.0890 2016 wscsvc - ok
10:20:35.0921 2016 WSearch - ok
10:20:35.0968 2016 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:20:36.0046 2016 wuauserv - ok
10:20:36.0093 2016 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:20:36.0109 2016 WudfPf - ok
10:20:36.0140 2016 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:20:36.0156 2016 WudfRd - ok
10:20:36.0281 2016 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:20:36.0281 2016 WudfSvc - ok
10:20:36.0343 2016 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:20:36.0453 2016 WZCSVC - ok
10:20:36.0500 2016 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:20:36.0578 2016 xmlprov - ok
10:20:36.0625 2016 xnacc - ok
10:20:36.0718 2016 zebrbus - ok
10:20:36.0875 2016 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\dlcf_device.dll
10:20:36.0875 2016 {95808DC4-FA4A-4c74-92FE-5B863F82066B} ( Backdoor.Multi.ZAccess.gen ) - infected
10:20:36.0875 2016 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - detected Backdoor.Multi.ZAccess.gen (0)
10:20:36.0906 2016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:20:37.0062 2016 \Device\Harddisk0\DR0 - ok
10:20:37.0078 2016 Boot (0x1200) (778cae6ddefbd520f619315ae44384af) \Device\Harddisk0\DR0\Partition0
10:20:37.0078 2016 \Device\Harddisk0\DR0\Partition0 - ok
10:20:37.0078 2016 ============================================================
10:20:37.0078 2016 Scan finished
10:20:37.0078 2016 ============================================================
10:20:37.0203 0972 Detected object count: 43
10:20:37.0203 0972 Actual detected object count: 43
10:23:20.0359 0972 BMFMySQL ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:20.0359 0972 BMFMySQL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:20.0359 0972 bthmodem ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0359 0972 bthmodem ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0359 0972 cmuda3 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0359 0972 cmuda3 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0375 0972 CnxtHdAudService ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0375 0972 CnxtHdAudService ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0375 0972 datasvr ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0375 0972 datasvr ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0390 0972 DNE ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0390 0972 DNE ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0390 0972 ELkbd ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0390 0972 ELkbd ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0390 0972 ENDFORCE Agent API ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:20.0390 0972 ENDFORCE Agent API ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:20.0390 0972 Fd16_700 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0390 0972 Fd16_700 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0406 0972 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:20.0406 0972 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:20.0406 0972 iaimfp1 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0406 0972 iaimfp1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0406 0972 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:20.0406 0972 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:20.0406 0972 imagedrv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0406 0972 imagedrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0421 0972 incdrec ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0421 0972 incdrec ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0421 0972 kpf4 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0421 0972 kpf4 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0437 0972 ltxred ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0437 0972 ltxred ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0437 0972 mapserver6.3 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0437 0972 mapserver6.3 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0453 0972 mcrdsvc ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0453 0972 mcrdsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0453 0972 mpservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0453 0972 mpservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0468 0972 mrvw245 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0468 0972 mrvw245 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0468 0972 nchssvad ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0468 0972 nchssvad ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0484 0972 NetworkLog ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:20.0484 0972 NetworkLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:20.0484 0972 nmwcd ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0484 0972 nmwcd ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0484 0972 Nsynas32 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0484 0972 Nsynas32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0484 0972 NuidFltr ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0484 0972 NuidFltr ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0500 0972 NVXBAR ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0500 0972 NVXBAR ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0500 0972 odclientservice ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0500 0972 odclientservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0515 0972 OracleClientCache80 ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:20.0515 0972 OracleClientCache80 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:20.0515 0972 pdlndtdl ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0515 0972 pdlndtdl ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0531 0972 pop3d32 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0531 0972 pop3d32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0531 0972 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0531 0972 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0546 0972 se59unic ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0546 0972 se59unic ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0546 0972 Serial ( Virus.Win32.ZAccess.c ) - skipped by user
10:23:20.0546 0972 Serial ( Virus.Win32.ZAccess.c ) - User select action: Skip
10:23:20.0546 0972 Sophos Agent ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:20.0546 0972 Sophos Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:20.0546 0972 Sophos Message Router ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:20.0546 0972 Sophos Message Router ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:20.0562 0972 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:20.0562 0972 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:20.0562 0972 svv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0562 0972 svv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0562 0972 symevent ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0562 0972 symevent ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0578 0972 tvald ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0578 0972 tvald ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0578 0972 viaagp1 ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0578 0972 viaagp1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0593 0972 w810mdfl ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0593 0972 w810mdfl ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0593 0972 WcesComm ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0593 0972 WcesComm ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:23:20.0609 0972 {95808DC4-FA4A-4c74-92FE-5B863F82066B} ( Backdoor.Multi.ZAccess.gen ) - skipped by user
10:23:20.0609 0972 {95808DC4-FA4A-4c74-92FE-5B863F82066B} ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
10:24:17.0343 0360 ============================================================
10:24:17.0343 0360 Scan started
10:24:17.0343 0360 Mode: Manual; SigCheck; TDLFS;
10:24:17.0343 0360 ============================================================
10:24:17.0843 0360 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:24:17.0859 0360 !SASCORE - ok
10:24:17.0953 0360 47593477 - ok
10:24:17.0968 0360 Abiosdsk - ok
10:24:18.0000 0360 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:24:18.0125 0360 abp480n5 - ok
10:24:18.0156 0360 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:24:18.0218 0360 ACPI - ok
10:24:18.0250 0360 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:24:18.0328 0360 ACPIEC - ok
10:24:18.0343 0360 adiloader - ok
10:24:18.0406 0360 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:24:18.0406 0360 AdobeFlashPlayerUpdateSvc - ok
10:24:18.0500 0360 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:24:18.0562 0360 adpu160m - ok
10:24:18.0625 0360 ADVService (7233688fc422ef657e082309e6180142) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
10:24:18.0640 0360 ADVService - ok
10:24:18.0656 0360 aeaudio - ok
10:24:18.0687 0360 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:24:18.0765 0360 aec - ok
10:24:18.0812 0360 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys
10:24:18.0828 0360 AESTAud - ok
10:24:18.0906 0360 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
10:24:18.0921 0360 AFD - ok
10:24:18.0953 0360 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:24:19.0031 0360 agp440 - ok
10:24:19.0046 0360 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:24:19.0125 0360 agpCPQ - ok
10:24:19.0125 0360 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:24:19.0171 0360 Aha154x - ok
10:24:19.0187 0360 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:24:19.0265 0360 aic78u2 - ok
10:24:19.0296 0360 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:24:19.0375 0360 aic78xx - ok
10:24:19.0421 0360 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:24:19.0531 0360 Alerter - ok
10:24:19.0578 0360 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:24:19.0625 0360 ALG - ok
10:24:19.0671 0360 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:24:19.0734 0360 AliIde - ok
10:24:19.0765 0360 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:24:19.0843 0360 alim1541 - ok
10:24:19.0875 0360 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:24:19.0953 0360 amdagp - ok
10:24:19.0953 0360 amdppm - ok
10:24:19.0968 0360 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:24:20.0015 0360 amsint - ok
10:24:20.0062 0360 anydvd (c62f76344cd3a3a6314055b4929e529d) C:\WINDOWS\system32\BrSerIf.dll
10:24:20.0156 0360 anydvd - ok
10:24:20.0218 0360 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
10:24:20.0234 0360 ApfiltrService - ok
10:24:20.0296 0360 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:24:20.0296 0360 Apple Mobile Device - ok
10:24:20.0359 0360 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:24:20.0421 0360 AppMgmt - ok
10:24:20.0500 0360 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:24:20.0578 0360 Arp1394 - ok
10:24:20.0609 0360 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:24:20.0687 0360 asc - ok
10:24:20.0703 0360 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:24:20.0734 0360 asc3350p - ok
10:24:20.0765 0360 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:24:20.0828 0360 asc3550 - ok
10:24:20.0890 0360 ASFAgent (9ad6ef4d591211a93848103368125b41) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
10:24:20.0906 0360 ASFAgent - ok
10:24:20.0953 0360 AsfAlrt (acee9813685f4a03ee5a160057dd61a8) C:\WINDOWS\system32\Drivers\AsfAlrt.sys
10:24:20.0968 0360 AsfAlrt - ok
10:24:21.0000 0360 aspi32 - ok
10:24:21.0062 0360 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:24:21.0062 0360 aspnet_state - ok
10:24:21.0109 0360 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:24:21.0171 0360 AsyncMac - ok
10:24:21.0203 0360 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:24:21.0281 0360 atapi - ok
10:24:21.0281 0360 Atdisk - ok
10:24:21.0296 0360 atkkeyboardservice - ok
10:24:21.0328 0360 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:24:21.0390 0360 Atmarpc - ok
10:24:21.0421 0360 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:24:21.0515 0360 AudioSrv - ok
10:24:21.0562 0360 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:24:21.0640 0360 audstub - ok
10:24:21.0656 0360 AVerTV - ok
10:24:21.0750 0360 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:24:21.0875 0360 BCM43XX - ok
10:24:21.0921 0360 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:24:21.0984 0360 Beep - ok
10:24:22.0031 0360 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:24:22.0109 0360 BITS - ok
10:24:22.0281 0360 BMFMySQL (13ef754225dcf6bf7f1525ca9189b99c) C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
10:24:22.0468 0360 BMFMySQL ( UnsignedFile.Multi.Generic ) - warning
10:24:22.0468 0360 BMFMySQL - detected UnsignedFile.Multi.Generic (1)
10:24:22.0562 0360 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
10:24:22.0578 0360 Bonjour Service - ok
10:24:22.0796 0360 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:24:22.0875 0360 Browser - ok
10:24:22.0921 0360 bthmodem (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cm102u32.dll
10:24:22.0921 0360 bthmodem ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:22.0921 0360 bthmodem - detected Backdoor.Multi.ZAccess.gen (0)
10:24:22.0921 0360 bthport - ok
10:24:23.0000 0360 buttonsvc32 (81a395aab3c606d5f1667cc5fc02b3d2) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
10:24:23.0015 0360 buttonsvc32 - ok
10:24:23.0015 0360 bwcsrv - ok
10:24:23.0031 0360 c-dillasrv - ok
10:24:23.0078 0360 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:24:23.0156 0360 cbidf - ok
10:24:23.0203 0360 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:24:23.0265 0360 cbidf2k - ok
10:24:23.0343 0360 CcmExec (92e1c6aa2baa06e255a52b64dd057b31) C:\WINDOWS\system32\CCM\CcmExec.exe
10:24:23.0375 0360 CcmExec - ok
10:24:23.0453 0360 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:24:23.0484 0360 cd20xrnt - ok
