Results 1 to 10 of 100

Thread: IDP & Crypt AQLW Trojan DDS Log pasted.

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default IDP & Crypt AQLW Trojan DDS Log pasted.

    I am affected with the IDP & Crypt AQLW Trojan

    Below is the DDS Log.

    I an Running AVG which has removed infected files, and I have renamed the file ping.exe with .tmp

    I have used Malawarebytes and Spy Hunter without any sucess.

    Osjknights.



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Dr Michael Foster at 16:44:25 on 2012-04-21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2149 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\FaxTalk\FTClCtrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Magic Formation\MagicFormation.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\WFXSVC.EXE
    C:\Program Files\winfax\WFXMOD32.EXE
    C:\Program Files\FaxTalk\FTmsgsvc.exe
    C:\Program Files\FaxTalk\FAPIEXE.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG\AVG2012\avgui.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www2.prestel.co.uk/church/oosj/osj.htm
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [<NO NAME>]
    mRun: [WFXSwtch] c:\progra~1\winfax\WFXSWTCH.exe
    mRun: [WinFaxAppPortStarter] wfxsnt40.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [nwiz] nwiz.exe /install
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
    mRun: [FaxTalk FaxCenter Pro 8] "c:\program files\faxtalk\FTClCtrl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [NSU_agent] "c:\program files\nokia\nokia software updater\nsu3ui_agent.exe"
    mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\magicf~1.lnk - c:\program files\magic formation\MagicFormation.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{91110409-6000-11d3-8cfe-0150048383c9}\outicon.exe
    uPolicies-explorer: EditLevel = 0 (0x0)
    uPolicies-explorer: NoCommonGroups = 0 (0x0)
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272219582312
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272219964125
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{66288D8B-0BDD-49CD-A8BF-F60503515F72} : DhcpNameServer = 192.168.1.254
    Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\winfax\WfxSeh32.Dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 295248]
    R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2010-5-7 16048]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-11-13 116608]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2010-7-31 162096]
    R2 FaxTalk FaxCenter Pro 8;FaxTalk FaxCenter Pro 8;c:\program files\faxtalk\FTmsgsvc.exe [2011-9-23 33120]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-21 654408]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
    R2 SdReadSpool;SolidPDFCreatorReadSpool;c:\program files\soliddocuments\solidpdfcreator\spc\SolidPdfService.exe [2009-3-18 189696]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-1-18 737184]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
    R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
    R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-21 22344]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S2 ccevtmgr;Bdfdll;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
    S2 navapel;SaiNtBus;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-4-28 1691480]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
    S3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2009-4-18 469935]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-15 137600]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-15 8576]
    S3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-7-19 21520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
    .
    =============== Created Last 30 ================
    .
    2012-04-21 08:26:33 -------- d-----w- c:\documents and settings\dr michael foster\application data\Malwarebytes
    2012-04-21 08:26:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-04-21 08:26:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-21 08:26:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-04-21 08:25:42 -------- d-----w- C:\Malwarebytes
    2012-04-20 17:49:14 4948 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-04-20 17:40:28 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-04-20 14:55:45 110080 ----a-r- c:\documents and settings\dr michael foster\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
    2012-04-20 14:55:45 110080 ----a-r- c:\documents and settings\dr michael foster\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
    2012-04-20 14:55:45 110080 ----a-r- c:\documents and settings\dr michael foster\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
    2012-04-20 14:55:39 -------- d-----w- C:\sh4ldr
    2012-04-20 14:55:39 -------- d-----w- c:\program files\Enigma Software Group
    2012-04-20 14:54:49 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2012-04-20 14:51:45 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2012-04-20 14:51:44 -------- d-----w- c:\documents and settings\dr michael foster\application data\TestApp
    2012-04-20 14:20:53 664 ----a-w- c:\windows\system32\x(dat)d3d9caps.dat.tmp
    2012-04-20 14:00:41 0 --sha-w- c:\windows\system32\x(cmd)dds_trash_log.cmd.tmp
    2012-04-20 14:00:40 -------- d-----w- c:\documents and settings\all users\application data\B7E8587A4FE3ECF660BFD1C8D151FC4E
    2012-04-04 15:18:29 -------- d-----w- c:\program files\Copy of WinFax
    2012-04-04 14:18:04 -------- d-----w- c:\program files\winfax
    2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2012-04-03 07:25:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-03-24 16:12:21 -------- d-----w- c:\program files\Attribute Changer
    .
    ==================== Find3M ====================
    .
    2012-04-20 14:14:26 80428 ----a-w- c:\windows\system32\x(dat)perfc009.dat.tmp
    2012-04-20 14:14:26 553232 ----a-w- c:\windows\system32\x(INI)PerfStringBackup.INI.tmp
    2012-04-20 14:14:26 462756 ----a-w- c:\windows\system32\x(dat)perfh009.dat.tmp
    2012-04-13 17:58:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-04 14:18:09 41 ----a-w- c:\windows\WFXDEL.BAT
    2012-03-11 12:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 16:45:05.26 ===============

