Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Multi.ZAccess.gen infection in System32


  • This topic is locked This topic is locked
73 replies to this topic

#1 phiesei54

phiesei54

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, TEXAS
  • Local time:09:32 AM

Posted 27 April 2012 - 04:38 PM

Hello and advanced thank you for helping me out..

I have done a clean install of Windows 7 Ultimate x64 just withing the last month, and now today I startup my pc and my AVG throws up a Multiple threat detection with the following:

"c:\Windows\System32\ghaio.dll";"Trojan horse BackDoor.Generic15.ABEM";"Infected"
"c:\Windows\System32\usprserv.dll";"Trojan horse BackDoor.Generic15.ABEM";"Infected"

I re-scanned the windows\system32 folder and it found another two infected .dll's:

"C:\Windows\System32\usprserv.dll";"Trojan horse BackDoor.Generic15.ABEM";"Infected"
"C:\Windows\System32\mfetdik.dll";"Trojan horse BackDoor.Generic15.ABEM";"Infected"
"C:\Windows\System32\ghaio.dll";"Trojan horse BackDoor.Generic15.ABEM";"Infected"
"C:\Windows\System32\consrv.dll";"Trojan horse Generic26.ATMH";"Infected"

I did a search in their database for this, but nothing came up. I did a search on Bing for this and found a link to your site.


I have not chosen any removal or quarantines as I would like to ask for your advice. I didn't want to remove them and they keep coming back. I just want it cleaned permanently.

I read another article and downloaded the Kaspersky TDSSKiller already, but have not selected to delete just yet. These seem to be some sort of browser hijacker or redeirects, because once I went to a website, another tab opened with a different site. Then, while I was reading another article, a news video was playing in the background, but was not on this site.

After running the TDSSKIller scan, the log report shows the detected count at the bottom, but it did not detect the consvr.dll

Not sure what this is linked to
consvr.dll

Service: vmnetuserif
Backdoor.Multi.ZAccess.gen
ghaio.dll

Service: TMBUS
Backdoor.Multi.ZAccess.gen
mfetdik.dll

Service: Mapolm
Backdoor.Multi.ZAccess.gen
usprserv.dll

Included attachments of screenshots and TDSSKIller log report are included

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:32 AM

Posted 27 April 2012 - 06:01 PM

Hi,

Please do the following:


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 phiesei54

phiesei54
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, TEXAS
  • Local time:09:32 AM

Posted 27 April 2012 - 09:26 PM

Hi,

Thank you for you response. I will follow your directions and try to get back to you as soon as possible. As far as my attachments not being uploaded is beyond me. The screenshots are provided below:

http://farm9.staticflickr.com/8168/7120147719_b857e055f6_z.jpg
http://farm8.staticflickr.com/7139/6974066090_a6dfceaaf9_c.jpg
http://farm8.staticflickr.com/7064/7120147915_fbbe6ac353_z.jpg
http://farm8.staticflickr.com/7094/6974066254_83e810bb97_z.jpg


The logfile from Kaspersky TDSSKiller:

