Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random popups, Link redirections and weak signature algorithm?


  • Please log in to reply
14 replies to this topic

#1 Schulzy

Schulzy

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 08 July 2012 - 12:55 AM

Hi

For the last few months I've had what appears to be a virus or a trojan that I cannot remove, I get constant beeps from the computer as well as random pop-ups, link redirections and weak signature algorithm prompts from Google chrome. The computer is running extremely slow and I get constant virus prompts from AVG and remove the infection(s) but the virus then seems to duplicate or replicate itself into another file and cannot be permanently deleted. I've also tried a scan with Malwarebytes and that also will not permanently remove the infection(s).

Any help will be much appreciated.

Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:16 PM

Posted 08 July 2012 - 01:25 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Schulzy

Schulzy
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 08 July 2012 - 06:37 AM

Thank you for your prompt response.

TDSSkiller log:

17:06:44.0437 3976 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
17:06:45.0437 3976 ============================================================
17:06:45.0437 3976 Current date / time: 2012/07/08 17:06:45.0437
17:06:45.0437 3976 SystemInfo:
17:06:45.0437 3976
17:06:45.0437 3976 OS Version: 5.1.2600 ServicePack: 3.0
17:06:45.0437 3976 Product type: Workstation
17:06:45.0437 3976 ComputerName: BRAD
17:06:45.0437 3976 UserName: Schulzy
17:06:45.0437 3976 Windows directory: C:\WINDOWS
17:06:45.0437 3976 System windows directory: C:\WINDOWS
17:06:45.0437 3976 Processor architecture: Intel x86
17:06:45.0437 3976 Number of processors: 4
17:06:45.0437 3976 Page size: 0x1000
17:06:45.0437 3976 Boot type: Normal boot
17:06:45.0437 3976 ============================================================
17:06:46.0734 3976 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:06:46.0734 3976 ============================================================
17:06:46.0734 3976 \Device\Harddisk0\DR0:
17:06:46.0734 3976 MBR partitions:
17:06:46.0734 3976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
17:06:46.0734 3976 ============================================================
17:06:46.0765 3976 C: <-> \Device\Harddisk0\DR0\Partition0
17:06:46.0765 3976 ============================================================
17:06:46.0765 3976 Initialize success
17:06:46.0765 3976 ============================================================
17:07:14.0671 2752 ============================================================
17:07:14.0671 2752 Scan started
17:07:14.0671 2752 Mode: Manual; TDLFS;
17:07:14.0671 2752 ============================================================
17:07:14.0984 2752 aalogger (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\dot4scan.dll
17:07:15.0109 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\dot4scan.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:15.0109 2752 aalogger ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:15.0109 2752 aalogger - detected Backdoor.Multi.ZAccess.gen (0)
17:07:15.0125 2752 Abiosdsk - ok
17:07:15.0125 2752 abp480n5 - ok
17:07:15.0140 2752 ABVPN2K - ok
17:07:15.0171 2752 acdservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\usbio.dll
17:07:15.0234 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\usbio.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:15.0234 2752 acdservice ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:15.0234 2752 acdservice - detected Backdoor.Multi.ZAccess.gen (0)
17:07:15.0250 2752 acmservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\aolservice.dll
17:07:15.0265 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\aolservice.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:15.0265 2752 acmservice ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:15.0265 2752 acmservice - detected Backdoor.Multi.ZAccess.gen (0)
17:07:15.0312 2752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:07:15.0312 2752 ACPI - ok
17:07:15.0328 2752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:07:15.0328 2752 ACPIEC - ok
17:07:15.0359 2752 ACS (233235123f3d73228ec3d2bba0e7143d) C:\WINDOWS\system32\acs.exe
17:07:15.0359 2752 ACS - ok
17:07:15.0406 2752 acsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\rp32service.dll
17:07:15.0421 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\rp32service.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:15.0421 2752 acsvc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:15.0421 2752 acsvc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:15.0453 2752 admservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MaxtorFrontPanel1.dll
17:07:15.0468 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\MaxtorFrontPanel1.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:15.0468 2752 admservice ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:15.0468 2752 admservice - detected Backdoor.Multi.ZAccess.gen (0)
17:07:15.0468 2752 adpu160m - ok
17:07:15.0484 2752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:07:15.0484 2752 aec - ok
17:07:15.0515 2752 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:07:15.0515 2752 AegisP - ok
17:07:15.0546 2752 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:07:15.0562 2752 AFD - ok
17:07:15.0578 2752 agentsrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\epfw.dll
17:07:15.0609 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\epfw.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:15.0609 2752 agentsrv ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:15.0609 2752 agentsrv - detected Backdoor.Multi.ZAccess.gen (0)
17:07:15.0609 2752 Aha154x - ok
17:07:15.0609 2752 aic78u2 - ok
17:07:15.0609 2752 aic78xx - ok
17:07:15.0640 2752 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:07:15.0640 2752 Alerter - ok
17:07:15.0671 2752 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:07:15.0671 2752 ALG - ok
17:07:15.0671 2752 AliIde - ok
17:07:15.0687 2752 Alpham1 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pxfhmdm.dll
17:07:15.0718 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\pxfhmdm.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:15.0718 2752 Alpham1 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:15.0718 2752 Alpham1 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:15.0718 2752 ALYac_PZSrv - ok
17:07:15.0812 2752 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:07:15.0828 2752 Ambfilt - ok
17:07:15.0921 2752 AMDPCI (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sscdbus.dll
17:07:15.0937 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\sscdbus.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:15.0937 2752 AMDPCI ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:15.0937 2752 AMDPCI - detected Backdoor.Multi.ZAccess.gen (0)
17:07:15.0953 2752 amoagent (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\datasvr.dll
17:07:15.0968 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\datasvr.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:15.0968 2752 amoagent ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:15.0968 2752 amoagent - detected Backdoor.Multi.ZAccess.gen (0)
17:07:15.0968 2752 amsint - ok
17:07:15.0984 2752 apache2 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\alertmanager.dll
17:07:16.0000 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\alertmanager.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:16.0000 2752 apache2 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:16.0000 2752 apache2 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:16.0109 2752 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:07:16.0109 2752 Apple Mobile Device - ok
17:07:16.0140 2752 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:07:16.0140 2752 AppMgmt - ok
17:07:16.0187 2752 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WPN311.sys
17:07:16.0203 2752 AR5211 - ok
17:07:16.0281 2752 AR5416 (00e031fe2d849be503fc4a47271f1ea5) C:\WINDOWS\system32\DRIVERS\athw.sys
17:07:16.0296 2752 AR5416 - ok
17:07:16.0296 2752 asc - ok
17:07:16.0296 2752 asc3350p - ok
17:07:16.0296 2752 asc3550 - ok
17:07:16.0328 2752 ASInsHelp (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\CiscoVpnInstallService.dll
17:07:16.0359 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\CiscoVpnInstallService.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:16.0359 2752 ASInsHelp ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:16.0359 2752 ASInsHelp - detected Backdoor.Multi.ZAccess.gen (0)
17:07:16.0468 2752 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:07:16.0515 2752 aspnet_state - ok
17:07:16.0531 2752 astcc (2a7037f93ae6ab1305606dee23c70f8c) C:\WINDOWS\system32\ASTSRV.EXE
17:07:16.0531 2752 astcc - ok
17:07:16.0562 2752 AsusACPI (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\dcsloader.dll
17:07:16.0593 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\dcsloader.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:16.0593 2752 AsusACPI ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:16.0593 2752 AsusACPI - detected Backdoor.Multi.ZAccess.gen (0)
17:07:16.0609 2752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:07:16.0609 2752 AsyncMac - ok
17:07:16.0640 2752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:07:16.0640 2752 atapi - ok
17:07:16.0656 2752 Atdisk - ok
17:07:16.0671 2752 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
17:07:16.0671 2752 AtiHdmiService - ok
17:07:16.0703 2752 atimpab (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\psdvdisk.dll
17:07:16.0718 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\psdvdisk.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:16.0718 2752 atimpab ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:16.0718 2752 atimpab - detected Backdoor.Multi.ZAccess.gen (0)
17:07:16.0750 2752 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
17:07:16.0765 2752 ATITool - ok
17:07:16.0781 2752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:07:16.0781 2752 Atmarpc - ok
17:07:16.0828 2752 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:07:16.0828 2752 AudioSrv - ok
17:07:16.0859 2752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:07:16.0859 2752 audstub - ok
17:07:16.0875 2752 avc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\p1131vid.dll
17:07:16.0906 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\p1131vid.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:16.0906 2752 avc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:16.0906 2752 avc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0031 2752 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
17:07:17.0046 2752 avg9wd - ok
17:07:17.0093 2752 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
17:07:17.0093 2752 AvgLdx86 - ok
17:07:17.0109 2752 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
17:07:17.0109 2752 AvgMfx86 - ok
17:07:17.0140 2752 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
17:07:17.0140 2752 AvgTdiX - ok
17:07:17.0171 2752 awecho (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\s716mdfl.dll
17:07:17.0187 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\s716mdfl.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0187 2752 awecho ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0187 2752 awecho - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0187 2752 axskbus (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cyberpowerups.dll
17:07:17.0203 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\cyberpowerups.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0203 2752 axskbus ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0203 2752 axskbus - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0203 2752 bc_ngn - ok
17:07:17.0203 2752 bdfsdrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\snapman380.dll
17:07:17.0218 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\snapman380.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0218 2752 bdfsdrv ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0218 2752 bdfsdrv - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0250 2752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:07:17.0250 2752 Beep - ok
17:07:17.0281 2752 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:07:17.0296 2752 BITS - ok
17:07:17.0343 2752 bocdrive (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\wlmel51b.dll
17:07:17.0359 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\wlmel51b.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0359 2752 bocdrive ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0359 2752 bocdrive - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0437 2752 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:07:17.0437 2752 Bonjour Service - ok
17:07:17.0468 2752 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:07:17.0484 2752 Browser - ok
17:07:17.0500 2752 c34nb4c5 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\CTAudSvcService.dll
17:07:17.0515 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\CTAudSvcService.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0515 2752 c34nb4c5 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0515 2752 c34nb4c5 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0531 2752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:07:17.0531 2752 cbidf2k - ok
17:07:17.0546 2752 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:07:17.0546 2752 CCDECODE - ok
17:07:17.0562 2752 ccevtmgr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\RR2Vbi.dll
17:07:17.0578 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\RR2Vbi.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0578 2752 ccevtmgr ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0578 2752 ccevtmgr - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0578 2752 ccs (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\konfig.dll
17:07:17.0593 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\konfig.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0593 2752 ccs ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0593 2752 ccs - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0593 2752 cd20xrnt - ok
17:07:17.0593 2752 CdaD10BA (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\osanbm.dll
17:07:17.0609 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\osanbm.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0609 2752 CdaD10BA ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0609 2752 CdaD10BA - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0609 2752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:07:17.0609 2752 Cdaudio - ok
17:07:17.0640 2752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:07:17.0640 2752 Cdfs - ok
17:07:17.0656 2752 cdfsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\vserial.dll
17:07:17.0671 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\vserial.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0671 2752 cdfsvc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0671 2752 cdfsvc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0671 2752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:07:17.0671 2752 Cdrom - ok
17:07:17.0718 2752 cdudf_xp (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sglfb.dll
17:07:17.0734 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\sglfb.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0734 2752 cdudf_xp ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0734 2752 cdudf_xp - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0765 2752 ceepwrsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\NCPro.dll
17:07:17.0781 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\NCPro.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0781 2752 ceepwrsvc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0781 2752 ceepwrsvc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0781 2752 cfgwzsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\fontcache3.0.0.0.dll
17:07:17.0812 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\fontcache3.0.0.0.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0812 2752 cfgwzsvc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0812 2752 cfgwzsvc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0812 2752 Changer - ok
17:07:17.0859 2752 cicsclient (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cdrom.dll
17:07:17.0875 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\cdrom.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:17.0875 2752 cicsclient ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:17.0875 2752 cicsclient - detected Backdoor.Multi.ZAccess.gen (0)
17:07:17.0906 2752 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:07:17.0906 2752 CiSvc - ok
17:07:17.0937 2752 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:07:17.0937 2752 ClipSrv - ok
17:07:18.0062 2752 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:07:18.0109 2752 clr_optimization_v2.0.50727_32 - ok
17:07:18.0109 2752 CmdIde - ok
17:07:18.0109 2752 COMSysApp - ok
17:07:18.0109 2752 Cpqarray - ok
17:07:18.0125 2752 cpqdmi - ok
17:07:18.0140 2752 cq_mem (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bglivesvc.dll
17:07:18.0156 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\bglivesvc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:18.0156 2752 cq_mem ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:18.0156 2752 cq_mem - detected Backdoor.Multi.ZAccess.gen (0)
17:07:18.0203 2752 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:07:18.0203 2752 CryptSvc - ok
17:07:18.0203 2752 CTEXFIFX.DLL - ok
17:07:18.0218 2752 ctsfm2k - ok
17:07:18.0218 2752 cwcwdm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\w800mdm.dll
17:07:18.0234 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\w800mdm.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:18.0234 2752 cwcwdm ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:18.0234 2752 cwcwdm - detected Backdoor.Multi.ZAccess.gen (0)
17:07:18.0234 2752 d-link_st3402 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\nidomainservice.dll
17:07:18.0250 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\nidomainservice.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:18.0250 2752 d-link_st3402 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:18.0250 2752 d-link_st3402 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:18.0250 2752 dac2w2k - ok
17:07:18.0250 2752 dac960nt - ok
17:07:18.0265 2752 danewFltr (c512b618d0e19339572ad125e26b9cb5) C:\WINDOWS\system32\drivers\danew.sys
17:07:18.0265 2752 danewFltr - ok
17:07:18.0281 2752 datasvr2 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\rnadiagnosticsservice.dll
17:07:18.0296 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\rnadiagnosticsservice.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:18.0296 2752 datasvr2 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:18.0296 2752 datasvr2 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:18.0296 2752 datunidr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ssm_mdfl.dll
17:07:18.0312 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\ssm_mdfl.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:18.0312 2752 datunidr ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:18.0312 2752 datunidr - detected Backdoor.Multi.ZAccess.gen (0)
17:07:18.0359 2752 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:07:18.0375 2752 DcomLaunch - ok
17:07:18.0421 2752 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:07:18.0421 2752 Dhcp - ok
17:07:18.0468 2752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:07:18.0468 2752 Disk - ok
17:07:18.0578 2752 Diskeeper (15a2f2d06b1f8d2ad2be055c40cb1b74) C:\Program Files\Executive Software\Diskeeper\DkService.exe
17:07:18.0593 2752 Diskeeper - ok
17:07:18.0625 2752 dlartl_n (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\snoopfree.dll
17:07:18.0640 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\snoopfree.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:18.0640 2752 dlartl_n ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:18.0640 2752 dlartl_n - detected Backdoor.Multi.ZAccess.gen (0)
17:07:18.0656 2752 dlaudfam (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\lmhosts.dll
17:07:18.0671 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\lmhosts.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:18.0671 2752 dlaudfam ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:18.0671 2752 dlaudfam - detected Backdoor.Multi.ZAccess.gen (0)
17:07:18.0687 2752 dlaudf_m (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\oracleorahomeclientcache.dll
17:07:18.0703 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\oracleorahomeclientcache.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:18.0703 2752 dlaudf_m ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:18.0703 2752 dlaudf_m - detected Backdoor.Multi.ZAccess.gen (0)
17:07:18.0734 2752 DM9102 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\sym_hi.dll
17:07:18.0750 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\sym_hi.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:18.0750 2752 DM9102 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:18.0750 2752 DM9102 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:18.0750 2752 dmadmin - ok
17:07:18.0796 2752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:07:18.0796 2752 dmboot - ok
17:07:18.0828 2752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:07:18.0828 2752 dmio - ok
17:07:18.0843 2752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:07:18.0843 2752 dmload - ok
17:07:18.0875 2752 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:07:18.0875 2752 dmserver - ok
17:07:18.0906 2752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:07:18.0906 2752 DMusic - ok
17:07:18.0953 2752 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:07:18.0953 2752 Dnscache - ok
17:07:18.0984 2752 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:07:19.0000 2752 Dot3svc - ok
17:07:19.0000 2752 dpti2o - ok
17:07:19.0031 2752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:07:19.0031 2752 drmkaud - ok
17:07:19.0031 2752 dvd-ram_service (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\usb20l.dll
17:07:19.0062 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\usb20l.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0062 2752 dvd-ram_service ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0062 2752 dvd-ram_service - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0078 2752 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:07:19.0078 2752 EapHost - ok
17:07:19.0093 2752 el90xbc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\flashcomadmin.dll
17:07:19.0125 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\flashcomadmin.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0125 2752 el90xbc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0125 2752 el90xbc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0125 2752 ELkbd - ok
17:07:19.0125 2752 elnkservice - ok
17:07:19.0125 2752 elservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\USBVCD.dll
17:07:19.0156 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\USBVCD.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0156 2752 elservice ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0156 2752 elservice - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0171 2752 EMSCR (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\DcFpoint.dll
17:07:19.0187 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\DcFpoint.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0187 2752 EMSCR ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0187 2752 EMSCR - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0203 2752 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
17:07:19.0203 2752 ENTECH - ok
17:07:19.0203 2752 enum1394 - ok
17:07:19.0234 2752 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:07:19.0234 2752 ERSvc - ok
17:07:19.0281 2752 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:07:19.0281 2752 Eventlog - ok
17:07:19.0328 2752 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:07:19.0343 2752 EventSystem - ok
17:07:19.0359 2752 Evian (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\slee_81_service.dll
17:07:19.0390 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\slee_81_service.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0390 2752 Evian ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0390 2752 Evian - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0406 2752 ezplay (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\iPassP.dll
17:07:19.0421 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\iPassP.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0421 2752 ezplay ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0421 2752 ezplay - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0437 2752 F700iob (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\smsmdd.dll
17:07:19.0453 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\smsmdd.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0453 2752 F700iob ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0453 2752 F700iob - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0484 2752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:07:19.0484 2752 Fastfat - ok
17:07:19.0500 2752 fasttrackinstallerservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\speedfan.dll
17:07:19.0531 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\speedfan.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0531 2752 fasttrackinstallerservice ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0531 2752 fasttrackinstallerservice - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0546 2752 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:07:19.0562 2752 FastUserSwitchingCompatibility - ok
17:07:19.0562 2752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:07:19.0562 2752 Fdc - ok
17:07:19.0609 2752 fetnd5bv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\vmnetadapter.dll
17:07:19.0625 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\vmnetadapter.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0625 2752 fetnd5bv ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0625 2752 fetnd5bv - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0625 2752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:07:19.0625 2752 Fips - ok
17:07:19.0640 2752 firelm01 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\eventclientmultiplexer.dll
17:07:19.0671 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\eventclientmultiplexer.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0671 2752 firelm01 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0671 2752 firelm01 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0671 2752 flashpnt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\hwdatacard.dll
17:07:19.0703 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\hwdatacard.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:19.0703 2752 flashpnt ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:19.0703 2752 flashpnt - detected Backdoor.Multi.ZAccess.gen (0)
17:07:19.0796 2752 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
17:07:19.0796 2752 FLASHSYS - ok
17:07:19.0812 2752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:07:19.0812 2752 Flpydisk - ok
17:07:19.0859 2752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:07:19.0859 2752 FltMgr - ok
17:07:19.0984 2752 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:07:19.0984 2752 FontCache3.0.0.0 - ok
17:07:20.0000 2752 Freedom (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\rpcsvr4x.dll
17:07:20.0015 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\rpcsvr4x.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0015 2752 Freedom ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0015 2752 Freedom - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0031 2752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:07:20.0031 2752 Fs_Rec - ok
17:07:20.0062 2752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:07:20.0062 2752 Ftdisk - ok
17:07:20.0078 2752 ftpqueue (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\NETw5x32.dll
17:07:20.0109 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\NETw5x32.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0109 2752 ftpqueue ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0109 2752 ftpqueue - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0125 2752 FVXSCSI (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\epson_pm_rpcv2_01.dll
17:07:20.0140 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\epson_pm_rpcv2_01.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0140 2752 FVXSCSI ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0140 2752 FVXSCSI - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0156 2752 GBDevice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\uhcd.dll
17:07:20.0171 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\uhcd.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0171 2752 GBDevice ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0171 2752 GBDevice - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0171 2752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:07:20.0171 2752 GEARAspiWDM - ok
17:07:20.0171 2752 GENERICDRV - ok
17:07:20.0171 2752 GMSIPCI - ok
17:07:20.0187 2752 googledesktopmanager (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\NdisFilt.dll
17:07:20.0203 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\NdisFilt.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0203 2752 googledesktopmanager ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0203 2752 googledesktopmanager - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0218 2752 GoToAssist (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\gpc.dll
17:07:20.0234 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\gpc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0234 2752 GoToAssist ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0234 2752 GoToAssist - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0234 2752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:07:20.0234 2752 Gpc - ok
17:07:20.0328 2752 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:07:20.0328 2752 gupdate - ok
17:07:20.0328 2752 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
17:07:20.0328 2752 gupdatem - ok
17:07:20.0375 2752 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:07:20.0375 2752 HDAudBus - ok
17:07:20.0453 2752 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:07:20.0453 2752 helpsvc - ok
17:07:20.0468 2752 hidir (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\servicelayer.dll
17:07:20.0484 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\servicelayer.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0484 2752 hidir ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0484 2752 hidir - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0515 2752 hidkmdf (bb1822838c0714b3c03efe0f209d135d) C:\WINDOWS\system32\DRIVERS\hidkmdf.sys
17:07:20.0531 2752 hidkmdf - ok
17:07:20.0531 2752 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:07:20.0531 2752 HidServ - ok
17:07:20.0546 2752 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:07:20.0546 2752 hidusb - ok
17:07:20.0578 2752 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:07:20.0578 2752 hkmsvc - ok
17:07:20.0593 2752 HPFECP20 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pcx1nd5.dll
17:07:20.0609 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\pcx1nd5.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0609 2752 HPFECP20 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0609 2752 HPFECP20 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0609 2752 hpn - ok
17:07:20.0609 2752 HPSLPSVC (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\PTDCBus.dll
17:07:20.0625 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\PTDCBus.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0625 2752 HPSLPSVC ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0625 2752 HPSLPSVC - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0671 2752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:07:20.0671 2752 HTTP - ok
17:07:20.0703 2752 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:07:20.0703 2752 HTTPFilter - ok
17:07:20.0718 2752 https-admserv61 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bantext.dll
17:07:20.0734 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\bantext.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0734 2752 https-admserv61 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0734 2752 https-admserv61 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0734 2752 i2omgmt - ok
17:07:20.0734 2752 i2omp - ok
17:07:20.0750 2752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:07:20.0750 2752 i8042prt - ok
17:07:20.0750 2752 iAimFP7 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SE27mdm.dll
17:07:20.0781 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\SE27mdm.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0781 2752 iAimFP7 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0781 2752 iAimFP7 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0781 2752 iaimtv1 - ok
17:07:20.0781 2752 iastor - ok
17:07:20.0843 2752 ibmpmsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pcidrv.dll
17:07:20.0859 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\pcidrv.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0859 2752 ibmpmsvc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0859 2752 ibmpmsvc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0875 2752 IBM_LLC2 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\KMW_USB.dll
17:07:20.0890 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\KMW_USB.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0890 2752 IBM_LLC2 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0890 2752 IBM_LLC2 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0890 2752 ichaud - ok
17:07:20.0906 2752 ICM10USB (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mi-raysat_3dsmax9_32.dll
17:07:20.0921 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\mi-raysat_3dsmax9_32.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0921 2752 ICM10USB ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0921 2752 ICM10USB - detected Backdoor.Multi.ZAccess.gen (0)
17:07:20.0937 2752 idebusdr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\hwpsgt.dll
17:07:20.0953 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\hwpsgt.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:20.0953 2752 idebusdr ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:20.0953 2752 idebusdr - detected Backdoor.Multi.ZAccess.gen (0)
17:07:21.0046 2752 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:07:21.0046 2752 IDriverT - ok
17:07:21.0187 2752 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:07:21.0187 2752 idsvc - ok
17:07:21.0203 2752 ikhfile (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ZTEusbser6k.dll
17:07:21.0296 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\ZTEusbser6k.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:21.0296 2752 ikhfile ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:21.0296 2752 ikhfile - detected Backdoor.Multi.ZAccess.gen (0)
17:07:21.0312 2752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:07:21.0312 2752 Imapi - ok
17:07:21.0359 2752 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:07:21.0359 2752 ImapiService - ok
17:07:21.0359 2752 ini910u - ok
17:07:21.0656 2752 IntcAzAudAddService (988a112c4061f309ce9c1abfc971d001) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:07:21.0687 2752 IntcAzAudAddService - ok
17:07:21.0781 2752 IntelIde - ok
17:07:21.0796 2752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:07:21.0796 2752 intelppm - ok
17:07:21.0812 2752 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:07:21.0812 2752 Ip6Fw - ok
17:07:21.0812 2752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:07:21.0812 2752 IpFilterDriver - ok
17:07:21.0828 2752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:07:21.0828 2752 IpInIp - ok
17:07:21.0828 2752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:07:21.0828 2752 IpNat - ok
17:07:21.0921 2752 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
17:07:21.0937 2752 iPod Service - ok
17:07:21.0953 2752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:07:21.0953 2752 IPSec - ok
17:07:21.0968 2752 IPSECSHM (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bthenum.dll
17:07:21.0984 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\bthenum.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:21.0984 2752 IPSECSHM ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:21.0984 2752 IPSECSHM - detected Backdoor.Multi.ZAccess.gen (0)
17:07:21.0984 2752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:07:21.0984 2752 IRENUM - ok
17:07:22.0015 2752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:07:22.0031 2752 isapnp - ok
17:07:22.0031 2752 ISODrive - ok
17:07:22.0031 2752 iviaspi (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\backupexecalertserver.dll
17:07:22.0062 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\backupexecalertserver.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0062 2752 iviaspi ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0062 2752 iviaspi - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0125 2752 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
17:07:22.0140 2752 JavaQuickStarterService - ok
17:07:22.0156 2752 jsdaemon (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ptbsync.dll
17:07:22.0171 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\ptbsync.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0171 2752 jsdaemon ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0171 2752 jsdaemon - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0171 2752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:07:22.0171 2752 Kbdclass - ok
17:07:22.0187 2752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:07:22.0187 2752 kbdhid - ok
17:07:22.0187 2752 kbfiltr - ok
17:07:22.0234 2752 kbstuff (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\VSP1284D.dll
17:07:22.0250 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\VSP1284D.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0250 2752 kbstuff ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0250 2752 kbstuff - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0250 2752 klif (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\nsvclog.dll
17:07:22.0265 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\nsvclog.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0265 2752 klif ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0265 2752 klif - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0265 2752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:07:22.0281 2752 kmixer - ok
17:07:22.0296 2752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:07:22.0296 2752 KSecDD - ok
17:07:22.0328 2752 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:07:22.0328 2752 lanmanserver - ok
17:07:22.0375 2752 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:07:22.0375 2752 lanmanworkstation - ok
17:07:22.0375 2752 lbrtfdc - ok
17:07:22.0406 2752 lgmcbus (36fc312051a6919e97c5cdce6360ddb4) C:\WINDOWS\system32\DRIVERS\lgmcbus.sys
17:07:22.0406 2752 lgmcbus - ok
17:07:22.0421 2752 lgmcmdfl (793f99799f1d857537cf1810283a7db9) C:\WINDOWS\system32\DRIVERS\lgmcmdfl.sys
17:07:22.0421 2752 lgmcmdfl - ok
17:07:22.0437 2752 lgmcmdm (d991dbee3a13f670928b4a9c07e67503) C:\WINDOWS\system32\DRIVERS\lgmcmdm.sys
17:07:22.0437 2752 lgmcmdm - ok
17:07:22.0453 2752 lgmcmgmt (9761981c9656abd1f13a6fc7b2d6b431) C:\WINDOWS\system32\DRIVERS\lgmcmgmt.sys
17:07:22.0453 2752 lgmcmgmt - ok
17:07:22.0453 2752 lgmcnd5 (3e3b259be2c9031975170c4b7ffc7b6c) C:\WINDOWS\system32\DRIVERS\lgmcnd5.sys
17:07:22.0453 2752 lgmcnd5 - ok
17:07:22.0468 2752 lgmcobex (bc68570f3f3a7d07f50505b58d45c539) C:\WINDOWS\system32\DRIVERS\lgmcobex.sys
17:07:22.0468 2752 lgmcobex - ok
17:07:22.0468 2752 lgmcunic (2e29da94e03474942b7cbf1952563c0a) C:\WINDOWS\system32\DRIVERS\lgmcunic.sys
17:07:22.0468 2752 lgmcunic - ok
17:07:22.0484 2752 LHidUsbK - ok
17:07:22.0515 2752 licensemanagersocket (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\smsmdd.dll
17:07:22.0531 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\smsmdd.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0531 2752 licensemanagersocket ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0531 2752 licensemanagersocket - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0562 2752 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:07:22.0578 2752 LmHosts - ok
17:07:22.0578 2752 lvckap (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ccpwdsvc.dll
17:07:22.0593 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\ccpwdsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0593 2752 lvckap ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0593 2752 lvckap - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0609 2752 lvsrvlauncher (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Blfp.dll
17:07:22.0625 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\Blfp.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0625 2752 lvsrvlauncher ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0625 2752 lvsrvlauncher - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0640 2752 lxce_device (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SE2Eobex.dll
17:07:22.0656 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\SE2Eobex.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0656 2752 lxce_device ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0656 2752 lxce_device - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0656 2752 lxcf_device (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\symevent.dll