  2. #2
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    IMPORTANT NOTE : Please do not delete anything unless instructed to.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
    Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


    Vista and Windows 7 users:
    These tools MUST be run from the executable (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    First we need to make all files and folders VISIBLE:

    • Go to start>control panel>folder options>view
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with OK

    ---------

    **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

    Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

    If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

    If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
    ----------


    Please download aswMBR to your desktop.

    • Right click and Run as Administrator the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.



    Click the image to enlarge it
    ----------

  3. #3
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default aswMER report

    I could not sign in as Administrator (although I have never set a password the dialogue asked for one).

    Here is the Scan Result;

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-22 08:18:41
    -----------------------------
    08:18:41.140 OS Version: Windows 5.1.2600 Service Pack 3
    08:18:41.140 Number of processors: 4 586 0xF0B
    08:18:41.140 ComputerName: KNIGHTS-2EE6007 UserName:
    08:18:43.000 Initialize success
    08:20:05.656 AVAST engine defs: 12042101
    08:20:40.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    08:20:40.093 Disk 0 Vendor: WDC_WD2500JS-55NCB1 10.02E01 Size: 238475MB BusType: 3
    08:20:40.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    08:20:40.093 Disk 1 Vendor: WDC_WD10EARS-00MVWB0 51.0AB51 Size: 953869MB BusType: 3
    08:20:40.125 Disk 0 MBR read successfully
    08:20:40.125 Disk 0 MBR scan
    08:20:40.171 Disk 0 Windows XP default MBR code
    08:20:40.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
    08:20:40.171 Disk 0 scanning sectors +488376000
    08:20:40.281 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:20:40.765 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Aluroot-C [Rtk]
    08:20:53.609 Disk 0 trace - called modules:
    08:20:53.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a621fd0]<<
    08:20:53.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae6dab8]
    08:20:53.640 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8aa45920]
    08:20:53.640 \Driver\00002377[0x8acbd270] -> IRP_MJ_CREATE -> 0x8a621fd0
    08:20:54.812 AVAST engine scan C:\WINDOWS
    08:21:03.453 AVAST engine scan C:\WINDOWS\system32
    08:21:08.750 File: C:\WINDOWS\system32\bc_ip_f.dll **INFECTED** Win32:Sirefef-SM [Trj]
    08:21:49.234 File: C:\WINDOWS\system32\MA8032M.dll **INFECTED** Win32:Sirefef-SM [Trj]
    08:22:19.250 File: C:\WINDOWS\system32\ose.dll **INFECTED** Win32:Sirefef-SM [Trj]
    08:23:56.937 AVAST engine scan C:\WINDOWS\system32\drivers
    08:23:57.484 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Aluroot-C [Rtk]
    08:24:16.812 AVAST engine scan C:\Documents and Settings\Dr Michael Foster
    08:49:24.812 AVAST engine scan C:\Documents and Settings\All Users
    09:28:45.921 Scan finished successfully
    09:58:06.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\My Files\MBR.dat"
    09:58:06.968 The log file has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\My Files\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-22 08:18:41
    -----------------------------
    08:18:41.140 OS Version: Windows 5.1.2600 Service Pack 3
    08:18:41.140 Number of processors: 4 586 0xF0B