15:15:45.0269 8788 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:15:45.0753 8788 ============================================================
15:15:45.0754 8788 Current date / time: 2012/04/27 15:15:45.0753
15:15:45.0754 8788 SystemInfo:
15:15:45.0754 8788
15:15:45.0754 8788 OS Version: 6.1.7601 ServicePack: 1.0
15:15:45.0754 8788 Product type: Workstation
15:15:45.0754 8788 ComputerName: SCOTT-PC
15:15:45.0754 8788 UserName: Scott
15:15:45.0754 8788 Windows directory: C:\Windows
15:15:45.0754 8788 System windows directory: C:\Windows
15:15:45.0754 8788 Running under WOW64
15:15:45.0754 8788 Processor architecture: Intel x64
15:15:45.0754 8788 Number of processors: 4
15:15:45.0754 8788 Page size: 0x1000
15:15:45.0754 8788 Boot type: Normal boot
15:15:45.0754 8788 ============================================================
15:15:46.0912 8788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:15:47.0008 8788 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:15:47.0435 8788 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:15:47.0436 8788 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:15:47.0445 8788 ============================================================
15:15:47.0445 8788 \Device\Harddisk0\DR0:
15:15:47.0503 8788 MBR partitions:
15:15:47.0503 8788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:15:47.0503 8788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
15:15:47.0504 8788 \Device\Harddisk1\DR1:
15:15:47.0557 8788 MBR partitions:
15:15:47.0560 8788 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xAEA82841
15:15:47.0560 8788 \Device\Harddisk2\DR2:
15:15:47.0560 8788 MBR partitions:
15:15:47.0561 8788 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xAEA82841
15:15:47.0561 8788 \Device\Harddisk3\DR3:
15:15:47.0561 8788 MBR partitions:
15:15:47.0574 8788 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xE8E035C1
15:15:47.0574 8788 ============================================================
15:15:47.0648 8788 C: <-> \Device\Harddisk0\DR0\Partition1
15:15:47.0676 8788 E: <-> \Device\Harddisk1\DR1\Partition0
15:15:47.0685 8788 F: <-> \Device\Harddisk2\DR2\Partition0
15:15:47.0863 8788 I: <-> \Device\Harddisk3\DR3\Partition0
15:15:47.0863 8788 ============================================================
15:15:47.0863 8788 Initialize success
15:15:47.0863 8788 ============================================================
15:17:48.0171 7980 ============================================================
15:17:48.0171 7980 Scan started
15:17:48.0171 7980 Mode: Manual; SigCheck; TDLFS;
15:17:48.0171 7980 ============================================================
15:17:51.0580 7980 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:17:51.0632 7980 1394ohci - ok
15:17:51.0649 7980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:17:51.0661 7980 ACPI - ok
15:17:51.0693 7980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:17:51.0790 7980 AcpiPmi - ok
15:17:51.0868 7980 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:51.0878 7980 AdobeFlashPlayerUpdateSvc - ok
15:17:51.0908 7980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:17:51.0925 7980 adp94xx - ok
15:17:51.0939 7980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:17:51.0953 7980 adpahci - ok
15:17:52.0000 7980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:17:52.0010 7980 adpu320 - ok
15:17:52.0036 7980 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:17:52.0112 7980 AeLookupSvc - ok
15:17:52.0165 7980 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:17:52.0202 7980 AFD - ok
15:17:52.0256 7980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:17:52.0264 7980 agp440 - ok
15:17:52.0281 7980 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:17:52.0299 7980 ALG - ok
15:17:52.0313 7980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:17:52.0324 7980 aliide - ok
15:17:52.0502 7980 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
15:17:52.0556 7980 AMD External Events Utility - ok
15:17:52.0571 7980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:17:52.0582 7980 amdide - ok
15:17:52.0599 7980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:17:52.0624 7980 AmdK8 - ok
15:17:53.0174 7980 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
15:17:53.0389 7980 amdkmdag - ok
15:17:53.0474 7980 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
15:17:53.0494 7980 amdkmdap - ok
15:17:53.0562 7980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:17:53.0585 7980 AmdPPM - ok
15:17:53.0609 7980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:17:53.0622 7980 amdsata - ok
15:17:53.0633 7980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:17:53.0645 7980 amdsbs - ok
15:17:53.0654 7980 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:17:53.0661 7980 amdxata - ok
15:17:53.0723 7980 AODDriver (43ed1d08c19626688db34f63e55114fb) C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys
15:17:53.0759 7980 AODDriver - ok
15:17:53.0817 7980 AODService (89122a637c5c90b0f9f05ff3abea843a) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
15:17:53.0839 7980 AODService - ok
15:17:53.0862 7980 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:17:53.0971 7980 AppID - ok
15:17:53.0991 7980 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:17:54.0028 7980 AppIDSvc - ok
15:17:54.0065 7980 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:17:54.0097 7980 Appinfo - ok
15:17:54.0177 7980 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:17:54.0184 7980 Apple Mobile Device - ok
15:17:54.0215 7980 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:17:54.0234 7980 AppMgmt - ok
15:17:54.0257 7980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:17:54.0266 7980 arc - ok
15:17:54.0309 7980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:17:54.0318 7980 arcsas - ok
15:17:54.0348 7980 astcc - ok
15:17:54.0356 7980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:54.0395 7980 AsyncMac - ok
15:17:54.0409 7980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:17:54.0415 7980 atapi - ok
15:17:54.0917 7980 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
15:17:54.0997 7980 atikmdag - ok
15:17:55.0132 7980 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:17:55.0141 7980 AtiPcie - ok
15:17:55.0193 7980 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:17:55.0243 7980 AudioEndpointBuilder - ok
15:17:55.0249 7980 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:17:55.0276 7980 AudioSrv - ok
15:17:55.0421 7980 AVerRemote (6a3ba0e71b07b9ba1db49e5a8f3022be) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
15:17:55.0445 7980 AVerRemote ( UnsignedFile.Multi.Generic ) - warning
15:17:55.0445 7980 AVerRemote - detected UnsignedFile.Multi.Generic (1)
15:17:55.0466 7980 AVerScheduleService (3094f37d17c9f91632689ffe9381fc4b) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
15:17:55.0486 7980 AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
15:17:55.0486 7980 AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
15:17:55.0587 7980 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
15:17:55.0612 7980 AVG Security Toolbar Service - ok
15:17:55.0735 7980 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files (x86)\AVG\AVG9\avgemc.exe
15:17:55.0754 7980 avg9emc - ok
15:17:55.0774 7980 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
15:17:55.0786 7980 avg9wd - ok
15:17:55.0855 7980 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\System32\Drivers\avgldx64.sys
15:17:55.0866 7980 AvgLdx64 - ok
15:17:55.0881 7980 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\System32\Drivers\avgmfx64.sys
15:17:55.0889 7980 AvgMfx64 - ok
15:17:55.0958 7980 AvgRkx64 (5e7f0f9cbe0f7823371a4d51df29f7ff) C:\Windows\system32\Drivers\avgrkx64.sys
15:17:55.0966 7980 AvgRkx64 - ok
15:17:55.0996 7980 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\System32\Drivers\avgtdia.sys
15:17:56.0009 7980 AvgTdiA - ok
15:17:56.0037 7980 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:17:56.0069 7980 AxInstSV - ok
15:17:56.0114 7980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:17:56.0140 7980 b06bdrv - ok
15:17:56.0209 7980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:17:56.0271 7980 b57nd60a - ok
15:17:56.0364 7980 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:17:56.0399 7980 BBSvc - ok
15:17:56.0736 7980 BCUService (2025c7707d8b298e0b3fd4767db72bf1) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
15:17:56.0748 7980 BCUService - ok
15:17:56.0783 7980 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:17:56.0804 7980 BDESVC - ok
15:17:56.0822 7980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:17:56.0875 7980 Beep - ok
15:17:56.0909 7980 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:17:56.0953 7980 BITS - ok
15:17:56.0989 7980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:17:57.0007 7980 blbdrive - ok
15:17:57.0111 7980 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:17:57.0148 7980 Bonjour Service - ok
15:17:57.0207 7980 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:17:57.0240 7980 bowser - ok
15:17:57.0270 7980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:17:57.0293 7980 BrFiltLo - ok
15:17:57.0297 7980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:17:57.0310 7980 BrFiltUp - ok
15:17:57.0346 7980 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:17:57.0382 7980 Browser - ok
15:17:57.0397 7980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:17:57.0425 7980 Brserid - ok
15:17:57.0435 7980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:17:57.0451 7980 BrSerWdm - ok
15:17:57.0467 7980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:17:57.0496 7980 BrUsbMdm - ok
15:17:57.0537 7980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:17:57.0559 7980 BrUsbSer - ok
15:17:57.0574 7980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:17:57.0595 7980 BTHMODEM - ok
15:17:57.0677 7980 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:17:57.0712 7980 bthserv - ok
15:17:57.0722 7980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:17:57.0746 7980 cdfs - ok
15:17:57.0767 7980 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:17:57.0785 7980 cdrom - ok
15:17:57.0840 7980 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:17:57.0884 7980 CertPropSvc - ok
15:17:57.0953 7980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:17:57.0970 7980 circlass - ok
15:17:58.0008 7980 CLBStor (2b6b01f0b1de1b9a0285f9cf36fd6b22) C:\Windows\system32\DRIVERS\CLBStor.sys
15:17:58.0014 7980 CLBStor - ok
15:17:58.0045 7980 CLBUDF (454dd4628aa72673fe62470d8995d172) C:\Windows\system32\drivers\CLBUDF.sys
15:17:58.0054 7980 CLBUDF - ok
15:17:58.0077 7980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:17:58.0090 7980 CLFS - ok