17:07:22.0671 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\symevent.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0671 2752 lxcf_device ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0671 2752 lxcf_device - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0687 2752 Maplom (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\FETNDIS.dll
17:07:22.0703 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\FETNDIS.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0703 2752 Maplom ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0703 2752 Maplom - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0734 2752 marvinbus (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\netddedsdm.dll
17:07:22.0750 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\netddedsdm.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0750 2752 marvinbus ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0750 2752 marvinbus - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0750 2752 maya70docserver - ok
17:07:22.0796 2752 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
17:07:22.0796 2752 mcdbus - ok
17:07:22.0828 2752 mcods (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\system32\irmon.dll
17:07:22.0828 2752 mcods - ok
17:07:22.0828 2752 mdmxsdk - ok
17:07:22.0859 2752 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:07:22.0859 2752 Messenger - ok
17:07:22.0875 2752 mi-raysat_3dsmax9_32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\zpcollector.dll
17:07:22.0890 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\zpcollector.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:22.0890 2752 mi-raysat_3dsmax9_32 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:22.0890 2752 mi-raysat_3dsmax9_32 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:22.0890 2752 midisyn - ok
17:07:22.0921 2752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:07:22.0921 2752 mnmdd - ok
17:07:22.0968 2752 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:07:22.0968 2752 mnmsrvc - ok
17:07:23.0000 2752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:07:23.0000 2752 Modem - ok
17:07:23.0093 2752 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
17:07:23.0125 2752 Monfilt - ok
17:07:23.0156 2752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:07:23.0156 2752 Mouclass - ok
17:07:23.0187 2752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:07:23.0187 2752 mouhid - ok
17:07:23.0203 2752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:07:23.0203 2752 MountMgr - ok
17:07:23.0203 2752 mraid35x - ok
17:07:23.0218 2752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:07:23.0218 2752 MRxDAV - ok
17:07:23.0265 2752 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:07:23.0281 2752 MRxSmb - ok
17:07:23.0375 2752 MSCamSvc (af661f9eaf65c024ee85ac531fdad9fa) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
17:07:23.0375 2752 MSCamSvc - ok
17:07:23.0406 2752 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:07:23.0406 2752 MSDTC - ok
17:07:23.0437 2752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:07:23.0437 2752 Msfs - ok
17:07:23.0484 2752 MsibiosDevice (73df019bb316f317e60ae8758a52b3d1) C:\Program Files\MSI\Live Update 4\LU4\msibios.sys
17:07:23.0484 2752 MsibiosDevice - ok
17:07:23.0484 2752 MSIServer - ok
17:07:23.0531 2752 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
17:07:23.0531 2752 MSI_DVD_010507 - ok
17:07:23.0578 2752 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
17:07:23.0578 2752 MSI_MSIBIOS_010507 - ok
17:07:23.0593 2752 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
17:07:23.0593 2752 MSI_VGASYS_010507 - ok
17:07:23.0593 2752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:07:23.0593 2752 MSKSSRV - ok
17:07:23.0609 2752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:07:23.0609 2752 MSPCLOCK - ok
17:07:23.0609 2752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:07:23.0609 2752 MSPQM - ok
17:07:23.0640 2752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:07:23.0640 2752 mssmbios - ok
17:07:23.0671 2752 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:07:23.0671 2752 MSTEE - ok
17:07:23.0687 2752 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:07:23.0687 2752 Mup - ok
17:07:23.0687 2752 mwagent - ok
17:07:23.0718 2752 mwlsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\JavaQuickStarterService.dll
17:07:23.0734 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\JavaQuickStarterService.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:23.0734 2752 mwlsvc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:23.0734 2752 mwlsvc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:23.0750 2752 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:07:23.0750 2752 NABTSFEC - ok
17:07:23.0781 2752 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:07:23.0796 2752 napagent - ok
17:07:23.0796 2752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:07:23.0796 2752 NDIS - ok
17:07:23.0796 2752 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:07:23.0796 2752 NdisIP - ok
17:07:23.0828 2752 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:07:23.0828 2752 NdisTapi - ok
17:07:23.0875 2752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:07:23.0875 2752 Ndisuio - ok
17:07:23.0890 2752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:07:23.0890 2752 NdisWan - ok
17:07:23.0921 2752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:07:23.0921 2752 NDProxy - ok
17:07:23.0953 2752 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
17:07:23.0953 2752 Netaapl - ok
17:07:23.0968 2752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:07:23.0968 2752 NetBIOS - ok
17:07:24.0000 2752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:07:24.0000 2752 NetBT - ok
17:07:24.0031 2752 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:07:24.0031 2752 NetDDE - ok
17:07:24.0031 2752 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:07:24.0031 2752 NetDDEdsdm - ok
17:07:24.0062 2752 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:07:24.0078 2752 Netlogon - ok
17:07:24.0125 2752 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:07:24.0125 2752 Netman - ok
17:07:24.0218 2752 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:07:24.0218 2752 NetTcpPortSharing - ok
17:07:24.0250 2752 netwg311 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\osaio.dll
17:07:24.0265 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\osaio.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:24.0265 2752 netwg311 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:24.0265 2752 netwg311 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:24.0265 2752 nic1394 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\dcevt32.dll
17:07:24.0281 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\dcevt32.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:24.0281 2752 nic1394 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:24.0281 2752 nic1394 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:24.0296 2752 nicconfigsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\swmsflt.dll
17:07:24.0312 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\swmsflt.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:24.0312 2752 nicconfigsvc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:24.0312 2752 nicconfigsvc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:24.0578 2752 NIHardwareService (bd7a1d7bef2c0fde73f7b87971ed9d2f) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
17:07:24.0671 2752 NIHardwareService - ok
17:07:24.0765 2752 nimcdfxk (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\superproserver.dll
17:07:24.0796 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\superproserver.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:24.0796 2752 nimcdfxk ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:24.0796 2752 nimcdfxk - detected Backdoor.Multi.ZAccess.gen (0)
17:07:24.0796 2752 nisum - ok
17:07:24.0843 2752 NitroDriverReadSpool (9c14e80ff4ccdff8129dc716c112c517) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
17:07:24.0859 2752 NitroDriverReadSpool - ok
17:07:24.0906 2752 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:07:24.0906 2752 Nla - ok
17:07:24.0937 2752 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
17:07:24.0937 2752 nm - ok
17:07:24.0968 2752 nmwcdnsu (be7fd9ca07e7d39f77c78ba5756930d9) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
17:07:24.0968 2752 nmwcdnsu - ok
17:07:24.0984 2752 nmwcdnsuc (94651f5808d3328d28ef967a9e853b8f) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
17:07:24.0984 2752 nmwcdnsuc - ok
17:07:25.0015 2752 NPDriver (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bh611.dll
17:07:25.0046 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\bh611.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:25.0046 2752 NPDriver ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:25.0046 2752 NPDriver - detected Backdoor.Multi.ZAccess.gen (0)
17:07:25.0062 2752 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
17:07:25.0062 2752 NPF - ok
17:07:25.0093 2752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:07:25.0093 2752 Npfs - ok
17:07:25.0093 2752 Nsynas32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\WNIPROT5.dll
17:07:25.0125 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\WNIPROT5.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:25.0125 2752 Nsynas32 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:25.0125 2752 Nsynas32 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:25.0156 2752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:07:25.0156 2752 Ntfs - ok
17:07:25.0203 2752 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:07:25.0203 2752 NtLmSsp - ok
17:07:25.0250 2752 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:07:25.0265 2752 NtmsSvc - ok
17:07:25.0281 2752 NTSIM (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\upperdev.dll
17:07:25.0296 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\upperdev.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:25.0296 2752 NTSIM ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:25.0296 2752 NTSIM - detected Backdoor.Multi.ZAccess.gen (0)
17:07:25.0296 2752 ntsvcmgr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\se44mgmt.dll
17:07:25.0328 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\se44mgmt.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:25.0328 2752 ntsvcmgr ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:25.0328 2752 ntsvcmgr - detected Backdoor.Multi.ZAccess.gen (0)
17:07:25.0359 2752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:07:25.0359 2752 Null - ok
17:07:25.0812 2752 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:07:26.0015 2752 nv - ok
17:07:26.0140 2752 nvmpu401 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pdlnacom.dll
17:07:26.0156 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\pdlnacom.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:26.0156 2752 nvmpu401 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:26.0156 2752 nvmpu401 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:26.0203 2752 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
17:07:26.0203 2752 nvsvc - ok
17:07:26.0203 2752 NWDHCP - ok
17:07:26.0234 2752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:07:26.0234 2752 NwlnkFlt - ok
17:07:26.0234 2752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:07:26.0234 2752 NwlnkFwd - ok
17:07:26.0265 2752 NWSAP (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cfosspeed.dll
17:07:26.0281 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\cfosspeed.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:26.0281 2752 NWSAP ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:26.0281 2752 NWSAP - detected Backdoor.Multi.ZAccess.gen (0)
17:07:26.0281 2752 NwSapAgent - ok
17:07:26.0312 2752 NWSLP (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\dlcf_device.dll
17:07:26.0328 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\dlcf_device.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:26.0328 2752 NWSLP ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:26.0328 2752 NWSLP - detected Backdoor.Multi.ZAccess.gen (0)
17:07:26.0328 2752 obvious - ok
17:07:26.0359 2752 ohci1394 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\smsmdd.dll
17:07:26.0390 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\smsmdd.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:26.0390 2752 ohci1394 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:26.0390 2752 ohci1394 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:26.0390 2752 olapserver (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\iomdisk.dll
17:07:26.0406 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\iomdisk.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:26.0406 2752 olapserver ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:26.0406 2752 olapserver - detected Backdoor.Multi.ZAccess.gen (0)
17:07:26.0406 2752 oracleorahometnslistener (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\lvpopflt.dll
17:07:26.0437 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\lvpopflt.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:26.0437 2752 oracleorahometnslistener ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:26.0437 2752 oracleorahometnslistener - detected Backdoor.Multi.ZAccess.gen (0)
17:07:26.0437 2752 oraclesnmppeerencapsulator (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ni_nic.dll
17:07:26.0453 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\ni_nic.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:26.0453 2752 oraclesnmppeerencapsulator ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:26.0453 2752 oraclesnmppeerencapsulator - detected Backdoor.Multi.ZAccess.gen (0)
17:07:26.0531 2752 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:07:26.0531 2752 ose - ok
17:07:26.0531 2752 ossrv - ok
17:07:26.0562 2752 ovmsmaccessmanager (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\webupdate.dll
17:07:26.0578 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\webupdate.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:26.0578 2752 ovmsmaccessmanager ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:26.0578 2752 ovmsmaccessmanager - detected Backdoor.Multi.ZAccess.gen (0)
17:07:26.0625 2752 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
17:07:26.0625 2752 ovt519 - ok
17:07:26.0781 2752 P17 (d84ab749759d0b4e365fe19bea485378) C:\WINDOWS\system32\drivers\P17.sys
17:07:26.0828 2752 P17 - ok
17:07:26.0828 2752 Packet - ok
17:07:26.0859 2752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:07:26.0859 2752 Parport - ok
17:07:26.0875 2752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:07:26.0875 2752 PartMgr - ok
17:07:26.0921 2752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:07:26.0921 2752 ParVdm - ok
17:07:26.0953 2752 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:07:26.0953 2752 pccsmcfd - ok
17:07:26.0968 2752 pcctlcom (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pavagente.dll
17:07:26.0984 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\pavagente.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:26.0984 2752 pcctlcom ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:26.0984 2752 pcctlcom - detected Backdoor.Multi.ZAccess.gen (0)
17:07:26.0984 2752 PcdrNt - ok
17:07:27.0015 2752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:07:27.0015 2752 PCI - ok
17:07:27.0015 2752 PCIDump - ok
17:07:27.0031 2752 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:07:27.0031 2752 PCIIde - ok
17:07:27.0031 2752 PCISys - ok
17:07:27.0046 2752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:07:27.0046 2752 Pcmcia - ok
17:07:27.0046 2752 PDCOMP - ok
17:07:27.0062 2752 PDFRAME - ok
17:07:27.0093 2752 pdlnebas (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\avgarcln.dll
17:07:27.0109 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\avgarcln.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:27.0109 2752 pdlnebas ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:27.0109 2752 pdlnebas - detected Backdoor.Multi.ZAccess.gen (0)
17:07:27.0109 2752 pdlnecfg (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\vwd.dll
17:07:27.0125 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\vwd.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:27.0125 2752 pdlnecfg ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:27.0125 2752 pdlnecfg - detected Backdoor.Multi.ZAccess.gen (0)
17:07:27.0125 2752 pdlnsv25 - ok
17:07:27.0125 2752 PDRELI - ok
17:07:27.0125 2752 PDRFRAME - ok
17:07:27.0125 2752 perc2 - ok
17:07:27.0125 2752 perc2hib - ok
17:07:27.0140 2752 persfw (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\magictuneengine.dll
17:07:27.0156 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\magictuneengine.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:27.0156 2752 persfw ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:27.0156 2752 persfw - detected Backdoor.Multi.ZAccess.gen (0)
17:07:27.0203 2752 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:07:27.0203 2752 PlugPlay - ok
17:07:27.0250 2752 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
17:07:27.0250 2752 PnkBstrA - ok
17:07:27.0281 2752 PnkBstrB (f482f214bffdf46dc35f47ba5b453e84) C:\WINDOWS\system32\PnkBstrB.exe
17:07:27.0281 2752 PnkBstrB - ok
17:07:27.0312 2752 PnkBstrK (3a6f6d4e8caae0497a511d493e3b6fa9) C:\WINDOWS\system32\drivers\PnkBstrK.sys
17:07:27.0312 2752 PnkBstrK - ok
17:07:27.0359 2752 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:07:27.0359 2752 PolicyAgent - ok
17:07:27.0359 2752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:07:27.0359 2752 PptpMiniport - ok
17:07:27.0390 2752 prohlp02 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\winvnc.dll
17:07:27.0406 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\winvnc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:27.0406 2752 prohlp02 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:27.0406 2752 prohlp02 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:27.0406 2752 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:07:27.0406 2752 ProtectedStorage - ok
17:07:27.0421 2752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:07:27.0421 2752 PSched - ok
17:07:27.0453 2752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:07:27.0453 2752 Ptilink - ok
17:07:27.0484 2752 pwd_2K (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\WscNetDr.dll
17:07:27.0500 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\WscNetDr.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:27.0500 2752 pwd_2K ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:27.0500 2752 pwd_2K - detected Backdoor.Multi.ZAccess.gen (0)
17:07:27.0500 2752 ql1080 - ok
17:07:27.0500 2752 Ql10wnt - ok
17:07:27.0500 2752 ql12160 - ok
17:07:27.0500 2752 ql1240 - ok
17:07:27.0500 2752 ql1280 - ok
17:07:27.0546 2752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:07:27.0546 2752 RasAcd - ok
17:07:27.0578 2752 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:07:27.0578 2752 RasAuto - ok
17:07:27.0609 2752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:07:27.0609 2752 Rasl2tp - ok
17:07:27.0656 2752 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:07:27.0656 2752 RasMan - ok
17:07:27.0656 2752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:07:27.0656 2752 RasPppoe - ok
17:07:27.0656 2752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:07:27.0656 2752 Raspti - ok
17:07:27.0703 2752 raysatxsi5_0server (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\w70n51.dll
17:07:27.0718 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\w70n51.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:27.0718 2752 raysatxsi5_0server ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:27.0718 2752 raysatxsi5_0server - detected Backdoor.Multi.ZAccess.gen (0)
17:07:27.0734 2752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:07:27.0734 2752 Rdbss - ok
17:07:27.0734 2752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:07:27.0734 2752 RDPCDD - ok
17:07:27.0750 2752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:07:27.0750 2752 rdpdr - ok
17:07:27.0765 2752 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:07:27.0781 2752 RDPWD - ok
17:07:27.0812 2752 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:07:27.0828 2752 RDSessMgr - ok
17:07:27.0828 2752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:07:27.0828 2752 redbook - ok
17:07:27.0859 2752 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:07:27.0859 2752 RemoteAccess - ok
17:07:27.0890 2752 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:07:27.0890 2752 RemoteRegistry - ok
17:07:27.0890 2752 retinaengine (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\U81xmdfl.dll
17:07:27.0921 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\U81xmdfl.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:27.0921 2752 retinaengine ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:27.0921 2752 retinaengine - detected Backdoor.Multi.ZAccess.gen (0)
17:07:27.0921 2752 retroexplauncher (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\regspy.dll
17:07:27.0937 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\regspy.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:27.0937 2752 retroexplauncher ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:27.0937 2752 retroexplauncher - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0046 2752 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:07:28.0062 2752 RichVideo - ok
17:07:28.0062 2752 risdptsk - ok
17:07:28.0125 2752 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
17:07:28.0125 2752 RivaTuner32 - ok
17:07:28.0140 2752 rnadiagreceiver (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\s616mgmt.dll
17:07:28.0171 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\s616mgmt.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0171 2752 rnadiagreceiver ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0171 2752 rnadiagreceiver - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0218 2752 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
17:07:28.0218 2752 rpcapd - ok
17:07:28.0234 2752 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:07:28.0250 2752 RpcLocator - ok
17:07:28.0296 2752 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:07:28.0296 2752 RpcSs - ok
17:07:28.0343 2752 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:07:28.0343 2752 RSVP - ok
17:07:28.0375 2752 RTHDMIAzAudService (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\TPPWRIF.dll
17:07:28.0390 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\TPPWRIF.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0390 2752 RTHDMIAzAudService ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0390 2752 RTHDMIAzAudService - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0406 2752 RTL8169 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\usb20l.dll
17:07:28.0437 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\usb20l.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0437 2752 RTL8169 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0437 2752 RTL8169 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0484 2752 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:07:28.0484 2752 RTLE8023xp - ok
17:07:28.0515 2752 s116bus (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\lhidusb.dll
17:07:28.0531 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\lhidusb.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0531 2752 s116bus ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0531 2752 s116bus - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0531 2752 s24eventmonitor (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\c-dillacdac11ba.dll
17:07:28.0546 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\c-dillacdac11ba.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0546 2752 s24eventmonitor ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0546 2752 s24eventmonitor - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0562 2752 s716mdm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cqmgstor.dll
17:07:28.0578 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\cqmgstor.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0578 2752 s716mdm ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0578 2752 s716mdm - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0578 2752 s716unic - ok
17:07:28.0578 2752 SaiU040B - ok
17:07:28.0625 2752 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:07:28.0625 2752 SamSs - ok
17:07:28.0640 2752 sandboxu (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bgsvcgen.dll
17:07:28.0671 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\bgsvcgen.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0671 2752 sandboxu ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0671 2752 sandboxu - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0687 2752 savrt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\omci.dll
17:07:28.0703 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\omci.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0703 2752 savrt ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0703 2752 savrt - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0703 2752 ScanUSBEMPIA (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\oracleorahomepagingserver.dll
17:07:28.0718 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\oracleorahomepagingserver.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0718 2752 ScanUSBEMPIA ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0718 2752 ScanUSBEMPIA - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0765 2752 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:07:28.0765 2752 SCardSvr - ok
17:07:28.0812 2752 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
17:07:28.0812 2752 SCDEmu - ok
17:07:28.0859 2752 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:07:28.0859 2752 Schedule - ok
17:07:28.0875 2752 se2Cnd5 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SI3112.dll
17:07:28.0890 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\SI3112.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0890 2752 se2Cnd5 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0890 2752 se2Cnd5 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0921 2752 SE2Dmdm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\WDM_YAMAHAAC97.dll
17:07:28.0937 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\WDM_YAMAHAAC97.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:28.0937 2752 SE2Dmdm ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:28.0937 2752 SE2Dmdm - detected Backdoor.Multi.ZAccess.gen (0)
17:07:28.0937 2752 se59mgmt - ok
17:07:28.0968 2752 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:07:28.0984 2752 Secdrv - ok
17:07:29.0000 2752 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:07:29.0000 2752 seclogon - ok
17:07:29.0031 2752 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:07:29.0031 2752 SENS - ok
17:07:29.0078 2752 Sentinel (7e5c2c58fc4e3862e7bf88bfb809a9b0) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
17:07:29.0078 2752 Sentinel - ok
17:07:29.0156 2752 SentinelProtectionServer (3ee0cbb405af078f7c25fdb64e4b68f5) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
17:07:29.0171 2752 SentinelProtectionServer - ok
17:07:29.0203 2752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:07:29.0203 2752 serenum - ok
17:07:29.0218 2752 Serial (8bf9174aa7daf958653eb3643efc6758) C:\WINDOWS\system32\DRIVERS\serial.sys
17:07:29.0218 2752 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 8bf9174aa7daf958653eb3643efc6758, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7
17:07:29.0218 2752 Serial ( Virus.Win32.ZAccess.j ) - infected
17:07:29.0218 2752 Serial - detected Virus.Win32.ZAccess.j (0)
17:07:29.0234 2752 service1 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\s116mdfl.dll
17:07:29.0250 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\s116mdfl.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0250 2752 service1 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0250 2752 service1 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0328 2752 ServiceLayer (3334de016fdcde5c98e30a405a72dd8d) C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
17:07:29.0359 2752 ServiceLayer - ok
17:07:29.0421 2752 sessavs (fbc27d41fec664ef73de15a76946c60c) C:\WINDOWS\system32\Drivers\sessavs.sys
17:07:29.0421 2752 sessavs - ok
17:07:29.0468 2752 sessusb_svc (d61436d8bce3115753c1d98c43461ac0) C:\WINDOWS\system32\Drivers\sessusb.sys
17:07:29.0468 2752 sessusb_svc - ok
17:07:29.0484 2752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:07:29.0484 2752 Sfloppy - ok
17:07:29.0484 2752 sfvfs02 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tmesrv3.dll
17:07:29.0515 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\tmesrv3.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0515 2752 sfvfs02 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0515 2752 sfvfs02 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0515 2752 sgectl (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\quickbooksdb.dll
17:07:29.0546 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\quickbooksdb.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0546 2752 sgectl ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0546 2752 sgectl - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0562 2752 SGIR (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\zunenetworksvc.dll
17:07:29.0578 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\zunenetworksvc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0578 2752 SGIR ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0578 2752 SGIR - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0625 2752 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:07:29.0625 2752 SharedAccess - ok
17:07:29.0671 2752 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:07:29.0671 2752 ShellHWDetection - ok
17:07:29.0671 2752 Simbad - ok
17:07:29.0687 2752 SiSRaid (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\trayman.dll
17:07:29.0703 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\trayman.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0703 2752 SiSRaid ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0703 2752 SiSRaid - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0718 2752 SiSRaid2 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\susbser.dll
17:07:29.0734 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\susbser.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0734 2752 SiSRaid2 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0734 2752 SiSRaid2 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0750 2752 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:07:29.0750 2752 SLIP - ok
17:07:29.0765 2752 smartscaps (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pwd_2K.dll
17:07:29.0781 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\pwd_2K.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0781 2752 smartscaps ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0781 2752 smartscaps - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0781 2752 smservauth (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mcnasvc.dll
17:07:29.0796 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\mcnasvc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0796 2752 smservauth ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0796 2752 smservauth - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0828 2752 SndTDriverV32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\hidgame.dll
17:07:29.0843 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\hidgame.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0843 2752 SndTDriverV32 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0843 2752 SndTDriverV32 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0843 2752 softfax (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\NETMDUSB.dll
17:07:29.0875 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\NETMDUSB.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0875 2752 softfax ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0875 2752 softfax - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0875 2752 Sparrow - ok
17:07:29.0906 2752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:07:29.0906 2752 splitter - ok
17:07:29.0937 2752 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:07:29.0937 2752 Spooler - ok
17:07:29.0953 2752 sp_rssrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\lmouflt2.dll
17:07:29.0968 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\lmouflt2.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:29.0968 2752 sp_rssrv ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:29.0968 2752 sp_rssrv - detected Backdoor.Multi.ZAccess.gen (0)
17:07:29.0968 2752 SQLBrowser - ok
17:07:29.0968 2752 sqlserveragent - ok
17:07:30.0015 2752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:07:30.0015 2752 sr - ok
17:07:30.0062 2752 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:07:30.0062 2752 srservice - ok
17:07:30.0109 2752 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:07:30.0125 2752 Srv - ok
17:07:30.0156 2752 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:07:30.0156 2752 SSDPSRV - ok
17:07:30.0156 2752 starwindservice - ok
17:07:30.0171 2752 statusagent (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\VAIOMediaPlatform-MusicServer-UPnP.dll
17:07:30.0187 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\VAIOMediaPlatform-MusicServer-UPnP.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0187 2752 statusagent ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0187 2752 statusagent - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0203 2752 sthda (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\kerbkey.dll
17:07:30.0218 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\kerbkey.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0218 2752 sthda ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0218 2752 sthda - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0250 2752 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:07:30.0265 2752 stisvc - ok
17:07:30.0265 2752 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:07:30.0265 2752 streamip - ok
17:07:30.0296 2752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:07:30.0296 2752 swenum - ok
17:07:30.0312 2752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:07:30.0312 2752 swmidi - ok
17:07:30.0312 2752 swmsflt - ok
17:07:30.0312 2752 SwPrv - ok
17:07:30.0312 2752 symc810 - ok
17:07:30.0328 2752 symc8xx - ok
17:07:30.0328 2752 symndis - ok
17:07:30.0328 2752 sym_hi - ok
17:07:30.0328 2752 sym_u3 - ok
17:07:30.0390 2752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:07:30.0390 2752 sysaudio - ok
17:07:30.0406 2752 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:07:30.0406 2752 SysmonLog - ok
17:07:30.0421 2752 tandpl (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\roxupnpserver.dll
17:07:30.0437 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\roxupnpserver.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0437 2752 tandpl ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0437 2752 tandpl - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0453 2752 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:07:30.0453 2752 TapiSrv - ok
17:07:30.0515 2752 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:07:30.0515 2752 Tcpip - ok
17:07:30.0531 2752 tcsd_win32.exe - ok
17:07:30.0546 2752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:07:30.0546 2752 TDPIPE - ok
17:07:30.0562 2752 tdsmapi (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\PNDIS5.dll
17:07:30.0578 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\PNDIS5.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0578 2752 tdsmapi ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0578 2752 tdsmapi - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0593 2752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:07:30.0593 2752 TDTCP - ok
17:07:30.0593 2752 telnet (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\w550bus.dll
17:07:30.0625 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\w550bus.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0625 2752 telnet ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0625 2752 telnet - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0640 2752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:07:30.0640 2752 TermDD - ok
17:07:30.0656 2752 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:07:30.0671 2752 TermService - ok
17:07:30.0703 2752 tfsnudfa (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\NICSer_WPC300N.dll
17:07:30.0718 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\NICSer_WPC300N.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0718 2752 tfsnudfa ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0718 2752 tfsnudfa - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0734 2752 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:07:30.0734 2752 Themes - ok
17:07:30.0750 2752 thpsrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\igfx.dll
17:07:30.0765 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\igfx.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0765 2752 thpsrv ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0765 2752 thpsrv - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0781 2752 TIEHDUSB (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\NIPALK.dll
17:07:30.0796 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\NIPALK.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0796 2752 TIEHDUSB ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0796 2752 TIEHDUSB - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0812 2752 tifm21 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\grmnusb.dll
17:07:30.0843 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\grmnusb.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0843 2752 tifm21 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0843 2752 tifm21 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0875 2752 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:07:30.0875 2752 TlntSvr - ok
17:07:30.0890 2752 tmesbs32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\agp440.dll
17:07:30.0906 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\agp440.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0906 2752 tmesbs32 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0906 2752 tmesbs32 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0921 2752 tmlisten (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mcmispupdmgr.dll
17:07:30.0937 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\mcmispupdmgr.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0937 2752 tmlisten ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0937 2752 tmlisten - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0937 2752 toddsrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\btfirst.dll
17:07:30.0968 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\btfirst.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0968 2752 toddsrv ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0968 2752 toddsrv - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0968 2752 TosIde - ok
17:07:30.0968 2752 tpkmpsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\alcxsens.dll
17:07:30.0984 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\alcxsens.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:30.0984 2752 tpkmpsvc ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:30.0984 2752 tpkmpsvc - detected Backdoor.Multi.ZAccess.gen (0)
17:07:30.0984 2752 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:07:30.0984 2752 TrkWks - ok
17:07:30.0984 2752 TryAndDecideService (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\BASFND.dll
17:07:31.0015 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\BASFND.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0015 2752 TryAndDecideService ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0015 2752 TryAndDecideService - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0015 2752 tunmp (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\aksusb.dll
17:07:31.0031 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\aksusb.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0031 2752 tunmp ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0031 2752 tunmp - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0140 2752 TwonkyMedia - ok
17:07:31.0156 2752 U81xobex - ok
17:07:31.0156 2752 UBHelper (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\se58mdfl.dll
17:07:31.0171 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\se58mdfl.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0171 2752 UBHelper ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0171 2752 UBHelper - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0187 2752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:07:31.0187 2752 Udfs - ok
17:07:31.0187 2752 ultra - ok
17:07:31.0187 2752 umpusbxp (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\db2jds.dll
17:07:31.0218 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\db2jds.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0218 2752 umpusbxp ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0218 2752 umpusbxp - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0265 2752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:07:31.0265 2752 Update - ok
17:07:31.0296 2752 UpdateCenterService (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\camdrl.dll
17:07:31.0312 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\camdrl.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0312 2752 UpdateCenterService ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0312 2752 UpdateCenterService - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0328 2752 upnp (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\arc.dll
17:07:31.0343 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\arc.dll. md5: 11028c6a84a967070cb1286550f2058f