10:24:23.0562 0360 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:24:23.0656 0360 Cdaudio - ok
10:24:23.0703 0360 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:24:23.0765 0360 Cdfs - ok
10:24:23.0781 0360 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:24:23.0859 0360 Cdrom - ok
10:24:23.0906 0360 cercsr6 - ok
10:24:23.0937 0360 Changer - ok
10:24:23.0984 0360 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:24:24.0062 0360 CiSvc - ok
10:24:24.0078 0360 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:24:24.0140 0360 ClipSrv - ok
10:24:24.0187 0360 clr_optimization_v2.0.50215_32 - ok
10:24:24.0250 0360 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:24:24.0250 0360 clr_optimization_v2.0.50727_32 - ok
10:24:24.0296 0360 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:24:24.0375 0360 CmBatt - ok
10:24:24.0421 0360 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:24:24.0500 0360 CmdIde - ok
10:24:24.0531 0360 cmuda3 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\a016mgmt.dll
10:24:24.0531 0360 cmuda3 ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:24.0531 0360 cmuda3 - detected Backdoor.Multi.ZAccess.gen (0)
10:24:24.0609 0360 CnxtHdAudService (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sisagp.dll
10:24:24.0609 0360 CnxtHdAudService ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:24.0609 0360 CnxtHdAudService - detected Backdoor.Multi.ZAccess.gen (0)
10:24:24.0640 0360 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:24:24.0703 0360 Compbatt - ok
10:24:24.0750 0360 COMSysApp - ok
10:24:24.0812 0360 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:24:24.0890 0360 Cpqarray - ok
10:24:24.0937 0360 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:24:25.0015 0360 CryptSvc - ok
10:24:25.0062 0360 CSDriver - ok
10:24:25.0078 0360 ctxusbm - ok
10:24:25.0140 0360 cvusbdrv (6fdbd7618935247d24a84d673d796ad0) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
10:24:25.0156 0360 cvusbdrv - ok
10:24:25.0203 0360 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:24:25.0296 0360 dac2w2k - ok
10:24:25.0328 0360 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:24:25.0390 0360 dac960nt - ok
10:24:25.0484 0360 datasvr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\symredrv.dll
10:24:25.0484 0360 datasvr ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:25.0484 0360 datasvr - detected Backdoor.Multi.ZAccess.gen (0)
10:24:25.0593 0360 DB2MGMTSVC_TACOM25 (2e4f0f57a466ea40530b489d1da6a907) C:\Program Files\Quest Software\Toad for Data Analysts 2.5\SQLLIB\BIN\db2mgmtsvc.exe
10:24:25.0593 0360 DB2MGMTSVC_TACOM25 - ok
10:24:25.0671 0360 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:24:25.0718 0360 DcomLaunch - ok
10:24:25.0796 0360 dcpsysmgrsvc (6125cb19708c94169880346e42b00ab0) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
10:24:25.0812 0360 dcpsysmgrsvc - ok
10:24:25.0875 0360 dcstor32 - ok
10:24:25.0890 0360 Dfs - ok
10:24:25.0937 0360 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:24:26.0015 0360 Dhcp - ok
10:24:26.0093 0360 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:24:26.0171 0360 Disk - ok
10:24:26.0187 0360 DisplayLinkFilter (6ab4b3859d87dc40dc93f1427c366db8) C:\WINDOWS\system32\DRIVERS\DisplayLinkFilter.sys
10:24:26.0203 0360 DisplayLinkFilter - ok
10:24:26.0281 0360 DisplayLinkGA (a29e61ab672e3901b63d1df7592613b5) C:\WINDOWS\system32\DRIVERS\DisplayLinkGAport.sys
10:24:26.0281 0360 DisplayLinkGA - ok
10:24:26.0328 0360 DisplayLinkmirror (f974762414e831e3469fe4d14c378f2c) C:\WINDOWS\system32\DRIVERS\DisplayLinkmirrorport.sys
10:24:26.0343 0360 DisplayLinkmirror - ok
10:24:26.0515 0360 DisplayLinkService (9f07ffacd9bc7620369118410126fcef) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
10:24:26.0718 0360 DisplayLinkService - ok
10:24:26.0796 0360 DisplayLinkUsbPort (a978a92393a57d99817acaf5718fb3e0) C:\WINDOWS\system32\DRIVERS\DisplayLinkUsbPort_5.3.24903.0.sys
10:24:26.0828 0360 DisplayLinkUsbPort - ok
10:24:26.0875 0360 DivisCTS - ok
10:24:26.0890 0360 dmadmin - ok
10:24:26.0953 0360 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:24:27.0062 0360 dmboot - ok
10:24:27.0109 0360 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:24:27.0187 0360 dmio - ok
10:24:27.0234 0360 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:24:27.0312 0360 dmload - ok
10:24:27.0406 0360 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:24:27.0515 0360 dmserver - ok
10:24:27.0562 0360 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:24:27.0640 0360 DMusic - ok
10:24:27.0703 0360 DNE (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bridgemp.dll
10:24:27.0703 0360 DNE ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:27.0703 0360 DNE - detected Backdoor.Multi.ZAccess.gen (0)
10:24:27.0750 0360 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
10:24:27.0828 0360 Dnscache - ok
10:24:27.0890 0360 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:24:27.0968 0360 Dot3svc - ok
10:24:28.0031 0360 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:24:28.0093 0360 dpti2o - ok
10:24:28.0109 0360 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:24:28.0187 0360 drmkaud - ok
10:24:28.0187 0360 ds1 - ok
10:24:28.0203 0360 DS1410D - ok
10:24:28.0218 0360 DSXUSB - ok
10:24:28.0234 0360 dtsrvc - ok
10:24:28.0265 0360 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
10:24:28.0281 0360 e1yexpress - ok
10:24:28.0328 0360 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:24:28.0437 0360 EapHost - ok
10:24:28.0453 0360 elbydelay - ok
10:24:28.0484 0360 ELkbd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SRVLOC.dll
10:24:28.0500 0360 ELkbd ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:28.0500 0360 ELkbd - detected Backdoor.Multi.ZAccess.gen (0)
10:24:28.0609 0360 ENDFORCE Agent API (d877c7db2d82e366ec806affc53fb828) C:\Program Files\ENDFORCE\AgentAPI.exe
10:24:28.0765 0360 ENDFORCE Agent API ( UnsignedFile.Multi.Generic ) - warning
10:24:28.0765 0360 ENDFORCE Agent API - detected UnsignedFile.Multi.Generic (1)
10:24:28.0796 0360 Eplpdx02 - ok
10:24:28.0828 0360 epson_pm_rpcv2_01 - ok
10:24:28.0906 0360 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:24:28.0968 0360 ERSvc - ok
10:24:28.0984 0360 eSettingsService - ok
10:24:29.0046 0360 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:24:29.0062 0360 Eventlog - ok
10:24:29.0109 0360 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:24:29.0125 0360 EventSystem - ok
10:24:29.0234 0360 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:24:29.0296 0360 Fastfat - ok
10:24:29.0343 0360 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:24:29.0406 0360 FastUserSwitchingCompatibility - ok
10:24:29.0453 0360 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
10:24:29.0531 0360 Fax - ok
10:24:29.0562 0360 Fd16_700 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mi-raysat_3dsmax8.dll
10:24:29.0562 0360 Fd16_700 ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:29.0562 0360 Fd16_700 - detected Backdoor.Multi.ZAccess.gen (0)
10:24:29.0609 0360 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:24:29.0687 0360 Fdc - ok
10:24:29.0703 0360 FET5X86V - ok
10:24:29.0750 0360 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:24:29.0828 0360 Fips - ok
10:24:29.0875 0360 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:24:29.0921 0360 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:24:29.0921 0360 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:24:29.0968 0360 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:24:30.0046 0360 Flpydisk - ok
10:24:30.0125 0360 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:24:30.0187 0360 FltMgr - ok
10:24:30.0281 0360 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:24:30.0281 0360 FontCache3.0.0.0 - ok
10:24:30.0328 0360 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:24:30.0406 0360 Fs_Rec - ok
10:24:30.0484 0360 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:24:30.0562 0360 Ftdisk - ok
10:24:30.0593 0360 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:24:30.0593 0360 GEARAspiWDM - ok
10:24:30.0625 0360 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:24:30.0687 0360 Gpc - ok
10:24:30.0765 0360 HCLInetd (4ea3eaf80e8ee19ff005003fec4f51de) C:\Program Files\Hummingbird\Connectivity\13.00\InetD\inetd32.exe
10:24:30.0781 0360 HCLInetd - ok
10:24:30.0812 0360 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:24:30.0890 0360 HDAudBus - ok
10:24:30.0953 0360 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:24:31.0031 0360 helpsvc - ok
10:24:31.0062 0360 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:24:31.0125 0360 HidServ - ok
10:24:31.0187 0360 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:24:31.0250 0360 hidusb - ok
10:24:31.0328 0360 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:24:31.0406 0360 hkmsvc - ok
10:24:31.0437 0360 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:24:31.0500 0360 hpn - ok
10:24:31.0546 0360 HSFHWAZL (f25bb78b0063a8e8fceff33493c305e0) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:24:31.0562 0360 HSFHWAZL - ok
10:24:31.0578 0360 hsfhwbs2 - ok
10:24:31.0625 0360 HSF_DPV (04d872629e0afcb07ba9088eaa308c11) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:24:31.0640 0360 HSF_DPV - ok
10:24:31.0703 0360 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:24:31.0781 0360 HTTP - ok
10:24:31.0875 0360 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:24:31.0968 0360 HTTPFilter - ok
10:24:32.0015 0360 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:24:32.0078 0360 i2omgmt - ok
10:24:32.0109 0360 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:24:32.0187 0360 i2omp - ok
10:24:32.0234 0360 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:24:32.0312 0360 i8042prt - ok
10:24:32.0406 0360 IAANTMON (f79525634b192f5a18de503568f94ef3) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:24:32.0421 0360 IAANTMON - ok
10:24:32.0515 0360 iaimfp1 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cpqalert.dll
10:24:32.0515 0360 iaimfp1 ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:32.0515 0360 iaimfp1 - detected Backdoor.Multi.ZAccess.gen (0)
10:24:32.0531 0360 iAimTV6 - ok
10:24:32.0734 0360 ialm (4f3139829f1ac202ff0d29c2fd6c15b6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:24:33.0015 0360 ialm - ok
10:24:33.0062 0360 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
10:24:33.0078 0360 iaStor - ok
10:24:33.0156 0360 icollectservice - ok
10:24:33.0265 0360 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:24:33.0281 0360 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:24:33.0281 0360 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:24:33.0375 0360 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:24:33.0390 0360 idsvc - ok
10:24:33.0546 0360 imagedrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\lhidusb.dll
10:24:33.0546 0360 imagedrv ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:33.0546 0360 imagedrv - detected Backdoor.Multi.ZAccess.gen (0)
10:24:33.0609 0360 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:24:33.0687 0360 Imapi - ok
10:24:33.0718 0360 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:24:33.0796 0360 ImapiService - ok
10:24:33.0812 0360 incdfs - ok
10:24:33.0843 0360 incdrec (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\blueletaudio.dll
10:24:33.0843 0360 incdrec ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:33.0843 0360 incdrec - detected Backdoor.Multi.ZAccess.gen (0)
10:24:33.0921 0360 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:24:34.0000 0360 ini910u - ok
10:24:34.0062 0360 IntcHdmiAddService (64c301d73db18ebdc8680ca82d82af2d) C:\WINDOWS\system32\drivers\IntcHdmi.sys
10:24:34.0078 0360 IntcHdmiAddService - ok
10:24:34.0093 0360 IntelC51 - ok
10:24:34.0109 0360 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:24:34.0187 0360 IntelIde - ok
10:24:34.0234 0360 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:24:34.0296 0360 intelppm - ok
10:24:34.0359 0360 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
10:24:34.0359 0360 IntuitUpdateService - ok
10:24:34.0421 0360 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:24:34.0500 0360 Ip6Fw - ok
10:24:34.0531 0360 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:24:34.0609 0360 IpFilterDriver - ok
10:24:34.0640 0360 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:24:34.0703 0360 IpInIp - ok
10:24:34.0750 0360 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:24:34.0812 0360 IpNat - ok
10:24:34.0875 0360 iPod Service (630d74599070824af3dc63a894adcdfc) C:\Program Files\iPod\bin\iPodService.exe
10:24:34.0890 0360 iPod Service - ok
10:24:34.0937 0360 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:24:35.0015 0360 IPSec - ok
10:24:35.0062 0360 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:24:35.0093 0360 IRENUM - ok
10:24:35.0156 0360 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:24:35.0218 0360 isapnp - ok
10:24:35.0234 0360 ispwdsvc - ok
10:24:35.0343 0360 JavaQuickStarterService (09417134f248dfceea15c72bcc87f592) C:\Program Files\Java\jre1.6.0_16\bin\jqs.exe
10:24:35.0359 0360 JavaQuickStarterService - ok
10:24:35.0421 0360 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:24:35.0500 0360 Kbdclass - ok
10:24:35.0546 0360 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:24:35.0609 0360 kbdhid - ok
10:24:35.0656 0360 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:24:35.0718 0360 kmixer - ok
10:24:35.0750 0360 kpf4 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\LPCFilter.dll
10:24:35.0765 0360 kpf4 ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:35.0765 0360 kpf4 - detected Backdoor.Multi.ZAccess.gen (0)
10:24:35.0796 0360 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
10:24:35.0875 0360 KSecDD - ok
10:24:35.0937 0360 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
10:24:36.0015 0360 LanmanServer - ok
10:24:36.0046 0360 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:24:36.0062 0360 lanmanworkstation - ok
10:24:36.0078 0360 lbrtfdc - ok