15:17:58.0204 7980 CLKMSVC10_90970B6B (fe1c81a049e5c5d67c4ab7c31c899f6f) C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe
15:17:58.0214 7980 CLKMSVC10_90970B6B - ok
15:17:58.0293 7980 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:58.0302 7980 clr_optimization_v2.0.50727_32 - ok
15:17:58.0326 7980 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:17:58.0333 7980 clr_optimization_v2.0.50727_64 - ok
15:17:58.0387 7980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:58.0394 7980 clr_optimization_v4.0.30319_32 - ok
15:17:58.0458 7980 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:17:58.0465 7980 clr_optimization_v4.0.30319_64 - ok
15:17:58.0522 7980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:17:58.0540 7980 CmBatt - ok
15:17:58.0554 7980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:17:58.0562 7980 cmdide - ok
15:17:58.0602 7980 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:17:58.0620 7980 CNG - ok
15:17:58.0626 7980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:17:58.0634 7980 Compbatt - ok
15:17:58.0652 7980 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:17:58.0736 7980 CompositeBus - ok
15:17:58.0745 7980 COMSysApp - ok
15:17:58.0756 7980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:17:58.0766 7980 crcdisk - ok
15:17:58.0794 7980 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:17:58.0838 7980 CryptSvc - ok
15:17:58.0866 7980 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:17:58.0900 7980 CSC - ok
15:17:58.0974 7980 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:17:58.0995 7980 CscService - ok
15:17:59.0042 7980 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:17:59.0092 7980 DcomLaunch - ok
15:17:59.0140 7980 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:17:59.0186 7980 defragsvc - ok
15:17:59.0257 7980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:17:59.0322 7980 DfsC - ok
15:17:59.0356 7980 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:17:59.0387 7980 Dhcp - ok
15:17:59.0402 7980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:17:59.0433 7980 discache - ok
15:17:59.0505 7980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:17:59.0512 7980 Disk - ok
15:17:59.0541 7980 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:17:59.0555 7980 dmvsc - ok
15:17:59.0614 7980 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:17:59.0625 7980 Dnscache - ok
15:17:59.0655 7980 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:17:59.0691 7980 dot3svc - ok
15:17:59.0706 7980 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:17:59.0800 7980 DPS - ok
15:17:59.0823 7980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:17:59.0848 7980 drmkaud - ok
15:17:59.0890 7980 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:17:59.0901 7980 dtsoftbus01 - ok
15:17:59.0940 7980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:17:59.0964 7980 DXGKrnl - ok
15:18:00.0021 7980 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:18:00.0050 7980 EapHost - ok
15:18:00.0142 7980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:18:00.0205 7980 ebdrv - ok
15:18:00.0299 7980 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:18:00.0311 7980 EFS - ok
15:18:00.0409 7980 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:18:00.0482 7980 ehRecvr - ok
15:18:00.0687 7980 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:18:00.0716 7980 ehSched - ok
15:18:00.0889 7980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:18:01.0026 7980 elxstor - ok
15:18:01.0050 7980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:18:01.0058 7980 ErrDev - ok
15:18:01.0092 7980 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:18:01.0137 7980 EventSystem - ok
15:18:01.0152 7980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:18:01.0177 7980 exfat - ok
15:18:01.0188 7980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:18:01.0219 7980 fastfat - ok
15:18:01.0335 7980 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:18:01.0387 7980 Fax - ok
15:18:01.0392 7980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:18:01.0404 7980 fdc - ok
15:18:01.0431 7980 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:18:01.0471 7980 fdPHost - ok
15:18:01.0485 7980 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:18:01.0510 7980 FDResPub - ok
15:18:01.0542 7980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:18:01.0549 7980 FileInfo - ok
15:18:01.0577 7980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:18:01.0651 7980 Filetrace - ok
15:18:01.0730 7980 FLASHSYS (5b314cc7640d091de8f3bc822490da28) C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys
15:18:01.0749 7980 FLASHSYS - ok
15:18:01.0873 7980 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
15:18:01.0886 7980 FlipShare Service - ok
15:18:01.0945 7980 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
15:18:01.0969 7980 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
15:18:01.0969 7980 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
15:18:02.0084 7980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:18:02.0116 7980 flpydisk - ok
15:18:02.0134 7980 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:18:02.0150 7980 FltMgr - ok
15:18:02.0214 7980 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:18:02.0258 7980 FontCache - ok
15:18:02.0285 7980 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:18:02.0295 7980 FontCache3.0.0.0 - ok
15:18:02.0371 7980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:18:02.0396 7980 FsDepends - ok
15:18:02.0433 7980 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
15:18:02.0443 7980 fssfltr - ok
15:18:02.0653 7980 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:18:02.0694 7980 fsssvc - ok
15:18:02.0788 7980 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:18:02.0814 7980 Fs_Rec - ok
15:18:02.0900 7980 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:18:02.0917 7980 fvevol - ok
15:18:02.0931 7980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:18:02.0943 7980 gagp30kx - ok
15:18:02.0977 7980 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:18:02.0983 7980 GEARAspiWDM - ok
15:18:03.0024 7980 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:18:03.0057 7980 gpsvc - ok
15:18:03.0072 7980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:18:03.0086 7980 hcw85cir - ok
15:18:03.0146 7980 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:18:03.0171 7980 HdAudAddService - ok
15:18:03.0197 7980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:18:03.0215 7980 HDAudBus - ok
15:18:03.0240 7980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:18:03.0249 7980 HidBatt - ok
15:18:03.0255 7980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:18:03.0266 7980 HidBth - ok
15:18:03.0270 7980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:18:03.0280 7980 HidIr - ok
15:18:03.0299 7980 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:18:03.0330 7980 hidserv - ok
15:18:03.0397 7980 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:18:03.0404 7980 HidUsb - ok
15:18:03.0418 7980 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:18:03.0450 7980 hkmsvc - ok
15:18:03.0471 7980 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:18:03.0493 7980 HomeGroupListener - ok
15:18:03.0515 7980 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:18:03.0530 7980 HomeGroupProvider - ok
15:18:03.0551 7980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:18:03.0559 7980 HpSAMD - ok
15:18:03.0586 7980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:18:03.0672 7980 HTTP - ok
15:18:03.0678 7980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:18:03.0685 7980 hwpolicy - ok
15:18:03.0713 7980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:18:03.0741 7980 i8042prt - ok
15:18:03.0770 7980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:18:03.0790 7980 iaStorV - ok
15:18:03.0861 7980 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:18:03.0890 7980 idsvc - ok
15:18:03.0911 7980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:18:03.0923 7980 iirsp - ok
15:18:04.0008 7980 IJPLMSVC (51516252dbbfed36f70b341dba263167) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
15:18:04.0023 7980 IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
15:18:04.0023 7980 IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
15:18:04.0067 7980 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:18:04.0105 7980 IKEEXT - ok
15:18:04.0243 7980 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
15:18:04.0279 7980 IntcAzAudAddService - ok
15:18:04.0353 7980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:18:04.0361 7980 intelide - ok
15:18:04.0379 7980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
15:18:04.0451 7980 intelppm - ok
15:18:04.0546 7980 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
15:18:04.0558 7980 IntuitUpdateService - ok
15:18:04.0602 7980 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:18:04.0607 7980 IntuitUpdateServiceV4 - ok
15:18:04.0644 7980 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:18:04.0702 7980 IPBusEnum - ok
15:18:04.0711 7980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:04.0735 7980 IpFilterDriver - ok
15:18:04.0748 7980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:18:04.0762 7980 IPMIDRV - ok
15:18:04.0787 7980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:18:04.0863 7980 IPNAT - ok
15:18:05.0006 7980 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:18:05.0034 7980 iPod Service - ok
15:18:05.0059 7980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:18:05.0070 7980 IRENUM - ok
15:18:05.0084 7980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:18:05.0091 7980 isapnp - ok
15:18:05.0110 7980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:18:05.0122 7980 iScsiPrt - ok
15:18:05.0140 7980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:18:05.0148 7980 kbdclass - ok
15:18:05.0187 7980 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:18:05.0213 7980 kbdhid - ok
15:18:05.0243 7980 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:18:05.0250 7980 KeyIso - ok
15:18:05.0257 7980 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:18:05.0265 7980 KSecDD - ok
15:18:05.0277 7980 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:18:05.0285 7980 KSecPkg - ok
15:18:05.0294 7980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:18:05.0322 7980 ksthunk - ok
15:18:05.0356 7980 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:18:05.0389 7980 KtmRm - ok
15:18:05.0456 7980 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:18:05.0528 7980 LanmanServer - ok
15:18:05.0550 7980 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:18:05.0578 7980 LanmanWorkstation - ok
15:18:05.0685 7980 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
15:18:05.0701 7980 LBTServ - ok