17:07:31.0343 2752 upnp ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0343 2752 upnp - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0359 2752 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:07:31.0359 2752 upnphost - ok
17:07:31.0375 2752 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:07:31.0375 2752 UPS - ok
17:07:31.0375 2752 us30sys - ok
17:07:31.0406 2752 USA49W2KP (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tmtdi.dll
17:07:31.0421 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\tmtdi.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0421 2752 USA49W2KP ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0421 2752 USA49W2KP - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0453 2752 usb20l (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\WNIPROT5.dll
17:07:31.0468 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\WNIPROT5.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0468 2752 usb20l ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0468 2752 usb20l - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0484 2752 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:07:31.0484 2752 USBAAPL - ok
17:07:31.0500 2752 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:07:31.0500 2752 usbaudio - ok
17:07:31.0515 2752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:07:31.0515 2752 usbccgp - ok
17:07:31.0562 2752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:07:31.0562 2752 usbehci - ok
17:07:31.0578 2752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:07:31.0578 2752 usbhub - ok
17:07:31.0609 2752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:07:31.0609 2752 usbprint - ok
17:07:31.0640 2752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:07:31.0640 2752 usbscan - ok
17:07:31.0671 2752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:07:31.0671 2752 USBSTOR - ok
17:07:31.0687 2752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:07:31.0687 2752 usbuhci - ok
17:07:31.0703 2752 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:07:31.0703 2752 usbvideo - ok
17:07:31.0718 2752 USB_RNDIS (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pshost.dll
17:07:31.0734 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\pshost.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0734 2752 USB_RNDIS ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0734 2752 USB_RNDIS - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0750 2752 utilman (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\WmXlCore.dll
17:07:31.0765 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\WmXlCore.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0765 2752 utilman ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0765 2752 utilman - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0765 2752 vaiomediaplatform-integratedserver-upnp - ok
17:07:31.0765 2752 vaiomediaplatform-musicserver-appserver (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SISNICXP.dll
17:07:31.0796 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\SISNICXP.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0796 2752 vaiomediaplatform-musicserver-appserver ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0796 2752 vaiomediaplatform-musicserver-appserver - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0796 2752 VAIOMediaPlatform-PhotoServer-UPnP - ok
17:07:31.0812 2752 vc5secs (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\z525mdfl.dll
17:07:31.0828 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\z525mdfl.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0828 2752 vc5secs ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0828 2752 vc5secs - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0843 2752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:07:31.0843 2752 VgaSave - ok
17:07:31.0843 2752 ViaIde - ok
17:07:31.0859 2752 viaudio (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\symevent.dll
17:07:31.0875 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\symevent.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:31.0875 2752 viaudio ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:31.0875 2752 viaudio - detected Backdoor.Multi.ZAccess.gen (0)
17:07:31.0890 2752 VKbms (07c20e596a0838809bc5ff5de5a65973) C:\WINDOWS\system32\DRIVERS\VKbms.sys
17:07:31.0890 2752 VKbms - ok
17:07:31.0906 2752 VMUVC - ok
17:07:31.0921 2752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:07:31.0921 2752 VolSnap - ok
17:07:31.0921 2752 vpcvmm - ok
17:07:31.0921 2752 vsbus - ok
17:07:31.0953 2752 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:07:31.0968 2752 VSS - ok
17:07:31.0984 2752 vtserver (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\klblmain.dll
17:07:32.0015 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\klblmain.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0015 2752 vtserver ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0015 2752 vtserver - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0015 2752 vulfnths (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SISNICXP.dll
17:07:32.0031 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\SISNICXP.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0031 2752 vulfnths ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0031 2752 vulfnths - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0046 2752 vulfntrs (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\snapman380.dll
17:07:32.0062 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\snapman380.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0062 2752 vulfntrs ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0062 2752 vulfntrs - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0062 2752 vvftUVC - ok
17:07:32.0187 2752 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
17:07:32.0218 2752 VX6000 - ok
17:07:32.0312 2752 w300bus (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\srescan.dll
17:07:32.0328 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\srescan.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0328 2752 w300bus ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0328 2752 w300bus - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0328 2752 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:07:32.0343 2752 W32Time - ok
17:07:32.0359 2752 w550mgmt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\inorpc.dll
17:07:32.0375 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\inorpc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0375 2752 w550mgmt ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0375 2752 w550mgmt - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0375 2752 W55U01 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ialm.dll
17:07:32.0390 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\ialm.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0390 2752 W55U01 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0390 2752 W55U01 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0390 2752 wampmysqld - ok
17:07:32.0421 2752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:07:32.0421 2752 Wanarp - ok
17:07:32.0421 2752 wanminiportservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ncupdatesvc.dll
17:07:32.0437 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\ncupdatesvc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0437 2752 wanminiportservice ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0437 2752 wanminiportservice - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0437 2752 Wbutton (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MSMQ.dll
17:07:32.0453 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\MSMQ.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0453 2752 Wbutton ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0453 2752 Wbutton - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0500 2752 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:07:32.0515 2752 Wdf01000 - ok
17:07:32.0515 2752 WDICA - ok
17:07:32.0562 2752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:07:32.0562 2752 wdmaud - ok
17:07:32.0562 2752 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:07:32.0562 2752 WebClient - ok
17:07:32.0593 2752 websenseclientdeployservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\prevxagent.dll
17:07:32.0609 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\prevxagent.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0609 2752 websenseclientdeployservice ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0609 2752 websenseclientdeployservice - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0609 2752 websensecommunicationagent - ok
17:07:32.0640 2752 websenseusagemonitor (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\intelroam.dll
17:07:32.0656 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\intelroam.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0656 2752 websenseusagemonitor ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0656 2752 websenseusagemonitor - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0671 2752 WINFLASH (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\NetMsmqActivator.dll
17:07:32.0687 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\NetMsmqActivator.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0687 2752 WINFLASH ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0687 2752 WINFLASH - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0703 2752 WINIO (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pilogsrv.dll
17:07:32.0718 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\pilogsrv.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0718 2752 WINIO ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0718 2752 WINIO - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0781 2752 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:07:32.0781 2752 winmgmt - ok
17:07:32.0796 2752 wmconnectcds (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bdpredir.dll
17:07:32.0812 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\bdpredir.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:32.0812 2752 wmconnectcds ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:32.0812 2752 wmconnectcds - detected Backdoor.Multi.ZAccess.gen (0)
17:07:32.0812 2752 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:07:32.0828 2752 WmdmPmSN - ok
17:07:32.0875 2752 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:07:32.0890 2752 Wmi - ok
17:07:32.0921 2752 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:07:32.0953 2752 WmiApSrv - ok
17:07:32.0953 2752 WMIService - ok
17:07:33.0093 2752 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:07:33.0109 2752 WMPNetworkSvc - ok
17:07:33.0125 2752 WmUsbHid (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pid_0928.dll
17:07:33.0140 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\pid_0928.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:33.0140 2752 WmUsbHid ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:33.0140 2752 WmUsbHid - detected Backdoor.Multi.ZAccess.gen (0)
17:07:33.0171 2752 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:07:33.0171 2752 wscsvc - ok
17:07:33.0203 2752 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:07:33.0203 2752 WSTCODEC - ok
17:07:33.0218 2752 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:07:33.0218 2752 wuauserv - ok
17:07:33.0234 2752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:07:33.0234 2752 WudfPf - ok
17:07:33.0250 2752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:07:33.0250 2752 WudfRd - ok
17:07:33.0265 2752 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:07:33.0265 2752 WudfSvc - ok
17:07:33.0312 2752 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:07:33.0312 2752 WZCSVC - ok
17:07:33.0328 2752 x10nets - ok
17:07:33.0343 2752 X10UIF (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\trlokom_rmhsvc.dll
17:07:33.0359 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\trlokom_rmhsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:33.0359 2752 X10UIF ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:33.0359 2752 X10UIF - detected Backdoor.Multi.ZAccess.gen (0)
17:07:33.0375 2752 X4HSX32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\iclarityqosservice.dll
17:07:33.0390 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\iclarityqosservice.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:33.0390 2752 X4HSX32 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:33.0390 2752 X4HSX32 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:33.0390 2752 xfactorae1 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tbaspi.dll
17:07:33.0406 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\tbaspi.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:33.0406 2752 xfactorae1 ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:33.0406 2752 xfactorae1 - detected Backdoor.Multi.ZAccess.gen (0)
17:07:33.0421 2752 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:07:33.0437 2752 xmlprov - ok
17:07:33.0437 2752 yats32 - ok
17:07:33.0453 2752 YMIDUSB (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\scardsvr.dll
17:07:33.0453 2752 YMIDUSB ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:33.0453 2752 YMIDUSB - detected Backdoor.Multi.ZAccess.gen (0)
17:07:33.0484 2752 yukonwxp (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\OracleOraHome92ClientCache.dll
17:07:33.0500 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\OracleOraHome92ClientCache.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:33.0500 2752 yukonwxp ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:33.0500 2752 yukonwxp - detected Backdoor.Multi.ZAccess.gen (0)
17:07:33.0500 2752 zpcache - ok
17:07:33.0531 2752 _iomega_active_disk_service_ (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\AtlsAud.dll
17:07:33.0546 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\AtlsAud.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:33.0546 2752 _iomega_active_disk_service_ ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:33.0546 2752 _iomega_active_disk_service_ - detected Backdoor.Multi.ZAccess.gen (0)
17:07:33.0546 2752 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\wanarp.dll
17:07:33.0578 2752 Suspicious file (NoAccess): C:\WINDOWS\system32\wanarp.dll. md5: 11028c6a84a967070cb1286550f2058f
17:07:33.0578 2752 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} ( Backdoor.Multi.ZAccess.gen ) - infected
17:07:33.0578 2752 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - detected Backdoor.Multi.ZAccess.gen (0)
17:07:33.0593 2752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:07:33.0937 2752 \Device\Harddisk0\DR0 - ok
17:07:33.0937 2752 Boot (0x1200) (af07418429a33e9ff8a46ef4d5638c8b) \Device\Harddisk0\DR0\Partition0
17:07:33.0937 2752 \Device\Harddisk0\DR0\Partition0 - ok
17:07:33.0937 2752 ============================================================
17:07:33.0937 2752 Scan finished
17:07:33.0937 2752 ============================================================
17:07:33.0937 2728 Detected object count: 172
17:07:33.0937 2728 Actual detected object count: 172
17:08:53.0171 2728 C:\WINDOWS\system32\dot4scan.dll - copied to quarantine
17:08:53.0171 2728 HKLM\SYSTEM\ControlSet001\services\aalogger - will be deleted on reboot
17:08:53.0171 2728 HKLM\SYSTEM\ControlSet003\services\aalogger - will be deleted on reboot
17:08:53.0171 2728 C:\WINDOWS\system32\dot4scan.dll - will be deleted on reboot
17:08:53.0171 2728 aalogger ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0265 2728 C:\WINDOWS\system32\usbio.dll - copied to quarantine
17:08:53.0265 2728 HKLM\SYSTEM\ControlSet001\services\acdservice - will be deleted on reboot
17:08:53.0265 2728 HKLM\SYSTEM\ControlSet003\services\acdservice - will be deleted on reboot
17:08:53.0265 2728 C:\WINDOWS\system32\usbio.dll - will be deleted on reboot
17:08:53.0265 2728 acdservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0312 2728 C:\WINDOWS\system32\aolservice.dll - copied to quarantine
17:08:53.0312 2728 HKLM\SYSTEM\ControlSet001\services\acmservice - will be deleted on reboot
17:08:53.0312 2728 HKLM\SYSTEM\ControlSet003\services\acmservice - will be deleted on reboot
17:08:53.0312 2728 C:\WINDOWS\system32\aolservice.dll - will be deleted on reboot
17:08:53.0312 2728 acmservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0421 2728 C:\WINDOWS\system32\rp32service.dll - copied to quarantine
17:08:53.0421 2728 HKLM\SYSTEM\ControlSet001\services\acsvc - will be deleted on reboot
17:08:53.0421 2728 HKLM\SYSTEM\ControlSet003\services\acsvc - will be deleted on reboot
17:08:53.0421 2728 C:\WINDOWS\system32\rp32service.dll - will be deleted on reboot
17:08:53.0421 2728 acsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0468 2728 C:\WINDOWS\system32\MaxtorFrontPanel1.dll - copied to quarantine
17:08:53.0468 2728 HKLM\SYSTEM\ControlSet001\services\admservice - will be deleted on reboot
17:08:53.0468 2728 HKLM\SYSTEM\ControlSet003\services\admservice - will be deleted on reboot
17:08:53.0468 2728 C:\WINDOWS\system32\MaxtorFrontPanel1.dll - will be deleted on reboot
17:08:53.0468 2728 admservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0531 2728 C:\WINDOWS\system32\epfw.dll - copied to quarantine
17:08:53.0531 2728 HKLM\SYSTEM\ControlSet001\services\agentsrv - will be deleted on reboot
17:08:53.0531 2728 HKLM\SYSTEM\ControlSet003\services\agentsrv - will be deleted on reboot
17:08:53.0531 2728 C:\WINDOWS\system32\epfw.dll - will be deleted on reboot
17:08:53.0531 2728 agentsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0578 2728 C:\WINDOWS\system32\pxfhmdm.dll - copied to quarantine
17:08:53.0578 2728 HKLM\SYSTEM\ControlSet001\services\Alpham1 - will be deleted on reboot
17:08:53.0578 2728 HKLM\SYSTEM\ControlSet003\services\Alpham1 - will be deleted on reboot
17:08:53.0578 2728 C:\WINDOWS\system32\pxfhmdm.dll - will be deleted on reboot
17:08:53.0578 2728 Alpham1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0625 2728 C:\WINDOWS\system32\sscdbus.dll - copied to quarantine
17:08:53.0625 2728 HKLM\SYSTEM\ControlSet001\services\AMDPCI - will be deleted on reboot
17:08:53.0625 2728 HKLM\SYSTEM\ControlSet003\services\AMDPCI - will be deleted on reboot
17:08:53.0625 2728 C:\WINDOWS\system32\sscdbus.dll - will be deleted on reboot
17:08:53.0625 2728 AMDPCI ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0671 2728 C:\WINDOWS\system32\datasvr.dll - copied to quarantine
17:08:53.0671 2728 HKLM\SYSTEM\ControlSet001\services\amoagent - will be deleted on reboot
17:08:53.0671 2728 HKLM\SYSTEM\ControlSet003\services\amoagent - will be deleted on reboot
17:08:53.0671 2728 C:\WINDOWS\system32\datasvr.dll - will be deleted on reboot
17:08:53.0671 2728 amoagent ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0750 2728 C:\WINDOWS\system32\alertmanager.dll - copied to quarantine
17:08:53.0750 2728 HKLM\SYSTEM\ControlSet001\services\apache2 - will be deleted on reboot
17:08:53.0750 2728 HKLM\SYSTEM\ControlSet003\services\apache2 - will be deleted on reboot
17:08:53.0750 2728 C:\WINDOWS\system32\alertmanager.dll - will be deleted on reboot
17:08:53.0750 2728 apache2 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0796 2728 C:\WINDOWS\system32\CiscoVpnInstallService.dll - copied to quarantine
17:08:53.0796 2728 HKLM\SYSTEM\ControlSet001\services\ASInsHelp - will be deleted on reboot
17:08:53.0796 2728 HKLM\SYSTEM\ControlSet003\services\ASInsHelp - will be deleted on reboot
17:08:53.0796 2728 C:\WINDOWS\system32\CiscoVpnInstallService.dll - will be deleted on reboot
17:08:53.0796 2728 ASInsHelp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0890 2728 C:\WINDOWS\system32\dcsloader.dll - copied to quarantine
17:08:53.0890 2728 HKLM\SYSTEM\ControlSet001\services\AsusACPI - will be deleted on reboot
17:08:53.0890 2728 HKLM\SYSTEM\ControlSet003\services\AsusACPI - will be deleted on reboot
17:08:53.0890 2728 C:\WINDOWS\system32\dcsloader.dll - will be deleted on reboot
17:08:53.0890 2728 AsusACPI ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:53.0937 2728 C:\WINDOWS\system32\psdvdisk.dll - copied to quarantine
17:08:53.0937 2728 HKLM\SYSTEM\ControlSet001\services\atimpab - will be deleted on reboot
17:08:53.0937 2728 HKLM\SYSTEM\ControlSet003\services\atimpab - will be deleted on reboot
17:08:53.0937 2728 C:\WINDOWS\system32\psdvdisk.dll - will be deleted on reboot
17:08:53.0937 2728 atimpab ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0015 2728 C:\WINDOWS\system32\p1131vid.dll - copied to quarantine
17:08:54.0015 2728 HKLM\SYSTEM\ControlSet001\services\avc - will be deleted on reboot
17:08:54.0015 2728 HKLM\SYSTEM\ControlSet003\services\avc - will be deleted on reboot
17:08:54.0015 2728 C:\WINDOWS\system32\p1131vid.dll - will be deleted on reboot
17:08:54.0015 2728 avc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0093 2728 C:\WINDOWS\system32\s716mdfl.dll - copied to quarantine
17:08:54.0093 2728 HKLM\SYSTEM\ControlSet001\services\awecho - will be deleted on reboot
17:08:54.0093 2728 HKLM\SYSTEM\ControlSet003\services\awecho - will be deleted on reboot
17:08:54.0093 2728 C:\WINDOWS\system32\s716mdfl.dll - will be deleted on reboot
17:08:54.0093 2728 awecho ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0125 2728 C:\WINDOWS\system32\cyberpowerups.dll - copied to quarantine
17:08:54.0125 2728 HKLM\SYSTEM\ControlSet001\services\axskbus - will be deleted on reboot
17:08:54.0125 2728 HKLM\SYSTEM\ControlSet003\services\axskbus - will be deleted on reboot
17:08:54.0125 2728 C:\WINDOWS\system32\cyberpowerups.dll - will be deleted on reboot
17:08:54.0125 2728 axskbus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0171 2728 C:\WINDOWS\system32\snapman380.dll - copied to quarantine
17:08:54.0171 2728 HKLM\SYSTEM\ControlSet001\services\bdfsdrv - will be deleted on reboot
17:08:54.0171 2728 HKLM\SYSTEM\ControlSet003\services\bdfsdrv - will be deleted on reboot
17:08:54.0171 2728 C:\WINDOWS\system32\snapman380.dll - will be deleted on reboot
17:08:54.0171 2728 bdfsdrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0218 2728 C:\WINDOWS\system32\wlmel51b.dll - copied to quarantine
17:08:54.0218 2728 HKLM\SYSTEM\ControlSet001\services\bocdrive - will be deleted on reboot
17:08:54.0218 2728 HKLM\SYSTEM\ControlSet003\services\bocdrive - will be deleted on reboot
17:08:54.0218 2728 C:\WINDOWS\system32\wlmel51b.dll - will be deleted on reboot
17:08:54.0218 2728 bocdrive ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0296 2728 C:\WINDOWS\system32\CTAudSvcService.dll - copied to quarantine
17:08:54.0296 2728 HKLM\SYSTEM\ControlSet001\services\c34nb4c5 - will be deleted on reboot
17:08:54.0296 2728 HKLM\SYSTEM\ControlSet003\services\c34nb4c5 - will be deleted on reboot
17:08:54.0296 2728 C:\WINDOWS\system32\CTAudSvcService.dll - will be deleted on reboot
17:08:54.0296 2728 c34nb4c5 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0343 2728 C:\WINDOWS\system32\RR2Vbi.dll - copied to quarantine
17:08:54.0343 2728 HKLM\SYSTEM\ControlSet001\services\ccevtmgr - will be deleted on reboot
17:08:54.0343 2728 HKLM\SYSTEM\ControlSet003\services\ccevtmgr - will be deleted on reboot
17:08:54.0343 2728 C:\WINDOWS\system32\RR2Vbi.dll - will be deleted on reboot
17:08:54.0343 2728 ccevtmgr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0406 2728 C:\WINDOWS\system32\konfig.dll - copied to quarantine
17:08:54.0406 2728 HKLM\SYSTEM\ControlSet001\services\ccs - will be deleted on reboot
17:08:54.0406 2728 HKLM\SYSTEM\ControlSet003\services\ccs - will be deleted on reboot
17:08:54.0406 2728 C:\WINDOWS\system32\konfig.dll - will be deleted on reboot
17:08:54.0406 2728 ccs ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0453 2728 C:\WINDOWS\system32\osanbm.dll - copied to quarantine
17:08:54.0453 2728 HKLM\SYSTEM\ControlSet001\services\CdaD10BA - will be deleted on reboot
17:08:54.0453 2728 HKLM\SYSTEM\ControlSet003\services\CdaD10BA - will be deleted on reboot
17:08:54.0453 2728 C:\WINDOWS\system32\osanbm.dll - will be deleted on reboot
17:08:54.0453 2728 CdaD10BA ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0500 2728 C:\WINDOWS\system32\vserial.dll - copied to quarantine
17:08:54.0500 2728 HKLM\SYSTEM\ControlSet001\services\cdfsvc - will be deleted on reboot
17:08:54.0500 2728 HKLM\SYSTEM\ControlSet003\services\cdfsvc - will be deleted on reboot
17:08:54.0500 2728 C:\WINDOWS\system32\vserial.dll - will be deleted on reboot
17:08:54.0500 2728 cdfsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0546 2728 C:\WINDOWS\system32\sglfb.dll - copied to quarantine
17:08:54.0546 2728 HKLM\SYSTEM\ControlSet001\services\cdudf_xp - will be deleted on reboot
17:08:54.0546 2728 HKLM\SYSTEM\ControlSet003\services\cdudf_xp - will be deleted on reboot
17:08:54.0546 2728 C:\WINDOWS\system32\sglfb.dll - will be deleted on reboot
17:08:54.0546 2728 cdudf_xp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0656 2728 C:\WINDOWS\system32\NCPro.dll - copied to quarantine
17:08:54.0656 2728 HKLM\SYSTEM\ControlSet001\services\ceepwrsvc - will be deleted on reboot
17:08:54.0656 2728 HKLM\SYSTEM\ControlSet003\services\ceepwrsvc - will be deleted on reboot
17:08:54.0656 2728 C:\WINDOWS\system32\NCPro.dll - will be deleted on reboot
17:08:54.0656 2728 ceepwrsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0703 2728 C:\WINDOWS\system32\fontcache3.0.0.0.dll - copied to quarantine
17:08:54.0703 2728 HKLM\SYSTEM\ControlSet001\services\cfgwzsvc - will be deleted on reboot
17:08:54.0703 2728 HKLM\SYSTEM\ControlSet003\services\cfgwzsvc - will be deleted on reboot
17:08:54.0703 2728 C:\WINDOWS\system32\fontcache3.0.0.0.dll - will be deleted on reboot
17:08:54.0703 2728 cfgwzsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0796 2728 C:\WINDOWS\system32\cdrom.dll - copied to quarantine
17:08:54.0796 2728 HKLM\SYSTEM\ControlSet001\services\cicsclient - will be deleted on reboot
17:08:54.0796 2728 HKLM\SYSTEM\ControlSet003\services\cicsclient - will be deleted on reboot
17:08:54.0796 2728 C:\WINDOWS\system32\cdrom.dll - will be deleted on reboot
17:08:54.0796 2728 cicsclient ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0828 2728 C:\WINDOWS\system32\bglivesvc.dll - copied to quarantine
17:08:54.0828 2728 HKLM\SYSTEM\ControlSet001\services\cq_mem - will be deleted on reboot
17:08:54.0828 2728 HKLM\SYSTEM\ControlSet003\services\cq_mem - will be deleted on reboot
17:08:54.0828 2728 C:\WINDOWS\system32\bglivesvc.dll - will be deleted on reboot
17:08:54.0828 2728 cq_mem ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0875 2728 C:\WINDOWS\system32\w800mdm.dll - copied to quarantine
17:08:54.0875 2728 HKLM\SYSTEM\ControlSet001\services\cwcwdm - will be deleted on reboot
17:08:54.0875 2728 HKLM\SYSTEM\ControlSet003\services\cwcwdm - will be deleted on reboot
17:08:54.0875 2728 C:\WINDOWS\system32\w800mdm.dll - will be deleted on reboot
17:08:54.0875 2728 cwcwdm ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0906 2728 C:\WINDOWS\system32\nidomainservice.dll - copied to quarantine
17:08:54.0906 2728 HKLM\SYSTEM\ControlSet001\services\d-link_st3402 - will be deleted on reboot
17:08:54.0906 2728 HKLM\SYSTEM\ControlSet003\services\d-link_st3402 - will be deleted on reboot
17:08:54.0906 2728 C:\WINDOWS\system32\nidomainservice.dll - will be deleted on reboot
17:08:54.0906 2728 d-link_st3402 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:54.0968 2728 C:\WINDOWS\system32\rnadiagnosticsservice.dll - copied to quarantine
17:08:54.0968 2728 HKLM\SYSTEM\ControlSet001\services\datasvr2 - will be deleted on reboot
17:08:54.0968 2728 HKLM\SYSTEM\ControlSet003\services\datasvr2 - will be deleted on reboot
17:08:54.0968 2728 C:\WINDOWS\system32\rnadiagnosticsservice.dll - will be deleted on reboot
17:08:54.0968 2728 datasvr2 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0015 2728 C:\WINDOWS\system32\ssm_mdfl.dll - copied to quarantine
17:08:55.0015 2728 HKLM\SYSTEM\ControlSet001\services\datunidr - will be deleted on reboot
17:08:55.0015 2728 HKLM\SYSTEM\ControlSet003\services\datunidr - will be deleted on reboot
17:08:55.0015 2728 C:\WINDOWS\system32\ssm_mdfl.dll - will be deleted on reboot
17:08:55.0015 2728 datunidr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0062 2728 C:\WINDOWS\system32\snoopfree.dll - copied to quarantine
17:08:55.0062 2728 HKLM\SYSTEM\ControlSet001\services\dlartl_n - will be deleted on reboot
17:08:55.0062 2728 HKLM\SYSTEM\ControlSet003\services\dlartl_n - will be deleted on reboot
17:08:55.0062 2728 C:\WINDOWS\system32\snoopfree.dll - will be deleted on reboot
17:08:55.0062 2728 dlartl_n ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0109 2728 C:\WINDOWS\system32\lmhosts.dll - copied to quarantine
17:08:55.0109 2728 HKLM\SYSTEM\ControlSet001\services\dlaudfam - will be deleted on reboot
17:08:55.0109 2728 HKLM\SYSTEM\ControlSet003\services\dlaudfam - will be deleted on reboot
17:08:55.0109 2728 C:\WINDOWS\system32\lmhosts.dll - will be deleted on reboot
17:08:55.0109 2728 dlaudfam ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0140 2728 C:\WINDOWS\system32\oracleorahomeclientcache.dll - copied to quarantine
17:08:55.0140 2728 HKLM\SYSTEM\ControlSet001\services\dlaudf_m - will be deleted on reboot
17:08:55.0140 2728 HKLM\SYSTEM\ControlSet003\services\dlaudf_m - will be deleted on reboot
17:08:55.0140 2728 C:\WINDOWS\system32\oracleorahomeclientcache.dll - will be deleted on reboot
17:08:55.0140 2728 dlaudf_m ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0234 2728 C:\WINDOWS\system32\sym_hi.dll - copied to quarantine
17:08:55.0234 2728 HKLM\SYSTEM\ControlSet001\services\DM9102 - will be deleted on reboot
17:08:55.0234 2728 HKLM\SYSTEM\ControlSet003\services\DM9102 - will be deleted on reboot
17:08:55.0234 2728 C:\WINDOWS\system32\sym_hi.dll - will be deleted on reboot