    08:18:41.140 ComputerName: KNIGHTS-2EE6007 UserName:
    08:18:43.000 Initialize success
    08:20:05.656 AVAST engine defs: 12042101
    08:20:40.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    08:20:40.093 Disk 0 Vendor: WDC_WD2500JS-55NCB1 10.02E01 Size: 238475MB BusType: 3
    08:20:40.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
    08:20:40.093 Disk 1 Vendor: WDC_WD10EARS-00MVWB0 51.0AB51 Size: 953869MB BusType: 3
    08:20:40.125 Disk 0 MBR read successfully
    08:20:40.125 Disk 0 MBR scan
    08:20:40.171 Disk 0 Windows XP default MBR code
    08:20:40.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
    08:20:40.171 Disk 0 scanning sectors +488376000
    08:20:40.281 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:20:40.765 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Aluroot-C [Rtk]
    08:20:53.609 Disk 0 trace - called modules:
    08:20:53.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a621fd0]<<
    08:20:53.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae6dab8]
    08:20:53.640 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8aa45920]
    08:20:53.640 \Driver\00002377[0x8acbd270] -> IRP_MJ_CREATE -> 0x8a621fd0
    08:20:54.812 AVAST engine scan C:\WINDOWS
    08:21:03.453 AVAST engine scan C:\WINDOWS\system32
    08:21:08.750 File: C:\WINDOWS\system32\bc_ip_f.dll **INFECTED** Win32:Sirefef-SM [Trj]
    08:21:49.234 File: C:\WINDOWS\system32\MA8032M.dll **INFECTED** Win32:Sirefef-SM [Trj]
    08:22:19.250 File: C:\WINDOWS\system32\ose.dll **INFECTED** Win32:Sirefef-SM [Trj]
    08:23:56.937 AVAST engine scan C:\WINDOWS\system32\drivers
    08:23:57.484 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Aluroot-C [Rtk]
    08:24:16.812 AVAST engine scan C:\Documents and Settings\Dr Michael Foster
    08:49:24.812 AVAST engine scan C:\Documents and Settings\All Users
    09:28:45.921 Scan finished successfully
    09:58:06.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\My Files\MBR.dat"
    09:58:06.968 The log file has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\My Files\aswMBR.txt"
    10:04:16.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\My Files\MBR.dat"
    10:04:16.843 The log file has been saved successfully to "C:\Documents and Settings\Dr Michael Foster\My Files\aswMBR.txt"

  4. #4
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default PS Thanks

    PS Jeff - Thanks for assisting me. Michael.

  5. #5
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Looks like we have quite an infection here.

    Please download TDSSKiller
    • Double-click to run TDSSKiller.exe
    • Press Change Parameters
    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    • Click on the Start Scan button
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
      • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • Copy and paste the log in your next reply
      • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    ----------

  6. #6
    Member
    Join Date
    Apr 2012
    Posts
    66

    Default Difficulties

    The program did not offer a choice on delete or cure, but listed Delete, or Copy to Quarantine or Skip - and made its own judgement according to assessment of risk - then when I pressed continue it states "cure in progress" and then asked for reboot which I have not yet done. I await your OK on the Report.

    Here is the report - I await to reboot - but do not wish to loose valuable files. I do have a second hard disk "F" with Windows 7, to which I can reboot if I wish, but prefer to use my Xp system which is now infected.

    Also Windows Explorer will not fire up. I have one window open, if I loose that I cannot access any files!