10:24:36.0140 0360 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:24:36.0218 0360 LmHosts - ok
10:24:36.0250 0360 ltxred (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ibmpmdrv.dll
10:24:36.0250 0360 ltxred ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:36.0250 0360 ltxred - detected Backdoor.Multi.ZAccess.gen (0)
10:24:36.0265 0360 lvpopflt - ok
10:24:36.0281 0360 lxdm_device - ok
10:24:36.0312 0360 mapserver6.3 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\UDFReadr.dll
10:24:36.0312 0360 mapserver6.3 ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:36.0312 0360 mapserver6.3 - detected Backdoor.Multi.ZAccess.gen (0)
10:24:36.0359 0360 mcrdsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\{a7447300-8075-4b0d-83f1-3d75c8ebc623}.dll
10:24:36.0359 0360 mcrdsvc ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:36.0359 0360 mcrdsvc - detected Backdoor.Multi.ZAccess.gen (0)
10:24:36.0421 0360 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:24:36.0437 0360 MDM - ok
10:24:36.0484 0360 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:24:36.0500 0360 mdmxsdk - ok
10:24:36.0531 0360 MEMSWEEP2 - ok
10:24:36.0593 0360 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:24:36.0671 0360 Messenger - ok
10:24:36.0718 0360 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:24:36.0781 0360 mnmdd - ok
10:24:36.0796 0360 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:24:36.0875 0360 mnmsrvc - ok
10:24:36.0890 0360 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:24:36.0968 0360 Modem - ok
10:24:37.0000 0360 MOSUMAC (5dc5fd9916bd233843e53d35bd6e0699) C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS
10:24:37.0015 0360 MOSUMAC - ok
10:24:37.0078 0360 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:24:37.0156 0360 Mouclass - ok
10:24:37.0203 0360 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:24:37.0281 0360 mouhid - ok
10:24:37.0343 0360 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:24:37.0421 0360 MountMgr - ok
10:24:37.0437 0360 mpservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\se45unic.dll
10:24:37.0437 0360 mpservice ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:37.0437 0360 mpservice - detected Backdoor.Multi.ZAccess.gen (0)
10:24:37.0468 0360 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:24:37.0546 0360 mraid35x - ok
10:24:37.0578 0360 mrvw245 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sgectl.dll
10:24:37.0593 0360 mrvw245 ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:37.0593 0360 mrvw245 - detected Backdoor.Multi.ZAccess.gen (0)
10:24:37.0609 0360 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:24:37.0687 0360 MRxDAV - ok
10:24:37.0734 0360 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:24:37.0750 0360 MRxSmb - ok
10:24:37.0828 0360 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:24:37.0890 0360 MSDTC - ok
10:24:37.0937 0360 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:24:38.0000 0360 Msfs - ok
10:24:38.0015 0360 MSFWHLPR - ok
10:24:38.0031 0360 MSIServer - ok
10:24:38.0046 0360 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:24:38.0140 0360 MSKSSRV - ok
10:24:38.0171 0360 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:24:38.0250 0360 MSPCLOCK - ok
10:24:38.0281 0360 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:24:38.0359 0360 MSPQM - ok
10:24:38.0421 0360 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:24:38.0484 0360 mssmbios - ok
10:24:38.0531 0360 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:24:38.0609 0360 Mup - ok
10:24:38.0609 0360 naimagent32 - ok
10:24:38.0640 0360 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\WINDOWS\system32\Drivers\iqvw32.sys
10:24:38.0656 0360 NAL - ok
10:24:38.0687 0360 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:24:38.0781 0360 napagent - ok
10:24:38.0828 0360 nchssvad (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\isapnp.dll
10:24:38.0828 0360 nchssvad ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:38.0828 0360 nchssvad - detected Backdoor.Multi.ZAccess.gen (0)
10:24:38.0906 0360 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:24:38.0984 0360 NDIS - ok
10:24:39.0000 0360 NdisFilt - ok
10:24:39.0031 0360 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:24:39.0109 0360 NdisTapi - ok
10:24:39.0140 0360 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:24:39.0203 0360 Ndisuio - ok
10:24:39.0250 0360 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:24:39.0328 0360 NdisWan - ok
10:24:39.0406 0360 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:24:39.0468 0360 NDProxy - ok
10:24:39.0500 0360 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:24:39.0578 0360 NetBIOS - ok
10:24:39.0609 0360 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:24:39.0687 0360 NetBT - ok
10:24:39.0750 0360 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:24:39.0828 0360 NetDDE - ok
10:24:39.0843 0360 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:24:39.0906 0360 NetDDEdsdm - ok
10:24:39.0968 0360 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:24:40.0046 0360 Netlogon - ok
10:24:40.0093 0360 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:24:40.0171 0360 Netman - ok
10:24:40.0250 0360 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:24:40.0265 0360 NetTcpPortSharing - ok
10:24:40.0296 0360 NETw4v32 - ok
10:24:40.0328 0360 NetworkLog (65f5103187c53999c8fc9872f7496dcf) C:\WINDOWS\svcs.exe
10:24:40.0359 0360 NetworkLog ( UnsignedFile.Multi.Generic ) - warning
10:24:40.0359 0360 NetworkLog - detected UnsignedFile.Multi.Generic (1)
10:24:40.0453 0360 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:24:40.0531 0360 NIC1394 - ok
10:24:40.0578 0360 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
10:24:40.0578 0360 Nla - ok
10:24:40.0625 0360 nmwcd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\trufos.dll
10:24:40.0625 0360 nmwcd ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:40.0625 0360 nmwcd - detected Backdoor.Multi.ZAccess.gen (0)
10:24:40.0656 0360 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:24:40.0718 0360 Npfs - ok
10:24:40.0812 0360 Nsynas32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\e1express.dll
10:24:40.0812 0360 Nsynas32 ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:40.0812 0360 Nsynas32 - detected Backdoor.Multi.ZAccess.gen (0)
10:24:40.0875 0360 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:24:41.0000 0360 Ntfs - ok
10:24:41.0046 0360 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:24:41.0109 0360 NtLmSsp - ok
10:24:41.0156 0360 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:24:41.0234 0360 NtmsSvc - ok
10:24:41.0312 0360 NuidFltr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Alpham1.dll
10:24:41.0312 0360 NuidFltr ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:41.0312 0360 NuidFltr - detected Backdoor.Multi.ZAccess.gen (0)
10:24:41.0328 0360 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:24:41.0390 0360 Null - ok
10:24:41.0421 0360 NvtSp50 - ok
10:24:41.0453 0360 NVXBAR (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ndproxy.dll
10:24:41.0453 0360 NVXBAR ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:41.0453 0360 NVXBAR - detected Backdoor.Multi.ZAccess.gen (0)
10:24:41.0468 0360 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:24:41.0546 0360 NwlnkFlt - ok
10:24:41.0593 0360 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:24:41.0656 0360 NwlnkFwd - ok
10:24:41.0687 0360 NWUSBModem - ok
10:24:41.0750 0360 odclientservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ccevtmgr.dll
10:24:41.0750 0360 odclientservice ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:41.0750 0360 odclientservice - detected Backdoor.Multi.ZAccess.gen (0)
10:24:41.0781 0360 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:24:41.0843 0360 ohci1394 - ok
10:24:41.0875 0360 omnidrv - ok
10:24:41.0937 0360 OracleClientCache80 (ecb4976c878946290679f8e1724dc130) C:\Oracle_Dev6i\BIN\ONRSD80.EXE
10:24:41.0953 0360 OracleClientCache80 ( UnsignedFile.Multi.Generic ) - warning
10:24:41.0953 0360 OracleClientCache80 - detected UnsignedFile.Multi.Generic (1)
10:24:41.0968 0360 oracleorahomedatagatherer - ok
10:24:42.0000 0360 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:24:42.0015 0360 ose - ok
10:24:42.0078 0360 OVT511Plus - ok
10:24:42.0109 0360 p2k - ok
10:24:42.0156 0360 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:24:42.0234 0360 Parport - ok
10:24:42.0250 0360 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:24:42.0328 0360 PartMgr - ok
10:24:42.0343 0360 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:24:42.0406 0360 ParVdm - ok
10:24:42.0421 0360 PBADRV - ok
10:24:42.0437 0360 PCASp50 - ok
10:24:42.0453 0360 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:24:42.0531 0360 PCI - ok
10:24:42.0562 0360 PCIDump - ok
10:24:42.0578 0360 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:24:42.0656 0360 PCIIde - ok
10:24:42.0718 0360 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:24:42.0781 0360 Pcmcia - ok
10:24:42.0796 0360 PDCOMP - ok
10:24:42.0890 0360 PDFProFiltSrv (34e3696102334ce84367336e309f1a0d) C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
10:24:42.0890 0360 PDFProFiltSrv - ok
10:24:42.0921 0360 PDFRAME - ok
10:24:42.0937 0360 pdlnafac - ok
10:24:42.0968 0360 pdlndtdl (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MA_CMIDI.dll
10:24:42.0984 0360 pdlndtdl ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:42.0984 0360 pdlndtdl - detected Backdoor.Multi.ZAccess.gen (0)
10:24:42.0984 0360 PDRELI - ok
10:24:43.0000 0360 PDRFRAME - ok
10:24:43.0046 0360 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:24:43.0109 0360 perc2 - ok
10:24:43.0156 0360 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:24:43.0218 0360 perc2hib - ok
10:24:43.0312 0360 PESRV (b59eeddc09e923a8f2819f4b362eb980) C:\Program Files\Hummingbird\Connectivity\13.00\HostExplorer\PrintServices\PESRV.exe
10:24:43.0312 0360 PESRV - ok
10:24:43.0328 0360 PGPsdkDriver - ok
10:24:43.0343 0360 PhilCam8116 - ok
10:24:43.0359 0360 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:24:43.0375 0360 PlugPlay - ok
10:24:43.0406 0360 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:24:43.0468 0360 PolicyAgent - ok
10:24:43.0515 0360 pop3d32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\PD0620VID.dll
10:24:43.0515 0360 pop3d32 ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:43.0515 0360 pop3d32 - detected Backdoor.Multi.ZAccess.gen (0)
10:24:43.0562 0360 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:24:43.0640 0360 PptpMiniport - ok
10:24:43.0750 0360 prepdrvr (3909be53ad8e2bfcac9d9148e4b2b270) C:\WINDOWS\system32\CCM\prepdrv.sys
10:24:43.0750 0360 prepdrvr - ok
10:24:43.0796 0360 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:24:43.0859 0360 ProtectedStorage - ok
10:24:43.0921 0360 ProxyEngine (b41f14d489f47154b871825f3839e390) C:\Program Files\Hummingbird\Connectivity\13.00\Accessories\ProxyEngine.exe
10:24:43.0921 0360 ProxyEngine - ok
10:24:43.0953 0360 proxyhostservice - ok
10:24:44.0046 0360 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:24:44.0125 0360 PSched - ok
10:24:44.0140 0360 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:24:44.0218 0360 Ptilink - ok
10:24:44.0234 0360 puscsrvc - ok
10:24:44.0265 0360 pxfhserd - ok
10:24:44.0312 0360 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:24:44.0328 0360 PxHelp20 - ok
10:24:44.0375 0360 qbreminderflash (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\splitter.dll
10:24:44.0375 0360 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:44.0375 0360 qbreminderflash - detected Backdoor.Multi.ZAccess.gen (0)
10:24:44.0468 0360 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:24:44.0546 0360 ql1080 - ok
10:24:44.0562 0360 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:24:44.0625 0360 Ql10wnt - ok
10:24:44.0656 0360 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:24:44.0734 0360 ql12160 - ok
10:24:44.0734 0360 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:24:44.0812 0360 ql1240 - ok
10:24:44.0828 0360 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:24:44.0890 0360 ql1280 - ok
10:24:44.0921 0360 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:24:44.0984 0360 RasAcd - ok
10:24:45.0015 0360 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:24:45.0109 0360 RasAuto - ok
10:24:45.0187 0360 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:24:45.0265 0360 Rasl2tp - ok
10:24:45.0281 0360 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:24:45.0359 0360 RasMan - ok
10:24:45.0375 0360 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:24:45.0453 0360 RasPppoe - ok
10:24:45.0484 0360 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:24:45.0546 0360 Raspti - ok
10:24:45.0562 0360 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:24:45.0656 0360 Rdbss - ok
10:24:45.0656 0360 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:24:45.0718 0360 RDPCDD - ok
10:24:45.0796 0360 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:24:45.0859 0360 rdpdr - ok
10:24:45.0953 0360 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:24:46.0031 0360 RDPWD - ok
10:24:46.0062 0360 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:24:46.0140 0360 RDSessMgr - ok
10:24:46.0171 0360 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:24:46.0265 0360 redbook - ok
10:24:46.0312 0360 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:24:46.0375 0360 RemoteAccess - ok
10:24:46.0390 0360 remoterecord - ok
10:24:46.0437 0360 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:24:46.0515 0360 RemoteRegistry - ok
10:24:46.0593 0360 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:24:46.0609 0360 rimmptsk - ok
10:24:46.0640 0360 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
10:24:46.0640 0360 RimUsb - ok
10:24:46.0671 0360 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
10:24:46.0687 0360 RimVSerPort - ok
10:24:46.0687 0360 RivaTuner32 - ok
10:24:46.0734 0360 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