17:08:55.0234 2728 DM9102 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0265 2728 C:\WINDOWS\system32\usb20l.dll - copied to quarantine
17:08:55.0265 2728 HKLM\SYSTEM\ControlSet001\services\dvd-ram_service - will be deleted on reboot
17:08:55.0265 2728 HKLM\SYSTEM\ControlSet003\services\dvd-ram_service - will be deleted on reboot
17:08:55.0265 2728 C:\WINDOWS\system32\usb20l.dll - will be deleted on reboot
17:08:55.0265 2728 dvd-ram_service ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0328 2728 C:\WINDOWS\system32\flashcomadmin.dll - copied to quarantine
17:08:55.0328 2728 HKLM\SYSTEM\ControlSet001\services\el90xbc - will be deleted on reboot
17:08:55.0328 2728 HKLM\SYSTEM\ControlSet003\services\el90xbc - will be deleted on reboot
17:08:55.0328 2728 C:\WINDOWS\system32\flashcomadmin.dll - will be deleted on reboot
17:08:55.0328 2728 el90xbc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0390 2728 C:\WINDOWS\system32\USBVCD.dll - copied to quarantine
17:08:55.0390 2728 HKLM\SYSTEM\ControlSet001\services\elservice - will be deleted on reboot
17:08:55.0390 2728 HKLM\SYSTEM\ControlSet003\services\elservice - will be deleted on reboot
17:08:55.0390 2728 C:\WINDOWS\system32\USBVCD.dll - will be deleted on reboot
17:08:55.0390 2728 elservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0453 2728 C:\WINDOWS\system32\DcFpoint.dll - copied to quarantine
17:08:55.0453 2728 HKLM\SYSTEM\ControlSet001\services\EMSCR - will be deleted on reboot
17:08:55.0453 2728 HKLM\SYSTEM\ControlSet003\services\EMSCR - will be deleted on reboot
17:08:55.0453 2728 C:\WINDOWS\system32\DcFpoint.dll - will be deleted on reboot
17:08:55.0453 2728 EMSCR ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0500 2728 C:\WINDOWS\system32\slee_81_service.dll - copied to quarantine
17:08:55.0500 2728 HKLM\SYSTEM\ControlSet001\services\Evian - will be deleted on reboot
17:08:55.0500 2728 HKLM\SYSTEM\ControlSet003\services\Evian - will be deleted on reboot
17:08:55.0500 2728 C:\WINDOWS\system32\slee_81_service.dll - will be deleted on reboot
17:08:55.0500 2728 Evian ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0562 2728 C:\WINDOWS\system32\iPassP.dll - copied to quarantine
17:08:55.0562 2728 HKLM\SYSTEM\ControlSet001\services\ezplay - will be deleted on reboot
17:08:55.0562 2728 HKLM\SYSTEM\ControlSet003\services\ezplay - will be deleted on reboot
17:08:55.0562 2728 C:\WINDOWS\system32\iPassP.dll - will be deleted on reboot
17:08:55.0562 2728 ezplay ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0593 2728 C:\WINDOWS\system32\smsmdd.dll - copied to quarantine
17:08:55.0593 2728 HKLM\SYSTEM\ControlSet001\services\F700iob - will be deleted on reboot
17:08:55.0593 2728 HKLM\SYSTEM\ControlSet003\services\F700iob - will be deleted on reboot
17:08:55.0593 2728 C:\WINDOWS\system32\smsmdd.dll - will be deleted on reboot
17:08:55.0593 2728 F700iob ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0703 2728 C:\WINDOWS\system32\speedfan.dll - copied to quarantine
17:08:55.0703 2728 HKLM\SYSTEM\ControlSet001\services\fasttrackinstallerservice - will be deleted on reboot
17:08:55.0703 2728 HKLM\SYSTEM\ControlSet003\services\fasttrackinstallerservice - will be deleted on reboot
17:08:55.0703 2728 C:\WINDOWS\system32\speedfan.dll - will be deleted on reboot
17:08:55.0703 2728 fasttrackinstallerservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0734 2728 C:\WINDOWS\system32\vmnetadapter.dll - copied to quarantine
17:08:55.0734 2728 HKLM\SYSTEM\ControlSet001\services\fetnd5bv - will be deleted on reboot
17:08:55.0734 2728 HKLM\SYSTEM\ControlSet003\services\fetnd5bv - will be deleted on reboot
17:08:55.0734 2728 C:\WINDOWS\system32\vmnetadapter.dll - will be deleted on reboot
17:08:55.0734 2728 fetnd5bv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0812 2728 C:\WINDOWS\system32\eventclientmultiplexer.dll - copied to quarantine
17:08:55.0812 2728 HKLM\SYSTEM\ControlSet001\services\firelm01 - will be deleted on reboot
17:08:55.0812 2728 HKLM\SYSTEM\ControlSet003\services\firelm01 - will be deleted on reboot
17:08:55.0812 2728 C:\WINDOWS\system32\eventclientmultiplexer.dll - will be deleted on reboot
17:08:55.0812 2728 firelm01 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0859 2728 C:\WINDOWS\system32\hwdatacard.dll - copied to quarantine
17:08:55.0859 2728 HKLM\SYSTEM\ControlSet001\services\flashpnt - will be deleted on reboot
17:08:55.0859 2728 HKLM\SYSTEM\ControlSet003\services\flashpnt - will be deleted on reboot
17:08:55.0859 2728 C:\WINDOWS\system32\hwdatacard.dll - will be deleted on reboot
17:08:55.0859 2728 flashpnt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0921 2728 C:\WINDOWS\system32\rpcsvr4x.dll - copied to quarantine
17:08:55.0921 2728 HKLM\SYSTEM\ControlSet001\services\Freedom - will be deleted on reboot
17:08:55.0921 2728 HKLM\SYSTEM\ControlSet003\services\Freedom - will be deleted on reboot
17:08:55.0921 2728 C:\WINDOWS\system32\rpcsvr4x.dll - will be deleted on reboot
17:08:55.0921 2728 Freedom ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:55.0968 2728 C:\WINDOWS\system32\NETw5x32.dll - copied to quarantine
17:08:55.0968 2728 HKLM\SYSTEM\ControlSet001\services\ftpqueue - will be deleted on reboot
17:08:55.0968 2728 HKLM\SYSTEM\ControlSet003\services\ftpqueue - will be deleted on reboot
17:08:55.0968 2728 C:\WINDOWS\system32\NETw5x32.dll - will be deleted on reboot
17:08:55.0968 2728 ftpqueue ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0015 2728 C:\WINDOWS\system32\epson_pm_rpcv2_01.dll - copied to quarantine
17:08:56.0015 2728 HKLM\SYSTEM\ControlSet001\services\FVXSCSI - will be deleted on reboot
17:08:56.0015 2728 HKLM\SYSTEM\ControlSet003\services\FVXSCSI - will be deleted on reboot
17:08:56.0015 2728 C:\WINDOWS\system32\epson_pm_rpcv2_01.dll - will be deleted on reboot
17:08:56.0015 2728 FVXSCSI ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0046 2728 C:\WINDOWS\system32\uhcd.dll - copied to quarantine
17:08:56.0046 2728 HKLM\SYSTEM\ControlSet001\services\GBDevice - will be deleted on reboot
17:08:56.0046 2728 HKLM\SYSTEM\ControlSet003\services\GBDevice - will be deleted on reboot
17:08:56.0046 2728 C:\WINDOWS\system32\uhcd.dll - will be deleted on reboot
17:08:56.0046 2728 GBDevice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0093 2728 C:\WINDOWS\system32\NdisFilt.dll - copied to quarantine
17:08:56.0093 2728 HKLM\SYSTEM\ControlSet001\services\googledesktopmanager - will be deleted on reboot
17:08:56.0093 2728 HKLM\SYSTEM\ControlSet003\services\googledesktopmanager - will be deleted on reboot
17:08:56.0093 2728 C:\WINDOWS\system32\NdisFilt.dll - will be deleted on reboot
17:08:56.0093 2728 googledesktopmanager ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0156 2728 C:\WINDOWS\system32\gpc.dll - copied to quarantine
17:08:56.0156 2728 HKLM\SYSTEM\ControlSet001\services\GoToAssist - will be deleted on reboot
17:08:56.0156 2728 HKLM\SYSTEM\ControlSet003\services\GoToAssist - will be deleted on reboot
17:08:56.0156 2728 C:\WINDOWS\system32\gpc.dll - will be deleted on reboot
17:08:56.0156 2728 GoToAssist ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0203 2728 C:\WINDOWS\system32\servicelayer.dll - copied to quarantine
17:08:56.0203 2728 HKLM\SYSTEM\ControlSet001\services\hidir - will be deleted on reboot
17:08:56.0203 2728 HKLM\SYSTEM\ControlSet003\services\hidir - will be deleted on reboot
17:08:56.0203 2728 C:\WINDOWS\system32\servicelayer.dll - will be deleted on reboot
17:08:56.0203 2728 hidir ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0265 2728 C:\WINDOWS\system32\pcx1nd5.dll - copied to quarantine
17:08:56.0265 2728 HKLM\SYSTEM\ControlSet001\services\HPFECP20 - will be deleted on reboot
17:08:56.0265 2728 HKLM\SYSTEM\ControlSet003\services\HPFECP20 - will be deleted on reboot
17:08:56.0265 2728 C:\WINDOWS\system32\pcx1nd5.dll - will be deleted on reboot
17:08:56.0265 2728 HPFECP20 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0296 2728 C:\WINDOWS\system32\PTDCBus.dll - copied to quarantine
17:08:56.0296 2728 HKLM\SYSTEM\ControlSet001\services\HPSLPSVC - will be deleted on reboot
17:08:56.0296 2728 HKLM\SYSTEM\ControlSet003\services\HPSLPSVC - will be deleted on reboot
17:08:56.0296 2728 C:\WINDOWS\system32\PTDCBus.dll - will be deleted on reboot
17:08:56.0296 2728 HPSLPSVC ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0359 2728 C:\WINDOWS\system32\bantext.dll - copied to quarantine
17:08:56.0359 2728 HKLM\SYSTEM\ControlSet001\services\https-admserv61 - will be deleted on reboot
17:08:56.0359 2728 HKLM\SYSTEM\ControlSet003\services\https-admserv61 - will be deleted on reboot
17:08:56.0359 2728 C:\WINDOWS\system32\bantext.dll - will be deleted on reboot
17:08:56.0359 2728 https-admserv61 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0406 2728 C:\WINDOWS\system32\SE27mdm.dll - copied to quarantine
17:08:56.0406 2728 HKLM\SYSTEM\ControlSet001\services\iAimFP7 - will be deleted on reboot
17:08:56.0406 2728 HKLM\SYSTEM\ControlSet003\services\iAimFP7 - will be deleted on reboot
17:08:56.0406 2728 C:\WINDOWS\system32\SE27mdm.dll - will be deleted on reboot
17:08:56.0406 2728 iAimFP7 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0468 2728 C:\WINDOWS\system32\pcidrv.dll - copied to quarantine
17:08:56.0468 2728 HKLM\SYSTEM\ControlSet001\services\ibmpmsvc - will be deleted on reboot
17:08:56.0468 2728 HKLM\SYSTEM\ControlSet003\services\ibmpmsvc - will be deleted on reboot
17:08:56.0468 2728 C:\WINDOWS\system32\pcidrv.dll - will be deleted on reboot
17:08:56.0468 2728 ibmpmsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0500 2728 C:\WINDOWS\system32\KMW_USB.dll - copied to quarantine
17:08:56.0500 2728 HKLM\SYSTEM\ControlSet001\services\IBM_LLC2 - will be deleted on reboot
17:08:56.0500 2728 HKLM\SYSTEM\ControlSet003\services\IBM_LLC2 - will be deleted on reboot
17:08:56.0500 2728 C:\WINDOWS\system32\KMW_USB.dll - will be deleted on reboot
17:08:56.0500 2728 IBM_LLC2 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0562 2728 C:\WINDOWS\system32\mi-raysat_3dsmax9_32.dll - copied to quarantine
17:08:56.0562 2728 HKLM\SYSTEM\ControlSet001\services\ICM10USB - will be deleted on reboot
17:08:56.0562 2728 HKLM\SYSTEM\ControlSet003\services\ICM10USB - will be deleted on reboot
17:08:56.0562 2728 C:\WINDOWS\system32\mi-raysat_3dsmax9_32.dll - will be deleted on reboot
17:08:56.0562 2728 ICM10USB ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0593 2728 C:\WINDOWS\system32\hwpsgt.dll - copied to quarantine
17:08:56.0593 2728 HKLM\SYSTEM\ControlSet001\services\idebusdr - will be deleted on reboot
17:08:56.0593 2728 HKLM\SYSTEM\ControlSet003\services\idebusdr - will be deleted on reboot
17:08:56.0593 2728 C:\WINDOWS\system32\hwpsgt.dll - will be deleted on reboot
17:08:56.0593 2728 idebusdr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0703 2728 C:\WINDOWS\system32\ZTEusbser6k.dll - copied to quarantine
17:08:56.0703 2728 HKLM\SYSTEM\ControlSet001\services\ikhfile - will be deleted on reboot
17:08:56.0703 2728 HKLM\SYSTEM\ControlSet003\services\ikhfile - will be deleted on reboot
17:08:56.0703 2728 C:\WINDOWS\system32\ZTEusbser6k.dll - will be deleted on reboot
17:08:56.0703 2728 ikhfile ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0734 2728 C:\WINDOWS\system32\bthenum.dll - copied to quarantine
17:08:56.0734 2728 HKLM\SYSTEM\ControlSet001\services\IPSECSHM - will be deleted on reboot
17:08:56.0734 2728 HKLM\SYSTEM\ControlSet003\services\IPSECSHM - will be deleted on reboot
17:08:56.0734 2728 C:\WINDOWS\system32\bthenum.dll - will be deleted on reboot
17:08:56.0734 2728 IPSECSHM ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0781 2728 C:\WINDOWS\system32\backupexecalertserver.dll - copied to quarantine
17:08:56.0781 2728 HKLM\SYSTEM\ControlSet001\services\iviaspi - will be deleted on reboot
17:08:56.0781 2728 HKLM\SYSTEM\ControlSet003\services\iviaspi - will be deleted on reboot
17:08:56.0781 2728 C:\WINDOWS\system32\backupexecalertserver.dll - will be deleted on reboot
17:08:56.0781 2728 iviaspi ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0828 2728 C:\WINDOWS\system32\ptbsync.dll - copied to quarantine
17:08:56.0828 2728 HKLM\SYSTEM\ControlSet001\services\jsdaemon - will be deleted on reboot
17:08:56.0828 2728 HKLM\SYSTEM\ControlSet003\services\jsdaemon - will be deleted on reboot
17:08:56.0828 2728 C:\WINDOWS\system32\ptbsync.dll - will be deleted on reboot
17:08:56.0828 2728 jsdaemon ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0906 2728 C:\WINDOWS\system32\VSP1284D.dll - copied to quarantine
17:08:56.0906 2728 HKLM\SYSTEM\ControlSet001\services\kbstuff - will be deleted on reboot
17:08:56.0906 2728 HKLM\SYSTEM\ControlSet003\services\kbstuff - will be deleted on reboot
17:08:56.0906 2728 C:\WINDOWS\system32\VSP1284D.dll - will be deleted on reboot
17:08:56.0906 2728 kbstuff ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0937 2728 C:\WINDOWS\system32\nsvclog.dll - copied to quarantine
17:08:56.0937 2728 HKLM\SYSTEM\ControlSet001\services\klif - will be deleted on reboot
17:08:56.0937 2728 HKLM\SYSTEM\ControlSet003\services\klif - will be deleted on reboot
17:08:56.0937 2728 C:\WINDOWS\system32\nsvclog.dll - will be deleted on reboot
17:08:56.0937 2728 klif ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:56.0984 2728 C:\WINDOWS\system32\smsmdd.dll - copied to quarantine
17:08:56.0984 2728 HKLM\SYSTEM\ControlSet001\services\licensemanagersocket - will be deleted on reboot
17:08:56.0984 2728 HKLM\SYSTEM\ControlSet003\services\licensemanagersocket - will be deleted on reboot
17:08:56.0984 2728 C:\WINDOWS\system32\smsmdd.dll - will be deleted on reboot
17:08:56.0984 2728 licensemanagersocket ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0000 2728 C:\WINDOWS\system32\ccpwdsvc.dll - copied to quarantine
17:08:57.0000 2728 HKLM\SYSTEM\ControlSet001\services\lvckap - will be deleted on reboot
17:08:57.0000 2728 HKLM\SYSTEM\ControlSet003\services\lvckap - will be deleted on reboot
17:08:57.0000 2728 C:\WINDOWS\system32\ccpwdsvc.dll - will be deleted on reboot
17:08:57.0000 2728 lvckap ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0031 2728 C:\WINDOWS\system32\Blfp.dll - copied to quarantine
17:08:57.0031 2728 HKLM\SYSTEM\ControlSet001\services\lvsrvlauncher - will be deleted on reboot
17:08:57.0031 2728 HKLM\SYSTEM\ControlSet003\services\lvsrvlauncher - will be deleted on reboot
17:08:57.0031 2728 C:\WINDOWS\system32\Blfp.dll - will be deleted on reboot
17:08:57.0031 2728 lvsrvlauncher ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0062 2728 C:\WINDOWS\system32\SE2Eobex.dll - copied to quarantine
17:08:57.0062 2728 HKLM\SYSTEM\ControlSet001\services\lxce_device - will be deleted on reboot
17:08:57.0062 2728 HKLM\SYSTEM\ControlSet003\services\lxce_device - will be deleted on reboot
17:08:57.0062 2728 C:\WINDOWS\system32\SE2Eobex.dll - will be deleted on reboot
17:08:57.0062 2728 lxce_device ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0125 2728 C:\WINDOWS\system32\symevent.dll - copied to quarantine
17:08:57.0125 2728 HKLM\SYSTEM\ControlSet001\services\lxcf_device - will be deleted on reboot
17:08:57.0140 2728 HKLM\SYSTEM\ControlSet003\services\lxcf_device - will be deleted on reboot
17:08:57.0140 2728 C:\WINDOWS\system32\symevent.dll - will be deleted on reboot
17:08:57.0140 2728 lxcf_device ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0234 2728 C:\WINDOWS\system32\FETNDIS.dll - copied to quarantine
17:08:57.0234 2728 HKLM\SYSTEM\ControlSet001\services\Maplom - will be deleted on reboot
17:08:57.0234 2728 HKLM\SYSTEM\ControlSet003\services\Maplom - will be deleted on reboot
17:08:57.0234 2728 C:\WINDOWS\system32\FETNDIS.dll - will be deleted on reboot
17:08:57.0234 2728 Maplom ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0296 2728 C:\WINDOWS\system32\netddedsdm.dll - copied to quarantine
17:08:57.0296 2728 HKLM\SYSTEM\ControlSet001\services\marvinbus - will be deleted on reboot
17:08:57.0296 2728 HKLM\SYSTEM\ControlSet003\services\marvinbus - will be deleted on reboot
17:08:57.0296 2728 C:\WINDOWS\system32\netddedsdm.dll - will be deleted on reboot
17:08:57.0296 2728 marvinbus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0375 2728 C:\WINDOWS\system32\zpcollector.dll - copied to quarantine
17:08:57.0375 2728 HKLM\SYSTEM\ControlSet001\services\mi-raysat_3dsmax9_32 - will be deleted on reboot
17:08:57.0375 2728 HKLM\SYSTEM\ControlSet003\services\mi-raysat_3dsmax9_32 - will be deleted on reboot
17:08:57.0375 2728 C:\WINDOWS\system32\zpcollector.dll - will be deleted on reboot
17:08:57.0375 2728 mi-raysat_3dsmax9_32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0406 2728 C:\WINDOWS\system32\JavaQuickStarterService.dll - copied to quarantine
17:08:57.0406 2728 HKLM\SYSTEM\ControlSet001\services\mwlsvc - will be deleted on reboot
17:08:57.0406 2728 HKLM\SYSTEM\ControlSet003\services\mwlsvc - will be deleted on reboot
17:08:57.0406 2728 C:\WINDOWS\system32\JavaQuickStarterService.dll - will be deleted on reboot
17:08:57.0406 2728 mwlsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0484 2728 C:\WINDOWS\system32\osaio.dll - copied to quarantine
17:08:57.0484 2728 HKLM\SYSTEM\ControlSet001\services\netwg311 - will be deleted on reboot
17:08:57.0484 2728 HKLM\SYSTEM\ControlSet003\services\netwg311 - will be deleted on reboot
17:08:57.0484 2728 C:\WINDOWS\system32\osaio.dll - will be deleted on reboot
17:08:57.0484 2728 netwg311 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0500 2728 C:\WINDOWS\system32\dcevt32.dll - copied to quarantine
17:08:57.0500 2728 HKLM\SYSTEM\ControlSet001\services\nic1394 - will be deleted on reboot
17:08:57.0500 2728 HKLM\SYSTEM\ControlSet003\services\nic1394 - will be deleted on reboot
17:08:57.0500 2728 C:\WINDOWS\system32\dcevt32.dll - will be deleted on reboot
17:08:57.0500 2728 nic1394 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0546 2728 C:\WINDOWS\system32\swmsflt.dll - copied to quarantine
17:08:57.0546 2728 HKLM\SYSTEM\ControlSet001\services\nicconfigsvc - will be deleted on reboot
17:08:57.0546 2728 HKLM\SYSTEM\ControlSet003\services\nicconfigsvc - will be deleted on reboot
17:08:57.0546 2728 C:\WINDOWS\system32\swmsflt.dll - will be deleted on reboot
17:08:57.0546 2728 nicconfigsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0562 2728 C:\WINDOWS\system32\superproserver.dll - copied to quarantine
17:08:57.0562 2728 HKLM\SYSTEM\ControlSet001\services\nimcdfxk - will be deleted on reboot
17:08:57.0562 2728 HKLM\SYSTEM\ControlSet003\services\nimcdfxk - will be deleted on reboot
17:08:57.0562 2728 C:\WINDOWS\system32\superproserver.dll - will be deleted on reboot
17:08:57.0562 2728 nimcdfxk ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0656 2728 C:\WINDOWS\system32\bh611.dll - copied to quarantine
17:08:57.0656 2728 HKLM\SYSTEM\ControlSet001\services\NPDriver - will be deleted on reboot
17:08:57.0656 2728 HKLM\SYSTEM\ControlSet003\services\NPDriver - will be deleted on reboot
17:08:57.0656 2728 C:\WINDOWS\system32\bh611.dll - will be deleted on reboot
17:08:57.0656 2728 NPDriver ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0687 2728 C:\WINDOWS\system32\WNIPROT5.dll - copied to quarantine
17:08:57.0687 2728 HKLM\SYSTEM\ControlSet001\services\Nsynas32 - will be deleted on reboot
17:08:57.0687 2728 HKLM\SYSTEM\ControlSet003\services\Nsynas32 - will be deleted on reboot
17:08:57.0687 2728 C:\WINDOWS\system32\WNIPROT5.dll - will be deleted on reboot
17:08:57.0687 2728 Nsynas32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0750 2728 C:\WINDOWS\system32\upperdev.dll - copied to quarantine
17:08:57.0750 2728 HKLM\SYSTEM\ControlSet001\services\NTSIM - will be deleted on reboot
17:08:57.0750 2728 HKLM\SYSTEM\ControlSet003\services\NTSIM - will be deleted on reboot
17:08:57.0750 2728 C:\WINDOWS\system32\upperdev.dll - will be deleted on reboot
17:08:57.0750 2728 NTSIM ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0765 2728 C:\WINDOWS\system32\se44mgmt.dll - copied to quarantine
17:08:57.0765 2728 HKLM\SYSTEM\ControlSet001\services\ntsvcmgr - will be deleted on reboot
17:08:57.0765 2728 HKLM\SYSTEM\ControlSet003\services\ntsvcmgr - will be deleted on reboot
17:08:57.0765 2728 C:\WINDOWS\system32\se44mgmt.dll - will be deleted on reboot
17:08:57.0765 2728 ntsvcmgr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0828 2728 C:\WINDOWS\system32\pdlnacom.dll - copied to quarantine
17:08:57.0828 2728 HKLM\SYSTEM\ControlSet001\services\nvmpu401 - will be deleted on reboot
17:08:57.0828 2728 HKLM\SYSTEM\ControlSet003\services\nvmpu401 - will be deleted on reboot
17:08:57.0828 2728 C:\WINDOWS\system32\pdlnacom.dll - will be deleted on reboot
17:08:57.0828 2728 nvmpu401 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0859 2728 C:\WINDOWS\system32\cfosspeed.dll - copied to quarantine
17:08:57.0859 2728 HKLM\SYSTEM\ControlSet001\services\NWSAP - will be deleted on reboot
17:08:57.0859 2728 HKLM\SYSTEM\ControlSet003\services\NWSAP - will be deleted on reboot
17:08:57.0859 2728 C:\WINDOWS\system32\cfosspeed.dll - will be deleted on reboot
17:08:57.0859 2728 NWSAP ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0906 2728 C:\WINDOWS\system32\dlcf_device.dll - copied to quarantine
17:08:57.0906 2728 HKLM\SYSTEM\ControlSet001\services\NWSLP - will be deleted on reboot
17:08:57.0906 2728 HKLM\SYSTEM\ControlSet003\services\NWSLP - will be deleted on reboot
17:08:57.0906 2728 C:\WINDOWS\system32\dlcf_device.dll - will be deleted on reboot
17:08:57.0906 2728 NWSLP ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0921 2728 C:\WINDOWS\system32\smsmdd.dll - copied to quarantine
17:08:57.0921 2728 HKLM\SYSTEM\ControlSet001\services\ohci1394 - will be deleted on reboot
17:08:57.0921 2728 HKLM\SYSTEM\ControlSet003\services\ohci1394 - will be deleted on reboot
17:08:57.0921 2728 C:\WINDOWS\system32\smsmdd.dll - will be deleted on reboot
17:08:57.0921 2728 ohci1394 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:57.0968 2728 C:\WINDOWS\system32\iomdisk.dll - copied to quarantine
17:08:57.0968 2728 HKLM\SYSTEM\ControlSet001\services\olapserver - will be deleted on reboot
17:08:57.0968 2728 HKLM\SYSTEM\ControlSet003\services\olapserver - will be deleted on reboot
17:08:57.0968 2728 C:\WINDOWS\system32\iomdisk.dll - will be deleted on reboot
17:08:57.0968 2728 olapserver ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0000 2728 C:\WINDOWS\system32\lvpopflt.dll - copied to quarantine
17:08:58.0000 2728 HKLM\SYSTEM\ControlSet001\services\oracleorahometnslistener - will be deleted on reboot
17:08:58.0000 2728 HKLM\SYSTEM\ControlSet003\services\oracleorahometnslistener - will be deleted on reboot
17:08:58.0000 2728 C:\WINDOWS\system32\lvpopflt.dll - will be deleted on reboot
17:08:58.0000 2728 oracleorahometnslistener ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0078 2728 C:\WINDOWS\system32\ni_nic.dll - copied to quarantine
17:08:58.0078 2728 HKLM\SYSTEM\ControlSet001\services\oraclesnmppeerencapsulator - will be deleted on reboot
17:08:58.0078 2728 HKLM\SYSTEM\ControlSet003\services\oraclesnmppeerencapsulator - will be deleted on reboot
17:08:58.0078 2728 C:\WINDOWS\system32\ni_nic.dll - will be deleted on reboot
17:08:58.0078 2728 oraclesnmppeerencapsulator ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0109 2728 C:\WINDOWS\system32\webupdate.dll - copied to quarantine
17:08:58.0109 2728 HKLM\SYSTEM\ControlSet001\services\ovmsmaccessmanager - will be deleted on reboot
17:08:58.0109 2728 HKLM\SYSTEM\ControlSet003\services\ovmsmaccessmanager - will be deleted on reboot
17:08:58.0109 2728 C:\WINDOWS\system32\webupdate.dll - will be deleted on reboot
17:08:58.0109 2728 ovmsmaccessmanager ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0171 2728 C:\WINDOWS\system32\pavagente.dll - copied to quarantine
17:08:58.0171 2728 HKLM\SYSTEM\ControlSet001\services\pcctlcom - will be deleted on reboot
17:08:58.0171 2728 HKLM\SYSTEM\ControlSet003\services\pcctlcom - will be deleted on reboot
17:08:58.0171 2728 C:\WINDOWS\system32\pavagente.dll - will be deleted on reboot
17:08:58.0171 2728 pcctlcom ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0218 2728 C:\WINDOWS\system32\avgarcln.dll - copied to quarantine
17:08:58.0218 2728 HKLM\SYSTEM\ControlSet001\services\pdlnebas - will be deleted on reboot
17:08:58.0218 2728 HKLM\SYSTEM\ControlSet003\services\pdlnebas - will be deleted on reboot
17:08:58.0218 2728 C:\WINDOWS\system32\avgarcln.dll - will be deleted on reboot
17:08:58.0218 2728 pdlnebas ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0265 2728 C:\WINDOWS\system32\vwd.dll - copied to quarantine
17:08:58.0265 2728 HKLM\SYSTEM\ControlSet001\services\pdlnecfg - will be deleted on reboot
17:08:58.0265 2728 HKLM\SYSTEM\ControlSet003\services\pdlnecfg - will be deleted on reboot
17:08:58.0265 2728 C:\WINDOWS\system32\vwd.dll - will be deleted on reboot
17:08:58.0265 2728 pdlnecfg ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0312 2728 C:\WINDOWS\system32\magictuneengine.dll - copied to quarantine
17:08:58.0312 2728 HKLM\SYSTEM\ControlSet001\services\persfw - will be deleted on reboot
17:08:58.0312 2728 HKLM\SYSTEM\ControlSet003\services\persfw - will be deleted on reboot
17:08:58.0312 2728 C:\WINDOWS\system32\magictuneengine.dll - will be deleted on reboot
17:08:58.0312 2728 persfw ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0343 2728 C:\WINDOWS\system32\winvnc.dll - copied to quarantine
17:08:58.0343 2728 HKLM\SYSTEM\ControlSet001\services\prohlp02 - will be deleted on reboot
17:08:58.0343 2728 HKLM\SYSTEM\ControlSet003\services\prohlp02 - will be deleted on reboot
17:08:58.0343 2728 C:\WINDOWS\system32\winvnc.dll - will be deleted on reboot
17:08:58.0343 2728 prohlp02 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0421 2728 C:\WINDOWS\system32\WscNetDr.dll - copied to quarantine
17:08:58.0421 2728 HKLM\SYSTEM\ControlSet001\services\pwd_2K - will be deleted on reboot
17:08:58.0421 2728 HKLM\SYSTEM\ControlSet003\services\pwd_2K - will be deleted on reboot
17:08:58.0421 2728 C:\WINDOWS\system32\WscNetDr.dll - will be deleted on reboot
17:08:58.0421 2728 pwd_2K ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0468 2728 C:\WINDOWS\system32\w70n51.dll - copied to quarantine
17:08:58.0468 2728 HKLM\SYSTEM\ControlSet001\services\raysatxsi5_0server - will be deleted on reboot
17:08:58.0468 2728 HKLM\SYSTEM\ControlSet003\services\raysatxsi5_0server - will be deleted on reboot
17:08:58.0468 2728 C:\WINDOWS\system32\w70n51.dll - will be deleted on reboot
17:08:58.0468 2728 raysatxsi5_0server ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0515 2728 C:\WINDOWS\system32\U81xmdfl.dll - copied to quarantine
17:08:58.0515 2728 HKLM\SYSTEM\ControlSet001\services\retinaengine - will be deleted on reboot
17:08:58.0515 2728 HKLM\SYSTEM\ControlSet003\services\retinaengine - will be deleted on reboot
17:08:58.0515 2728 C:\WINDOWS\system32\U81xmdfl.dll - will be deleted on reboot
17:08:58.0515 2728 retinaengine ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0531 2728 C:\WINDOWS\system32\regspy.dll - copied to quarantine
17:08:58.0531 2728 HKLM\SYSTEM\ControlSet001\services\retroexplauncher - will be deleted on reboot
17:08:58.0531 2728 HKLM\SYSTEM\ControlSet003\services\retroexplauncher - will be deleted on reboot
17:08:58.0531 2728 C:\WINDOWS\system32\regspy.dll - will be deleted on reboot
17:08:58.0531 2728 retroexplauncher ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0625 2728 C:\WINDOWS\system32\s616mgmt.dll - copied to quarantine
17:08:58.0625 2728 HKLM\SYSTEM\ControlSet001\services\rnadiagreceiver - will be deleted on reboot
17:08:58.0625 2728 HKLM\SYSTEM\ControlSet003\services\rnadiagreceiver - will be deleted on reboot
17:08:58.0625 2728 C:\WINDOWS\system32\s616mgmt.dll - will be deleted on reboot
17:08:58.0625 2728 rnadiagreceiver ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0656 2728 C:\WINDOWS\system32\TPPWRIF.dll - copied to quarantine
17:08:58.0656 2728 HKLM\SYSTEM\ControlSet001\services\RTHDMIAzAudService - will be deleted on reboot
17:08:58.0656 2728 HKLM\SYSTEM\ControlSet003\services\RTHDMIAzAudService - will be deleted on reboot
17:08:58.0656 2728 C:\WINDOWS\system32\TPPWRIF.dll - will be deleted on reboot
17:08:58.0656 2728 RTHDMIAzAudService ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0687 2728 C:\WINDOWS\system32\usb20l.dll - copied to quarantine
17:08:58.0687 2728 HKLM\SYSTEM\ControlSet001\services\RTL8169 - will be deleted on reboot
17:08:58.0687 2728 HKLM\SYSTEM\ControlSet003\services\RTL8169 - will be deleted on reboot
17:08:58.0687 2728 C:\WINDOWS\system32\usb20l.dll - will be deleted on reboot
17:08:58.0687 2728 RTL8169 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0750 2728 C:\WINDOWS\system32\lhidusb.dll - copied to quarantine
17:08:58.0750 2728 HKLM\SYSTEM\ControlSet001\services\s116bus - will be deleted on reboot
17:08:58.0750 2728 HKLM\SYSTEM\ControlSet003\services\s116bus - will be deleted on reboot
17:08:58.0750 2728 C:\WINDOWS\system32\lhidusb.dll - will be deleted on reboot
17:08:58.0750 2728 s116bus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0796 2728 C:\WINDOWS\system32\c-dillacdac11ba.dll - copied to quarantine
17:08:58.0796 2728 HKLM\SYSTEM\ControlSet001\services\s24eventmonitor - will be deleted on reboot
17:08:58.0796 2728 HKLM\SYSTEM\ControlSet003\services\s24eventmonitor - will be deleted on reboot
17:08:58.0796 2728 C:\WINDOWS\system32\c-dillacdac11ba.dll - will be deleted on reboot
17:08:58.0796 2728 s24eventmonitor ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0843 2728 C:\WINDOWS\system32\cqmgstor.dll - copied to quarantine
17:08:58.0843 2728 HKLM\SYSTEM\ControlSet001\services\s716mdm - will be deleted on reboot
17:08:58.0843 2728 HKLM\SYSTEM\ControlSet003\services\s716mdm - will be deleted on reboot
17:08:58.0843 2728 C:\WINDOWS\system32\cqmgstor.dll - will be deleted on reboot