15:18:05.0741 7980 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:18:05.0749 7980 LHidFilt - ok
15:18:05.0814 7980 LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:18:05.0822 7980 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:18:05.0822 7980 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:18:05.0863 7980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:18:05.0924 7980 lltdio - ok
15:18:05.0950 7980 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:18:05.0986 7980 lltdsvc - ok
15:18:05.0999 7980 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:18:06.0022 7980 lmhosts - ok
15:18:06.0057 7980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:18:06.0067 7980 LSI_FC - ok
15:18:06.0072 7980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:18:06.0081 7980 LSI_SAS - ok
15:18:06.0089 7980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:18:06.0098 7980 LSI_SAS2 - ok
15:18:06.0106 7980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:18:06.0115 7980 LSI_SCSI - ok
15:18:06.0149 7980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:18:06.0176 7980 luafv - ok
15:18:06.0217 7980 Maplom (5f22132c9153639762708909f156b33d) C:\Windows\system32\usprserv.dll
15:18:06.0223 7980 Suspicious file (NoAccess): C:\Windows\system32\usprserv.dll. md5: 5f22132c9153639762708909f156b33d
15:18:06.0224 7980 Maplom ( Backdoor.Multi.ZAccess.gen ) - infected
15:18:06.0224 7980 Maplom - detected Backdoor.Multi.ZAccess.gen (0)
15:18:06.0308 7980 MaxSch2Svc (cf3b9ebc6dc3cefa2b0270672763466a) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
15:18:06.0324 7980 MaxSch2Svc - ok
15:18:06.0500 7980 MBAMProtector (1399f4c8c1303b9c979341b0fe6e4b7e) C:\Windows\system32\drivers\mbam.sys
15:18:06.0507 7980 MBAMProtector - ok
15:18:06.0553 7980 MBAMService (8faaf64a7144cfe36008764307a3a133) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:18:06.0560 7980 MBAMService - ok
15:18:06.0574 7980 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:18:06.0584 7980 Mcx2Svc - ok
15:18:06.0601 7980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:18:06.0610 7980 megasas - ok
15:18:06.0625 7980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:18:06.0638 7980 MegaSR - ok
15:18:06.0694 7980 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:18:06.0702 7980 Microsoft Office Groove Audit Service - ok
15:18:06.0716 7980 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:18:06.0749 7980 MMCSS - ok
15:18:06.0787 7980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:18:06.0818 7980 Modem - ok
15:18:06.0850 7980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:18:06.0864 7980 monitor - ok
15:18:06.0877 7980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:18:06.0884 7980 mouclass - ok
15:18:06.0901 7980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:18:06.0917 7980 mouhid - ok
15:18:06.0931 7980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:18:06.0939 7980 mountmgr - ok
15:18:06.0962 7980 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:18:06.0971 7980 MozillaMaintenance - ok
15:18:06.0981 7980 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:18:06.0991 7980 mpio - ok
15:18:07.0020 7980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:18:07.0045 7980 mpsdrv - ok
15:18:07.0059 7980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:18:07.0078 7980 MRxDAV - ok
15:18:07.0125 7980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:07.0158 7980 mrxsmb - ok
15:18:07.0178 7980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:07.0192 7980 mrxsmb10 - ok
15:18:07.0207 7980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:07.0215 7980 mrxsmb20 - ok
15:18:07.0255 7980 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:18:07.0269 7980 msahci - ok
15:18:07.0281 7980 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:18:07.0291 7980 msdsm - ok
15:18:07.0314 7980 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:18:07.0328 7980 MSDTC - ok
15:18:07.0357 7980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:18:07.0380 7980 Msfs - ok
15:18:07.0400 7980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:18:07.0433 7980 mshidkmdf - ok
15:18:07.0442 7980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:18:07.0448 7980 msisadrv - ok
15:18:07.0502 7980 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:18:07.0551 7980 MSiSCSI - ok
15:18:07.0554 7980 msiserver - ok
15:18:07.0568 7980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:18:07.0601 7980 MSKSSRV - ok
15:18:07.0625 7980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:07.0716 7980 MSPCLOCK - ok
15:18:07.0730 7980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:18:07.0773 7980 MSPQM - ok
15:18:07.0789 7980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:18:07.0806 7980 MsRPC - ok
15:18:07.0821 7980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:18:07.0829 7980 mssmbios - ok
15:18:07.0832 7980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:18:07.0868 7980 MSTEE - ok
15:18:07.0871 7980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:18:07.0878 7980 MTConfig - ok
15:18:07.0892 7980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:18:07.0898 7980 Mup - ok
15:18:07.0960 7980 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:18:07.0997 7980 napagent - ok
15:18:08.0018 7980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:18:08.0035 7980 NativeWifiP - ok
15:18:08.0090 7980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:18:08.0113 7980 NDIS - ok
15:18:08.0124 7980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:18:08.0147 7980 NdisCap - ok
15:18:08.0173 7980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:08.0197 7980 NdisTapi - ok
15:18:08.0269 7980 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:08.0335 7980 Ndisuio - ok
15:18:08.0345 7980 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:08.0379 7980 NdisWan - ok
15:18:08.0391 7980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:18:08.0414 7980 NDProxy - ok
15:18:08.0438 7980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:18:08.0469 7980 NetBIOS - ok
15:18:08.0484 7980 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:18:08.0508 7980 NetBT - ok
15:18:08.0588 7980 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:18:08.0595 7980 Netlogon - ok
15:18:08.0640 7980 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:18:08.0701 7980 Netman - ok
15:18:08.0726 7980 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:18:08.0770 7980 netprofm - ok
15:18:08.0847 7980 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:18:08.0855 7980 NetTcpPortSharing - ok
15:18:08.0877 7980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:18:08.0886 7980 nfrd960 - ok
15:18:08.0924 7980 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:18:08.0955 7980 NlaSvc - ok
15:18:08.0989 7980 NPF (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\drivers\npf.sys
15:18:09.0003 7980 NPF - ok
15:18:09.0020 7980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:18:09.0056 7980 Npfs - ok
15:18:09.0098 7980 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:18:09.0158 7980 nsi - ok
15:18:09.0168 7980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:18:09.0201 7980 nsiproxy - ok
15:18:09.0278 7980 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:18:09.0322 7980 Ntfs - ok
15:18:09.0398 7980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:18:09.0421 7980 Null - ok
15:18:09.0438 7980 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:18:09.0448 7980 nvraid - ok
15:18:09.0459 7980 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:18:09.0469 7980 nvstor - ok
15:18:09.0486 7980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:18:09.0495 7980 nv_agp - ok
15:18:09.0643 7980 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:18:09.0666 7980 odserv - ok
15:18:09.0673 7980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:18:09.0685 7980 ohci1394 - ok
15:18:09.0738 7980 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:18:09.0746 7980 ose - ok
15:18:09.0774 7980 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:18:09.0795 7980 p2pimsvc - ok
15:18:09.0874 7980 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:18:09.0902 7980 p2psvc - ok
15:18:09.0909 7980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:18:09.0926 7980 Parport - ok
15:18:09.0939 7980 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:18:09.0947 7980 partmgr - ok
15:18:09.0959 7980 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:18:09.0980 7980 PcaSvc - ok
15:18:09.0997 7980 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:18:10.0006 7980 pci - ok
15:18:10.0016 7980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:18:10.0023 7980 pciide - ok
15:18:10.0035 7980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:18:10.0047 7980 pcmcia - ok
15:18:10.0091 7980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:18:10.0098 7980 pcw - ok
15:18:10.0129 7980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:18:10.0170 7980 PEAUTH - ok
15:18:10.0233 7980 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:18:10.0273 7980 PeerDistSvc - ok
15:18:10.0527 7980 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:18:10.0535 7980 PerfHost - ok
15:18:10.0648 7980 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:18:10.0724 7980 pla - ok
15:18:10.0777 7980 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:18:10.0802 7980 PlugPlay - ok
15:18:10.0817 7980 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:18:10.0834 7980 PNRPAutoReg - ok
15:18:10.0858 7980 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:18:10.0870 7980 PNRPsvc - ok
15:18:10.0949 7980 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:18:10.0958 7980 Point64 - ok
15:18:11.0005 7980 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:18:11.0046 7980 PolicyAgent - ok
15:18:11.0063 7980 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:18:11.0096 7980 Power - ok
15:18:11.0124 7980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:18:11.0155 7980 PptpMiniport - ok
15:18:11.0193 7980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:18:11.0209 7980 Processor - ok
15:18:11.0230 7980 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:18:11.0265 7980 ProfSvc - ok
15:18:11.0294 7980 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:18:11.0301 7980 ProtectedStorage - ok
15:18:11.0317 7980 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:18:11.0340 7980 Psched - ok
15:18:11.0385 7980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:18:11.0429 7980 ql2300 - ok
15:18:11.0497 7980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:18:11.0506 7980 ql40xx - ok
15:18:11.0552 7980 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:18:11.0585 7980 QWAVE - ok