10:24:46.0812 0360 ROOTMODEM - ok
10:24:46.0875 0360 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
10:24:46.0875 0360 Roxio UPnP Renderer 9 - ok
10:24:46.0921 0360 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
10:24:46.0937 0360 Roxio Upnp Server 9 - ok
10:24:47.0000 0360 RoxLiveShare9 (31ea73c68bdd11137a97abc5dd17e628) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
10:24:47.0015 0360 RoxLiveShare9 - ok
10:24:47.0093 0360 RoxMediaDB9 (406142c640624256cf7014e84bf69876) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
10:24:47.0125 0360 RoxMediaDB9 - ok
10:24:47.0187 0360 RoxWatch9 (38a219e2ee43a3604da53e344b9f875f) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
10:24:47.0187 0360 RoxWatch9 - ok
10:24:47.0265 0360 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:24:47.0328 0360 RpcLocator - ok
10:24:47.0390 0360 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:24:47.0406 0360 RpcSs - ok
10:24:47.0468 0360 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:24:47.0531 0360 RSVP - ok
10:24:47.0546 0360 s217obex - ok
10:24:47.0609 0360 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:24:47.0671 0360 SamSs - ok
10:24:47.0718 0360 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:24:47.0718 0360 SASDIFSV - ok
10:24:47.0750 0360 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:24:47.0750 0360 SASKUTIL - ok
10:24:47.0812 0360 SAVAdminService (bd57b12fa4c21b1ce7da3570410bf12d) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
10:24:47.0828 0360 SAVAdminService - ok
10:24:47.0890 0360 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
10:24:47.0906 0360 SAVOnAccessControl - ok
10:24:47.0937 0360 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
10:24:47.0953 0360 SAVOnAccessFilter - ok
10:24:48.0046 0360 SAVService (836aec603665f6db83965ee57b3dcf57) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
10:24:48.0046 0360 SAVService - ok
10:24:48.0125 0360 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:24:48.0218 0360 SCardSvr - ok
10:24:48.0234 0360 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:24:48.0296 0360 Schedule - ok
10:24:48.0359 0360 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:24:48.0421 0360 sdbus - ok
10:24:48.0453 0360 se59unic (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\client32.dll
10:24:48.0453 0360 se59unic ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:48.0453 0360 se59unic - detected Backdoor.Multi.ZAccess.gen (0)
10:24:48.0500 0360 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:24:48.0515 0360 SeaPort - ok
10:24:48.0625 0360 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:24:48.0687 0360 Secdrv - ok
10:24:48.0734 0360 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:24:48.0796 0360 seclogon - ok
10:24:48.0828 0360 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:24:48.0921 0360 SENS - ok
10:24:48.0968 0360 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:24:49.0046 0360 Serenum - ok
10:24:49.0109 0360 Serial (2e2fc3a9d9f5f9a938cf3e1af52ce8f2) C:\WINDOWS\system32\DRIVERS\serial.sys
10:24:49.0109 0360 Serial ( Virus.Win32.ZAccess.c ) - infected
10:24:49.0109 0360 Serial - detected Virus.Win32.ZAccess.c (0)
10:24:49.0156 0360 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:24:49.0234 0360 Sfloppy - ok
10:24:49.0281 0360 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:24:49.0375 0360 SharedAccess - ok
10:24:49.0421 0360 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:24:49.0484 0360 ShellHWDetection - ok
10:24:49.0515 0360 Simbad - ok
10:24:49.0578 0360 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:24:49.0640 0360 sisagp - ok
10:24:49.0734 0360 Sk9920nt - ok
10:24:49.0750 0360 smcservice - ok
10:24:49.0781 0360 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
10:24:49.0796 0360 smsmdd - ok
10:24:49.0843 0360 smstsmgr - ok
10:24:49.0906 0360 Sophos Agent (f33b53cfc7f1e366ec00cad02d7d64bb) C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
10:24:49.0921 0360 Sophos Agent ( UnsignedFile.Multi.Generic ) - warning
10:24:49.0921 0360 Sophos Agent - detected UnsignedFile.Multi.Generic (1)
10:24:49.0984 0360 Sophos AutoUpdate Service (e4a3cffd81b4169128f187729e137417) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
10:24:49.0984 0360 Sophos AutoUpdate Service - ok
10:24:50.0031 0360 Sophos Message Router (8941dd79f5700fb6a05cdbab15481962) C:\Program Files\Sophos\Remote Management System\RouterNT.exe
10:24:50.0046 0360 Sophos Message Router ( UnsignedFile.Multi.Generic ) - warning
10:24:50.0046 0360 Sophos Message Router - detected UnsignedFile.Multi.Generic (1)
10:24:50.0125 0360 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
10:24:50.0140 0360 SophosBootDriver - ok
10:24:50.0187 0360 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:24:50.0250 0360 Sparrow - ok
10:24:50.0265 0360 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:24:50.0343 0360 splitter - ok
10:24:50.0390 0360 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
10:24:50.0468 0360 Spooler - ok
10:24:50.0468 0360 SQLBrowser - ok
10:24:50.0515 0360 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:24:50.0578 0360 sr - ok
10:24:50.0640 0360 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:24:50.0671 0360 srservice - ok
10:24:50.0734 0360 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
10:24:50.0812 0360 Srv - ok
10:24:50.0828 0360 sscdserd - ok
10:24:50.0859 0360 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:24:50.0906 0360 SSDPSRV - ok
10:24:50.0921 0360 STacSV (cb2449150a5ea17caa0b94363d9440cc) c:\drivers\audio\r205445\stacsv.exe
10:24:50.0937 0360 STacSV - ok
10:24:51.0031 0360 STHDA (886c708c91db573656d64c626468d707) C:\WINDOWS\system32\drivers\sthda.sys
10:24:51.0156 0360 STHDA - ok
10:24:51.0203 0360 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:24:51.0281 0360 stisvc - ok
10:24:51.0375 0360 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
10:24:51.0421 0360 stllssvr ( UnsignedFile.Multi.Generic ) - warning
10:24:51.0421 0360 stllssvr - detected UnsignedFile.Multi.Generic (1)
10:24:51.0468 0360 Sunkfiltp - ok
10:24:51.0515 0360 svv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\navapel.dll
10:24:51.0515 0360 svv ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:51.0515 0360 svv - detected Backdoor.Multi.ZAccess.gen (0)
10:24:51.0546 0360 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:24:51.0625 0360 swenum - ok
10:24:51.0781 0360 swi_service (ab22d10457bb1b8bb587c61af03f909f) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
10:24:51.0828 0360 swi_service - ok
10:24:51.0906 0360 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:24:51.0984 0360 swmidi - ok
10:24:52.0000 0360 SwPrv - ok
10:24:52.0062 0360 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:24:52.0125 0360 symc810 - ok
10:24:52.0203 0360 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:24:52.0265 0360 symc8xx - ok
10:24:52.0296 0360 symevent (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ni_nic.dll
10:24:52.0312 0360 symevent ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:52.0312 0360 symevent - detected Backdoor.Multi.ZAccess.gen (0)
10:24:52.0359 0360 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:24:52.0453 0360 sym_hi - ok
10:24:52.0484 0360 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:24:52.0562 0360 sym_u3 - ok
10:24:52.0593 0360 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:24:52.0656 0360 sysaudio - ok
10:24:52.0687 0360 sysmgmthp - ok
10:24:52.0734 0360 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:24:52.0796 0360 SysmonLog - ok
10:24:52.0843 0360 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:24:52.0921 0360 TapiSrv - ok
10:24:52.0921 0360 Tb2RCAssist - ok
10:24:52.0968 0360 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:24:52.0984 0360 Tcpip - ok
10:24:53.0031 0360 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:24:53.0109 0360 TDPIPE - ok
10:24:53.0125 0360 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:24:53.0187 0360 TDTCP - ok
10:24:53.0234 0360 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:24:53.0312 0360 TermDD - ok
10:24:53.0359 0360 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:24:53.0437 0360 TermService - ok
10:24:53.0484 0360 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
10:24:53.0562 0360 Themes - ok
10:24:53.0593 0360 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:24:53.0625 0360 TlntSvr - ok
10:24:53.0640 0360 tmtdi - ok
10:24:53.0718 0360 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:24:53.0781 0360 TosIde - ok
10:24:53.0828 0360 tosporte - ok
10:24:53.0859 0360 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:24:53.0953 0360 TrkWks - ok
10:24:53.0984 0360 tvald (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ROB_V.dll
10:24:53.0984 0360 tvald ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:53.0984 0360 tvald - detected Backdoor.Multi.ZAccess.gen (0)
10:24:54.0000 0360 twotrack - ok
10:24:54.0015 0360 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:24:54.0093 0360 Udfs - ok
10:24:54.0140 0360 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:24:54.0171 0360 ultra - ok
10:24:54.0203 0360 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:24:54.0265 0360 Update - ok
10:24:54.0328 0360 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:24:54.0375 0360 upnphost - ok
10:24:54.0406 0360 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:24:54.0484 0360 UPS - ok
10:24:54.0531 0360 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:24:54.0625 0360 usbaudio - ok
10:24:54.0671 0360 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:24:54.0671 0360 usbccgp - ok
10:24:54.0734 0360 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
10:24:54.0734 0360 USBCCID - ok
10:24:54.0765 0360 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:24:54.0843 0360 usbehci - ok
10:24:54.0875 0360 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:24:54.0953 0360 usbhub - ok
10:24:55.0000 0360 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:24:55.0078 0360 usbscan - ok
10:24:55.0125 0360 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:24:55.0203 0360 USBSTOR - ok
10:24:55.0234 0360 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:24:55.0296 0360 usbuhci - ok
10:24:55.0312 0360 USR1806V - ok
10:24:55.0328 0360 vaiomediaplatform-mobile-gateway - ok
10:24:55.0343 0360 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:24:55.0421 0360 VgaSave - ok
10:24:55.0484 0360 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:24:55.0546 0360 viaagp - ok
10:24:55.0609 0360 viaagp1 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\apache.dll
10:24:55.0609 0360 viaagp1 ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:55.0609 0360 viaagp1 - detected Backdoor.Multi.ZAccess.gen (0)
10:24:55.0625 0360 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:24:55.0703 0360 ViaIde - ok
10:24:55.0718 0360 vmnetbridge - ok
10:24:55.0734 0360 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
10:24:55.0750 0360 vncmirror - ok
10:24:55.0765 0360 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:24:55.0843 0360 VolSnap - ok
10:24:55.0906 0360 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:24:55.0937 0360 VSS - ok
10:24:55.0984 0360 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:24:56.0062 0360 w32time - ok
10:24:56.0125 0360 w810mdfl (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\iPassPeriodicUpdateService.dll
10:24:56.0125 0360 w810mdfl ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:56.0125 0360 w810mdfl - detected Backdoor.Multi.ZAccess.gen (0)
10:24:56.0203 0360 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:24:56.0281 0360 Wanarp - ok
10:24:56.0343 0360 WcesComm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cfsvcs.dll
10:24:56.0343 0360 WcesComm ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:56.0343 0360 WcesComm - detected Backdoor.Multi.ZAccess.gen (0)
10:24:56.0406 0360 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:24:56.0421 0360 Wdf01000 - ok
10:24:56.0468 0360 WDICA - ok
10:24:56.0515 0360 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:24:56.0609 0360 wdmaud - ok
10:24:56.0640 0360 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:24:56.0734 0360 WebClient - ok
10:24:56.0781 0360 winachsf (2760c329ac300ed64c3dba8cda599cda) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:24:56.0843 0360 winachsf - ok
10:24:56.0921 0360 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:24:57.0015 0360 winmgmt - ok
10:24:57.0031 0360 winpowermanager - ok
10:24:57.0156 0360 WinVNC4 (0de4be346217fe574b3ded0650aecff8) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
10:24:57.0203 0360 WinVNC4 - ok
10:24:57.0281 0360 wltrysvc - ok
10:24:57.0359 0360 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:24:57.0359 0360 WmdmPmSN - ok
10:24:57.0437 0360 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:24:57.0468 0360 Wmi - ok
10:24:57.0515 0360 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:24:57.0593 0360 WmiAcpi - ok
10:24:57.0687 0360 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:24:57.0765 0360 WmiApSrv - ok
10:24:57.0875 0360 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:24:57.0953 0360 WMPNetworkSvc - ok
10:24:58.0015 0360 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:24:58.0093 0360 WS2IFSL - ok
10:24:58.0156 0360 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:24:58.0234 0360 wscsvc - ok
10:24:58.0250 0360 WSearch - ok
10:24:58.0296 0360 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:24:58.0375 0360 wuauserv - ok
10:24:58.0421 0360 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:24:58.0437 0360 WudfPf - ok
10:24:58.0484 0360 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:24:58.0500 0360 WudfRd - ok
10:24:58.0546 0360 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:24:58.0562 0360 WudfSvc - ok
10:24:58.0609 0360 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:24:58.0718 0360 WZCSVC - ok
10:24:58.0765 0360 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:24:58.0828 0360 xmlprov - ok