17:08:58.0843 2728 s716mdm ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0890 2728 C:\WINDOWS\system32\bgsvcgen.dll - copied to quarantine
17:08:58.0890 2728 HKLM\SYSTEM\ControlSet001\services\sandboxu - will be deleted on reboot
17:08:58.0890 2728 HKLM\SYSTEM\ControlSet003\services\sandboxu - will be deleted on reboot
17:08:58.0890 2728 C:\WINDOWS\system32\bgsvcgen.dll - will be deleted on reboot
17:08:58.0890 2728 sandboxu ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:58.0937 2728 C:\WINDOWS\system32\omci.dll - copied to quarantine
17:08:58.0937 2728 HKLM\SYSTEM\ControlSet001\services\savrt - will be deleted on reboot
17:08:58.0937 2728 HKLM\SYSTEM\ControlSet003\services\savrt - will be deleted on reboot
17:08:58.0937 2728 C:\WINDOWS\system32\omci.dll - will be deleted on reboot
17:08:58.0937 2728 savrt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:59.0000 2728 C:\WINDOWS\system32\oracleorahomepagingserver.dll - copied to quarantine
17:08:59.0000 2728 HKLM\SYSTEM\ControlSet001\services\ScanUSBEMPIA - will be deleted on reboot
17:08:59.0000 2728 HKLM\SYSTEM\ControlSet003\services\ScanUSBEMPIA - will be deleted on reboot
17:08:59.0000 2728 C:\WINDOWS\system32\oracleorahomepagingserver.dll - will be deleted on reboot
17:08:59.0000 2728 ScanUSBEMPIA ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:59.0031 2728 C:\WINDOWS\system32\SI3112.dll - copied to quarantine
17:08:59.0031 2728 HKLM\SYSTEM\ControlSet001\services\se2Cnd5 - will be deleted on reboot
17:08:59.0031 2728 HKLM\SYSTEM\ControlSet003\services\se2Cnd5 - will be deleted on reboot
17:08:59.0031 2728 C:\WINDOWS\system32\SI3112.dll - will be deleted on reboot
17:08:59.0031 2728 se2Cnd5 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:59.0062 2728 C:\WINDOWS\system32\WDM_YAMAHAAC97.dll - copied to quarantine
17:08:59.0062 2728 HKLM\SYSTEM\ControlSet001\services\SE2Dmdm - will be deleted on reboot
17:08:59.0062 2728 HKLM\SYSTEM\ControlSet003\services\SE2Dmdm - will be deleted on reboot
17:08:59.0062 2728 C:\WINDOWS\system32\WDM_YAMAHAAC97.dll - will be deleted on reboot
17:08:59.0062 2728 SE2Dmdm ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:08:59.0125 2728 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
17:08:59.0171 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\@ - copied to quarantine
17:08:59.0203 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\bckfg.tmp - copied to quarantine
17:08:59.0203 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\cfg.ini - copied to quarantine
17:08:59.0203 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\Desktop.ini - copied to quarantine
17:08:59.0296 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\kwrd.dll - copied to quarantine
17:08:59.0296 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\L\00000004.@ - copied to quarantine
17:08:59.0296 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\L\1afb2d56 - copied to quarantine
17:08:59.0296 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\L\201d3dde - copied to quarantine
17:08:59.0312 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\L\55490ac4 - copied to quarantine
17:08:59.0328 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\L\opamwohy - copied to quarantine
17:08:59.0328 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\oemid - copied to quarantine
17:08:59.0375 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\00000001.@ - copied to quarantine
17:08:59.0421 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\00000002.@ - copied to quarantine
17:08:59.0453 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\00000004.@ - copied to quarantine
17:08:59.0468 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\80000000.@ - copied to quarantine
17:08:59.0484 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\80000004.@ - copied to quarantine
17:08:59.0484 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\80000032.@ - copied to quarantine
17:08:59.0515 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\version - copied to quarantine
17:09:00.0812 2728 Backup copy found, using it..
17:09:00.0812 2728 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
17:09:01.0718 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\@ - will be deleted on reboot
17:09:01.0718 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\bckfg.tmp - will be deleted on reboot
17:09:01.0718 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\cfg.ini - will be deleted on reboot
17:09:01.0796 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\Desktop.ini - will be deleted on reboot
17:09:01.0796 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\keywords - will be deleted on reboot
17:09:01.0796 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\kwrd.dll - will be deleted on reboot
17:09:01.0812 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\oemid - will be deleted on reboot
17:09:01.0812 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\00000001.@ - will be deleted on reboot
17:09:01.0812 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\00000002.@ - will be deleted on reboot
17:09:01.0812 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\00000004.@ - will be deleted on reboot
17:09:01.0812 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\80000000.@ - will be deleted on reboot
17:09:01.0812 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\80000004.@ - will be deleted on reboot
17:09:01.0812 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\U\80000032.@ - will be deleted on reboot
17:09:01.0812 2728 C:\WINDOWS\$NtUninstallKB37917$\1240063476\version - will be deleted on reboot
17:09:01.0812 2728 C:\WINDOWS\$NtUninstallKB37917$\226958315 - will be deleted on reboot
17:09:01.0812 2728 Serial ( Virus.Win32.ZAccess.j ) - User select action: Cure
17:09:01.0906 2728 C:\WINDOWS\system32\s116mdfl.dll - copied to quarantine
17:09:01.0906 2728 HKLM\SYSTEM\ControlSet001\services\service1 - will be deleted on reboot
17:09:01.0906 2728 HKLM\SYSTEM\ControlSet003\services\service1 - will be deleted on reboot
17:09:01.0906 2728 C:\WINDOWS\system32\s116mdfl.dll - will be deleted on reboot
17:09:01.0906 2728 service1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:01.0937 2728 C:\WINDOWS\system32\tmesrv3.dll - copied to quarantine
17:09:01.0937 2728 HKLM\SYSTEM\ControlSet001\services\sfvfs02 - will be deleted on reboot
17:09:01.0937 2728 HKLM\SYSTEM\ControlSet003\services\sfvfs02 - will be deleted on reboot
17:09:01.0937 2728 C:\WINDOWS\system32\tmesrv3.dll - will be deleted on reboot
17:09:01.0937 2728 sfvfs02 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:01.0984 2728 C:\WINDOWS\system32\quickbooksdb.dll - copied to quarantine
17:09:01.0984 2728 HKLM\SYSTEM\ControlSet001\services\sgectl - will be deleted on reboot
17:09:01.0984 2728 HKLM\SYSTEM\ControlSet003\services\sgectl - will be deleted on reboot
17:09:01.0984 2728 C:\WINDOWS\system32\quickbooksdb.dll - will be deleted on reboot
17:09:01.0984 2728 sgectl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0031 2728 C:\WINDOWS\system32\zunenetworksvc.dll - copied to quarantine
17:09:02.0031 2728 HKLM\SYSTEM\ControlSet001\services\SGIR - will be deleted on reboot
17:09:02.0031 2728 HKLM\SYSTEM\ControlSet003\services\SGIR - will be deleted on reboot
17:09:02.0031 2728 C:\WINDOWS\system32\zunenetworksvc.dll - will be deleted on reboot
17:09:02.0031 2728 SGIR ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0093 2728 C:\WINDOWS\system32\trayman.dll - copied to quarantine
17:09:02.0093 2728 HKLM\SYSTEM\ControlSet001\services\SiSRaid - will be deleted on reboot
17:09:02.0093 2728 HKLM\SYSTEM\ControlSet003\services\SiSRaid - will be deleted on reboot
17:09:02.0109 2728 C:\WINDOWS\system32\trayman.dll - will be deleted on reboot
17:09:02.0109 2728 SiSRaid ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0125 2728 C:\WINDOWS\system32\susbser.dll - copied to quarantine
17:09:02.0125 2728 HKLM\SYSTEM\ControlSet001\services\SiSRaid2 - will be deleted on reboot
17:09:02.0125 2728 HKLM\SYSTEM\ControlSet003\services\SiSRaid2 - will be deleted on reboot
17:09:02.0125 2728 C:\WINDOWS\system32\susbser.dll - will be deleted on reboot
17:09:02.0125 2728 SiSRaid2 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0250 2728 C:\WINDOWS\system32\pwd_2K.dll - copied to quarantine
17:09:02.0265 2728 HKLM\SYSTEM\ControlSet001\services\smartscaps - will be deleted on reboot
17:09:02.0265 2728 HKLM\SYSTEM\ControlSet003\services\smartscaps - will be deleted on reboot
17:09:02.0265 2728 C:\WINDOWS\system32\pwd_2K.dll - will be deleted on reboot
17:09:02.0265 2728 smartscaps ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0296 2728 C:\WINDOWS\system32\mcnasvc.dll - copied to quarantine
17:09:02.0296 2728 HKLM\SYSTEM\ControlSet001\services\smservauth - will be deleted on reboot
17:09:02.0296 2728 HKLM\SYSTEM\ControlSet003\services\smservauth - will be deleted on reboot
17:09:02.0296 2728 C:\WINDOWS\system32\mcnasvc.dll - will be deleted on reboot
17:09:02.0296 2728 smservauth ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0375 2728 C:\WINDOWS\system32\hidgame.dll - copied to quarantine
17:09:02.0375 2728 HKLM\SYSTEM\ControlSet001\services\SndTDriverV32 - will be deleted on reboot
17:09:02.0375 2728 HKLM\SYSTEM\ControlSet003\services\SndTDriverV32 - will be deleted on reboot
17:09:02.0375 2728 C:\WINDOWS\system32\hidgame.dll - will be deleted on reboot
17:09:02.0375 2728 SndTDriverV32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0421 2728 C:\WINDOWS\system32\NETMDUSB.dll - copied to quarantine
17:09:02.0421 2728 HKLM\SYSTEM\ControlSet001\services\softfax - will be deleted on reboot
17:09:02.0421 2728 HKLM\SYSTEM\ControlSet003\services\softfax - will be deleted on reboot
17:09:02.0421 2728 C:\WINDOWS\system32\NETMDUSB.dll - will be deleted on reboot
17:09:02.0421 2728 softfax ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0484 2728 C:\WINDOWS\system32\lmouflt2.dll - copied to quarantine
17:09:02.0484 2728 HKLM\SYSTEM\ControlSet001\services\sp_rssrv - will be deleted on reboot
17:09:02.0484 2728 HKLM\SYSTEM\ControlSet003\services\sp_rssrv - will be deleted on reboot
17:09:02.0484 2728 C:\WINDOWS\system32\lmouflt2.dll - will be deleted on reboot
17:09:02.0484 2728 sp_rssrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0531 2728 C:\WINDOWS\system32\VAIOMediaPlatform-MusicServer-UPnP.dll - copied to quarantine
17:09:02.0531 2728 HKLM\SYSTEM\ControlSet001\services\statusagent - will be deleted on reboot
17:09:02.0531 2728 HKLM\SYSTEM\ControlSet003\services\statusagent - will be deleted on reboot
17:09:02.0531 2728 C:\WINDOWS\system32\VAIOMediaPlatform-MusicServer-UPnP.dll - will be deleted on reboot
17:09:02.0531 2728 statusagent ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0578 2728 C:\WINDOWS\system32\kerbkey.dll - copied to quarantine
17:09:02.0578 2728 HKLM\SYSTEM\ControlSet001\services\sthda - will be deleted on reboot
17:09:02.0578 2728 HKLM\SYSTEM\ControlSet003\services\sthda - will be deleted on reboot
17:09:02.0578 2728 C:\WINDOWS\system32\kerbkey.dll - will be deleted on reboot
17:09:02.0578 2728 sthda ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0625 2728 C:\WINDOWS\system32\roxupnpserver.dll - copied to quarantine
17:09:02.0625 2728 HKLM\SYSTEM\ControlSet001\services\tandpl - will be deleted on reboot
17:09:02.0625 2728 HKLM\SYSTEM\ControlSet003\services\tandpl - will be deleted on reboot
17:09:02.0625 2728 C:\WINDOWS\system32\roxupnpserver.dll - will be deleted on reboot
17:09:02.0625 2728 tandpl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0671 2728 C:\WINDOWS\system32\PNDIS5.dll - copied to quarantine
17:09:02.0671 2728 HKLM\SYSTEM\ControlSet001\services\tdsmapi - will be deleted on reboot
17:09:02.0671 2728 HKLM\SYSTEM\ControlSet003\services\tdsmapi - will be deleted on reboot
17:09:02.0671 2728 C:\WINDOWS\system32\PNDIS5.dll - will be deleted on reboot
17:09:02.0671 2728 tdsmapi ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0703 2728 C:\WINDOWS\system32\w550bus.dll - copied to quarantine
17:09:02.0703 2728 HKLM\SYSTEM\ControlSet001\services\telnet - will be deleted on reboot
17:09:02.0703 2728 HKLM\SYSTEM\ControlSet003\services\telnet - will be deleted on reboot
17:09:02.0703 2728 C:\WINDOWS\system32\w550bus.dll - will be deleted on reboot
17:09:02.0703 2728 telnet ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0750 2728 C:\WINDOWS\system32\NICSer_WPC300N.dll - copied to quarantine
17:09:02.0750 2728 HKLM\SYSTEM\ControlSet001\services\tfsnudfa - will be deleted on reboot
17:09:02.0750 2728 HKLM\SYSTEM\ControlSet003\services\tfsnudfa - will be deleted on reboot
17:09:02.0750 2728 C:\WINDOWS\system32\NICSer_WPC300N.dll - will be deleted on reboot
17:09:02.0750 2728 tfsnudfa ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0796 2728 C:\WINDOWS\system32\igfx.dll - copied to quarantine
17:09:02.0796 2728 HKLM\SYSTEM\ControlSet001\services\thpsrv - will be deleted on reboot
17:09:02.0796 2728 HKLM\SYSTEM\ControlSet003\services\thpsrv - will be deleted on reboot
17:09:02.0796 2728 C:\WINDOWS\system32\igfx.dll - will be deleted on reboot
17:09:02.0796 2728 thpsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0859 2728 C:\WINDOWS\system32\NIPALK.dll - copied to quarantine
17:09:02.0859 2728 HKLM\SYSTEM\ControlSet001\services\TIEHDUSB - will be deleted on reboot
17:09:02.0859 2728 HKLM\SYSTEM\ControlSet003\services\TIEHDUSB - will be deleted on reboot
17:09:02.0875 2728 C:\WINDOWS\system32\NIPALK.dll - will be deleted on reboot
17:09:02.0875 2728 TIEHDUSB ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0890 2728 C:\WINDOWS\system32\grmnusb.dll - copied to quarantine
17:09:02.0890 2728 HKLM\SYSTEM\ControlSet001\services\tifm21 - will be deleted on reboot
17:09:02.0890 2728 HKLM\SYSTEM\ControlSet003\services\tifm21 - will be deleted on reboot
17:09:02.0890 2728 C:\WINDOWS\system32\grmnusb.dll - will be deleted on reboot
17:09:02.0890 2728 tifm21 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:02.0953 2728 C:\WINDOWS\system32\agp440.dll - copied to quarantine
17:09:02.0953 2728 HKLM\SYSTEM\ControlSet001\services\tmesbs32 - will be deleted on reboot
17:09:02.0953 2728 HKLM\SYSTEM\ControlSet003\services\tmesbs32 - will be deleted on reboot
17:09:02.0953 2728 C:\WINDOWS\system32\agp440.dll - will be deleted on reboot
17:09:02.0953 2728 tmesbs32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0000 2728 C:\WINDOWS\system32\mcmispupdmgr.dll - copied to quarantine
17:09:03.0000 2728 HKLM\SYSTEM\ControlSet001\services\tmlisten - will be deleted on reboot
17:09:03.0000 2728 HKLM\SYSTEM\ControlSet003\services\tmlisten - will be deleted on reboot
17:09:03.0000 2728 C:\WINDOWS\system32\mcmispupdmgr.dll - will be deleted on reboot
17:09:03.0000 2728 tmlisten ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0062 2728 C:\WINDOWS\system32\btfirst.dll - copied to quarantine
17:09:03.0062 2728 HKLM\SYSTEM\ControlSet001\services\toddsrv - will be deleted on reboot
17:09:03.0062 2728 HKLM\SYSTEM\ControlSet003\services\toddsrv - will be deleted on reboot
17:09:03.0062 2728 C:\WINDOWS\system32\btfirst.dll - will be deleted on reboot
17:09:03.0062 2728 toddsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0109 2728 C:\WINDOWS\system32\alcxsens.dll - copied to quarantine
17:09:03.0109 2728 HKLM\SYSTEM\ControlSet001\services\tpkmpsvc - will be deleted on reboot
17:09:03.0109 2728 HKLM\SYSTEM\ControlSet003\services\tpkmpsvc - will be deleted on reboot
17:09:03.0109 2728 C:\WINDOWS\system32\alcxsens.dll - will be deleted on reboot
17:09:03.0109 2728 tpkmpsvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0171 2728 C:\WINDOWS\system32\BASFND.dll - copied to quarantine
17:09:03.0171 2728 HKLM\SYSTEM\ControlSet001\services\TryAndDecideService - will be deleted on reboot
17:09:03.0171 2728 HKLM\SYSTEM\ControlSet003\services\TryAndDecideService - will be deleted on reboot
17:09:03.0171 2728 C:\WINDOWS\system32\BASFND.dll - will be deleted on reboot
17:09:03.0171 2728 TryAndDecideService ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0203 2728 C:\WINDOWS\system32\aksusb.dll - copied to quarantine
17:09:03.0203 2728 HKLM\SYSTEM\ControlSet001\services\tunmp - will be deleted on reboot
17:09:03.0203 2728 HKLM\SYSTEM\ControlSet003\services\tunmp - will be deleted on reboot
17:09:03.0203 2728 C:\WINDOWS\system32\aksusb.dll - will be deleted on reboot
17:09:03.0203 2728 tunmp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0296 2728 C:\WINDOWS\system32\se58mdfl.dll - copied to quarantine
17:09:03.0296 2728 HKLM\SYSTEM\ControlSet001\services\UBHelper - will be deleted on reboot
17:09:03.0296 2728 HKLM\SYSTEM\ControlSet003\services\UBHelper - will be deleted on reboot
17:09:03.0296 2728 C:\WINDOWS\system32\se58mdfl.dll - will be deleted on reboot
17:09:03.0296 2728 UBHelper ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0328 2728 C:\WINDOWS\system32\db2jds.dll - copied to quarantine
17:09:03.0328 2728 HKLM\SYSTEM\ControlSet001\services\umpusbxp - will be deleted on reboot
17:09:03.0328 2728 HKLM\SYSTEM\ControlSet003\services\umpusbxp - will be deleted on reboot
17:09:03.0328 2728 C:\WINDOWS\system32\db2jds.dll - will be deleted on reboot
17:09:03.0328 2728 umpusbxp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0375 2728 C:\WINDOWS\system32\camdrl.dll - copied to quarantine
17:09:03.0375 2728 HKLM\SYSTEM\ControlSet001\services\UpdateCenterService - will be deleted on reboot
17:09:03.0375 2728 HKLM\SYSTEM\ControlSet003\services\UpdateCenterService - will be deleted on reboot
17:09:03.0390 2728 C:\WINDOWS\system32\camdrl.dll - will be deleted on reboot
17:09:03.0390 2728 UpdateCenterService ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0421 2728 C:\WINDOWS\system32\arc.dll - copied to quarantine
17:09:03.0421 2728 HKLM\SYSTEM\ControlSet001\services\upnp - will be deleted on reboot
17:09:03.0421 2728 HKLM\SYSTEM\ControlSet003\services\upnp - will be deleted on reboot
17:09:03.0421 2728 C:\WINDOWS\system32\arc.dll - will be deleted on reboot
17:09:03.0421 2728 upnp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0453 2728 C:\WINDOWS\system32\tmtdi.dll - copied to quarantine
17:09:03.0453 2728 HKLM\SYSTEM\ControlSet001\services\USA49W2KP - will be deleted on reboot
17:09:03.0468 2728 HKLM\SYSTEM\ControlSet003\services\USA49W2KP - will be deleted on reboot
17:09:03.0468 2728 C:\WINDOWS\system32\tmtdi.dll - will be deleted on reboot
17:09:03.0468 2728 USA49W2KP ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0515 2728 C:\WINDOWS\system32\WNIPROT5.dll - copied to quarantine
17:09:03.0515 2728 HKLM\SYSTEM\ControlSet001\services\usb20l - will be deleted on reboot
17:09:03.0515 2728 HKLM\SYSTEM\ControlSet003\services\usb20l - will be deleted on reboot
17:09:03.0515 2728 C:\WINDOWS\system32\WNIPROT5.dll - will be deleted on reboot
17:09:03.0515 2728 usb20l ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0578 2728 C:\WINDOWS\system32\pshost.dll - copied to quarantine
17:09:03.0578 2728 HKLM\SYSTEM\ControlSet001\services\USB_RNDIS - will be deleted on reboot
17:09:03.0578 2728 HKLM\SYSTEM\ControlSet003\services\USB_RNDIS - will be deleted on reboot
17:09:03.0578 2728 C:\WINDOWS\system32\pshost.dll - will be deleted on reboot
17:09:03.0578 2728 USB_RNDIS ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0625 2728 C:\WINDOWS\system32\WmXlCore.dll - copied to quarantine
17:09:03.0625 2728 HKLM\SYSTEM\ControlSet001\services\utilman - will be deleted on reboot
17:09:03.0625 2728 HKLM\SYSTEM\ControlSet003\services\utilman - will be deleted on reboot
17:09:03.0625 2728 C:\WINDOWS\system32\WmXlCore.dll - will be deleted on reboot
17:09:03.0625 2728 utilman ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0687 2728 C:\WINDOWS\system32\SISNICXP.dll - copied to quarantine
17:09:03.0687 2728 HKLM\SYSTEM\ControlSet001\services\vaiomediaplatform-musicserver-appserver - will be deleted on reboot
17:09:03.0687 2728 HKLM\SYSTEM\ControlSet003\services\vaiomediaplatform-musicserver-appserver - will be deleted on reboot
17:09:03.0687 2728 C:\WINDOWS\system32\SISNICXP.dll - will be deleted on reboot
17:09:03.0687 2728 vaiomediaplatform-musicserver-appserver ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0718 2728 C:\WINDOWS\system32\z525mdfl.dll - copied to quarantine
17:09:03.0718 2728 HKLM\SYSTEM\ControlSet001\services\vc5secs - will be deleted on reboot
17:09:03.0718 2728 HKLM\SYSTEM\ControlSet003\services\vc5secs - will be deleted on reboot
17:09:03.0718 2728 C:\WINDOWS\system32\z525mdfl.dll - will be deleted on reboot
17:09:03.0718 2728 vc5secs ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0796 2728 C:\WINDOWS\system32\symevent.dll - copied to quarantine
17:09:03.0796 2728 HKLM\SYSTEM\ControlSet001\services\viaudio - will be deleted on reboot
17:09:03.0796 2728 HKLM\SYSTEM\ControlSet003\services\viaudio - will be deleted on reboot
17:09:03.0796 2728 C:\WINDOWS\system32\symevent.dll - will be deleted on reboot
17:09:03.0796 2728 viaudio ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0828 2728 C:\WINDOWS\system32\klblmain.dll - copied to quarantine
17:09:03.0828 2728 HKLM\SYSTEM\ControlSet001\services\vtserver - will be deleted on reboot
17:09:03.0828 2728 HKLM\SYSTEM\ControlSet003\services\vtserver - will be deleted on reboot
17:09:03.0828 2728 C:\WINDOWS\system32\klblmain.dll - will be deleted on reboot
17:09:03.0828 2728 vtserver ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0890 2728 C:\WINDOWS\system32\SISNICXP.dll - copied to quarantine
17:09:03.0890 2728 HKLM\SYSTEM\ControlSet001\services\vulfnths - will be deleted on reboot
17:09:03.0890 2728 HKLM\SYSTEM\ControlSet003\services\vulfnths - will be deleted on reboot
17:09:03.0890 2728 C:\WINDOWS\system32\SISNICXP.dll - will be deleted on reboot
17:09:03.0890 2728 vulfnths ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:03.0937 2728 C:\WINDOWS\system32\snapman380.dll - copied to quarantine
17:09:03.0937 2728 HKLM\SYSTEM\ControlSet001\services\vulfntrs - will be deleted on reboot
17:09:03.0937 2728 HKLM\SYSTEM\ControlSet003\services\vulfntrs - will be deleted on reboot
17:09:03.0937 2728 C:\WINDOWS\system32\snapman380.dll - will be deleted on reboot
17:09:03.0937 2728 vulfntrs ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0000 2728 C:\WINDOWS\system32\srescan.dll - copied to quarantine
17:09:04.0000 2728 HKLM\SYSTEM\ControlSet001\services\w300bus - will be deleted on reboot
17:09:04.0000 2728 HKLM\SYSTEM\ControlSet003\services\w300bus - will be deleted on reboot
17:09:04.0000 2728 C:\WINDOWS\system32\srescan.dll - will be deleted on reboot
17:09:04.0000 2728 w300bus ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0031 2728 C:\WINDOWS\system32\inorpc.dll - copied to quarantine
17:09:04.0031 2728 HKLM\SYSTEM\ControlSet001\services\w550mgmt - will be deleted on reboot
17:09:04.0031 2728 HKLM\SYSTEM\ControlSet003\services\w550mgmt - will be deleted on reboot
17:09:04.0031 2728 C:\WINDOWS\system32\inorpc.dll - will be deleted on reboot
17:09:04.0031 2728 w550mgmt ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0062 2728 C:\WINDOWS\system32\ialm.dll - copied to quarantine
17:09:04.0062 2728 HKLM\SYSTEM\ControlSet001\services\W55U01 - will be deleted on reboot
17:09:04.0062 2728 HKLM\SYSTEM\ControlSet003\services\W55U01 - will be deleted on reboot
17:09:04.0062 2728 C:\WINDOWS\system32\ialm.dll - will be deleted on reboot
17:09:04.0062 2728 W55U01 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0109 2728 C:\WINDOWS\system32\ncupdatesvc.dll - copied to quarantine
17:09:04.0109 2728 HKLM\SYSTEM\ControlSet001\services\wanminiportservice - will be deleted on reboot
17:09:04.0109 2728 HKLM\SYSTEM\ControlSet003\services\wanminiportservice - will be deleted on reboot
17:09:04.0109 2728 C:\WINDOWS\system32\ncupdatesvc.dll - will be deleted on reboot
17:09:04.0109 2728 wanminiportservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0171 2728 C:\WINDOWS\system32\MSMQ.dll - copied to quarantine
17:09:04.0171 2728 HKLM\SYSTEM\ControlSet001\services\Wbutton - will be deleted on reboot
17:09:04.0171 2728 HKLM\SYSTEM\ControlSet003\services\Wbutton - will be deleted on reboot
17:09:04.0171 2728 C:\WINDOWS\system32\MSMQ.dll - will be deleted on reboot
17:09:04.0171 2728 Wbutton ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0203 2728 C:\WINDOWS\system32\prevxagent.dll - copied to quarantine
17:09:04.0203 2728 HKLM\SYSTEM\ControlSet001\services\websenseclientdeployservice - will be deleted on reboot
17:09:04.0203 2728 HKLM\SYSTEM\ControlSet003\services\websenseclientdeployservice - will be deleted on reboot
17:09:04.0203 2728 C:\WINDOWS\system32\prevxagent.dll - will be deleted on reboot
17:09:04.0203 2728 websenseclientdeployservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0328 2728 C:\WINDOWS\system32\intelroam.dll - copied to quarantine
17:09:04.0328 2728 HKLM\SYSTEM\ControlSet001\services\websenseusagemonitor - will be deleted on reboot
17:09:04.0328 2728 HKLM\SYSTEM\ControlSet003\services\websenseusagemonitor - will be deleted on reboot
17:09:04.0328 2728 C:\WINDOWS\system32\intelroam.dll - will be deleted on reboot
17:09:04.0328 2728 websenseusagemonitor ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0359 2728 C:\WINDOWS\system32\NetMsmqActivator.dll - copied to quarantine
17:09:04.0359 2728 HKLM\SYSTEM\ControlSet001\services\WINFLASH - will be deleted on reboot
17:09:04.0359 2728 HKLM\SYSTEM\ControlSet003\services\WINFLASH - will be deleted on reboot
17:09:04.0359 2728 C:\WINDOWS\system32\NetMsmqActivator.dll - will be deleted on reboot
17:09:04.0359 2728 WINFLASH ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0406 2728 C:\WINDOWS\system32\pilogsrv.dll - copied to quarantine
17:09:04.0406 2728 HKLM\SYSTEM\ControlSet001\services\WINIO - will be deleted on reboot
17:09:04.0406 2728 HKLM\SYSTEM\ControlSet003\services\WINIO - will be deleted on reboot
17:09:04.0421 2728 C:\WINDOWS\system32\pilogsrv.dll - will be deleted on reboot
17:09:04.0421 2728 WINIO ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0437 2728 C:\WINDOWS\system32\bdpredir.dll - copied to quarantine
17:09:04.0437 2728 HKLM\SYSTEM\ControlSet001\services\wmconnectcds - will be deleted on reboot
17:09:04.0437 2728 HKLM\SYSTEM\ControlSet003\services\wmconnectcds - will be deleted on reboot
17:09:04.0437 2728 C:\WINDOWS\system32\bdpredir.dll - will be deleted on reboot
17:09:04.0437 2728 wmconnectcds ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0515 2728 C:\WINDOWS\system32\pid_0928.dll - copied to quarantine
17:09:04.0515 2728 HKLM\SYSTEM\ControlSet001\services\WmUsbHid - will be deleted on reboot
17:09:04.0515 2728 HKLM\SYSTEM\ControlSet003\services\WmUsbHid - will be deleted on reboot
17:09:04.0515 2728 C:\WINDOWS\system32\pid_0928.dll - will be deleted on reboot
17:09:04.0515 2728 WmUsbHid ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0546 2728 C:\WINDOWS\system32\trlokom_rmhsvc.dll - copied to quarantine
17:09:04.0546 2728 HKLM\SYSTEM\ControlSet001\services\X10UIF - will be deleted on reboot
17:09:04.0546 2728 HKLM\SYSTEM\ControlSet003\services\X10UIF - will be deleted on reboot
17:09:04.0546 2728 C:\WINDOWS\system32\trlokom_rmhsvc.dll - will be deleted on reboot
17:09:04.0546 2728 X10UIF ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0609 2728 C:\WINDOWS\system32\iclarityqosservice.dll - copied to quarantine
17:09:04.0609 2728 HKLM\SYSTEM\ControlSet001\services\X4HSX32 - will be deleted on reboot
17:09:04.0609 2728 HKLM\SYSTEM\ControlSet003\services\X4HSX32 - will be deleted on reboot
17:09:04.0609 2728 C:\WINDOWS\system32\iclarityqosservice.dll - will be deleted on reboot
17:09:04.0609 2728 X4HSX32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0656 2728 C:\WINDOWS\system32\tbaspi.dll - copied to quarantine
17:09:04.0656 2728 HKLM\SYSTEM\ControlSet001\services\xfactorae1 - will be deleted on reboot
17:09:04.0656 2728 HKLM\SYSTEM\ControlSet003\services\xfactorae1 - will be deleted on reboot
17:09:04.0656 2728 C:\WINDOWS\system32\tbaspi.dll - will be deleted on reboot
17:09:04.0656 2728 xfactorae1 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0703 2728 C:\WINDOWS\system32\scardsvr.dll - copied to quarantine
17:09:04.0703 2728 HKLM\SYSTEM\ControlSet001\services\YMIDUSB - will be deleted on reboot
17:09:04.0703 2728 HKLM\SYSTEM\ControlSet003\services\YMIDUSB - will be deleted on reboot
17:09:04.0703 2728 C:\WINDOWS\system32\scardsvr.dll - will be deleted on reboot
17:09:04.0703 2728 YMIDUSB ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0734 2728 C:\WINDOWS\system32\OracleOraHome92ClientCache.dll - copied to quarantine
17:09:04.0734 2728 HKLM\SYSTEM\ControlSet001\services\yukonwxp - will be deleted on reboot
17:09:04.0734 2728 HKLM\SYSTEM\ControlSet003\services\yukonwxp - will be deleted on reboot
17:09:04.0734 2728 C:\WINDOWS\system32\OracleOraHome92ClientCache.dll - will be deleted on reboot
17:09:04.0734 2728 yukonwxp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0796 2728 C:\WINDOWS\system32\AtlsAud.dll - copied to quarantine
17:09:04.0796 2728 HKLM\SYSTEM\ControlSet001\services\_iomega_active_disk_service_ - will be deleted on reboot
17:09:04.0796 2728 HKLM\SYSTEM\ControlSet003\services\_iomega_active_disk_service_ - will be deleted on reboot
17:09:04.0796 2728 C:\WINDOWS\system32\AtlsAud.dll - will be deleted on reboot
17:09:04.0796 2728 _iomega_active_disk_service_ ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:09:04.0843 2728 C:\WINDOWS\system32\wanarp.dll - copied to quarantine
17:09:04.0843 2728 HKLM\SYSTEM\ControlSet001\services\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - will be deleted on reboot
17:09:04.0843 2728 HKLM\SYSTEM\ControlSet003\services\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - will be deleted on reboot
17:09:04.0843 2728 C:\WINDOWS\system32\wanarp.dll - will be deleted on reboot
17:09:04.0843 2728 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