    Report


    20:42:53.0531 1144 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
    20:42:54.0015 1144 ============================================================
    20:42:54.0015 1144 Current date / time: 2012/04/22 20:42:54.0015
    20:42:54.0015 1144 SystemInfo:
    20:42:54.0015 1144
    20:42:54.0015 1144 OS Version: 5.1.2600 ServicePack: 3.0
    20:42:54.0015 1144 Product type: Workstation
    20:42:54.0015 1144 ComputerName: KNIGHTS-2EE6007
    20:42:54.0015 1144 UserName: Dr Michael Foster
    20:42:54.0015 1144 Windows directory: C:\WINDOWS
    20:42:54.0015 1144 System windows directory: C:\WINDOWS
    20:42:54.0015 1144 Processor architecture: Intel x86
    20:42:54.0015 1144 Number of processors: 4
    20:42:54.0015 1144 Page size: 0x1000
    20:42:54.0015 1144 Boot type: Normal boot
    20:42:54.0015 1144 ============================================================
    20:42:54.0593 1144 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    20:42:54.0609 1144 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
    20:42:54.0671 1144 Drive \Device\Harddisk2\DR5 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'W'
    20:42:54.0718 1144 Drive \Device\Harddisk7\DR21 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    20:42:54.0718 1144 \Device\Harddisk0\DR0:
    20:42:54.0718 1144 MBR partitions:
    20:42:54.0718 1144 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
    20:42:54.0718 1144 \Device\Harddisk1\DR1:
    20:42:54.0718 1144 MBR partitions:
    20:42:54.0718 1144 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    20:42:54.0718 1144 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    20:42:54.0718 1144 \Device\Harddisk2\DR5:
    20:42:54.0718 1144 MBR partitions:
    20:42:54.0718 1144 \Device\Harddisk2\DR5\Partition0: MBR, Type 0x7, StartLBA 0xABE800, BlocksNum 0x2EE000
    20:42:54.0718 1144 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0xDAC800, BlocksNum 0x1C418800
    20:42:54.0718 1144 \Device\Harddisk7\DR21:
    20:42:54.0718 1144 MBR partitions:
    20:42:54.0718 1144 \Device\Harddisk7\DR21\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD2080
    20:42:54.0781 1144 C: <-> \Device\Harddisk0\DR0\Partition0
    20:42:54.0781 1144 E: <-> \Device\Harddisk1\DR1\Partition0
    20:42:54.0812 1144 F: <-> \Device\Harddisk1\DR1\Partition1
    20:42:54.0812 1144 L: <-> \Device\Harddisk2\DR5\Partition0
    20:42:54.0812 1144 M: <-> \Device\Harddisk2\DR5\Partition1
    20:42:54.0812 1144 Initialize success
    20:42:54.0812 1144 ============================================================
    20:43:01.0953 2240 ============================================================
    20:43:01.0953 2240 Scan started
    20:43:01.0953 2240 Mode: Manual; SigCheck; TDLFS;
    20:43:01.0953 2240 ============================================================
    20:43:02.0656 2240 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    20:43:02.0765 2240 !SASCORE - ok
    20:43:02.0906 2240 3combootp (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SaiU040B.dll
    20:43:02.0937 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\SaiU040B.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:02.0937 2240 3combootp ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:02.0937 2240 3combootp - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:03.0015 2240 48309816 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\36856496.sys
    20:43:03.0093 2240 55688713 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\20783334.sys
    20:43:03.0156 2240 75860562 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\44860080.sys
    20:43:03.0218 2240 79782063 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\25315525.sys
    20:43:03.0234 2240 Abiosdsk - ok
    20:43:03.0234 2240 abp480n5 - ok
    20:43:03.0312 2240 acmservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pnkbstra.dll
    20:43:03.0343 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\pnkbstra.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:03.0343 2240 acmservice ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:03.0343 2240 acmservice - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:03.0406 2240 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:43:03.0859 2240 ACPI - ok
    20:43:03.0890 2240 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    20:43:03.0984 2240 ACPIEC - ok
    20:43:04.0000 2240 adaptecstoragemanageragent - ok
    20:43:04.0031 2240 adfs (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tifm.dll