10:24:58.0843 0360 xnacc - ok
10:24:58.0859 0360 zebrbus - ok
10:24:58.0953 0360 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\dlcf_device.dll
10:24:58.0953 0360 {95808DC4-FA4A-4c74-92FE-5B863F82066B} ( Backdoor.Multi.ZAccess.gen ) - infected
10:24:58.0953 0360 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - detected Backdoor.Multi.ZAccess.gen (0)
10:24:58.0984 0360 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:24:59.0140 0360 \Device\Harddisk0\DR0 - ok
10:24:59.0156 0360 Boot (0x1200) (778cae6ddefbd520f619315ae44384af) \Device\Harddisk0\DR0\Partition0
10:24:59.0156 0360 \Device\Harddisk0\DR0\Partition0 - ok
10:24:59.0156 0360 ============================================================
10:24:59.0156 0360 Scan finished
10:24:59.0156 0360 ============================================================
10:24:59.0187 0536 Detected object count: 43
10:24:59.0187 0536 Actual detected object count: 43
10:25:04.0890 0536 BMFMySQL ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:04.0890 0536 BMFMySQL ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:05.0046 0536 C:\WINDOWS\system32\cm102u32.dll - copied to quarantine
10:25:05.0046 0536 HKLM\SYSTEM\ControlSet001\services\bthmodem - will be deleted on reboot
10:25:05.0062 0536 C:\WINDOWS\system32\cm102u32.dll - will be deleted on reboot
10:25:05.0062 0536 bthmodem ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0125 0536 C:\WINDOWS\system32\a016mgmt.dll - copied to quarantine
10:25:05.0125 0536 HKLM\SYSTEM\ControlSet001\services\cmuda3 - will be deleted on reboot
10:25:05.0125 0536 C:\WINDOWS\system32\a016mgmt.dll - will be deleted on reboot
10:25:05.0125 0536 cmuda3 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0171 0536 C:\WINDOWS\system32\sisagp.dll - copied to quarantine
10:25:05.0171 0536 HKLM\SYSTEM\ControlSet001\services\CnxtHdAudService - will be deleted on reboot
10:25:05.0171 0536 C:\WINDOWS\system32\sisagp.dll - will be deleted on reboot
10:25:05.0171 0536 CnxtHdAudService ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0250 0536 C:\WINDOWS\system32\symredrv.dll - copied to quarantine
10:25:05.0250 0536 HKLM\SYSTEM\ControlSet001\services\datasvr - will be deleted on reboot
10:25:05.0250 0536 C:\WINDOWS\system32\symredrv.dll - will be deleted on reboot
10:25:05.0250 0536 datasvr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0281 0536 C:\WINDOWS\system32\bridgemp.dll - copied to quarantine
10:25:05.0281 0536 HKLM\SYSTEM\ControlSet001\services\DNE - will be deleted on reboot
10:25:05.0281 0536 C:\WINDOWS\system32\bridgemp.dll - will be deleted on reboot
10:25:05.0281 0536 DNE ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0343 0536 C:\WINDOWS\system32\SRVLOC.dll - copied to quarantine
10:25:05.0343 0536 HKLM\SYSTEM\ControlSet001\services\ELkbd - will be deleted on reboot
10:25:05.0343 0536 C:\WINDOWS\system32\SRVLOC.dll - will be deleted on reboot
10:25:05.0343 0536 ELkbd ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0343 0536 ENDFORCE Agent API ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:05.0343 0536 ENDFORCE Agent API ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:05.0390 0536 C:\WINDOWS\system32\mi-raysat_3dsmax8.dll - copied to quarantine
10:25:05.0390 0536 HKLM\SYSTEM\ControlSet001\services\Fd16_700 - will be deleted on reboot
10:25:05.0390 0536 C:\WINDOWS\system32\mi-raysat_3dsmax8.dll - will be deleted on reboot
10:25:05.0390 0536 Fd16_700 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0390 0536 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:05.0390 0536 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:05.0484 0536 C:\WINDOWS\system32\cpqalert.dll - copied to quarantine
10:25:05.0484 0536 HKLM\SYSTEM\ControlSet001\services\iaimfp1 - will be deleted on reboot
10:25:05.0484 0536 C:\WINDOWS\system32\cpqalert.dll - will be deleted on reboot
10:25:05.0484 0536 iaimfp1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0500 0536 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:05.0500 0536 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:05.0578 0536 C:\WINDOWS\system32\lhidusb.dll - copied to quarantine
10:25:05.0578 0536 HKLM\SYSTEM\ControlSet001\services\imagedrv - will be deleted on reboot
10:25:05.0578 0536 C:\WINDOWS\system32\lhidusb.dll - will be deleted on reboot
10:25:05.0578 0536 imagedrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0640 0536 C:\WINDOWS\system32\blueletaudio.dll - copied to quarantine
10:25:05.0640 0536 HKLM\SYSTEM\ControlSet001\services\incdrec - will be deleted on reboot
10:25:05.0640 0536 C:\WINDOWS\system32\blueletaudio.dll - will be deleted on reboot
10:25:05.0640 0536 incdrec ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0703 0536 C:\WINDOWS\system32\LPCFilter.dll - copied to quarantine
10:25:05.0703 0536 HKLM\SYSTEM\ControlSet001\services\kpf4 - will be deleted on reboot
10:25:05.0703 0536 C:\WINDOWS\system32\LPCFilter.dll - will be deleted on reboot
10:25:05.0703 0536 kpf4 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0812 0536 C:\WINDOWS\system32\ibmpmdrv.dll - copied to quarantine
10:25:05.0812 0536 HKLM\SYSTEM\ControlSet001\services\ltxred - will be deleted on reboot
10:25:05.0812 0536 C:\WINDOWS\system32\ibmpmdrv.dll - will be deleted on reboot
10:25:05.0812 0536 ltxred ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0859 0536 C:\WINDOWS\system32\UDFReadr.dll - copied to quarantine
10:25:05.0859 0536 HKLM\SYSTEM\ControlSet001\services\mapserver6.3 - will be deleted on reboot
10:25:05.0859 0536 C:\WINDOWS\system32\UDFReadr.dll - will be deleted on reboot
10:25:05.0859 0536 mapserver6.3 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0890 0536 C:\WINDOWS\system32\{a7447300-8075-4b0d-83f1-3d75c8ebc623}.dll - copied to quarantine
10:25:05.0890 0536 HKLM\SYSTEM\ControlSet001\services\mcrdsvc - will be deleted on reboot
10:25:05.0890 0536 C:\WINDOWS\system32\{a7447300-8075-4b0d-83f1-3d75c8ebc623}.dll - will be deleted on reboot
10:25:05.0890 0536 mcrdsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0937 0536 C:\WINDOWS\system32\se45unic.dll - copied to quarantine
10:25:05.0937 0536 HKLM\SYSTEM\ControlSet001\services\mpservice - will be deleted on reboot
10:25:05.0937 0536 C:\WINDOWS\system32\se45unic.dll - will be deleted on reboot
10:25:05.0937 0536 mpservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:05.0984 0536 C:\WINDOWS\system32\sgectl.dll - copied to quarantine
10:25:05.0984 0536 HKLM\SYSTEM\ControlSet001\services\mrvw245 - will be deleted on reboot
10:25:05.0984 0536 C:\WINDOWS\system32\sgectl.dll - will be deleted on reboot
10:25:05.0984 0536 mrvw245 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0015 0536 C:\WINDOWS\system32\isapnp.dll - copied to quarantine
10:25:06.0015 0536 HKLM\SYSTEM\ControlSet001\services\nchssvad - will be deleted on reboot
10:25:06.0015 0536 C:\WINDOWS\system32\isapnp.dll - will be deleted on reboot
10:25:06.0015 0536 nchssvad ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0031 0536 NetworkLog ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:06.0031 0536 NetworkLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:06.0078 0536 C:\WINDOWS\system32\trufos.dll - copied to quarantine
10:25:06.0078 0536 HKLM\SYSTEM\ControlSet001\services\nmwcd - will be deleted on reboot
10:25:06.0078 0536 C:\WINDOWS\system32\trufos.dll - will be deleted on reboot
10:25:06.0078 0536 nmwcd ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0171 0536 C:\WINDOWS\system32\e1express.dll - copied to quarantine
10:25:06.0171 0536 HKLM\SYSTEM\ControlSet001\services\Nsynas32 - will be deleted on reboot
10:25:06.0171 0536 C:\WINDOWS\system32\e1express.dll - will be deleted on reboot
10:25:06.0171 0536 Nsynas32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0250 0536 C:\WINDOWS\system32\Alpham1.dll - copied to quarantine
10:25:06.0250 0536 HKLM\SYSTEM\ControlSet001\services\NuidFltr - will be deleted on reboot
10:25:06.0250 0536 C:\WINDOWS\system32\Alpham1.dll - will be deleted on reboot
10:25:06.0250 0536 NuidFltr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0296 0536 C:\WINDOWS\system32\ndproxy.dll - copied to quarantine
10:25:06.0296 0536 HKLM\SYSTEM\ControlSet001\services\NVXBAR - will be deleted on reboot
10:25:06.0296 0536 C:\WINDOWS\system32\ndproxy.dll - will be deleted on reboot
10:25:06.0296 0536 NVXBAR ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0343 0536 C:\WINDOWS\system32\ccevtmgr.dll - copied to quarantine
10:25:06.0343 0536 HKLM\SYSTEM\ControlSet001\services\odclientservice - will be deleted on reboot
10:25:06.0343 0536 C:\WINDOWS\system32\ccevtmgr.dll - will be deleted on reboot
10:25:06.0343 0536 odclientservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0359 0536 OracleClientCache80 ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:06.0359 0536 OracleClientCache80 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:06.0421 0536 C:\WINDOWS\system32\MA_CMIDI.dll - copied to quarantine
10:25:06.0421 0536 HKLM\SYSTEM\ControlSet001\services\pdlndtdl - will be deleted on reboot
10:25:06.0421 0536 C:\WINDOWS\system32\MA_CMIDI.dll - will be deleted on reboot
10:25:06.0421 0536 pdlndtdl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0500 0536 C:\WINDOWS\system32\PD0620VID.dll - copied to quarantine
10:25:06.0500 0536 HKLM\SYSTEM\ControlSet001\services\pop3d32 - will be deleted on reboot
10:25:06.0500 0536 C:\WINDOWS\system32\PD0620VID.dll - will be deleted on reboot
10:25:06.0500 0536 pop3d32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0578 0536 C:\WINDOWS\system32\splitter.dll - copied to quarantine
10:25:06.0578 0536 HKLM\SYSTEM\ControlSet001\services\qbreminderflash - will be deleted on reboot
10:25:06.0578 0536 C:\WINDOWS\system32\splitter.dll - will be deleted on reboot
10:25:06.0578 0536 qbreminderflash ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0625 0536 C:\WINDOWS\system32\client32.dll - copied to quarantine
10:25:06.0625 0536 HKLM\SYSTEM\ControlSet001\services\se59unic - will be deleted on reboot
10:25:06.0625 0536 C:\WINDOWS\system32\client32.dll - will be deleted on reboot
10:25:06.0625 0536 se59unic ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:06.0687 0536 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
10:25:06.0734 0536 C:\WINDOWS\$NtUninstallKB1284$\971652334\@ - copied to quarantine
10:25:06.0734 0536 C:\WINDOWS\$NtUninstallKB1284$\971652334\cfg.ini - copied to quarantine
10:25:06.0750 0536 C:\WINDOWS\$NtUninstallKB1284$\971652334\Desktop.ini - copied to quarantine
10:25:06.0781 0536 C:\WINDOWS\$NtUninstallKB1284$\971652334\L\rohepcid - copied to quarantine
10:25:06.0890 0536 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys) error 1813
10:25:08.0562 0536 Backup copy found, using it..
10:25:08.0609 0536 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
10:25:10.0718 0536 C:\WINDOWS\$NtUninstallKB1284$\4045435415 - will be deleted on reboot
10:25:10.0718 0536 C:\WINDOWS\$NtUninstallKB1284$\971652334\@ - will be deleted on reboot
10:25:10.0718 0536 C:\WINDOWS\$NtUninstallKB1284$\971652334\cfg.ini - will be deleted on reboot
10:25:10.0718 0536 C:\WINDOWS\$NtUninstallKB1284$\971652334\Desktop.ini - will be deleted on reboot
10:25:10.0718 0536 Serial ( Virus.Win32.ZAccess.c ) - User select action: Cure
10:25:10.0718 0536 Sophos Agent ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:10.0718 0536 Sophos Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:10.0734 0536 Sophos Message Router ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:10.0734 0536 Sophos Message Router ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:10.0734 0536 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:25:10.0734 0536 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:10.0828 0536 C:\WINDOWS\system32\navapel.dll - copied to quarantine
10:25:10.0828 0536 HKLM\SYSTEM\ControlSet001\services\svv - will be deleted on reboot
10:25:10.0828 0536 C:\WINDOWS\system32\navapel.dll - will be deleted on reboot
10:25:10.0828 0536 svv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:10.0890 0536 C:\WINDOWS\system32\ni_nic.dll - copied to quarantine
10:25:10.0890 0536 HKLM\SYSTEM\ControlSet001\services\symevent - will be deleted on reboot
10:25:10.0890 0536 C:\WINDOWS\system32\ni_nic.dll - will be deleted on reboot
10:25:10.0890 0536 symevent ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:10.0984 0536 C:\WINDOWS\system32\ROB_V.dll - copied to quarantine
10:25:10.0984 0536 HKLM\SYSTEM\ControlSet001\services\tvald - will be deleted on reboot
10:25:11.0000 0536 C:\WINDOWS\system32\ROB_V.dll - will be deleted on reboot
10:25:11.0000 0536 tvald ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:11.0046 0536 C:\WINDOWS\system32\apache.dll - copied to quarantine
10:25:11.0046 0536 HKLM\SYSTEM\ControlSet001\services\viaagp1 - will be deleted on reboot
10:25:11.0046 0536 C:\WINDOWS\system32\apache.dll - will be deleted on reboot
10:25:11.0046 0536 viaagp1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:11.0125 0536 C:\WINDOWS\system32\iPassPeriodicUpdateService.dll - copied to quarantine
10:25:11.0125 0536 HKLM\SYSTEM\ControlSet001\services\w810mdfl - will be deleted on reboot
10:25:11.0125 0536 C:\WINDOWS\system32\iPassPeriodicUpdateService.dll - will be deleted on reboot
10:25:11.0125 0536 w810mdfl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:11.0187 0536 C:\WINDOWS\system32\cfsvcs.dll - copied to quarantine
10:25:11.0187 0536 HKLM\SYSTEM\ControlSet001\services\WcesComm - will be deleted on reboot
10:25:11.0187 0536 C:\WINDOWS\system32\cfsvcs.dll - will be deleted on reboot
10:25:11.0187 0536 WcesComm ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:11.0296 0536 C:\WINDOWS\system32\dlcf_device.dll - copied to quarantine
10:25:11.0296 0536 HKLM\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B} - will be deleted on reboot
10:25:11.0296 0536 C:\WINDOWS\system32\dlcf_device.dll - will be deleted on reboot
10:25:11.0296 0536 {95808DC4-FA4A-4c74-92FE-5B863F82066B} ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
10:25:15.0562 1984 Deinitialize success



aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 10:35:46
-----------------------------
10:35:46.562 OS Version: Windows 5.1.2600 Service Pack 3
10:35:46.562 Number of processors: 2 586 0x1706
10:35:46.562 ComputerName: PAAHOUIALI UserName: MJLyle
10:35:47.687 Initialize success
10:36:03.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:36:03.281 Disk 0 Vendor: FUJITSU_ 0085 Size: 76319MB BusType: 8
10:36:03.296 Disk 0 MBR read successfully
10:36:03.296 Disk 0 MBR scan
10:36:03.296 Disk 0 Windows VISTA default MBR code
10:36:03.296 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 156 MB offset 63
10:36:03.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76159 MB offset 321300
10:36:03.328 Disk 0 scanning sectors +156296385
10:36:03.437 Disk 0 scanning C:\WINDOWS\system32\drivers
10:36:08.656 Service scanning
10:36:29.453 Modules scanning
10:36:50.765 Disk 0 trace - called modules:
10:36:50.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:36:50.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6f5030]
10:36:50.828 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a69a028]
10:36:50.843 Scan finished successfully
10:36:58.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mjlyle\Desktop\MBR.dat"
10:36:58.921 The log file has been saved successfully to "C:\Documents and Settings\mjlyle\Desktop\aswMBR.txt"