#4 Schulzy

Schulzy
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 08 July 2012 - 06:39 AM

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 17:14:25
-----------------------------
17:14:25.062 OS Version: Windows 5.1.2600 Service Pack 3
17:14:25.062 Number of processors: 4 586 0xF0B
17:14:25.062 ComputerName: BRAD UserName:
17:14:26.171 Initialize success
17:41:12.625 AVAST engine defs: 12070800
18:10:05.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
18:10:05.171 Disk 0 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476940MB BusType: 3
18:10:05.203 Disk 0 MBR read successfully
18:10:05.203 Disk 0 MBR scan
18:10:05.375 Disk 0 Windows XP default MBR code
18:10:05.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
18:10:05.375 Disk 0 scanning sectors +976752000
18:10:05.500 Disk 0 scanning C:\WINDOWS\system32\drivers
18:10:20.687 Service scanning
18:10:40.671 Modules scanning
18:10:46.484 Disk 0 trace - called modules:
18:10:46.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:10:46.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae82ab8]
18:10:46.515 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8aeabd70]
18:10:46.515 5 ACPI.sys[f7427620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-9[0x8aea6d98]
18:10:48.328 AVAST engine scan C:\WINDOWS
18:11:06.093 AVAST engine scan C:\WINDOWS\system32
18:13:37.125 AVAST engine scan C:\WINDOWS\system32\drivers
18:13:57.453 AVAST engine scan C:\Documents and Settings\Schulzy
18:28:39.140 File: C:\Documents and Settings\Schulzy\Local Settings\Temp\jar_cache5218168630215759195.tmp **INFECTED** Win32:FakeAlert-BJD [Trj]
19:07:01.484 AVAST engine scan C:\Documents and Settings\All Users
19:29:08.187 Scan finished successfully
19:32:41.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Schulzy\Desktop\MBR.dat"
19:32:41.140 The log file has been saved successfully to "C:\Documents and Settings\Schulzy\Desktop\aswMBR.txt"

ESET log:

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\76cd9281-7361950b multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\28\40b35bdc-42837bb2 multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\43\4581cd6b-7ded5f7d Win32/TrojanDownloader.Vespula.AY trojan
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\12\3423a40c-47984df7 Java/Exploit.Blacole trojan
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\32\7a80ca60-73798a64 multiple threats
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\52\19aea434-40d793d7 multiple threats
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\63\3c53b4bf-5df34464 multiple threats
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\8\2e0cd748-34b1f89e Java/TrojanDownloader.OpenConnection.AP trojan
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\9\9b46509-5d10dbbd a variant of Java/Exploit.CVE-2011-3544.AZ trojan
C:\Documents and Settings\Schulzy\Desktop\22 OCT\6-10-10 junk\SoftonicDownloader_for_pivot-stickfigure-animator.exe a variant of Win32/SoftonicDownloader.A application
C:\Documents and Settings\Schulzy\Desktop\Brad 2012 cleanup\cnet_erprot_610_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Schulzy\Desktop\Brad 2012 cleanup\cnet_fr_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Schulzy\Local Settings\Temp\jar_cache6854315372319510755.tmp multiple threats
C:\Documents and Settings\Schulzy\Local Settings\Temp\ICReinstall\cnet_erprot_610_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Schulzy\Local Settings\Temp\ICReinstall\cnet_fr_exe.exe a variant of Win32/InstallCore.D application
C:\WINDOWS\system32\scardsvr.dll Win32/Sirefef.ER trojan
C:\WINDOWS\system32\drivers\serial.sys a variant of Win32/Rootkit.Kryptik.FB trojan
C:\WINDOWS\Temp\ax2h.exe Win32/TrojanDownloader.Vespula.AY trojan
C:\WINDOWS\Temp\jar_cache1300837375917844832.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache1535066787029019953.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache1682991212054327773.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache3515089050650943936.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache3766485965480112634.tmp a variant of Java/Exploit.CVE-2012-0507.CU trojan
C:\WINDOWS\Temp\jar_cache4345055837665687218.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache4701408136758010365.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache4854172631857475682.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache508533459697462638.tmp a variant of Java/Exploit.CVE-2011-3544.B trojan
C:\WINDOWS\Temp\jar_cache6352773748143947806.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache6843600437969866867.tmp a variant of Java/Exploit.CVE-2011-3544.B trojan
C:\WINDOWS\Temp\jar_cache7036556532343190014.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache7198273684094777094.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache8013508156994400258.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan
C:\WINDOWS\Temp\jar_cache8280680403085914895.tmp a variant of Java/Exploit.CVE-2011-3544.B trojan
C:\WINDOWS\Temp\jyvqvyshixxg.exe Win32/Spy.Zbot.YW trojan
C:\WINDOWS\Temp\xctngvykqjlrltuv.exe Win32/Spy.Zbot.YW trojan
C:\WINDOWS\Temp\ynawhpeckdukbbchdko.exe Win32/Spy.Zbot.YW trojan
C:\WINDOWS\Temp\zfguvbsoiblghw.exe Win32/Spy.Zbot.YW trojan
Operating memory multiple threats

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:16 PM

Posted 08 July 2012 - 06:46 AM

Restart the PC,run TDSSkiller again and post the new log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 Schulzy

Schulzy
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 09 July 2012 - 05:55 AM

Hi

When I ran the aswMBR scan in the previous step was I meant to hit the 'fix' or 'fixMBR' button after the scan? Because I didn't, I just got the log and then closed the program without fixing anything.