    20:43:04.0031 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\tifm.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:04.0031 2240 adfs ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:04.0031 2240 adfs - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:04.0109 2240 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    20:43:04.0125 2240 AdobeFlashPlayerUpdateSvc - ok
    20:43:04.0140 2240 adpu160m - ok
    20:43:04.0140 2240 adsexpb - ok
    20:43:04.0203 2240 ADSMService (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\vpcvmm.dll
    20:43:04.0343 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\vpcvmm.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:04.0343 2240 ADSMService ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:04.0343 2240 ADSMService - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:04.0468 2240 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:43:04.0562 2240 aec - ok
    20:43:04.0640 2240 AFD (c72ab380d32c2bf8bcb62504f1998254) C:\WINDOWS\System32\drivers\afd.sys
    20:43:04.0734 2240 AFD ( UnsignedFile.Multi.Generic ) - warning
    20:43:04.0734 2240 AFD - detected UnsignedFile.Multi.Generic (1)
    20:43:04.0765 2240 Aha154x - ok
    20:43:04.0781 2240 aic78u2 - ok
    20:43:04.0796 2240 aic78xx - ok
    20:43:04.0796 2240 alcxsens - ok
    20:43:04.0859 2240 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    20:43:04.0968 2240 Alerter - ok
    20:43:04.0968 2240 alertservice - ok
    20:43:04.0984 2240 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    20:43:05.0046 2240 ALG - ok
    20:43:05.0218 2240 AliIde - ok
    20:43:06.0406 2240 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    20:43:06.0593 2240 Ambfilt - ok
    20:43:06.0875 2240 amdk7 - ok
    20:43:06.0968 2240 amsint - ok
    20:43:07.0171 2240 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:43:07.0187 2240 Apple Mobile Device - ok
    20:43:07.0328 2240 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    20:43:07.0375 2240 AppMgmt - ok
    20:43:07.0406 2240 ar5211 - ok
    20:43:07.0437 2240 arkbcfltr - ok
    20:43:07.0515 2240 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    20:43:07.0609 2240 Arp1394 - ok
    20:43:07.0625 2240 asc - ok
    20:43:07.0625 2240 asc3350p - ok
    20:43:07.0640 2240 asc3550 - ok
    20:43:07.0765 2240 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    20:43:07.0781 2240 aspnet_state - ok
    20:43:07.0968 2240 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:43:08.0062 2240 AsyncMac - ok
    20:43:08.0109 2240 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:43:08.0203 2240 atapi - ok
    20:43:08.0265 2240 Atdisk - ok
    20:43:08.0328 2240 atiavaiw (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\UVCFTR.dll
    20:43:08.0343 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\UVCFTR.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:08.0343 2240 atiavaiw ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:08.0343 2240 atiavaiw - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:08.0421 2240 atimtag (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\imountsrv.dll
    20:43:08.0453 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\imountsrv.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:08.0453 2240 atimtag ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:08.0453 2240 atimtag - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:08.0562 2240 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:43:08.0656 2240 Atmarpc - ok
    20:43:08.0718 2240 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    20:43:08.0828 2240 AudioSrv - ok
    20:43:08.0890 2240 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:43:08.0984 2240 audstub - ok
    20:43:09.0265 2240 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    20:43:09.0437 2240 AVGIDSAgent - ok
    20:43:09.0484 2240 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    20:43:09.0484 2240 AVGIDSDriver - ok
    20:43:09.0531 2240 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    20:43:09.0546 2240 AVGIDSEH - ok
    20:43:09.0562 2240 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    20:43:09.0578 2240 AVGIDSFilter - ok
    20:43:09.0640 2240 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    20:43:09.0640 2240 AVGIDSShim - ok
    20:43:09.0687 2240 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    20:43:09.0703 2240 Avgldx86 - ok
    20:43:09.0734 2240 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    20:43:09.0734 2240 Avgmfx86 - ok
    20:43:09.0765 2240 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    20:43:09.0781 2240 Avgrkx86 - ok
    20:43:09.0859 2240 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    20:43:09.0875 2240 Avgtdix - ok