15:18:11.0598 7980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:18:11.0626 7980 QWAVEdrv - ok
15:18:11.0636 7980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:18:11.0705 7980 RasAcd - ok
15:18:11.0728 7980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:18:11.0753 7980 RasAgileVpn - ok
15:18:11.0766 7980 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:18:11.0799 7980 RasAuto - ok
15:18:11.0812 7980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:11.0842 7980 Rasl2tp - ok
15:18:11.0857 7980 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:18:11.0885 7980 RasMan - ok
15:18:11.0897 7980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:11.0925 7980 RasPppoe - ok
15:18:11.0952 7980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:18:12.0032 7980 RasSstp - ok
15:18:12.0054 7980 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:18:12.0082 7980 rdbss - ok
15:18:12.0089 7980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:18:12.0102 7980 rdpbus - ok
15:18:12.0110 7980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:12.0133 7980 RDPCDD - ok
15:18:12.0192 7980 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:18:12.0212 7980 RDPDR - ok
15:18:12.0235 7980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:18:12.0268 7980 RDPENCDD - ok
15:18:12.0284 7980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:18:12.0306 7980 RDPREFMP - ok
15:18:12.0369 7980 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:18:12.0384 7980 RdpVideoMiniport - ok
15:18:12.0633 7980 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:18:12.0696 7980 RDPWD - ok
15:18:12.0731 7980 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:18:12.0766 7980 rdyboost - ok
15:18:12.0800 7980 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:18:12.0835 7980 RemoteAccess - ok
15:18:12.0860 7980 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:18:12.0893 7980 RemoteRegistry - ok
15:18:12.0986 7980 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:18:12.0994 7980 RichVideo ( UnsignedFile.Multi.Generic ) - warning
15:18:12.0994 7980 RichVideo - detected UnsignedFile.Multi.Generic (1)
15:18:13.0005 7980 rpcapd - ok
15:18:13.0020 7980 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:18:13.0065 7980 RpcEptMapper - ok
15:18:13.0092 7980 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:18:13.0118 7980 RpcLocator - ok
15:18:13.0143 7980 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:18:13.0168 7980 RpcSs - ok
15:18:13.0214 7980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:18:13.0254 7980 rspndr - ok
15:18:13.0297 7980 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:18:13.0308 7980 RTL8167 - ok
15:18:13.0325 7980 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:18:13.0371 7980 s3cap - ok
15:18:13.0401 7980 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:18:13.0408 7980 SamSs - ok
15:18:13.0419 7980 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:18:13.0429 7980 sbp2port - ok
15:18:13.0456 7980 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:18:13.0482 7980 SCardSvr - ok
15:18:13.0506 7980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:18:13.0539 7980 scfilter - ok
15:18:13.0631 7980 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:18:13.0730 7980 Schedule - ok
15:18:13.0756 7980 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:18:13.0777 7980 SCPolicySvc - ok
15:18:13.0922 7980 ScsiAccess (958e956e119eb7b9aba142afed1b5ff4) C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
15:18:13.0948 7980 ScsiAccess - ok
15:18:13.0973 7980 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:18:13.0992 7980 SDRSVC - ok
15:18:14.0059 7980 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:18:14.0074 7980 SeaPort - ok
15:18:14.0160 7980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:18:14.0191 7980 secdrv - ok
15:18:14.0206 7980 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:18:14.0229 7980 seclogon - ok
15:18:14.0240 7980 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:18:14.0275 7980 SENS - ok
15:18:14.0287 7980 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:18:14.0302 7980 SensrSvc - ok
15:18:14.0334 7980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:18:14.0365 7980 Serenum - ok
15:18:14.0796 7980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:18:14.0856 7980 Serial - ok
15:18:14.0874 7980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:18:14.0905 7980 sermouse - ok
15:18:14.0931 7980 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:18:14.0968 7980 SessionEnv - ok
15:18:14.0971 7980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:18:14.0980 7980 sffdisk - ok
15:18:14.0983 7980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:18:14.0997 7980 sffp_mmc - ok
15:18:15.0020 7980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:18:15.0042 7980 sffp_sd - ok
15:18:15.0174 7980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:18:15.0311 7980 sfloppy - ok
15:18:15.0400 7980 SgtSch2Svc (cf3b9ebc6dc3cefa2b0270672763466a) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
15:18:15.0415 7980 SgtSch2Svc - ok
15:18:15.0439 7980 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:18:15.0467 7980 SharedAccess - ok
15:18:15.0493 7980 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:18:15.0528 7980 ShellHWDetection - ok
15:18:15.0573 7980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:18:15.0597 7980 SiSRaid2 - ok
15:18:15.0607 7980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:18:15.0619 7980 SiSRaid4 - ok
15:18:15.0636 7980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:18:15.0675 7980 Smb - ok
15:18:15.0734 7980 snapman (8ac15211eb4bf019aab0022781cc8ad0) C:\Windows\system32\DRIVERS\snapman.sys
15:18:15.0743 7980 snapman - ok
15:18:15.0775 7980 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:18:15.0807 7980 SNMPTRAP - ok
15:18:15.0820 7980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:18:15.0830 7980 spldr - ok
15:18:15.0858 7980 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:18:15.0899 7980 Spooler - ok
15:18:16.0075 7980 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:18:16.0177 7980 sppsvc - ok
15:18:16.0253 7980 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:18:16.0278 7980 sppuinotify - ok
15:18:16.0688 7980 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:18:16.0736 7980 srv - ok
15:18:16.0774 7980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:18:16.0803 7980 srv2 - ok
15:18:16.0816 7980 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:18:16.0828 7980 srvnet - ok
15:18:16.0860 7980 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:18:16.0904 7980 SSDPSRV - ok
15:18:16.0911 7980 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:18:16.0937 7980 SstpSvc - ok
15:18:16.0953 7980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:18:16.0961 7980 stexstor - ok
15:18:16.0986 7980 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:18:17.0006 7980 StillCam - ok
15:18:17.0048 7980 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:18:17.0067 7980 stisvc - ok
15:18:17.0085 7980 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:18:17.0092 7980 storflt - ok
15:18:17.0129 7980 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:18:17.0147 7980 storvsc - ok
15:18:17.0182 7980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:18:17.0189 7980 swenum - ok
15:18:17.0211 7980 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:18:17.0250 7980 swprv - ok
15:18:17.0273 7980 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
15:18:17.0283 7980 Synth3dVsc - ok
15:18:17.0339 7980 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:18:17.0393 7980 SysMain - ok
15:18:17.0471 7980 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:18:17.0489 7980 TabletInputService - ok
15:18:17.0509 7980 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:18:17.0542 7980 TapiSrv - ok
15:18:17.0552 7980 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:18:17.0575 7980 TBS - ok
15:18:17.0705 7980 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:18:17.0763 7980 Tcpip - ok
15:18:18.0071 7980 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:18:18.0100 7980 TCPIP6 - ok
15:18:18.0205 7980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:18:18.0243 7980 tcpipreg - ok
15:18:18.0256 7980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:18:18.0275 7980 TDPIPE - ok
15:18:18.0658 7980 tdrpman (ac1fc18d04b92bac16cbd85de2a08a0b) C:\Windows\system32\DRIVERS\tdrpman.sys
15:18:18.0691 7980 tdrpman - ok
15:18:18.0725 7980 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:18:18.0741 7980 TDTCP - ok
15:18:18.0762 7980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:18:18.0789 7980 tdx - ok
15:18:18.0798 7980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:18:18.0806 7980 TermDD - ok
15:18:18.0830 7980 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
15:18:18.0868 7980 terminpt - ok
15:18:18.0910 7980 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:18:18.0957 7980 TermService - ok
15:18:18.0964 7980 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:18:18.0975 7980 Themes - ok
15:18:18.0994 7980 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:18:19.0017 7980 THREADORDER - ok
15:18:19.0059 7980 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
15:18:19.0065 7980 tifsfilter - ok
15:18:19.0166 7980 timounter (ec4fd4d147985a97e881729e808e6f34) C:\Windows\system32\DRIVERS\timntr.sys
15:18:19.0229 7980 timounter - ok
15:18:19.0256 7980 TMBUS (5f22132c9153639762708909f156b33d) C:\Windows\system32\mfetdik.dll
15:18:19.0264 7980 Suspicious file (NoAccess): C:\Windows\system32\mfetdik.dll. md5: 5f22132c9153639762708909f156b33d
15:18:19.0264 7980 TMBUS ( Backdoor.Multi.ZAccess.gen ) - infected
15:18:19.0264 7980 TMBUS - detected Backdoor.Multi.ZAccess.gen (0)
15:18:19.0465 7980 TRIDCap (e75dc2999f5bf64bf59b1a7c0c6d123d) C:\Windows\system32\DRIVERS\AVerTM62_x64.sys
15:18:19.0535 7980 TRIDCap - ok
15:18:19.0654 7980 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:18:19.0723 7980 TrkWks - ok
15:18:19.0748 7980 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:18:19.0782 7980 TrustedInstaller - ok
15:18:19.0801 7980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:19.0832 7980 tssecsrv - ok
15:18:19.0875 7980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:18:19.0883 7980 TsUsbFlt - ok
15:18:19.0886 7980 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:18:19.0896 7980 TsUsbGD - ok
15:18:19.0917 7980 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
15:18:19.0925 7980 tsusbhub - ok
15:18:19.0937 7980 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:18:19.0966 7980 tunnel - ok
15:18:19.0972 7980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:18:19.0980 7980 uagp35 - ok