BC AdBot (Login to Remove)

 


#2 wifey

wifey
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 11 April 2012 - 11:03 AM

FSS

Farbar Service Scanner Version: 01-03-2012
Ran by MJLyle (administrator) on 11-04-2012 at 10:37:55
Running from "C:\Documents and Settings\mjlyle\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Extras.txt

OTL Extras logfile created on: 4/11/2012 10:39:19 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\mjlyle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 60.52% Memory free
3.80 Gb Paging File | 2.80 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 3.93 Gb Free Space | 5.29% Space Free | Partition Type: NTFS

Computer Name: PAAHOUIALI | User Name: MJLyle | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\S-1-5-21-1354038233-4096182011-1068927084-4506\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8192:TCP" = 8192:TCP:*:Enabled:Sophos 8192
"8193:TCP" = 8193:TCP:*:Enabled:Sophos 8193
"8194:TCP" = 8194:TCP:*:Enabled:Sophos 8194

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hummingbird\Connectivity\13.00\Exceed\exceed.exe" = C:\Program Files\Hummingbird\Connectivity\13.00\Exceed\exceed.exe:*:Enabled:Exceed 2008 X Server -- (Open Text Corporation)
"C:\Program Files\Citrix\Secure Access Client\nsepa.exe" = C:\Program Files\Citrix\Secure Access Client\nsepa.exe:*:Enabled:Citrix Access Gateway Endpoint Analysis -- (Citrix Systems, Inc)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Disabled:mysqld -- ()
"C:\Program Files\Citrix\Secure Access Client\nsepa.exe" = C:\Program Files\Citrix\Secure Access Client\nsepa.exe:*:Enabled:Citrix Access Gateway Endpoint Analysis -- (Citrix Systems, Inc)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02527BE8-D797-45FC-A827-A18A3DE834D7}" = SmartFTP Client
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{06D38937-C995-4A35-A4D9-34E71503D807}" = Quest SQL Optimizer for Oracle
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E7F56F8-BA3E-40A3-B7EE-C878DCED8CFF}" = Toad for Oracle
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2b104c55-547b-4545-a4ea-8192f3c901fa}" = Knowledge Xpert for Oracle Administration
"{2FC34E5F-AC85-4F04-B95E-1E39D17BF198}" = Quest SQL Optimizer for Oracle Common
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{340B2F36-632B-48ED-929A-28803FC81AC5}" = DisplayLink Graphics
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{37EAD3B6-15F3-4292-AA85-41CADD54E964}" = RightFax Product Suite
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41DD6281-D0BF-4A4C-A67C-9F4760711046}" = Toad for Oracle
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CD5688B-68F5-4760-9866-B40C8007E0C6}" = Sophos Network Access Control
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51D7494B-6C54-468F-98E1-1A9997C89329}" = BlackBerry Desktop Software 4.7
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{55962472-B636-4481-AA89-43DA75309628}" = Citrix Access Gateway Endpoint Analysis
"{56BED62F-278A-407B-8BCD-E645EC96D2ED}" = Roxio Media Manager
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5fb88c3e-b84c-4cb9-97dd-6c340da3d720}" = Knowledge Xpert for PLSQL
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62F29D1C-D526-40F4-B4D0-840F043C2CC1}" = Dell ControlPoint System Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{67E9876B-A384-43BB-9B89-BE479FEDD5C5}" = Plains VPN Connection
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{6B7930EB-D8F7-4DAE-B3A8-AE02A6823E22}" = Quest SQL Optimizer for Oracle Common
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel® PRO Alerting Agent
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B7C0F0-6036-48D7-A0C9-4FF886785E15}" = Connectivity Secure Shell 2008
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83956098-9169-4CA8-A11A-2DB411879D37}" = NewGinans
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87595D19-4363-4506-81CF-91FF73B2F368}" = Nuance PDF Professional 5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC94B85D-500D-4B98-ADE5-3E391934BB0A}" = UltraCompare v6.40
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B11DA33B-F355-463B-9B69-72DBA1D8CECE}" = Toad for Oracle
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF82C26B-3A27-481D-A350-278459A84CF3}" = Quest Software Toad Data Modeler
"{C021B230-6E79-4DDE-9B81-56073C76F9E7}" = Quest Software Toad for Data Analysts 2.5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAFECAFE-0013-0001-0121-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.21
"{CAFECAFE-0013-0001-0125-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.25
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6A85D8-D6B9-479A-9FE9-A06E56881E61}" = Configuration Manager Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7F18D5F-A551-4599-A8E6-CA6B01268E07}" = Spotlight
"{D9B934D0-6A20-450E-9F69-F5595636C28E}" = Exceed 2008
"{E2A7788E-41FB-4904-8951-B687A5A4A182}" = Benchmark Factory for Databases
"{e2c0f584-41a0-4a0b-ada8-546aebee7b66}" = Knowledge Xpert Oracle Common
"{E2CBF3FE-A24F-40DF-B25D-8C9E05F0CD63}" = UltraEdit 15.20
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79E814C-733C-40C1-B189-C5FCFDA0BAD5}" = DisplayLink Core Software
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f34d9c22-0d2f-42ae-9780-7dbad467cc00}" = Knowledge Xpert
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FF11005D-CBC8-45D5-A288-25C7BB304121}" = Sophos Remote Management System
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.4
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BC2_is1" = Beyond Compare Version 2.4.1
"BlackBerry_{51D7494B-6C54-468F-98E1-1A9997C89329}" = BlackBerry Desktop Software 4.7
"Bomgar Representative Console [support.paalp.com]" = Bomgar Representative Console [support.paalp.com]
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CodeSite 3.0.1 Client Tools" = CodeSite 3.0.1 Client Tools
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"DocumentDirectV2.1" = DocumentDirect 2.1
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DWG TrueView 2008" = DWG TrueView 2008
"EOS Utility" = Canon Utilities EOS Utility
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"Knowledge Xpert" = Knowledge Xpert
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oracle JInitiator 1.1.8.16" = Oracle JInitiator 1.1.8.16
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PuTTY_is1" = PuTTY version 0.60
"Quest Installer" = Quest Installer
"QWS3270 PLUS version 3.0" = QWS3270 PLUS version 3.0
"RDC" = RDC
"RealVNC_is1" = VNC Enterprise Edition E4.5
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.23
"The Lost Watch II NV 3D Screensaver_is1" = The Lost Watch II NV 3D Screensaver 1.0
"TurboTax 2010" = TurboTax 2010
"uninstall.exe" = iLinc Client
"USB-Ethernet Adapter Device" = USB-Ethernet Adapter Device
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.6.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.9
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.7.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1354038233-4096182011-1068927084-4506\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2012 11:30:21 AM | Computer Name = PAAHOUIALI | Source = UserInit | ID = 1000
Description = Could not execute the following script KB960714.cmd. The system cannot
find the file specified. .

Error - 4/11/2012 11:36:15 AM | Computer Name = PAAHOUIALI | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: houcor-i01,houcor-i01.plains.paalp.loc.%3

Error - 4/11/2012 11:42:10 AM | Computer Name = PAAHOUIALI | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: houcor-i01,houcor-i01.plains.paalp.loc.%3

Error - 4/11/2012 11:43:41 AM | Computer Name = PAAHOUIALI | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::BeginProcessing in the ComponentManager component
encountered a catastrophic error that it could not recover from.

Error - 4/11/2012 11:43:41 AM | Computer Name = PAAHOUIALI | Source = Sophos Anti-Virus | ID = 131091
Description = Error when calling BeginProcessing on ComponentManager.

Error - 4/11/2012 11:43:41 AM | Computer Name = PAAHOUIALI | Source = Sophos Anti-Virus | ID = 196608
Description = Exception caught in CInfrastructureModule::PreMessageLoop.

Error - 4/11/2012 11:44:43 AM | Computer Name = PAAHOUIALI | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::BeginProcessing in the ComponentManager component
encountered a catastrophic error that it could not recover from.

Error - 4/11/2012 11:44:43 AM | Computer Name = PAAHOUIALI | Source = Sophos Anti-Virus | ID = 131091
Description = Error when calling BeginProcessing on ComponentManager.

Error - 4/11/2012 11:44:43 AM | Computer Name = PAAHOUIALI | Source = Sophos Anti-Virus | ID = 196608
Description = Exception caught in CInfrastructureModule::PreMessageLoop.

Error - 4/11/2012 11:48:05 AM | Computer Name = PAAHOUIALI | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: houcor-i01,houcor-i01.plains.paalp.loc.%3

[ System Events ]
Error - 4/11/2012 11:28:22 AM | Computer Name = PAAHOUIALI | Source = Service Control Manager | ID = 7023
Description = The Atimpab service terminated with the following error: %%126

Error - 4/11/2012 11:30:12 AM | Computer Name = PAAHOUIALI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ctxusbm PBADRV

Error - 4/11/2012 11:30:28 AM | Computer Name = PAAHOUIALI | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/11/2012 11:32:32 AM | Computer Name = PAAHOUIALI | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/11/2012 11:32:55 AM | Computer Name = PAAHOUIALI | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 4/11/2012 11:43:41 AM | Computer Name = PAAHOUIALI | Source = Service Control Manager | ID = 7023
Description = The Sophos Anti-Virus service terminated with the following error:
%%2147500037

Error - 4/11/2012 11:44:10 AM | Computer Name = PAAHOUIALI | Source = DCOM | ID = 10010
Description = The server {D2B7A809-15DC-40B4-A1E1-C61EA97191DB} did not register
with DCOM within the required timeout.

Error - 4/11/2012 11:44:43 AM | Computer Name = PAAHOUIALI | Source = Service Control Manager | ID = 7023
Description = The Sophos Anti-Virus service terminated with the following error:
%%2147500037

Error - 4/11/2012 11:45:12 AM | Computer Name = PAAHOUIALI | Source = DCOM | ID = 10010
Description = The server {D2B7A809-15DC-40B4-A1E1-C61EA97191DB} did not register
with DCOM within the required timeout.

Error - 4/11/2012 11:45:31 AM | Computer Name = PAAHOUIALI | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.


< End of report >

OTL.txt

OTL logfile created on: 4/11/2012 10:39:19 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\mjlyle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 60.52% Memory free
3.80 Gb Paging File | 2.80 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.37 Gb Total Space | 3.93 Gb Free Space | 5.29% Space Free | Partition Type: NTFS

Computer Name: PAAHOUIALI | User Name: MJLyle | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/11 10:34:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mjlyle\Desktop\OTL.exe
PRC - [2012/04/05 06:06:22 | 000,584,688 | ---- | M] () -- C:\WINDOWS\svcs.exe
PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/10/08 09:15:18 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2010/10/08 09:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/21 10:16:22 | 000,644,336 | ---- | M] (Sophos Plc) -- C:\WINDOWS\Temp\sophos_autoupdate1.dir\ALUpdate.exe
PRC - [2010/09/21 10:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/09/21 10:16:17 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/09/13 11:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/17 17:34:34 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_16\bin\jqs.exe
PRC - [2010/08/17 17:34:34 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_16\bin\jusched.exe
PRC - [2010/05/12 09:13:03 | 000,783,720 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010/05/12 09:13:01 | 000,832,872 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010/05/12 09:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2009/07/16 09:12:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/06/09 09:33:27 | 000,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2009/06/09 09:33:26 | 000,794,624 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2009/06/05 00:38:20 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/05/18 13:50:42 | 008,818,176 | ---- | M] (Bomgar Corporation) -- C:\Program Files\Bomgar\Representative\support.paalp.com\bomgar-rep.exe
PRC - [2009/03/17 00:16:08 | 001,492,344 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2009/02/06 20:10:16 | 001,095,456 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/02/06 20:06:56 | 000,443,168 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/01/19 15:54:16 | 000,667,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2008/12/29 11:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/12/23 02:28:00 | 000,795,936 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
PRC - [2008/12/23 02:27:54 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/12/01 16:24:36 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/01 16:24:28 | 000,241,746 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R205445\stacsv.exe
PRC - [2008/10/27 19:37:38 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/10/27 19:37:20 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/10/27 19:37:18 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/10/27 19:37:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/18 14:30:22 | 000,247,400 | ---- | M] (Open Text Corporation) -- C:\Program Files\Hummingbird\Connectivity\13.00\HostExplorer\PrintServices\PESRV.exe
PRC - [2007/05/18 14:26:09 | 000,067,144 | ---- | M] (Open Text Corporation) -- C:\Program Files\Hummingbird\Connectivity\13.00\InetD\inetd32.exe
PRC - [2007/04/25 12:19:28 | 001,650,688 | ---- | M] (ENDFORCE, Inc.) -- C:\Program Files\Endforce\AgntTray.exe
PRC - [2007/04/25 09:54:38 | 002,916,352 | ---- | M] (ENDFORCE, Inc.) -- C:\Program Files\Endforce\AgentAPI.exe
PRC - [2007/04/19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/06/01 16:27:56 | 000,098,304 | ---- | M] (Captaris, Inc.) -- C:\RightFax90Client\Client\FAXCTRL.exe
PRC - [2005/10/22 23:35:22 | 004,431,872 | ---- | M] () -- C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/11 10:30:42 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/11 10:30:42 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/06 11:41:19 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/06 11:41:19 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/04/05 06:06:22 | 000,584,688 | ---- | M] () -- C:\WINDOWS\svcs.exe
MOD - [2011/04/15 19:23:46 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/04/15 19:23:44 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/04/15 19:23:44 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/04/15 19:23:43 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/04/15 19:23:40 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/04/15 19:23:40 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/04/15 19:23:40 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/04/15 19:23:40 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/04/15 19:23:40 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/04/15 19:23:40 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/04/15 19:23:39 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/04/15 19:23:39 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/04/15 19:23:39 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/09/13 11:48:20 | 000,097,384 | R--- | M] () -- C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
MOD - [2010/06/04 05:23:26 | 000,750,832 | ---- | M] () -- C:\WINDOWS\Temp\sophos_autoupdate1.dir\libeay32.dll
MOD - [2009/06/09 09:33:27 | 000,733,184 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Security.dll
MOD - [2009/06/09 09:33:27 | 000,528,384 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll
MOD - [2009/06/09 09:33:27 | 000,237,568 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll
MOD - [2009/06/09 09:33:27 | 000,056,832 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll
MOD - [2009/06/09 09:33:27 | 000,032,256 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll
MOD - [2009/06/09 09:33:26 | 001,531,904 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO.dll
MOD - [2009/06/09 09:33:26 | 001,048,576 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ace.dll
MOD - [2009/06/09 09:33:26 | 000,753,664 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\libeay32.dll
MOD - [2009/06/09 09:33:26 | 000,176,128 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll
MOD - [2009/06/09 09:33:26 | 000,159,744 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ssleay32.dll
MOD - [2009/06/03 14:09:37 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/05/20 10:36:15 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\8642fdfbf02a6cb6f01169fe6fdb5d11\System.Management.ni.dll
MOD - [2009/05/20 10:32:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ea3366939280c1715f1c620e33ee3c8a\System.ServiceProcess.ni.dll
MOD - [2009/05/20 10:32:44 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b57bb002a655920cbfa2bee29d1e22b7\System.Web.Services.ni.dll
MOD - [2009/05/20 10:32:08 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
MOD - [2009/05/20 10:32:01 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
MOD - [2009/05/20 10:31:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
MOD - [2009/05/20 10:31:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
MOD - [2009/05/20 10:31:30 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
MOD - [2009/05/20 10:31:23 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
MOD - [2009/05/20 10:30:43 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2009/05/20 10:30:43 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/05/20 10:30:43 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/05/20 10:30:42 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009/05/20 10:30:41 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009/05/20 10:30:40 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/05/20 10:30:40 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/05/20 10:30:40 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2009/05/20 10:30:39 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009/05/20 10:30:37 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2009/04/30 14:51:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2009/04/30 14:50:48 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2009/03/17 00:04:52 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\VNCpm.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/10/22 23:35:22 | 004,431,872 | ---- | M] () -- C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
MOD - [2000/10/31 22:25:40 | 000,246,544 | ---- | M] () -- C:\Oracle_Dev6i\BIN\OTRACE80.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VAIOMediaPlatform-MusicServer-HTTP.dll -- (zebrbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSFWDrv.dll -- (xnacc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\intelroam.dll -- (winpowermanager)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avidstartup.dll -- (vmnetbridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvmpu401.dll -- (vaiomediaplatform-mobile-gateway)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pvservice.dll -- (USR1806V)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\remoterecord.dll -- (twotrack)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdcm.dll -- (tosporte)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viagfx.dll -- (tmtdi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zenos1.dll -- (Tb2RCAssist)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WaveFDE.dll -- (sysmgmthp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATKGFNEXSrv.dll -- (Sunkfiltp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AlteraByteBlaster.dll -- (sscdserd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pmsveh.dll -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iap.dll -- (smcservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rnadiagreceiver.dll -- (Sk9920nt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ICAM3NT5.dll -- (s217obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snpstd.dll -- (RivaTuner32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\authsyssvc.dll -- (remoterecord)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AGV.dll -- (pxfhserd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCamUSBDXGTech.dll -- (puscsrvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smwdm.dll -- (proxyhostservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ultra66.dll -- (PhilCam8116)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\savscan.dll -- (PGPsdkDriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xnacc.dll -- (pdlnafac)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CA561.dll -- (p2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imap4d32.dll -- (OVT511Plus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\truecrypt.dll -- (oracleorahomedatagatherer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbvm321.dll -- (omnidrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NETMDUSB.dll -- (NWUSBModem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bjmcmng.dll -- (NETw4v32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvlddmkm.dll -- (NdisFilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NxNetMon.dll -- (naimagent32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ws2ifsl.dll -- (MSFWHLPR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sifilter.dll -- (lxdm_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wanminiportservice.dll -- (lvpopflt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716obex.dll -- (ispwdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\revudfservice.dll -- (IntelC51)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mr7910.dll -- (incdfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_fltr.dll -- (icollectservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnemsg.dll -- (iAimTV6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avsinc.dll -- (hsfhwbs2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716mgmt.dll -- (FET5X86V)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\helpsvc.dll -- (eSettingsService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slave.dll -- (epson_pm_rpcv2_01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\catchme.dll -- (Eplpdx02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VCAM.dll -- (elbydelay)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dvd-ram_service.dll -- (dtsrvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ashampoodefragservice.dll -- (DSXUSB)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Si3132r5.dll -- (DS1410D)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AlKernel.dll -- (ds1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Fd16_700.dll -- (DivisCTS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ONSIO.dll -- (Dfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pivotmou.dll -- (dcstor32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clcapsvc.dll -- (CSDriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\audstub.dll -- (clr_optimization_v2.0.50215_32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\upsentry_smart.dll -- (cercsr6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FileDisk.dll -- (c-dillasrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wudfpf.dll -- (bwcsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epoxusdm.dll -- (bthport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\abnetmon.dll -- (AVerTV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcEPIOMngr.dll -- (atkkeyboardservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tosporte.dll -- (aspi32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WMIService.dll -- (amdppm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\UVCFTR.dll -- (aeaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\application.dll -- (adiloader)
SRV - [2012/04/05 06:06:22 | 000,584,688 | ---- | M] () [Auto | Running] -- C:\WINDOWS\svcs.exe -- (NetworkLog)
SRV - [2012/04/05 01:42:31 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/10/08 09:15:18 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/10/08 09:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/09/21 10:16:17 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/17 17:34:34 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre1.6.0_16\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/06/04 05:23:16 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/05/12 09:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2009/07/16 09:12:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/09 09:33:27 | 000,266,240 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2009/06/09 09:33:26 | 000,794,624 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2009/03/17 00:16:08 | 001,492,344 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2009/02/20 01:47:46 | 000,038,688 | ---- | M] (International Business Machines Corporation) [Auto | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysts 2.5\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TACOM25) DB2 Management Service (TACOM25)
SRV - [2009/02/06 20:06:56 | 000,443,168 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2008/12/29 11:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/23 02:27:54 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/12/01 16:24:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R205445\stacsv.exe -- (STacSV)
SRV - [2008/05/20 04:00:00 | 000,757,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2008/05/20 04:00:00 | 000,249,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2007/05/18 14:30:22 | 000,247,400 | ---- | M] (Open Text Corporation) [Auto | Running] -- C:\Program Files\Hummingbird\Connectivity\13.00\HostExplorer\PrintServices\PESRV.exe -- (PESRV)
SRV - [2007/05/18 14:26:54 | 000,153,184 | ---- | M] (Open Text Corporation) [On_Demand | Stopped] -- C:\Program Files\Hummingbird\Connectivity\13.00\Accessories\ProxyEngine.exe -- (ProxyEngine)
SRV - [2007/05/18 14:26:09 | 000,067,144 | ---- | M] (Open Text Corporation) [Auto | Running] -- C:\Program Files\Hummingbird\Connectivity\13.00\InetD\inetd32.exe -- (HCLInetd)
SRV - [2007/04/25 09:54:38 | 002,916,352 | ---- | M] (ENDFORCE, Inc.) [Auto | Running] -- C:\Program Files\Endforce\AgentAPI.exe -- (ENDFORCE Agent API)
SRV - [2007/04/19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2005/10/22 23:35:22 | 004,431,872 | ---- | M] () [Auto | Running] -- C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe -- (BMFMySQL)
SRV - [2001/08/17 22:36:10 | 000,009,728 | ---- | M] (Brother Industries, Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\brserif.dll -- (anydvd)
SRV - [2000/10/27 13:45:40 | 000,101,136 | ---- | M] () [On_Demand | Stopped] -- C:\Oracle_Dev6i\BIN\ONRSD80.EXE -- (OracleClientCache80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\D28.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\tsk5A.tmp -- (ctxusbm)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\mjlyle\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\82565687.sys -- (47593477)
DRV - [2011/08/07 20:30:38 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DisplayLinkUsbPort_5.3.24903.0.sys -- (DisplayLinkUsbPort)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/10/08 09:14:59 | 000,153,344 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2010/10/08 09:14:59 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2010/05/12 09:13:26 | 000,027,776 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys -- (DisplayLinkGA)
DRV - [2010/05/12 09:13:26 | 000,024,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2010/05/12 09:13:26 | 000,007,040 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter)
DRV - [2009/04/30 14:51:28 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/03/17 00:04:50 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2009/01/19 21:33:16 | 000,985,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/01/19 21:33:16 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/01/19 21:33:16 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/12/01 16:24:32 | 001,392,819 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/01 16:24:20 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/10/27 19:37:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/16 23:03:02 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/07/25 13:21:46 | 000,040,448 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2008/07/22 16:27:02 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/01 16:12:18 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/30 17:47:30 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/05/23 02:38:25 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008/05/20 04:00:00 | 000,023,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008/04/08 17:27:04 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/02/20 21:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/04/19 05:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy/autoproxy.pac