Here are the new logs

TDSSKiller:

00:19:41.0781 0580 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
00:19:42.0750 0580 ============================================================
00:19:42.0750 0580 Current date / time: 2012/07/09 00:19:42.0750
00:19:42.0750 0580 SystemInfo:
00:19:42.0750 0580
00:19:42.0750 0580 OS Version: 5.1.2600 ServicePack: 3.0
00:19:42.0750 0580 Product type: Workstation
00:19:42.0750 0580 ComputerName: BRAD
00:19:42.0750 0580 UserName: Schulzy
00:19:42.0750 0580 Windows directory: C:\WINDOWS
00:19:42.0750 0580 System windows directory: C:\WINDOWS
00:19:42.0750 0580 Processor architecture: Intel x86
00:19:42.0750 0580 Number of processors: 4
00:19:42.0750 0580 Page size: 0x1000
00:19:42.0750 0580 Boot type: Normal boot
00:19:42.0750 0580 ============================================================
00:19:44.0093 0580 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:19:44.0093 0580 ============================================================
00:19:44.0093 0580 \Device\Harddisk0\DR0:
00:19:44.0093 0580 MBR partitions:
00:19:44.0093 0580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
00:19:44.0093 0580 ============================================================
00:19:44.0125 0580 C: <-> \Device\Harddisk0\DR0\Partition0
00:19:44.0140 0580 ============================================================
00:19:44.0140 0580 Initialize success
00:19:44.0140 0580 ============================================================
00:19:58.0562 2248 ============================================================
00:19:58.0562 2248 Scan started
00:19:58.0562 2248 Mode: Manual; TDLFS;
00:19:58.0562 2248 ============================================================
00:19:58.0843 2248 Abiosdsk - ok
00:19:58.0843 2248 abp480n5 - ok
00:19:58.0843 2248 ABVPN2K - ok
00:19:58.0890 2248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:19:58.0890 2248 ACPI - ok
00:19:58.0921 2248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:19:58.0921 2248 ACPIEC - ok
00:19:58.0953 2248 ACS (233235123f3d73228ec3d2bba0e7143d) C:\WINDOWS\system32\acs.exe
00:19:58.0953 2248 ACS - ok
00:19:58.0953 2248 adpu160m - ok
00:19:58.0968 2248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:19:58.0968 2248 aec - ok
00:19:59.0000 2248 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:19:59.0000 2248 AegisP - ok
00:19:59.0046 2248 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:19:59.0046 2248 AFD - ok
00:19:59.0046 2248 Aha154x - ok
00:19:59.0046 2248 aic78u2 - ok
00:19:59.0062 2248 aic78xx - ok
00:19:59.0078 2248 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:19:59.0078 2248 Alerter - ok
00:19:59.0109 2248 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:19:59.0109 2248 ALG - ok
00:19:59.0109 2248 AliIde - ok
00:19:59.0109 2248 ALYac_PZSrv - ok
00:19:59.0203 2248 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
00:19:59.0218 2248 Ambfilt - ok
00:19:59.0265 2248 amsint - ok
00:19:59.0390 2248 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:19:59.0390 2248 Apple Mobile Device - ok
00:19:59.0406 2248 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:19:59.0421 2248 AppMgmt - ok
00:19:59.0468 2248 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WPN311.sys
00:19:59.0484 2248 AR5211 - ok
00:19:59.0562 2248 AR5416 (00e031fe2d849be503fc4a47271f1ea5) C:\WINDOWS\system32\DRIVERS\athw.sys
00:19:59.0578 2248 AR5416 - ok
00:19:59.0578 2248 asc - ok
00:19:59.0578 2248 asc3350p - ok
00:19:59.0578 2248 asc3550 - ok
00:19:59.0703 2248 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:19:59.0734 2248 aspnet_state - ok
00:19:59.0765 2248 astcc (2a7037f93ae6ab1305606dee23c70f8c) C:\WINDOWS\system32\ASTSRV.EXE
00:19:59.0765 2248 astcc - ok
00:19:59.0796 2248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:19:59.0796 2248 AsyncMac - ok
00:19:59.0843 2248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:19:59.0843 2248 atapi - ok
00:19:59.0843 2248 Atdisk - ok
00:19:59.0875 2248 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
00:19:59.0875 2248 AtiHdmiService - ok
00:19:59.0937 2248 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
00:19:59.0937 2248 ATITool - ok
00:19:59.0953 2248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:19:59.0968 2248 Atmarpc - ok
00:20:00.0000 2248 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:20:00.0000 2248 AudioSrv - ok
00:20:00.0046 2248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:20:00.0046 2248 audstub - ok
00:20:00.0171 2248 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
00:20:00.0187 2248 avg9wd - ok
00:20:00.0234 2248 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
00:20:00.0234 2248 AvgLdx86 - ok
00:20:00.0250 2248 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
00:20:00.0250 2248 AvgMfx86 - ok
00:20:00.0281 2248 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
00:20:00.0281 2248 AvgTdiX - ok
00:20:00.0281 2248 bc_ngn - ok
00:20:00.0328 2248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:20:00.0343 2248 Beep - ok
00:20:00.0359 2248 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:20:00.0515 2248 BITS - ok
00:20:00.0609 2248 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:20:00.0609 2248 Bonjour Service - ok
00:20:00.0640 2248 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:20:00.0640 2248 Browser - ok
00:20:00.0656 2248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:20:00.0656 2248 cbidf2k - ok
00:20:00.0656 2248 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:20:00.0671 2248 CCDECODE - ok
00:20:00.0671 2248 cd20xrnt - ok
00:20:00.0687 2248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:20:00.0687 2248 Cdaudio - ok
00:20:00.0734 2248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:20:00.0734 2248 Cdfs - ok
00:20:00.0750 2248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:20:00.0750 2248 Cdrom - ok
00:20:00.0750 2248 Changer - ok
00:20:00.0765 2248 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:20:00.0765 2248 CiSvc - ok
00:20:00.0781 2248 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:20:00.0781 2248 ClipSrv - ok
00:20:00.0890 2248 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:20:00.0937 2248 clr_optimization_v2.0.50727_32 - ok
00:20:00.0937 2248 CmdIde - ok
00:20:00.0953 2248 COMSysApp - ok
00:20:00.0953 2248 Cpqarray - ok
00:20:00.0953 2248 cpqdmi - ok
00:20:00.0984 2248 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:20:00.0984 2248 CryptSvc - ok
00:20:00.0984 2248 CTEXFIFX.DLL - ok
00:20:00.0984 2248 ctsfm2k - ok
00:20:00.0984 2248 dac2w2k - ok
00:20:00.0984 2248 dac960nt - ok
00:20:01.0015 2248 danewFltr (c512b618d0e19339572ad125e26b9cb5) C:\WINDOWS\system32\drivers\danew.sys
00:20:01.0031 2248 danewFltr - ok
00:20:01.0062 2248 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:20:01.0078 2248 DcomLaunch - ok
00:20:01.0125 2248 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:20:01.0125 2248 Dhcp - ok
00:20:01.0171 2248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:20:01.0171 2248 Disk - ok
00:20:01.0281 2248 Diskeeper (15a2f2d06b1f8d2ad2be055c40cb1b74) C:\Program Files\Executive Software\Diskeeper\DkService.exe
00:20:01.0296 2248 Diskeeper - ok
00:20:01.0296 2248 dmadmin - ok
00:20:01.0328 2248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:20:01.0359 2248 dmboot - ok
00:20:01.0359 2248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:20:01.0359 2248 dmio - ok
00:20:01.0390 2248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:20:01.0390 2248 dmload - ok
00:20:01.0421 2248 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:20:01.0421 2248 dmserver - ok
00:20:01.0453 2248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:20:01.0453 2248 DMusic - ok
00:20:01.0484 2248 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:20:01.0484 2248 Dnscache - ok
00:20:01.0531 2248 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:20:01.0531 2248 Dot3svc - ok
00:20:01.0546 2248 dpti2o - ok
00:20:01.0562 2248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:20:01.0562 2248 drmkaud - ok
00:20:01.0578 2248 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:20:01.0593 2248 EapHost - ok
00:20:01.0593 2248 ELkbd - ok
00:20:01.0593 2248 elnkservice - ok
00:20:01.0609 2248 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
00:20:01.0625 2248 ENTECH - ok
00:20:01.0625 2248 enum1394 - ok
00:20:01.0671 2248 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:20:01.0671 2248 ERSvc - ok
00:20:01.0671 2248 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:20:01.0687 2248 Eventlog - ok
00:20:01.0765 2248 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:20:01.0765 2248 EventSystem - ok
00:20:01.0812 2248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:20:01.0812 2248 Fastfat - ok
00:20:01.0859 2248 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:20:01.0859 2248 FastUserSwitchingCompatibility - ok
00:20:01.0890 2248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:20:01.0890 2248 Fdc - ok
00:20:01.0906 2248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:20:01.0906 2248 Fips - ok
00:20:01.0984 2248 FLASHSYS (d3d9311624edd435f42cda7eaa0a6aed) C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys
00:20:01.0984 2248 FLASHSYS - ok
00:20:02.0000 2248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:20:02.0015 2248 Flpydisk - ok
00:20:02.0046 2248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:20:02.0046 2248 FltMgr - ok
00:20:02.0187 2248 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:20:02.0187 2248 FontCache3.0.0.0 - ok
00:20:02.0187 2248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:20:02.0203 2248 Fs_Rec - ok
00:20:02.0218 2248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:20:02.0218 2248 Ftdisk - ok
00:20:02.0218 2248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:20:02.0234 2248 GEARAspiWDM - ok
00:20:02.0234 2248 GENERICDRV - ok
00:20:02.0234 2248 GMSIPCI - ok
00:20:02.0265 2248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:20:02.0265 2248 Gpc - ok
00:20:02.0359 2248 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:20:02.0359 2248 gupdate - ok
00:20:02.0359 2248 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:20:02.0359 2248 gupdatem - ok
00:20:02.0406 2248 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:20:02.0406 2248 HDAudBus - ok
00:20:02.0484 2248 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:20:02.0484 2248 helpsvc - ok
00:20:02.0531 2248 hidkmdf (bb1822838c0714b3c03efe0f209d135d) C:\WINDOWS\system32\DRIVERS\hidkmdf.sys
00:20:02.0531 2248 hidkmdf - ok
00:20:02.0546 2248 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
00:20:02.0546 2248 HidServ - ok
00:20:02.0562 2248 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:20:02.0578 2248 hidusb - ok
00:20:02.0625 2248 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:20:02.0625 2248 hkmsvc - ok
00:20:02.0625 2248 hpn - ok
00:20:02.0671 2248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:20:02.0671 2248 HTTP - ok
00:20:02.0703 2248 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:20:02.0734 2248 HTTPFilter - ok
00:20:02.0734 2248 i2omgmt - ok
00:20:02.0734 2248 i2omp - ok
00:20:02.0765 2248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:20:02.0781 2248 i8042prt - ok
00:20:02.0781 2248 iaimtv1 - ok
00:20:02.0781 2248 iastor - ok
00:20:02.0781 2248 ichaud - ok
00:20:02.0843 2248 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:20:02.0843 2248 IDriverT - ok
00:20:02.0921 2248 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:20:02.0937 2248 idsvc - ok
00:20:02.0968 2248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:20:02.0968 2248 Imapi - ok
00:20:02.0968 2248 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:20:02.0984 2248 ImapiService - ok
00:20:02.0984 2248 ini910u - ok
00:20:03.0281 2248 IntcAzAudAddService (988a112c4061f309ce9c1abfc971d001) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:20:03.0312 2248 IntcAzAudAddService - ok
00:20:03.0406 2248 IntelIde - ok
00:20:03.0437 2248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:20:03.0437 2248 intelppm - ok
00:20:03.0437 2248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:20:03.0437 2248 Ip6Fw - ok
00:20:03.0453 2248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:20:03.0453 2248 IpFilterDriver - ok
00:20:03.0453 2248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:20:03.0468 2248 IpInIp - ok
00:20:03.0468 2248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:20:03.0468 2248 IpNat - ok
00:20:03.0546 2248 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
00:20:03.0562 2248 iPod Service - ok
00:20:03.0578 2248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:20:03.0593 2248 IPSec - ok
00:20:03.0593 2248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:20:03.0593 2248 IRENUM - ok
00:20:03.0640 2248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:20:03.0640 2248 isapnp - ok
00:20:03.0640 2248 ISODrive - ok
00:20:03.0718 2248 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
00:20:03.0734 2248 JavaQuickStarterService - ok
00:20:03.0750 2248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:20:03.0750 2248 Kbdclass - ok
00:20:03.0765 2248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:20:03.0765 2248 kbdhid - ok
00:20:03.0765 2248 kbfiltr - ok
00:20:03.0781 2248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:20:03.0796 2248 kmixer - ok
00:20:03.0812 2248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:20:03.0812 2248 KSecDD - ok
00:20:03.0843 2248 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:20:03.0843 2248 lanmanserver - ok
00:20:03.0890 2248 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:20:03.0890 2248 lanmanworkstation - ok
00:20:03.0890 2248 lbrtfdc - ok
00:20:03.0921 2248 lgmcbus (36fc312051a6919e97c5cdce6360ddb4) C:\WINDOWS\system32\DRIVERS\lgmcbus.sys
00:20:03.0921 2248 lgmcbus - ok
00:20:03.0921 2248 lgmcmdfl (793f99799f1d857537cf1810283a7db9) C:\WINDOWS\system32\DRIVERS\lgmcmdfl.sys
00:20:03.0921 2248 lgmcmdfl - ok
00:20:03.0953 2248 lgmcmdm (d991dbee3a13f670928b4a9c07e67503) C:\WINDOWS\system32\DRIVERS\lgmcmdm.sys
00:20:03.0953 2248 lgmcmdm - ok
00:20:03.0968 2248 lgmcmgmt (9761981c9656abd1f13a6fc7b2d6b431) C:\WINDOWS\system32\DRIVERS\lgmcmgmt.sys
00:20:03.0968 2248 lgmcmgmt - ok
00:20:03.0968 2248 lgmcnd5 (3e3b259be2c9031975170c4b7ffc7b6c) C:\WINDOWS\system32\DRIVERS\lgmcnd5.sys
00:20:03.0968 2248 lgmcnd5 - ok
00:20:03.0984 2248 lgmcobex (bc68570f3f3a7d07f50505b58d45c539) C:\WINDOWS\system32\DRIVERS\lgmcobex.sys
00:20:03.0984 2248 lgmcobex - ok
00:20:04.0000 2248 lgmcunic (2e29da94e03474942b7cbf1952563c0a) C:\WINDOWS\system32\DRIVERS\lgmcunic.sys
00:20:04.0000 2248 lgmcunic - ok
00:20:04.0000 2248 LHidUsbK - ok
00:20:04.0046 2248 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:20:04.0046 2248 LmHosts - ok
00:20:04.0046 2248 maya70docserver - ok
00:20:04.0093 2248 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
00:20:04.0093 2248 mcdbus - ok
00:20:04.0125 2248 mcods (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\system32\irmon.dll
00:20:04.0125 2248 mcods - ok
00:20:04.0125 2248 mdmxsdk - ok
00:20:04.0140 2248 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:20:04.0156 2248 Messenger - ok
00:20:04.0156 2248 midisyn - ok
00:20:04.0187 2248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:20:04.0187 2248 mnmdd - ok
00:20:04.0234 2248 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:20:04.0234 2248 mnmsrvc - ok
00:20:04.0250 2248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:20:04.0250 2248 Modem - ok
00:20:04.0328 2248 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
00:20:04.0343 2248 Monfilt - ok
00:20:04.0359 2248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:20:04.0359 2248 Mouclass - ok
00:20:04.0390 2248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:20:04.0406 2248 mouhid - ok
00:20:04.0406 2248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:20:04.0406 2248 MountMgr - ok
00:20:04.0406 2248 mraid35x - ok
00:20:04.0421 2248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:20:04.0421 2248 MRxDAV - ok
00:20:04.0468 2248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:20:04.0484 2248 MRxSmb - ok
00:20:04.0578 2248 MSCamSvc (af661f9eaf65c024ee85ac531fdad9fa) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
00:20:04.0593 2248 MSCamSvc - ok
00:20:04.0609 2248 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:20:04.0609 2248 MSDTC - ok
00:20:04.0625 2248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:20:04.0625 2248 Msfs - ok
00:20:04.0687 2248 MsibiosDevice (73df019bb316f317e60ae8758a52b3d1) C:\Program Files\MSI\Live Update 4\LU4\msibios.sys
00:20:04.0687 2248 MsibiosDevice - ok
00:20:04.0687 2248 MSIServer - ok
00:20:04.0734 2248 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
00:20:04.0734 2248 MSI_DVD_010507 - ok
00:20:04.0781 2248 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
00:20:04.0781 2248 MSI_MSIBIOS_010507 - ok
00:20:04.0781 2248 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
00:20:04.0796 2248 MSI_VGASYS_010507 - ok
00:20:04.0796 2248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:20:04.0796 2248 MSKSSRV - ok
00:20:04.0843 2248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:20:04.0859 2248 MSPCLOCK - ok
00:20:04.0859 2248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:20:04.0859 2248 MSPQM - ok
00:20:04.0890 2248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:20:04.0890 2248 mssmbios - ok
00:20:04.0921 2248 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:20:04.0921 2248 MSTEE - ok
00:20:04.0953 2248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:20:04.0953 2248 Mup - ok
00:20:04.0953 2248 mwagent - ok
00:20:04.0984 2248 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:20:04.0984 2248 NABTSFEC - ok
00:20:05.0015 2248 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:20:05.0046 2248 napagent - ok
00:20:05.0078 2248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:20:05.0078 2248 NDIS - ok
00:20:05.0078 2248 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:20:05.0078 2248 NdisIP - ok
00:20:05.0125 2248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:20:05.0125 2248 NdisTapi - ok
00:20:05.0171 2248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:20:05.0171 2248 Ndisuio - ok
00:20:05.0171 2248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:20:05.0171 2248 NdisWan - ok
00:20:05.0203 2248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:20:05.0218 2248 NDProxy - ok
00:20:05.0234 2248 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
00:20:05.0234 2248 Netaapl - ok
00:20:05.0250 2248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:20:05.0250 2248 NetBIOS - ok
00:20:05.0281 2248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:20:05.0296 2248 NetBT - ok
00:20:05.0312 2248 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:20:05.0328 2248 NetDDE - ok
00:20:05.0328 2248 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:20:05.0328 2248 NetDDEdsdm - ok
00:20:05.0359 2248 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:20:05.0359 2248 Netlogon - ok
00:20:05.0406 2248 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:20:05.0421 2248 Netman - ok
00:20:05.0515 2248 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:20:05.0515 2248 NetTcpPortSharing - ok
00:20:05.0796 2248 NIHardwareService (bd7a1d7bef2c0fde73f7b87971ed9d2f) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
00:20:05.0890 2248 NIHardwareService - ok
00:20:05.0968 2248 nisum - ok
00:20:06.0015 2248 NitroDriverReadSpool (9c14e80ff4ccdff8129dc716c112c517) C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
00:20:06.0031 2248 NitroDriverReadSpool - ok
00:20:06.0078 2248 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:20:06.0078 2248 Nla - ok
00:20:06.0109 2248 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
00:20:06.0125 2248 nm - ok
00:20:06.0156 2248 nmwcdnsu (be7fd9ca07e7d39f77c78ba5756930d9) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
00:20:06.0156 2248 nmwcdnsu - ok
00:20:06.0171 2248 nmwcdnsuc (94651f5808d3328d28ef967a9e853b8f) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
00:20:06.0171 2248 nmwcdnsuc - ok
00:20:06.0203 2248 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
00:20:06.0203 2248 NPF - ok
00:20:06.0218 2248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:20:06.0218 2248 Npfs - ok
00:20:06.0250 2248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:20:06.0250 2248 Ntfs - ok
00:20:06.0296 2248 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:20:06.0296 2248 NtLmSsp - ok
00:20:06.0343 2248 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:20:06.0375 2248 NtmsSvc - ok
00:20:06.0406 2248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:20:06.0421 2248 Null - ok
00:20:06.0890 2248 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:20:07.0171 2248 nv - ok
00:20:07.0328 2248 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
00:20:07.0328 2248 nvsvc - ok
00:20:07.0328 2248 NWDHCP - ok
00:20:07.0359 2248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:20:07.0359 2248 NwlnkFlt - ok
00:20:07.0359 2248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:20:07.0375 2248 NwlnkFwd - ok
00:20:07.0375 2248 NwSapAgent - ok
00:20:07.0375 2248 obvious - ok
00:20:07.0453 2248 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:20:07.0468 2248 ose - ok
00:20:07.0468 2248 ossrv - ok
00:20:07.0500 2248 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
00:20:07.0515 2248 ovt519 - ok
00:20:07.0671 2248 P17 (d84ab749759d0b4e365fe19bea485378) C:\WINDOWS\system32\drivers\P17.sys
00:20:07.0734 2248 P17 - ok
00:20:07.0734 2248 Packet - ok
00:20:07.0765 2248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:20:07.0781 2248 Parport - ok
00:20:07.0781 2248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:20:07.0781 2248 PartMgr - ok
00:20:07.0812 2248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:20:07.0828 2248 ParVdm - ok
00:20:07.0843 2248 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
00:20:07.0843 2248 pccsmcfd - ok
00:20:07.0859 2248 PcdrNt - ok
00:20:07.0875 2248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:20:07.0875 2248 PCI - ok
00:20:07.0890 2248 PCIDump - ok
00:20:07.0906 2248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:20:07.0906 2248 PCIIde - ok
00:20:07.0906 2248 PCISys - ok
00:20:07.0937 2248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:20:07.0937 2248 Pcmcia - ok
00:20:07.0937 2248 PDCOMP - ok
00:20:07.0953 2248 PDFRAME - ok
00:20:07.0953 2248 pdlnsv25 - ok
00:20:07.0953 2248 PDRELI - ok
00:20:07.0953 2248 PDRFRAME - ok
00:20:07.0953 2248 perc2 - ok
00:20:07.0953 2248 perc2hib - ok
00:20:08.0000 2248 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:20:08.0000 2248 PlugPlay - ok
00:20:08.0046 2248 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
00:20:08.0046 2248 PnkBstrA - ok
00:20:08.0078 2248 PnkBstrB (f482f214bffdf46dc35f47ba5b453e84) C:\WINDOWS\system32\PnkBstrB.exe
00:20:08.0093 2248 PnkBstrB - ok
00:20:08.0109 2248 PnkBstrK (3a6f6d4e8caae0497a511d493e3b6fa9) C:\WINDOWS\system32\drivers\PnkBstrK.sys
00:20:08.0109 2248 PnkBstrK - ok
00:20:08.0156 2248 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:20:08.0156 2248 PolicyAgent - ok
00:20:08.0156 2248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:20:08.0156 2248 PptpMiniport - ok
00:20:08.0171 2248 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:20:08.0171 2248 ProtectedStorage - ok
00:20:08.0171 2248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:20:08.0171 2248 PSched - ok
00:20:08.0203 2248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:20:08.0203 2248 Ptilink - ok
00:20:08.0203 2248 ql1080 - ok
00:20:08.0203 2248 Ql10wnt - ok
00:20:08.0218 2248 ql12160 - ok
00:20:08.0218 2248 ql1240 - ok
00:20:08.0218 2248 ql1280 - ok
00:20:08.0250 2248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:20:08.0250 2248 RasAcd - ok
00:20:08.0281 2248 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:20:08.0281 2248 RasAuto - ok
00:20:08.0281 2248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:20:08.0296 2248 Rasl2tp - ok
00:20:08.0375 2248 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:20:08.0375 2248 RasMan - ok
00:20:08.0375 2248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:20:08.0375 2248 RasPppoe - ok
00:20:08.0390 2248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:20:08.0390 2248 Raspti - ok
00:20:08.0390 2248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:20:08.0406 2248 Rdbss - ok
00:20:08.0406 2248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:20:08.0406 2248 RDPCDD - ok
00:20:08.0421 2248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:20:08.0421 2248 rdpdr - ok
00:20:08.0453 2248 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:20:08.0453 2248 RDPWD - ok
00:20:08.0500 2248 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:20:08.0500 2248 RDSessMgr - ok
00:20:08.0500 2248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:20:08.0515 2248 redbook - ok
00:20:08.0546 2248 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:20:08.0546 2248 RemoteAccess - ok
00:20:08.0578 2248 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:20:08.0578 2248 RemoteRegistry - ok
00:20:08.0703 2248 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
00:20:08.0703 2248 RichVideo - ok
00:20:08.0718 2248 risdptsk - ok
00:20:08.0781 2248 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
00:20:08.0781 2248 RivaTuner32 - ok
00:20:08.0843 2248 rpcapd (67c607857ccd6ebffe768dad5b2ca239) C:\Program Files\WinPcap\rpcapd.exe
00:20:08.0843 2248 rpcapd - ok
00:20:08.0859 2248 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:20:08.0875 2248 RpcLocator - ok
00:20:08.0890 2248 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:20:08.0890 2248 RpcSs - ok
00:20:08.0953 2248 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:20:08.0953 2248 RSVP - ok
00:20:09.0000 2248 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:20:09.0000 2248 RTLE8023xp - ok
00:20:09.0000 2248 s716unic - ok
00:20:09.0000 2248 SaiU040B - ok
00:20:09.0000 2248 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:20:09.0000 2248 SamSs - ok
00:20:09.0062 2248 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:20:09.0062 2248 SCardSvr - ok
00:20:09.0109 2248 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
00:20:09.0109 2248 SCDEmu - ok
00:20:09.0125 2248 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:20:09.0125 2248 Schedule - ok
00:20:09.0140 2248 se59mgmt - ok
00:20:09.0187 2248 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:20:09.0187 2248 Secdrv - ok
00:20:09.0203 2248 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:20:09.0203 2248 seclogon - ok
00:20:09.0203 2248 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:20:09.0203 2248 SENS - ok
00:20:09.0250 2248 Sentinel (7e5c2c58fc4e3862e7bf88bfb809a9b0) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
00:20:09.0250 2248 Sentinel - ok
00:20:09.0312 2248 SentinelProtectionServer (3ee0cbb405af078f7c25fdb64e4b68f5) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
00:20:09.0312 2248 SentinelProtectionServer - ok
00:20:09.0328 2248 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:20:09.0328 2248 serenum - ok
00:20:09.0328 2248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:20:09.0328 2248 Serial - ok
00:20:09.0437 2248 ServiceLayer (3334de016fdcde5c98e30a405a72dd8d) C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
00:20:09.0437 2248 ServiceLayer - ok
00:20:09.0500 2248 sessavs (fbc27d41fec664ef73de15a76946c60c) C:\WINDOWS\system32\Drivers\sessavs.sys
00:20:09.0515 2248 sessavs - ok
00:20:09.0562 2248 sessusb_svc (d61436d8bce3115753c1d98c43461ac0) C:\WINDOWS\system32\Drivers\sessusb.sys
00:20:09.0562 2248 sessusb_svc - ok
00:20:09.0578 2248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:20:09.0578 2248 Sfloppy - ok
00:20:09.0625 2248 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:20:09.0625 2248 SharedAccess - ok
00:20:09.0671 2248 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:20:09.0671 2248 ShellHWDetection - ok
00:20:09.0671 2248 Simbad - ok
00:20:09.0703 2248 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:20:09.0703 2248 SLIP - ok
00:20:09.0718 2248 Sparrow - ok
00:20:09.0734 2248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:20:09.0734 2248 splitter - ok
00:20:09.0765 2248 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:20:09.0781 2248 Spooler - ok
00:20:09.0781 2248 SQLBrowser - ok
00:20:09.0781 2248 sqlserveragent - ok
00:20:09.0781 2248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:20:09.0796 2248 sr - ok
00:20:09.0843 2248 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:20:09.0843 2248 srservice - ok
00:20:09.0890 2248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:20:09.0890 2248 Srv - ok
00:20:09.0921 2248 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:20:09.0921 2248 SSDPSRV - ok
00:20:09.0921 2248 starwindservice - ok
00:20:09.0968 2248 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:20:09.0984 2248 stisvc - ok
00:20:09.0984 2248 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:20:09.0984 2248 streamip - ok
00:20:10.0000 2248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:20:10.0000 2248 swenum - ok
00:20:10.0015 2248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:20:10.0015 2248 swmidi - ok
00:20:10.0015 2248 swmsflt - ok
00:20:10.0015 2248 SwPrv - ok
00:20:10.0015 2248 symc810 - ok
00:20:10.0015 2248 symc8xx - ok
00:20:10.0031 2248 symndis - ok
00:20:10.0031 2248 sym_hi - ok
00:20:10.0031 2248 sym_u3 - ok
00:20:10.0062 2248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:20:10.0078 2248 sysaudio - ok
00:20:10.0109 2248 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:20:10.0125 2248 SysmonLog - ok
00:20:10.0171 2248 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:20:10.0171 2248 TapiSrv - ok
00:20:10.0234 2248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:20:10.0234 2248 Tcpip - ok
00:20:10.0234 2248 tcsd_win32.exe - ok
00:20:10.0265 2248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:20:10.0281 2248 TDPIPE - ok
00:20:10.0281 2248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:20:10.0281 2248 TDTCP - ok
00:20:10.0312 2248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:20:10.0312 2248 TermDD - ok
00:20:10.0375 2248 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:20:10.0375 2248 TermService - ok
00:20:10.0390 2248 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:20:10.0390 2248 Themes - ok
00:20:10.0453 2248 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:20:10.0453 2248 TlntSvr - ok
00:20:10.0453 2248 TosIde - ok
00:20:10.0453 2248 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:20:10.0453 2248 TrkWks - ok
00:20:10.0593 2248 TwonkyMedia - ok
00:20:10.0593 2248 U81xobex - ok
00:20:10.0593 2248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:20:10.0593 2248 Udfs - ok
00:20:10.0593 2248 ultra - ok
00:20:10.0656 2248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:20:10.0656 2248 Update - ok
00:20:10.0718 2248 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:20:10.0718 2248 upnphost - ok
00:20:10.0734 2248 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:20:10.0734 2248 UPS - ok
00:20:10.0734 2248 us30sys - ok
00:20:10.0765 2248 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:20:10.0765 2248 USBAAPL - ok
00:20:10.0781 2248 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:20:10.0781 2248 usbaudio - ok
00:20:10.0812 2248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:20:10.0812 2248 usbccgp - ok
00:20:10.0859 2248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:20:10.0859 2248 usbehci - ok
00:20:10.0875 2248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:20:10.0875 2248 usbhub - ok
00:20:10.0906 2248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:20:10.0921 2248 usbprint - ok
00:20:10.0968 2248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:20:10.0968 2248 usbscan - ok
00:20:11.0000 2248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:20:11.0000 2248 USBSTOR - ok
00:20:11.0015 2248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:20:11.0015 2248 usbuhci - ok
00:20:11.0093 2248 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:20:11.0093 2248 usbvideo - ok
00:20:11.0093 2248 vaiomediaplatform-integratedserver-upnp - ok
00:20:11.0093 2248 VAIOMediaPlatform-PhotoServer-UPnP - ok
00:20:11.0093 2248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:20:11.0109 2248 VgaSave - ok
00:20:11.0109 2248 ViaIde - ok
00:20:11.0125 2248 VKbms (07c20e596a0838809bc5ff5de5a65973) C:\WINDOWS\system32\DRIVERS\VKbms.sys
00:20:11.0125 2248 VKbms - ok
00:20:11.0140 2248 VMUVC - ok
00:20:11.0156 2248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:20:11.0156 2248 VolSnap - ok
00:20:11.0156 2248 vpcvmm - ok
00:20:11.0156 2248 vsbus - ok
00:20:11.0187 2248 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:20:11.0187 2248 VSS - ok
00:20:11.0203 2248 vvftUVC - ok
00:20:11.0312 2248 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
00:20:11.0343 2248 VX6000 - ok
00:20:11.0453 2248 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:20:11.0453 2248 W32Time - ok
00:20:11.0453 2248 wampmysqld - ok
00:20:11.0468 2248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:20:11.0468 2248 Wanarp - ok
00:20:11.0531 2248 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:20:11.0531 2248 Wdf01000 - ok
00:20:11.0531 2248 WDICA - ok
00:20:11.0546 2248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:20:11.0546 2248 wdmaud - ok
00:20:11.0546 2248 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:20:11.0546 2248 WebClient - ok
00:20:11.0562 2248 websensecommunicationagent - ok
00:20:11.0609 2248 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:20:11.0609 2248 winmgmt - ok
00:20:11.0640 2248 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:20:11.0640 2248 WmdmPmSN - ok
00:20:11.0687 2248 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:20:11.0703 2248 Wmi - ok
00:20:11.0718 2248 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:20:11.0781 2248 WmiApSrv - ok
00:20:11.0781 2248 WMIService - ok
00:20:11.0906 2248 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:20:11.0921 2248 WMPNetworkSvc - ok
00:20:11.0968 2248 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:20:11.0968 2248 wscsvc - ok
00:20:12.0000 2248 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:20:12.0000 2248 WSTCODEC - ok
00:20:12.0015 2248 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:20:12.0046 2248 wuauserv - ok
00:20:12.0062 2248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:20:12.0062 2248 WudfPf - ok
00:20:12.0078 2248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:20:12.0078 2248 WudfRd - ok
00:20:12.0093 2248 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:20:12.0093 2248 WudfSvc - ok
00:20:12.0140 2248 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:20:12.0187 2248 WZCSVC - ok
00:20:12.0187 2248 x10nets - ok
00:20:12.0265 2248 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:20:12.0312 2248 xmlprov - ok
00:20:12.0312 2248 yats32 - ok
00:20:12.0328 2248 zpcache - ok
00:20:12.0343 2248 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:20:12.0703 2248 \Device\Harddisk0\DR0 - ok
00:20:12.0703 2248 Boot (0x1200) (af07418429a33e9ff8a46ef4d5638c8b) \Device\Harddisk0\DR0\Partition0
00:20:12.0703 2248 \Device\Harddisk0\DR0\Partition0 - ok
00:20:12.0703 2248 ============================================================
00:20:12.0703 2248 Scan finished
00:20:12.0703 2248 ============================================================
00:20:12.0703 2556 Detected object count: 0
00:20:12.0703 2556 Actual detected object count: 0