15:18:20.0018 7980 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:18:20.0052 7980 udfs - ok
15:18:20.0073 7980 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:18:20.0083 7980 UI0Detect - ok
15:18:20.0121 7980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:18:20.0148 7980 uliagpkx - ok
15:18:20.0162 7980 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:18:20.0189 7980 umbus - ok
15:18:20.0193 7980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:18:20.0209 7980 UmPass - ok
15:18:20.0239 7980 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:18:20.0256 7980 UmRdpService - ok
15:18:20.0371 7980 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys
15:18:20.0471 7980 UnlockerDriver5 - ok
15:18:20.0584 7980 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:18:20.0655 7980 upnphost - ok
15:18:20.0693 7980 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:18:20.0716 7980 usbaudio - ok
15:18:20.0733 7980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:20.0745 7980 usbccgp - ok
15:18:20.0805 7980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:18:20.0820 7980 usbcir - ok
15:18:20.0843 7980 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:18:20.0864 7980 usbehci - ok
15:18:20.0892 7980 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:18:20.0909 7980 usbhub - ok
15:18:20.0913 7980 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:18:20.0929 7980 usbohci - ok
15:18:20.0950 7980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:18:20.0971 7980 usbprint - ok
15:18:21.0006 7980 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:18:21.0024 7980 usbscan - ok
15:18:21.0046 7980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:21.0060 7980 USBSTOR - ok
15:18:21.0069 7980 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:18:21.0085 7980 usbuhci - ok
15:18:21.0101 7980 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:18:21.0136 7980 UxSms - ok
15:18:21.0159 7980 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:18:21.0165 7980 VaultSvc - ok
15:18:21.0196 7980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:18:21.0203 7980 vdrvroot - ok
15:18:21.0224 7980 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:18:21.0278 7980 vds - ok
15:18:21.0289 7980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:21.0299 7980 vga - ok
15:18:21.0314 7980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:18:21.0342 7980 VgaSave - ok
15:18:21.0344 7980 VGPU - ok
15:18:21.0357 7980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:18:21.0368 7980 vhdmp - ok
15:18:21.0389 7980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:18:21.0396 7980 viaide - ok
15:18:21.0418 7980 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:18:21.0430 7980 vmbus - ok
15:18:21.0443 7980 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:18:21.0451 7980 VMBusHID - ok
15:18:21.0477 7980 vmnetuserif (5f22132c9153639762708909f156b33d) C:\Windows\system32\ghaio.dll
15:18:21.0483 7980 Suspicious file (NoAccess): C:\Windows\system32\ghaio.dll. md5: 5f22132c9153639762708909f156b33d
15:18:21.0483 7980 vmnetuserif ( Backdoor.Multi.ZAccess.gen ) - infected
15:18:21.0483 7980 vmnetuserif - detected Backdoor.Multi.ZAccess.gen (0)
15:18:21.0504 7980 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:18:21.0512 7980 volmgr - ok
15:18:21.0531 7980 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:18:21.0544 7980 volmgrx - ok
15:18:21.0555 7980 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:18:21.0566 7980 volsnap - ok
15:18:21.0573 7980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:18:21.0584 7980 vsmraid - ok
15:18:21.0643 7980 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:18:21.0709 7980 VSS - ok
15:18:21.0894 7980 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
15:18:21.0914 7980 vToolbarUpdater10.2.0 - ok
15:18:22.0001 7980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:18:22.0030 7980 vwifibus - ok
15:18:22.0065 7980 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:18:22.0096 7980 W32Time - ok
15:18:22.0109 7980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:18:22.0122 7980 WacomPen - ok
15:18:22.0147 7980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:22.0177 7980 WANARP - ok
15:18:22.0180 7980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:22.0202 7980 Wanarpv6 - ok
15:18:22.0429 7980 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:18:22.0535 7980 WatAdminSvc - ok
15:18:22.0695 7980 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:18:22.0741 7980 wbengine - ok
15:18:22.0801 7980 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:18:22.0815 7980 WbioSrvc - ok
15:18:22.0837 7980 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:18:22.0885 7980 wcncsvc - ok
15:18:22.0914 7980 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:18:22.0923 7980 WcsPlugInService - ok
15:18:22.0958 7980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:18:22.0966 7980 Wd - ok
15:18:22.0995 7980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:18:23.0014 7980 Wdf01000 - ok
15:18:23.0179 7980 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:18:23.0220 7980 WdiServiceHost - ok
15:18:23.0224 7980 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:18:23.0241 7980 WdiSystemHost - ok
15:18:23.0261 7980 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:18:23.0287 7980 WebClient - ok
15:18:23.0306 7980 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:18:23.0339 7980 Wecsvc - ok
15:18:23.0375 7980 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:18:23.0400 7980 wercplsupport - ok
15:18:23.0567 7980 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:18:23.0594 7980 WerSvc - ok
15:18:23.0626 7980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:18:23.0649 7980 WfpLwf - ok
15:18:23.0657 7980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:18:23.0664 7980 WIMMount - ok
15:18:23.0668 7980 WinHttpAutoProxySvc - ok
15:18:23.0705 7980 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:18:23.0731 7980 Winmgmt - ok
15:18:23.0884 7980 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:18:23.0956 7980 WinRM - ok
15:18:24.0082 7980 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:18:24.0120 7980 Wlansvc - ok
15:18:24.0194 7980 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:18:24.0218 7980 wlcrasvc - ok
15:18:24.0489 7980 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:18:24.0551 7980 wlidsvc - ok
15:18:24.0693 7980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:18:24.0708 7980 WmiAcpi - ok
15:18:24.0759 7980 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:18:24.0788 7980 wmiApSrv - ok
15:18:24.0811 7980 WMPNetworkSvc - ok
15:18:24.0924 7980 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
15:18:24.0944 7980 WMZuneComm - ok
15:18:24.0970 7980 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:18:24.0979 7980 WPCSvc - ok
15:18:24.0988 7980 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:18:24.0998 7980 WPDBusEnum - ok
15:18:25.0017 7980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:18:25.0041 7980 ws2ifsl - ok
15:18:25.0043 7980 WSearch - ok
15:18:25.0184 7980 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:18:25.0265 7980 wuauserv - ok
15:18:25.0410 7980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:18:25.0484 7980 WudfPf - ok
15:18:25.0520 7980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:25.0550 7980 WUDFRd - ok
15:18:25.0569 7980 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:18:25.0593 7980 wudfsvc - ok
15:18:25.0606 7980 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:18:25.0644 7980 WwanSvc - ok
15:18:26.0055 7980 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
15:18:26.0246 7980 ZuneNetworkSvc - ok
15:18:26.0293 7980 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:18:26.0309 7980 ZuneWlanCfgSvc - ok
15:18:26.0477 7980 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
15:18:26.0490 7980 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
15:18:26.0512 7980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:18:26.0632 7980 \Device\Harddisk0\DR0 - ok
15:18:26.0635 7980 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:18:26.0960 7980 \Device\Harddisk1\DR1 - ok
15:18:26.0967 7980 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
15:18:27.0093 7980 \Device\Harddisk2\DR2 - ok
15:18:27.0097 7980 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
15:18:27.0147 7980 \Device\Harddisk3\DR3 - ok
15:18:27.0151 7980 Boot (0x1200) (6bd811523b3bf744ee4ca9a28c49a685) \Device\Harddisk0\DR0\Partition0
15:18:27.0152 7980 \Device\Harddisk0\DR0\Partition0 - ok
15:18:27.0156 7980 Boot (0x1200) (892aabd1038b5d16afac6ad27e28cfd6) \Device\Harddisk0\DR0\Partition1
15:18:27.0158 7980 \Device\Harddisk0\DR0\Partition1 - ok
15:18:27.0162 7980 Boot (0x1200) (780f90ab056859ee738502c6c3c1ceb0) \Device\Harddisk1\DR1\Partition0
15:18:27.0163 7980 \Device\Harddisk1\DR1\Partition0 - ok
15:18:27.0166 7980 Boot (0x1200) (fc7a22b1c3cc195668a7273cefb53994) \Device\Harddisk2\DR2\Partition0
15:18:27.0167 7980 \Device\Harddisk2\DR2\Partition0 - ok
15:18:27.0179 7980 Boot (0x1200) (1f6e130ce32bb01d8e7a82a56fffb208) \Device\Harddisk3\DR3\Partition0
15:18:27.0180 7980 \Device\Harddisk3\DR3\Partition0 - ok
15:18:27.0185 7980 ============================================================
15:18:27.0185 7980 Scan finished
15:18:27.0185 7980 ============================================================
15:18:27.0200 8388 Detected object count: 9
15:18:27.0200 8388 Actual detected object count: 9
16:14:56.0283 8388 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:56.0283 8388 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:56.0285 8388 AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:56.0285 8388 AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:56.0286 8388 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:56.0286 8388 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:56.0288 8388 IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:56.0288 8388 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:56.0290 8388 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:56.0290 8388 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:56.0291 8388 Maplom ( Backdoor.Multi.ZAccess.gen ) - skipped by user
16:14:56.0291 8388 Maplom ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
16:14:56.0293 8388 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
16:14:56.0293 8388 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:14:56.0294 8388 TMBUS ( Backdoor.Multi.ZAccess.gen ) - skipped by user
16:14:56.0294 8388 TMBUS ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
16:14:56.0296 8388 vmnetuserif ( Backdoor.Multi.ZAccess.gen ) - skipped by user
16:14:56.0296 8388 vmnetuserif ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip

#4 phiesei54

phiesei54
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, TEXAS
  • Local time:09:32 AM

Posted 28 April 2012 - 08:01 PM

Hi,

Thanks for your support. You should have noted that in order to go into ABO by F8 key, I needed to have pre-installed recovery options. I built this computer, so therefore I don't have the Repair your computer option. I was spending so much effort on finding out why that option wasn't available, when I could have just used my Repair Disc that I made. lol :wacko:

Booting from the Repair Disc does the following scan automatically:

System Recovery Options
Windows found problems with your computer's startup options. Do you want to apply repairs and restart your computer?
[Repair and restart] [No]


>(Selecting No took me to another screen. Startup Repair)

Do you want to restore your computer using System Restore?
[Restore] [Cancel]


>(Selecting Cancel just enabled the Startup Repair run anyway)

Your computer was unable to start
Startup Repair is checking your system for problems...
If problems are found, Startup Repair will fix them autoomatically. Your computer might restart several times during the process.
No changes will be made to your personal files or information. Ths might take sevearal minutes.
Attempting repairs...
[< Back] [Next >] [Cancel]


>(I could not Cancel this process as it was Attempting repairs...)
>(This went on for a long time with no result, so I rebooted)
>(As I rebooted and selected my Windows 7 OS, it tried to run another scan, so I chose to quickly select No before it had a chance to run the Attempting repairs once again)
>(This brought me to a new window for the Startup Repair where I had to clickable options)


Startup Repair
View diagnostic and repair details
>(This just showed me a report)
View advanced options for system recovery and support
>(This is finally where you pointed me to)



After going into the Command Prompt and running the frst, it told me to run it again. The second time brought me to the Disclaimer of warranty! Ran the scan and created the log where I have provided below.


I found these to be suspicious in the logfile:

2 PSSdk23; C:\Windows\System32\AF15BDA.dll [6656 2009-07-13] (Oak Technology Inc.)
2 Udfreadr_xp; C:\Windows\System32\zebrmdfl.dll [6656 2009-07-13] (Oak Technology Inc.)
2 zmxpzip; C:\Windows\System32\Fd16_700.dll [6656 2009-07-13] (Oak Technology Inc.)


========================== NetSvcs (Whitelisted) ===========
NETSVC: TMBUS
NETSVC: PSSdk23
NETSVC: zmxpzip
NETSVC: Udfreadr_xp
NETSVC: Maplom

============ One Month Created Files and Folders ==============

2012-04-27 18:39 - 2010-11-20 19:24 - 0006656 ____A (Oak Technology Inc.) C:\Windows\System32\usprserv.dll
2012-04-27 18:39 - 2009-07-13 17:40 - 0006656 ____A (Oak Technology Inc.) C:\Windows\System32\ghaio.dll
2012-04-27 18:39 - 2009-07-13 17:28 - 0006656 ____A (Oak Technology Inc.) C:\Windows\System32\mfetdik.dll


Upon restarting the pc, AVG found newer threats:

Service: PSSdk23
Backdoor.Multi.ZAccess.gen
AF15BDA.dll

Service: apache2
Backdoor.Multi.ZAccess.gen
MR97310_USB_DUAL_CAMERA.dll

Service: Udfreader_xp
Backdoor.Multi.ZAccess.gen
zebrmdfl.dll

Service: zmxpzip
Backdoor.Multi.ZAccess.gen
Fd 16_700.dll



Kaspersky TDSSKiller - Threats detected-new threat (4-28-12)
http://farm8.staticflickr.com/7139/7122924321_6f3c8c2fca_c.jpg
AVG 9 - Scan results for Windows_System32 (4-28-12)
http://farm8.staticflickr.com/7056/7122924445_4375b5a8ff_c.jpg

Attached File  FRST.txt   163.14KB   3 downloads

Edited by phiesei54, 28 April 2012 - 08:02 PM.


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:32 AM

Posted 28 April 2012 - 08:58 PM

Hi

Please don't run any scans I don't specifically ask for as they may interfere with what I am trying to do, thanks



Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2 Udfreadr_xp; C:\Windows\System32\zebrmdfl.dll [6656 2009-07-13] (Oak Technology Inc.)
2 zmxpzip; C:\Windows\System32\Fd16_700.dll [6656 2009-07-13] (Oak Technology Inc.)
NETSVC: TMBUS
NETSVC: PSSdk23
NETSVC: zmxpzip
NETSVC: Udfreadr_xp
NETSVC: Maplom
2012-04-27 18:39 - 2010-11-20 19:24 - 0006656 ____A (Oak Technology Inc.) C:\Windows\System32\usprserv.dll
2012-04-27 18:39 - 2009-07-13 17:40 - 0006656 ____A (Oak Technology Inc.) C:\Windows\System32\ghaio.dll
2012-04-27 18:39 - 2009-07-13 17:28 - 0006656 ____A (Oak Technology Inc.) C:\Windows\System32\mfetdik.dll
2012-04-26 13:22 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


NEXT



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Edited by CatByte, 01 May 2012 - 06:58 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 phiesei54

phiesei54
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, TEXAS
  • Local time:09:32 AM

Posted 28 April 2012 - 10:06 PM

Hi,

I will stop the scans. I was just running them because everytime I rebooted my pc, a new threat was detected.


I noticed that within the script, you did not include the following:

2 PSSdk23; C:\Windows\System32\AF15BDA.dll [6656 2009-07-13] (Oak Technology Inc.)


but did include NETSVC: PSSdk23 which it is connected to.


Is there a reason for this? If so, I will continue with the script you provided.

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:32 AM

Posted 28 April 2012 - 10:21 PM

sorry,

cut and paste error, it was supposed to be in there, good catch

please include it

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 phiesei54

phiesei54
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, TEXAS
  • Local time:09:32 AM

Posted 28 April 2012 - 11:28 PM

Hi,

After adding that line I asked you about and running the script, the logfile shows that the services were deleted successfully and that the .dll's were moved successfully....but > > > Not all is true.

This is my result upon researching the folder:

consvr.dll - was not listed in script, still in system32 folder

Service: TMBUS - shows to be deleted
mfetdik.dll - removed

Service: Mapolm - shows to be deleted
usprserv.dll - removed

Service: vmnetuserif - does not show to deleted
ghaio.dll - removed

Service: PSSdk23 - shows to be deleted
AF15BDA.dll - was not listed in script, still in system32 folder

Service: zmxpzip - shows to be deleted
Fd 16_700.dll - still in system32 folder

Service: Udfreader_xp - shows to be deleted
zebrmdfl.dll - still in system32 folder

Service: apache2 - was not listed in script
MR97310_USB_DUAL_CAMERA.dll - was not listed in script, still in system32 folder

I thought I should add the Fixlog before moving on to the next step, unless otherwise told. I have already downloaded the OTL.





Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 27-04-2012
Ran by SYSTEM at 2012-04-28 22:49:07 R:1
Running from I:\

==============================================

PSSdk23 service deleted successfully.
Udfreadr_xp service deleted successfully.
zmxpzip service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs TMBUS Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs PSSdk23 Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs zmxpzip Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Udfreadr_xp Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Maplom Deleted successfully.
C:\Windows\System32\usprserv.dll moved successfully.
C:\Windows\System32\ghaio.dll moved successfully.
C:\Windows\System32\mfetdik.dll moved successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.

==== End of Fixlog ====




________________________________________________
Also, a new threat detected by AVG after restart:

c:\Windows\System32\HidBth.dll

I did not run any scans this time, it just popped up on it's on after restart. It seems that a new threat is detected upon every reboot. Are these connected in any way?


Thanks

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:32 AM

Posted 29 April 2012 - 06:19 AM

yes,

that's why I ask for OTL, sweep up the remnants, thanks

if you could please move on

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 phiesei54

phiesei54
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, TEXAS
  • Local time:09:32 AM

Posted 29 April 2012 - 03:27 PM

I tried to add the logfiles, but now I get a message::

[#103130] You do not have permission to reply to this topic.



#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:32 AM

Posted 29 April 2012 - 06:02 PM

that is very odd
try zipping up the logs and attaching them

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 phiesei54

phiesei54
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, TEXAS
  • Local time:09:32 AM

Posted 29 April 2012 - 06:54 PM

Won't happen...I get this message when trying to attach the archive file

OTR_logs.rar
You aren't permitted to upload this kind of file


I can't believe this site. I thought that we "the infected" could get some help. I have tried to paste and attach the log files, and all 5 tries have failed. I thought that it may have been because of the infected pc, but I have tried on my laptop and can't get nowhere.

I feel that this was a waste of time, and should have just reformatted my drive and gone with a clean install. This is not your fault CatByte, but is a problem with the site.

1. We are limited with a total of 512K upload quota, which I maxed out with only " 2 " files?
2. This error with me not able to reply to my own message is the most frustrating problem

Edited by phiesei54, 29 April 2012 - 07:29 PM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:32 AM

Posted 29 April 2012 - 07:32 PM

you can upload to Mediafire and post the sharing link.

or see if you can copy/paste into several posts if the logs are too long for one

delete all your uploads that you have in your user panel

(It may be the .jpg's)

Edited by CatByte, 29 April 2012 - 07:36 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 phiesei54

phiesei54
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston, TEXAS
  • Local time:09:32 AM

Posted 29 April 2012 - 07:52 PM

The only thing that I uploaded to my attachments was the FRST logfile. The .jpg's were links to my Flickr account. That should not have anything to do with my upload quota.

I uploaded the archive file to Mediafire

http://www.mediafire.com/?33z4skgt3enj0vy

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:32 AM

Posted 29 April 2012 - 08:20 PM

ah, ok

seems strange, I've not had a user encounter that before.

either upload to media fire or paste the logs in over several posts, whatever you find easier

please do the following:



Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3500079801-1592321894-1650200893-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKU\S-1-5-21-3500079801-1592321894-1650200893-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
    O33 - MountPoints2\H\Shell\phone\command - "" = H:\autorun.exe
    NetSvcs:[b]64bit:[/b] apache2 - C:\Windows\SysNative\MR97310_USB_DUAL_CAMERA.dll ()
    [2012/04/29 14:19:28 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{BDF88B04-3D92-4B2B-A5EB-B6277E993C66}
    [2012/04/29 14:19:14 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{6EB9BAAD-CB81-4047-9951-BF52182E0DD9}
    [2012/04/28 14:43:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{37025363-D839-42E8-BBC8-0928A162FD9D}
    [2012/04/28 14:43:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{C226C6FE-8B54-49DF-BC25-4D598087731B}
    [2012/04/27 14:36:33 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{FC4D2AF2-4333-4A71-A14C-F47E3A89BEC3}
    [2012/04/27 14:36:21 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{DE79F9EA-6E3F-4A65-B283-8562777253F3}
    [2012/04/26 13:03:39 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{9706AC8E-7D75-474B-B593-42CC70F5F4B5}
    [2012/04/26 13:03:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{920B9539-0E3C-46B9-8765-42E99F8C4876}
    [2012/04/22 14:09:15 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{49C9FB57-7BFE-4659-A27D-414DCFD44BF8}
    [2012/04/22 14:08:58 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{55DD2922-414C-447A-81B7-E277F01B0651}
    [2012/04/21 12:46:48 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{3B11CAEB-B1AC-46AC-B6B2-0847AEFEB49B}
    [2012/04/21 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{17D372DD-7166-4896-80AF-15449FDBA784}
    [2012/04/20 12:59:17 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{94CC0CDB-6FC2-46C6-89CC-89846EA2AEC7}
    [2012/04/20 12:58:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{95B25C6C-72F0-436F-9AC2-7F9AE83288C7}
    [2012/04/19 12:38:04 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{7003291B-8649-46DB-B3EF-AC9D1C31370C}
    [2012/04/19 12:37:51 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{CC46316D-86D9-4318-8849-710ED74A86C8}
    [2012/04/18 11:28:26 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{B2067BFF-5C44-4ECD-991E-5049ABE03B0F}
    [2012/04/18 11:28:11 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{50E2FC2A-2E80-4755-8AE4-6C0798D5B123}
    [2012/04/17 12:05:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{73AA03C6-0244-4225-8440-1D639D5C1FEB}
    [2012/04/17 12:05:34 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{88AC1B55-180A-4F3D-B58C-68ED64F5D864}
    [2012/04/16 10:41:42 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{E2F93BA4-05DF-4CA8-AA75-179EE4F117D7}
    [2012/04/16 10:41:30 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{E7D718BC-3CB3-4EF5-9F91-4823D0EF8075}
    [2012/04/15 09:52:29 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{CC85BB64-B075-42F7-89DC-0DDF810A4CB5}
    [2012/04/15 09:52:18 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{7C4EEC2B-AE00-4990-BAEF-C6A4E6D133CB}
    [2012/04/14 13:14:53 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{3AE163FD-9148-4BA7-B4F6-1E7C81D06564}
    [2012/04/14 13:14:41 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{8884189C-7F59-4DD2-85BA-72A44E43BC0A}
    [2012/04/13 14:16:17 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{9A66347A-E98E-4AAB-93D0-7663F23F521F}
    [2012/04/13 14:16:05 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{5D370A95-6250-45C1-A75E-5ED297B1DC0E}
    [2012/04/13 02:15:40 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{0AB0B015-A797-40D9-807A-C8C6FF60ED28}
    [2012/04/13 02:14:43 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{68F9E649-BD04-4734-86A5-E14866861137}
    [2012/04/12 14:15:08 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{6FCAF5A9-F2D3-4665-B34E-7A08620B8204}
    [2012/04/12 14:14:50 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{F335903B-14F2-4994-AB88-42592705D038}
    [2012/04/11 20:20:21 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{CB9A1748-8480-453E-B6FE-74376F36FD95}
    [2012/04/11 20:20:03 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{15A3FBC1-7075-406C-B254-296984733CD9}
    [2012/04/11 05:41:18 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{38BFC958-71FC-456C-82FA-96599727FBC5}
    [2012/04/11 05:40:46 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{4FFBD5BB-0BBB-4E7A-B12F-4A4B9CAD29E9}
    [2012/04/09 23:31:00 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{F2BC736F-66E0-4817-9F84-9A77999414F4}
    [2012/04/09 23:30:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\{4DAFA8F2-7B56-485A-B641-693631B7DA60}
    [2012/04/29 14:18:05 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point
    
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users