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy/autoproxy.pac

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}:5.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.51.6: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mjlyle\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mjlyle\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre1.6.0_16\lib\deploy\jqs\ff [2010/08/17 17:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 23:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/18 23:00:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\mjlyle\Application Data\Move Networks [2010/05/08 10:26:59 | 000,000,000 | ---D | M]

[2010/04/05 18:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mjlyle\Application Data\Mozilla\Extensions
[2010/04/05 18:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mjlyle\Application Data\Mozilla\Firefox\Profiles\tc6w22d3.default\extensions
[2012/04/01 10:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/30 19:39:53 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/11/16 17:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
[2010/05/08 10:26:59 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MJLYLE\APPLICATION DATA\MOVE NETWORKS
[2010/08/17 17:34:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE1.6.0_16\LIB\DEPLOY\JQS\FF
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2005/01/19 01:17:02 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13121.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Citrix Access Gateway (Enabled) = C:\Documents and Settings\mjlyle\Application Data\Mozilla\plugins\npagee.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre1.6.0_16\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre1.6.0_16\bin\new_plugin\npjp2.dll
CHR - plugin: Oracle JInitiator (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPJinit13121.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\mjlyle\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_16\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12 File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [ENDFORCEAgent] C:\Program Files\ENDFORCE\AgntTray.exe (ENDFORCE, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RightFAX Print-to-Fax Driver] C:\RightFax90Client\Client\FAXCTRL.exe (Captaris, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_16\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bomgar Representative Console [support.paalp.com].lnk = C:\Program Files\Bomgar\Representative\support.paalp.com\bomgar-rep.exe (Bomgar Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with PDF Converter 5.2 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
O8 - Extra context menu item: Open with PDF Professional 5.2 - res://C:\Program Files\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Hummingbird\Connectivity\13.00\Exceed\humshmx.dll (Open Text Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Hummingbird\Connectivity\13.00\Exceed\humshmx.dll (Open Text Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Hummingbird\Connectivity\13.00\Exceed\humshmx.dll (Open Text Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-1354038233-4096182011-1068927084-4506\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1332979796578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1332979766015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} http://paahouorauat3.paalp.com:8000/jinitiator/oajinit.exe (Oracle JInitiator 1.1.8.16)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C99468B5-ADFF-11D0-94E5-00A0247AEFEB} http://auohspaap08.oracleoutsourcing.com:30032/viewer/we/MVWCIIN.exe (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} http://ibm9221.yamconsulting.com:8000/jinitiator/oajinit.exe (JInitiator 1.3.1.21)
O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} https://appspaapdev.oracleoutsourcing.com/jinitiator/oajinit.exe (JInitiator 1.3.1.25)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = plains.paalp.loc
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28407671-5725-4A99-9987-5ADBC1374B29}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - t:\pmas admin\dll\itss.dll File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - t:\pmas admin\dll\itss.dll File not found
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle 10\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\system32\BCMLogon.dll) - C:\WINDOWS\system32\BCMLogon.dll (Dell Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PC Cleaners - hkey= - key= - File not found
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: 00554670.sys - Driver
SafeBootMin: 01089037.sys - Driver
SafeBootMin: 28135107.sys - Driver
SafeBootMin: 28193882.sys - Driver
SafeBootMin: 47593477.sys - system32\drivers\82565687.sys File not found
SafeBootMin: 47890619.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {72B7C0F0-6036-48D7-A0C9-4FF886785E15} - "C:\Program Files\Hummingbird\Connectivity\13.00\Accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1 LOGGINGLEVEL=5
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D9B934D0-6A20-450E-9F69-F5595636C28E} - "C:\Program Files\Hummingbird\Connectivity\13.00\Accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1 LOGGINGLEVEL=5
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: zebrbus - %systemroot%\system32\VAIOMediaPlatform-MusicServer-HTTP.dll File not found
NetSvcs: PhilCam8116 - %systemroot%\system32\ultra66.dll File not found
NetSvcs: lxdm_device - %systemroot%\system32\sifilter.dll File not found
NetSvcs: FET5X86V - %systemroot%\system32\s716mgmt.dll File not found
NetSvcs: adiloader - %systemroot%\system32\application.dll File not found
NetSvcs: dtsrvc - %systemroot%\system32\dvd-ram_service.dll File not found
NetSvcs: PGPsdkDriver - %systemroot%\system32\savscan.dll File not found
NetSvcs: pxfhserd - %systemroot%\system32\AGV.dll File not found
NetSvcs: iAimTV6 - %systemroot%\system32\pdlnemsg.dll File not found
NetSvcs: puscsrvc - %systemroot%\system32\DCamUSBDXGTech.dll File not found
NetSvcs: aspi32 - %systemroot%\system32\tosporte.dll File not found
NetSvcs: tosporte - %systemroot%\system32\nmwcdcm.dll File not found
NetSvcs: omnidrv - %systemroot%\system32\usbvm321.dll File not found
NetSvcs: s217obex - %systemroot%\system32\ICAM3NT5.dll File not found
NetSvcs: NETw4v32 - %systemroot%\system32\bjmcmng.dll File not found
NetSvcs: AVerTV - %systemroot%\system32\abnetmon.dll File not found
NetSvcs: hsfhwbs2 - %systemroot%\system32\avsinc.dll File not found
NetSvcs: naimagent32 - %systemroot%\system32\NxNetMon.dll File not found
NetSvcs: ds1 - %systemroot%\system32\AlKernel.dll File not found
NetSvcs: sscdserd - %systemroot%\system32\AlteraByteBlaster.dll File not found
NetSvcs: epson_pm_rpcv2_01 - %systemroot%\system32\slave.dll File not found
NetSvcs: NWUSBModem - %systemroot%\system32\NETMDUSB.dll File not found
NetSvcs: vmnetbridge - %systemroot%\system32\avidstartup.dll File not found
NetSvcs: RivaTuner32 - %systemroot%\system32\snpstd.dll File not found
NetSvcs: MSFWHLPR - %systemroot%\system32\ws2ifsl.dll File not found
NetSvcs: amdppm - %systemroot%\system32\WMIService.dll File not found
NetSvcs: cercsr6 - %systemroot%\system32\upsentry_smart.dll File not found
NetSvcs: p2k - %systemroot%\system32\CA561.dll File not found
NetSvcs: remoterecord - %systemroot%\system32\authsyssvc.dll File not found
NetSvcs: bthport - %systemroot%\system32\epoxusdm.dll File not found
NetSvcs: oracleorahomedatagatherer - %systemroot%\system32\truecrypt.dll File not found
NetSvcs: winpowermanager - %systemroot%\system32\intelroam.dll File not found
NetSvcs: DS1410D - %systemroot%\system32\Si3132r5.dll File not found
NetSvcs: MREMP50 - File not found
NetSvcs: s217bus - File not found
NetSvcs: PSDNServ - File not found
NetSvcs: tfsncofs - File not found
NetSvcs: mcrdsvc - File not found
NetSvcs: w810mdfl - File not found
NetSvcs: nchssvad - File not found
NetSvcs: kpf4 - File not found
NetSvcs: anydvd - C:\WINDOWS\system32\brserif.dll (Brother Industries, Ltd.)
NetSvcs: NuidFltr - File not found
NetSvcs: {95808DC4-FA4A-4c74-92FE-5B863F82066B} - File not found
NetSvcs: CnxtHdAudService - File not found
NetSvcs: NVXBAR - File not found
NetSvcs: incdrec - File not found
NetSvcs: svv - File not found
NetSvcs: ltxred - File not found
NetSvcs: qbreminderflash - File not found
NetSvcs: WcesComm - File not found
NetSvcs: bthmodem - File not found
NetSvcs: mpservice - File not found
NetSvcs: datasvr - File not found
NetSvcs: pdlndtdl - File not found
NetSvcs: odclientservice - File not found
NetSvcs: tvald - File not found
NetSvcs: pop3d32 - File not found
NetSvcs: iaimfp1 - File not found
NetSvcs: Nsynas32 - File not found
NetSvcs: nmwcd - File not found
NetSvcs: cmuda3 - File not found
NetSvcs: mrvw245 - File not found
NetSvcs: se59unic - File not found
NetSvcs: imagedrv - File not found
NetSvcs: mapserver6.3 - File not found
NetSvcs: Fd16_700 - File not found
NetSvcs: viaagp1 - File not found
NetSvcs: symevent - File not found
NetSvcs: DNE - File not found
NetSvcs: ELkbd - File not found
NetSvcs: VRcore - File not found
NetSvcs: swupdtmr - File not found
NetSvcs: ZuneBusEnum - File not found
NetSvcs: rapapp - File not found
NetSvcs: Dfs - %systemroot%\system32\ONSIO.dll File not found
NetSvcs: smcservice - %systemroot%\system32\iap.dll File not found
NetSvcs: xnacc - %systemroot%\system32\MSFWDrv.dll File not found
NetSvcs: bwcsrv - %systemroot%\system32\wudfpf.dll File not found
NetSvcs: Sk9920nt - %systemroot%\system32\rnadiagreceiver.dll File not found
NetSvcs: DivisCTS - %systemroot%\system32\Fd16_700.dll File not found
NetSvcs: c-dillasrv - %systemroot%\system32\FileDisk.dll File not found
NetSvcs: sysmgmthp - %systemroot%\system32\WaveFDE.dll File not found
NetSvcs: CSDriver - %systemroot%\system32\clcapsvc.dll File not found
NetSvcs: SQLBrowser - %systemroot%\system32\pmsveh.dll File not found
NetSvcs: pdlnafac - %systemroot%\system32\xnacc.dll File not found
NetSvcs: lvpopflt - %systemroot%\system32\wanminiportservice.dll File not found
NetSvcs: DSXUSB - %systemroot%\system32\ashampoodefragservice.dll File not found
NetSvcs: eSettingsService - %systemroot%\system32\helpsvc.dll File not found
NetSvcs: icollectservice - %systemroot%\system32\ino_fltr.dll File not found
NetSvcs: Eplpdx02 - %systemroot%\system32\catchme.dll File not found
NetSvcs: twotrack - %systemroot%\system32\remoterecord.dll File not found
NetSvcs: atkkeyboardservice - %systemroot%\system32\SrvcEPIOMngr.dll File not found
NetSvcs: ispwdsvc - %systemroot%\system32\s716obex.dll File not found
NetSvcs: incdfs - %systemroot%\system32\mr7910.dll File not found
NetSvcs: elbydelay - %systemroot%\system32\VCAM.dll File not found
NetSvcs: Sunkfiltp - %systemroot%\system32\ATKGFNEXSrv.dll File not found
NetSvcs: Tb2RCAssist - %systemroot%\system32\zenos1.dll File not found
NetSvcs: dcstor32 - %systemroot%\system32\pivotmou.dll File not found
NetSvcs: vaiomediaplatform-mobile-gateway - %systemroot%\system32\nvmpu401.dll File not found
NetSvcs: aeaudio - %systemroot%\system32\UVCFTR.dll File not found
NetSvcs: OVT511Plus - %systemroot%\system32\imap4d32.dll File not found
NetSvcs: NdisFilt - %systemroot%\system32\nvlddmkm.dll File not found
NetSvcs: proxyhostservice - %systemroot%\system32\smwdm.dll File not found
NetSvcs: USR1806V - %systemroot%\system32\pvservice.dll File not found
NetSvcs: tmtdi - %systemroot%\system32\viagfx.dll File not found
NetSvcs: clr_optimization_v2.0.50215_32 - %systemroot%\system32\audstub.dll File not found
NetSvcs: IntelC51 - %systemroot%\system32\revudfservice.dll File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/11 10:34:23 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mjlyle\Desktop\OTL.exe
[2012/04/11 10:33:40 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\mjlyle\Desktop\aswMBR.exe
[2012/04/07 01:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\Desktop\backups
[2012/04/06 11:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\Application Data\SUPERAntiSpyware.com
[2012/04/06 11:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/06 11:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/06 11:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/06 10:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/04/06 10:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/06 02:30:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\mjlyle\Desktop\HijackThis.exe
[2012/04/06 01:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/05 18:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\Application Data\PCPro
[2012/04/05 18:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\Application Data\PC Cleaners
[2012/04/05 17:56:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/05 17:56:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/05 17:56:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/05 17:56:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/05 17:56:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/05 17:45:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/05 17:42:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/05 17:42:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mjlyle\Start Menu\Programs\Administrative Tools
[2012/04/05 16:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/04/05 16:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/04/05 16:04:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/05 15:24:02 | 004,449,976 | R--- | C] (Swearware) -- C:\Documents and Settings\mjlyle\Desktop\ComboFix.exe
[2012/04/05 13:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/04/05 01:42:31 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/04 23:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\My Documents\vBulletin
[2012/04/04 19:55:36 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mjlyle\Desktop\2340870987.com.exe
[2012/04/04 17:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\My Documents\upload
[2012/04/04 17:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\My Documents\do_not_upload
[2012/03/29 11:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\Start Menu\Programs\Google Chrome
[2012/03/29 11:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\Local Settings\Application Data\Deployment
[2012/03/28 19:11:54 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/03/24 15:02:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mjlyle\Application Data\Google
[2012/03/24 14:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google SketchUp 8
[2012/03/18 23:11:39 | 015,456,968 | ---- | C] (SmartSoft Ltd) -- C:\SFTPMSI.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/11 10:36:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mjlyle\Desktop\MBR.dat
[2012/04/11 10:34:32 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\mjlyle\Desktop\Google Chrome.lnk
[2012/04/11 10:34:32 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\mjlyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/11 10:34:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mjlyle\Desktop\OTL.exe
[2012/04/11 10:34:11 | 000,337,137 | ---- | M] () -- C:\Documents and Settings\mjlyle\Desktop\FSS.exe
[2012/04/11 10:33:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\mjlyle\Desktop\aswMBR.exe
[2012/04/11 10:32:20 | 000,468,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/11 10:32:20 | 000,080,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/11 10:31:47 | 000,000,459 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012/04/11 10:30:18 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/04/11 10:28:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/11 10:27:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/11 10:27:18 | 2097,045,504 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/10 23:15:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1354038233-4096182011-1068927084-4506UA.job
[2012/04/10 23:02:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/10 22:58:17 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) -- C:\WINDOWS\System32\drivers\ctxusbm.sys
[2012/04/07 11:15:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1354038233-4096182011-1068927084-4506Core.job
[2012/04/07 10:12:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/06 15:56:13 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/06 11:36:45 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/06 02:48:51 | 000,000,220 | RHS- | M] () -- C:\boot.ini
[2012/04/06 02:31:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\mjlyle\Desktop\HijackThis.exe
[2012/04/05 23:16:55 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\mjlyle\Desktop\gmer.zip
[2012/04/05 15:24:03 | 004,449,976 | R--- | M] (Swearware) -- C:\Documents and Settings\mjlyle\Desktop\ComboFix.exe
[2012/04/05 15:21:39 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\mjlyle\Desktop\SecurityCheck.exe
[2012/04/05 15:21:11 | 002,053,661 | ---- | M] () -- C:\Documents and Settings\mjlyle\Desktop\tdsskiller.zip
[2012/04/05 14:03:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/05 13:06:39 | 001,525,384 | ---- | M] () -- C:\sarsfx.exe
[2012/04/05 13:06:15 | 005,276,432 | ---- | M] (PC Cleaners) -- C:\WINDOWS\uninst.exe
[2012/04/05 06:06:22 | 000,584,688 | ---- | M] () -- C:\WINDOWS\svcs.exe
[2012/04/05 01:42:31 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/05 01:42:31 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/04 21:56:50 | 000,002,396 | ---- | M] () -- C:\Documents and Settings\mjlyle\My Documents\index.php
[2012/04/04 19:55:36 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mjlyle\Desktop\2340870987.com.exe
[2012/04/04 17:15:23 | 009,087,306 | ---- | M] () -- C:\Documents and Settings\mjlyle\Desktop\vbforum_4_4-1-11_Patch_Level_1_VBF30ED7C6.zip
[2012/04/04 16:15:41 | 000,175,476 | ---- | M] () -- C:\Documents and Settings\mjlyle\Desktop\Ashley Lyle - Resume - April 2012.pdf
[2012/04/04 15:07:24 | 000,048,257 | ---- | M] () -- C:\Documents and Settings\mjlyle\My Documents\vb4_readme.html
[2012/04/04 15:07:24 | 000,017,777 | ---- | M] () -- C:\Documents and Settings\mjlyle\My Documents\license_agreement.html
[2012/04/04 15:07:14 | 000,540,018 | ---- | M] () -- C:\Documents and Settings\mjlyle\My Documents\vbulletin-smilies.pdf
[2012/04/04 10:57:41 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\mjlyle\removeprefix.php
[2012/04/02 10:14:25 | 000,194,227 | ---- | M] () -- C:\Documents and Settings\mjlyle\My Documents\Print - America’s Test Kitchen __ America's Test Kitchen $25,000 Kitchen Makeover Sweepstakes.pdf
[2012/04/02 09:38:11 | 000,115,434 | ---- | M] () -- C:\Documents and Settings\mjlyle\My Documents\dress.pdf
[2012/03/29 23:59:59 | 000,017,980 | ---- | M] () -- C:\Documents and Settings\mjlyle\My Documents\juniorleague2012-13.pdf
[2012/03/24 14:56:47 | 000,001,764 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2012/03/24 14:49:16 | 000,070,353 | ---- | M] () -- C:\plantarplans.skp
[2012/03/24 09:57:41 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk
[2012/03/18 23:11:47 | 015,456,968 | ---- | M] (SmartSoft Ltd) -- C:\SFTPMSI.exe
[2012/03/18 22:58:14 | 000,001,005 | ---- | M] () -- C:\SmartFTP Client License Key.xml
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/11 10:36:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mjlyle\Desktop\MBR.dat
[2012/04/11 10:34:10 | 000,337,137 | ---- | C] () -- C:\Documents and Settings\mjlyle\Desktop\FSS.exe
[2012/04/11 10:27:18 | 2097,045,504 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/06 11:36:45 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/05 23:16:49 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\mjlyle\Desktop\gmer.zip
[2012/04/05 17:56:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/05 17:56:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/05 17:56:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/05 17:56:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/05 17:56:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/05 15:21:39 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\mjlyle\Desktop\SecurityCheck.exe
[2012/04/05 15:21:10 | 002,053,661 | ---- | C] () -- C:\Documents and Settings\mjlyle\Desktop\tdsskiller.zip
[2012/04/05 13:06:38 | 001,525,384 | ---- | C] () -- C:\sarsfx.exe
[2012/04/05 06:06:13 | 000,584,688 | ---- | C] () -- C:\WINDOWS\svcs.exe
[2012/04/05 01:42:31 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/05 01:30:22 | 000,002,396 | ---- | C] () -- C:\Documents and Settings\mjlyle\My Documents\index.php
[2012/04/05 01:17:58 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/04 17:15:13 | 009,087,306 | ---- | C] () -- C:\Documents and Settings\mjlyle\Desktop\vbforum_4_4-1-11_Patch_Level_1_VBF30ED7C6.zip
[2012/04/04 16:15:41 | 000,175,476 | ---- | C] () -- C:\Documents and Settings\mjlyle\Desktop\Ashley Lyle - Resume - April 2012.pdf
[2012/04/04 15:07:24 | 000,048,257 | ---- | C] () -- C:\Documents and Settings\mjlyle\My Documents\vb4_readme.html
[2012/04/04 15:07:24 | 000,017,777 | ---- | C] () -- C:\Documents and Settings\mjlyle\My Documents\license_agreement.html
[2012/04/04 15:07:14 | 000,540,018 | ---- | C] () -- C:\Documents and Settings\mjlyle\My Documents\vbulletin-smilies.pdf
[2012/04/04 10:57:41 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\mjlyle\removeprefix.php
[2012/04/02 10:14:25 | 000,194,227 | ---- | C] () -- C:\Documents and Settings\mjlyle\My Documents\Print - America’s Test Kitchen __ America's Test Kitchen $25,000 Kitchen Makeover Sweepstakes.pdf
[2012/04/02 09:38:11 | 000,115,434 | ---- | C] () -- C:\Documents and Settings\mjlyle\My Documents\dress.pdf
[2012/03/29 23:59:59 | 000,017,980 | ---- | C] () -- C:\Documents and Settings\mjlyle\My Documents\juniorleague2012-13.pdf
[2012/03/29 11:11:15 | 000,002,295 | ---- | C] () -- C:\Documents and Settings\mjlyle\Desktop\Google Chrome.lnk
[2012/03/29 11:11:15 | 000,002,273 | ---- | C] () -- C:\Documents and Settings\mjlyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/29 11:10:14 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1354038233-4096182011-1068927084-4506UA.job
[2012/03/29 11:10:14 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1354038233-4096182011-1068927084-4506Core.job
[2012/03/24 14:56:47 | 000,001,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2012/03/24 14:49:14 | 000,070,353 | ---- | C] () -- C:\plantarplans.skp
[2012/03/18 22:56:43 | 000,001,005 | ---- | C] () -- C:\SmartFTP Client License Key.xml
[2011/05/01 19:43:30 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\mjlyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mjlyle\Application Data\45556xx.ini
[2011/02/05 04:33:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/05 04:33:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/30 19:40:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/25 04:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/04/25 04:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/04/25 04:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/10 22:58:17 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) -- C:\WINDOWS\system32\drivers\ctxusbm.sys
[2012/04/11 10:25:39 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys

< %SYSTEMDRIVE%\*.exe >
[2012/04/05 13:06:39 | 001,525,384 | ---- | M] () -- C:\sarsfx.exe
[2012/03/18 23:11:47 | 015,456,968 | ---- | M] (SmartSoft Ltd) -- C:\SFTPMSI.exe

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/18 22:59:54 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/18 22:59:54 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/18 22:59:54 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/18 22:59:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/18 22:59:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/18 22:59:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/18 22:59:54 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/18 22:59:54 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/18 22:59:54 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/18 22:59:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/18 22:59:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/18 22:59:48 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\mjlyle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/09 15:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f -> Junction

< End of report >

#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:26 AM

Posted 14 April 2012 - 09:57 AM

Hi wifey,

I will be handling your logs to help you get cleaned up. Please give me some time to look them over and I will get back to you as soon as possible. Thanks in advance for your patience.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:26 AM

Posted 14 April 2012 - 03:55 PM

Hi wifey,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


:step1: It looks like you've already run Combofix. Please post the Combofix log in your next post (if it exists). It'll be located at C:\Combofix.txt


If you don't see that file there, please download a new version of Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


In your next reply, please include:
  • Combofix log
  • How's your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:26 AM

Posted 19 April 2012 - 10:07 AM

Hi wifey,

It's been 5 days since my last post. Do you still need help?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,599 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:26 AM

Posted 23 April 2012 - 10:15 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users