MiniToolBox:

MiniToolBox by Farbar Version: 25-06-2012
Ran by Schulzy (administrator) on 09-07-2012 at 18:47:59
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

WPN311 RangeMax™ Wireless PCI Adapter = Wireless Network Connection 2 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : brad Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 00-1D-92-32-C6-73Ethernet adapter Wireless Network Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WPN311 RangeMax™ Wireless PCI Adapter #2 Physical Address. . . . . . . . . : 00-1B-2F-30-EB-71 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.4 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Monday, 9 July 2012 6:25:10 PM Lease Expires . . . . . . . . . . : Tuesday, 10 July 2012 6:25:10 PMServer: www.routerlogin.com
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.237.136, 74.125.237.134, 74.125.237.133, 74.125.237.135
74.125.237.137, 74.125.237.128, 74.125.237.142, 74.125.237.130, 74.125.237.131
74.125.237.132, 74.125.237.129

Pinging google.com [74.125.237.134] with 32 bytes of data:Reply from 74.125.237.134: bytes=32 time=77ms TTL=49Reply from 74.125.237.134: bytes=32 time=82ms TTL=50Ping statistics for 74.125.237.134: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 77ms, Maximum = 82ms, Average = 79msServer: www.routerlogin.com
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=275ms TTL=45Reply from 72.30.38.140: bytes=32 time=280ms TTL=45Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 275ms, Maximum = 280ms, Average = 277msServer: www.routerlogin.com
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 92 32 c6 73 ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 1b 2f 30 eb 71 ...... WPN311 RangeMax™ Wireless PCI Adapter #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.4 192.168.0.4 25
192.168.0.4 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.4 192.168.0.4 25
224.0.0.0 240.0.0.0 192.168.0.4 192.168.0.4 25
255.255.255.255 255.255.255.255 192.168.0.4 192.168.0.4 1
255.255.255.255 255.255.255.255 192.168.0.4 2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/07/2012 11:51:24 PM) (Source: Microsoft Office 11) (User: )
Description: Microsoft Office OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

Error: (07/07/2012 01:01:22 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/04/2012 07:52:13 PM) (Source: Microsoft Office 11) (User: )
Description: Microsoft Office OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

Error: (07/01/2012 01:43:47 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 19.0.1084.56, faulting module chrome.dll, version 19.0.1084.56, fault address 0x0051c743.
Processing media-specific event for [chrome.exe!ws!]

Error: (06/28/2012 06:41:06 PM) (Source: Winlogon) (User: )
Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code 5. The machine
must now be restarted.

Error: (06/27/2012 01:30:39 AM) (Source: Application Error) (User: )
Description: Faulting application league of legends.exe, version 1.0.0.141, faulting module league of legends.exe, version 1.0.0.141, fault address 0x00056be7.
Processing media-specific event for [league of legends.exe!ws!]

Error: (06/26/2012 09:06:41 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 19.0.1084.56, faulting module chrome.dll, version 19.0.1084.56, fault address 0x0051c743.
Processing media-specific event for [chrome.exe!ws!]

Error: (06/24/2012 09:03:40 PM) (Source: Application Hang) (User: )
Description: Hanging application msconfig.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/24/2012 09:02:01 PM) (Source: Diskeeper) (User: )
Description: Diskeeper Control Center - ERROR
Diskeeper was not able to initialize RPC.

Error: (06/24/2012 09:02:01 PM) (Source: Diskeeper) (User: )
Description: Diskeeper Control Center - ERROR
No valid endpoint could be found.


System errors:
=============
Error: (07/09/2012 06:39:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/09/2012 06:25:20 PM) (Source: Service Control Manager) (User: )
Description: The Flashcomadmin service terminated with the following error:
%%126

Error: (07/09/2012 06:25:20 PM) (Source: Service Control Manager) (User: )
Description: The Iaimfp3 service terminated with the following error:
%%126

Error: (07/09/2012 06:25:20 PM) (Source: Service Control Manager) (User: )
Description: The Aavmker4 service terminated with the following error:
%%126

Error: (07/09/2012 06:25:20 PM) (Source: Service Control Manager) (User: )
Description: The Perfos service terminated with the following error:
%%126

Error: (07/09/2012 06:25:20 PM) (Source: Service Control Manager) (User: )
Description: The Brmfrmps service terminated with the following error:
%%126

Error: (07/09/2012 06:25:20 PM) (Source: Service Control Manager) (User: )
Description: The Mctaskmanager service terminated with the following error:
%%126

Error: (07/09/2012 06:25:20 PM) (Source: Service Control Manager) (User: )
Description: The S716mdm service terminated with the following error:
%%126

Error: (07/09/2012 06:25:20 PM) (Source: Service Control Manager) (User: )
Description: The VAIOMediaPlatform-PhotoServer-HTTP service terminated with the following error:
%%126

Error: (07/09/2012 06:25:20 PM) (Source: Service Control Manager) (User: )
Description: The ATKGFNEXSrv service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (07/07/2012 11:51:24 PM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

Error: (07/07/2012 01:01:22 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE11.0.8326.0hungapp0.0.0.000000000

Error: (07/04/2012 07:52:13 PM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

Error: (07/01/2012 01:43:47 PM) (Source: Application Error)(User: )
Description: chrome.exe19.0.1084.56chrome.dll19.0.1084.560051c743

Error: (06/28/2012 06:41:06 PM) (Source: Winlogon)(User: )
Description: C:\WINDOWS\system32\lsass.exe5

Error: (06/27/2012 01:30:39 AM) (Source: Application Error)(User: )
Description: league of legends.exe1.0.0.141league of legends.exe1.0.0.14100056be7

Error: (06/26/2012 09:06:41 PM) (Source: Application Error)(User: )
Description: chrome.exe19.0.1084.56chrome.dll19.0.1084.560051c743

Error: (06/24/2012 09:03:40 PM) (Source: Application Hang)(User: )
Description: msconfig.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (06/24/2012 09:02:01 PM) (Source: Diskeeper)(User: )
Description: Diskeeper was not able to initialize RPC.

Error: (06/24/2012 09:02:01 PM) (Source: Diskeeper)(User: )
Description: No valid endpoint could be found.


=========================== Installed Programs ============================

3DMark03 (Version: 3.4.0)
3DMark06 (Version: 1.0.2)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader 9.1.2 (Version: 9.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5)
Age of Conan - Hyborian Adventures
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Army Builder V3.1c
ASIO4ALL (Version: 2.10)
Assassin's Creed (Version: 1.00)
ATITool Overclocking Utility (Version: 0.26)
Audacity 1.2.6
Audacity 1.3.13 (Unicode)
AVG Free 9.0
Battle.net
Bonjour (Version: 3.0.0.10)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000)
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner (remove only)
CD Key Generator (Version: 6.2.0)
Chinese Traditional Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Command & Conquer The First Decade (Version: 1.00.0000)
Counter-Strike: Source
D-Link VGA Webcam
Dawn of War - Dark Crusade (Version: 1.00.0000)
Dawn Of War - Winter Assault (Version: 1.4)
Dawn Of War (Version: 1.40)
Dead Space™ (Version: 1.0.222.0)
Device Control
DH Driver Cleaner Professional Edition (Version: Version 1.5)
Diablo
Diablo III (Version: 1.0.3.10235)
Diskeeper Professional Edition (Version: 9.0.532)
Doom 3 (Version: 1.3)
Driver Sweeper 1.5.5
DVD Suite (Version: 5.0.1319)
EasyCleaner (Version: 2.0.6.380)
EasyRecovery Professional Trial (Version: 6.10.07)
ESET Online Scanner v3
EVGA Precision 2.1.2 (Version: 2.1.2)
Far Cry 2 (Version: 1.03.00)
FinalRecovery 2.0
FitDay PC version 2.0 (Version: 2.0)
Fraps (remove only)
GameSpy Arcade
Garry's Mod
Google Chrome (Version: 20.0.1132.47)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
Grand Theft Auto IV (Version: 1.00.0000)
Guild Wars
Guitar Pro 5.2
HD Tune 2.55
ijji REACTOR (Version: 1.00.0000)
iTunes (Version: 10.5.0.142)
Japanese Language Support
Java™ 6 Update 17 (Version: 6.0.170)
KRISTAL Audio Engine
League of Legends (Version: 1.3)
LG MC USB Modem driver (Version: 1.0.0.0000)
LG ODD Auto Firmware Update (Version: 9.01.0109.01)
LG PC Suite II (Version: 2.00.0000)
LightWave 3D 9 (Version: 9.0)
Liveupdate4
Logitech Eyetoy USB Camera
Macromedia Extension Manager (Version: 1.7.240)
Macromedia Flash 8 (Version: 8.00.0000)
Macromedia Flash 8 Video Encoder (Version: 1.00.0000)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Age of Empires
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Games for Windows - LIVE (Version: 2.0.687.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.687.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft LifeCam (Version: 1.21.113.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Motorsport ECU Manager
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Native Instruments Controller Editor
Native Instruments Controller Editor (Version: 1.3.5.667)
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig 5 (Version: 5.0.1.2447)
Native Instruments Guitar Rig Session I/O
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.2.6.676)
NETGEAR WPN311 Wireless Adapter (Version: 1.00.0000)
Nitro PDF Professional (Version: 6.0.1.8)
Nokia Connectivity Cable Driver (Version: 7.0.2.0)
Nokia Flashing Cable Driver (Version: 8.6.0.2)
Nokia Home Media Server (Version: 1.0.38)
Nokia Ovi Application Installer (Version: 6.85.3010)
Nokia Ovi Application Installer 6.85.3010
Nokia Ovi Content Copier (Version: 6.85.3010)
Nokia Ovi Content Copier 6.85.3010
Nokia Ovi Suite (Version: 3.1.152)
Nokia Ovi System Utilities (Version: 6.85.3010)
Nokia Ovi System Utilities 6.85.3010
Nokia Software Updater (Version: 01.04.035.32590)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527)
NVIDIA PhysX (Version: 9.10.0224)
Oblivion (Version: 1.00.0000)
Octoshape Streaming Services
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Pando Media Booster (Version: 2.6.0.7)
PC Connectivity Solution (Version: 8.22.7.0)
PFPortChecker 1.0.28 (Version: 1.0.28)
Pivot Stickfigure Animator (Version: 2.2.5)
PowerDVD (Version: 7.0.2414.0)
PowerISO (Version: 4.8)
PunkBuster Services (Version: 0.986)
Razer DeathAdder™ Mouse (Version: 3.03)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.30.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6151)
REAPER
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition)
Rockstar Games Social Club (Version: 1.00.0000)
Runes of Magic (Version: 3.0.1.2153)
Segoe UI (Version: 14.0.4327.805)
Sentinel Protection Installer 7.3.0 (Version: 7.3.0)
ShortKeys Lite (Version: 2.3.2.1)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
Soul of the Ultimate Nation (Version: 1.6.1)
Sparkplayer (Beta)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SQL Server System CLR Types (Version: 10.0.1600.22)
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
Stellarium 0.11.0
Stickman 5 (Version: 5.5)
Sudden Strike
Superior Drummer Installer (Version: 2.0.1)
System Requirements Lab for Intel (Version: 4.3.1.0)
TA WarZone Client
TeamSpeak 2 RC2 (Version: 2.0.32.60)
Toontrack solo (Version: 1.1.1)
TortoiseSVN 1.6.10.19898 (32 bit) (Version: 1.6.19898)
Tortun 0.8
Total Annihilation
TwonkyMedia (Version: 0.4.24.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Ventrilo Client (Version: 3.0.1)
Visual C++ 8.0 Runtime Setup Package (Version: 1.0.0.0)
VLC media player 1.1.0 (Version: 1.1.0)
VST Bridge 1.1
Vuze
Warcraft III: All Products
Warhammer 40,000: Dawn of War II
Warhammer Mark of Chaos (Version: 1.000.000)
Warhammer Online - Age of Reckoning (Version: )
WarZone Client v1.0.41
WarZone Client v1.0.44
WC3Banlist (Version: 3.0)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 3.1 (Version: 3.1.0.27)
WinRAR archiver
World of Warcraft (Version: 4.3.4.15595)
World of Warcraft Public Test (Version: 0.0.0.0)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall (Version: 1.1)
Yawcam 0.3.6

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 3327.23 MB
Available physical RAM: 2680.88 MB
Total Pagefile: 6497.4 MB
Available Pagefile: 6068.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.5 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:124.2 GB) NTFS
3 Drive d: (D3C1.0.0) (CDROM) (Total:7.6 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\BRAD

Administrator ASPNET Guest
HelpAssistant Schulzy SUPPORT_388945a0


**** End of log ****

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:16 PM

Posted 09 July 2012 - 08:15 AM

malwarebytes log?

#8 Schulzy

Schulzy
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 09 July 2012 - 08:44 AM

Sorry forgot to post that, I did a full malwarebytes scan as you asked then rebooted and did a normal scan and the log came up clean with no bad entries so I figured i wouldn't need to post it.

This is what the initial full scan picked up, The second quick scan came up clean.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Schulzy :: BRAD [administrator]

9/07/2012 12:23:43 AM
mbam-log-2012-07-09 (07-30-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 514624
Time elapsed: 3 hour(s), 19 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 179
C:\System Volume Information\_restore{04536FF0-E795-46C4-938B-4334C11F092B}\RP828\A0196827.exe (Trojan.Agent.TRGen) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\rtkt0000\zafs0000\tsk0003.dta (Rootkit.0Access) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\rtkt0000\zafs0000\tsk0004.dta (PUP.BitMiner) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0001\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0002\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0003\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0004\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0005\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0006\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0007\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0008\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0009\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0010\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0011\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0012\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0013\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0014\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0015\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0016\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0017\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0018\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0020\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0021\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0022\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0023\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0024\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0025\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0026\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0027\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0028\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0029\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0030\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0031\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0032\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0033\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0034\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0035\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0036\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0037\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0038\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0040\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0041\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0042\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0043\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0044\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0045\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0046\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0047\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0048\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0049\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0050\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0051\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0052\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0053\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0054\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0055\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0056\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0057\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0058\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0060\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0061\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0062\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0063\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0064\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0065\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0066\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0067\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0068\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0069\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0070\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0071\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0072\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0073\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0074\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0075\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0076\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0077\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0078\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0080\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0081\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0082\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0083\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0084\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0085\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0086\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0087\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0088\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0089\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0090\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0091\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0092\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0093\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0094\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0095\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0096\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0097\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0098\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0019\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0039\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0059\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0079\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0099\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0119\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0139\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0100\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0101\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0102\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0103\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0104\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0105\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0106\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0107\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0108\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0109\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0110\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0111\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0112\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0113\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0114\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0115\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0116\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0117\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0118\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0120\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0121\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0122\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0123\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0124\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0125\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0126\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0127\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0128\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0129\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0130\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0131\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0132\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0133\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0134\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0135\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0136\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0137\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0138\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0140\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0141\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0142\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0143\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0144\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0145\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0146\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0147\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0148\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0149\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0150\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0151\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0152\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0153\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0154\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0155\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0156\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0157\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0158\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0159\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0160\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0161\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0162\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0163\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0164\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0165\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0166\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0167\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0168\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0169\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\zaea0170\svc0000\tsk0000.dta (RootKit.0Access.H) -> No action taken.
C:\WINDOWS\Temp\jar_cache1638528680731527649.tmp (Trojan.Agent.MRGGen) -> No action taken.
C:\WINDOWS\Temp\jyvqvyshixxg.exe (Spyware.Zeus) -> No action taken.
C:\WINDOWS\Temp\xctngvykqjlrltuv.exe (Spyware.Zeus) -> No action taken.
C:\WINDOWS\Temp\ynawhpeckdukbbchdko.exe (Spyware.Zeus) -> No action taken.
C:\WINDOWS\Temp\zfguvbsoiblghw.exe (Spyware.Zeus) -> No action taken.

(end)

Edited by Schulzy, 09 July 2012 - 08:46 AM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:16 PM

Posted 09 July 2012 - 08:49 AM

Run ESET online scanner ,remove all infections,restart the PC ,run MBAM again(make sure to remove all infections),post the clean log

#10 Schulzy

Schulzy
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 09 July 2012 - 10:21 AM

Ok will do, When I ran the aswMBR scan in one of the previous steps was I meant to hit the 'fix' or 'fixMBR' button after the scan? Because I didn't, I just got the log and then closed the program without fixing anything.

Edited by Schulzy, 09 July 2012 - 10:22 AM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:16 PM

Posted 09 July 2012 - 10:35 AM

Ignore it :thumbup2:

#12 Schulzy

Schulzy
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 10 July 2012 - 05:37 AM

Ok I ran the scans again

ESET log:

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\76cd9281-7361950b multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\28\40b35bdc-42837bb2 multiple threats deleted - quarantined
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\12\3423a40c-47984df7 Java/Exploit.Blacole trojan cleaned by deleting - quarantined
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\32\7a80ca60-73798a64 multiple threats deleted - quarantined
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\52\19aea434-40d793d7 multiple threats deleted - quarantined
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\63\3c53b4bf-5df34464 multiple threats deleted - quarantined
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\8\2e0cd748-34b1f89e Java/TrojanDownloader.OpenConnection.AP trojan cleaned by deleting - quarantined
C:\Documents and Settings\Schulzy\Application Data\Sun\Java\Deployment\cache\6.0\9\9b46509-5d10dbbd a variant of Java/Exploit.CVE-2011-3544.AZ trojan deleted - quarantined
C:\Documents and Settings\Schulzy\Desktop\22 OCT\6-10-10 junk\SoftonicDownloader_for_pivot-stickfigure-animator.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Documents and Settings\Schulzy\Desktop\Brad 2012 cleanup\cnet_erprot_610_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Schulzy\Desktop\Brad 2012 cleanup\cnet_fr_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Schulzy\Local Settings\Temp\jar_cache6854315372319510755.tmp multiple threats deleted - quarantined
C:\Documents and Settings\Schulzy\Local Settings\Temp\ICReinstall\cnet_erprot_610_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Schulzy\Local Settings\Temp\ICReinstall\cnet_fr_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.FB trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\rtkt0000\zafs0000\tsk0014.dta Win32/Sirefef.ES trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.07.2012_17.06.45\rtkt0000\zafs0000\tsk0016.dta a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\jar_cache1300837375917844832.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache1535066787029019953.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache1682991212054327773.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache3515089050650943936.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache3766485965480112634.tmp a variant of Java/Exploit.CVE-2012-0507.CU trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache4345055837665687218.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache4701408136758010365.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache4854172631857475682.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache508533459697462638.tmp a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache6352773748143947806.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache6843600437969866867.tmp a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache7036556532343190014.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache7198273684094777094.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache8013508156994400258.tmp a variant of Java/Exploit.CVE-2011-3544.A trojan deleted - quarantined
C:\WINDOWS\Temp\jar_cache8280680403085914895.tmp a variant of Java/Exploit.CVE-2011-3544.B trojan deleted - quarantined

MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Schulzy :: BRAD [administrator]

10/07/2012 5:52:29 PM
mbam-log-2012-07-10 (17-52-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255830
Time elapsed: 17 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



I Also updated my AVG to the 2012 version and after install it popped up saying this

I keep getting prompts saying 'svchost.exe' has encountered an error, The last 3 errors in the AVG prompt that show as 'Trojan horse Agent_r.ARH' all list the process name as 'svchost.exe'

Posted Image

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:16 PM

Posted 10 July 2012 - 06:07 AM

We have already removed them,click on REMOVE ALL UNHEALED option,scan AVG again.Let me know the results

#14 Schulzy

Schulzy
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 16 July 2012 - 09:10 AM

Hey thanks for all your help, I was still getting virus's and trojans showing up no matter how many times I scanned and cleaned but after all this it looks like my hard drive is just about to die :/ it will only boot up every second or third try and makes terrible noises.

So looks like I'll be getting a new hard drive and starting all over, so hopefully no viruses this time around :)

Thanks for all your help.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:16 PM

Posted 16 July 2012 - 09:34 AM

Thanks for letting me know :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users