    20:43:09.0906 2240 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    20:43:09.0921 2240 avgwd - ok
    20:43:09.0984 2240 avpnnic (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ikfileflt.dll
    20:43:10.0015 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\ikfileflt.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:10.0015 2240 avpnnic ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:10.0015 2240 avpnnic - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:10.0109 2240 backupclientsvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ARCSOFTVIRTUALCAPTURE.dll
    20:43:10.0156 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\ARCSOFTVIRTUALCAPTURE.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:10.0156 2240 backupclientsvc ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:10.0156 2240 backupclientsvc - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:10.0234 2240 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
    20:43:10.0265 2240 BANTExt ( UnsignedFile.Multi.Generic ) - warning
    20:43:10.0265 2240 BANTExt - detected UnsignedFile.Multi.Generic (1)
    20:43:10.0359 2240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:43:10.0468 2240 Beep - ok
    20:43:10.0468 2240 belmonitorservice - ok
    20:43:10.0546 2240 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    20:43:10.0640 2240 BITS - ok
    20:43:10.0687 2240 bobo (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\agnwifi.dll
    20:43:10.0687 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\agnwifi.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:10.0687 2240 bobo ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:10.0687 2240 bobo - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:10.0781 2240 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    20:43:10.0875 2240 Browser - ok
    20:43:10.0890 2240 BrUsbSer - ok
    20:43:10.0984 2240 btcsrusb (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\AtiHdmiService.dll
    20:43:10.0984 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\AtiHdmiService.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:10.0984 2240 btcsrusb ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:10.0984 2240 btcsrusb - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:11.0062 2240 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    20:43:11.0156 2240 BthEnum - ok
    20:43:11.0187 2240 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    20:43:11.0265 2240 BTHMODEM - ok
    20:43:11.0312 2240 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    20:43:11.0437 2240 BthPan - ok
    20:43:11.0484 2240 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    20:43:11.0531 2240 BTHPORT - ok
    20:43:11.0562 2240 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
    20:43:11.0671 2240 BthServ - ok
    20:43:11.0703 2240 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    20:43:11.0781 2240 BTHUSB - ok
    20:43:11.0828 2240 btwdndis (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\Shockprf.dll
    20:43:11.0828 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\Shockprf.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:11.0828 2240 btwdndis ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:11.0828 2240 btwdndis - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:11.0843 2240 C-Dilla - ok
    20:43:11.0890 2240 Cap7134 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\CdaC15BA.dll
    20:43:11.0906 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\CdaC15BA.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:11.0906 2240 Cap7134 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:11.0906 2240 Cap7134 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:11.0984 2240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:43:12.0078 2240 cbidf2k - ok
    20:43:12.0109 2240 ccevtmgr - ok
    20:43:12.0125 2240 cd20xrnt - ok
    20:43:12.0125 2240 CdaD10BA - ok
    20:43:12.0140 2240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:43:12.0234 2240 Cdaudio - ok
    20:43:12.0328 2240 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:43:12.0437 2240 Cdfs - ok
    20:43:12.0531 2240 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:43:12.0625 2240 Cdrom - ok
    20:43:12.0656 2240 Changer (daf1a8193b6caf0fb858cadcc5c4af4a) C:\WINDOWS\system32\drivers\Changer.sys
    20:43:12.0750 2240 Changer - ok
    20:43:12.0796 2240 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    20:43:12.0875 2240 CiSvc - ok
    20:43:12.0937 2240 CLBStor (0252b4007a8f3a6cc61220cbe122544d) C:\WINDOWS\system32\drivers\CLBStor.sys
    20:43:12.0953 2240 CLBStor - ok
    20:43:13.0000 2240 CLBUDF (dc705765a170f7bd8af3632c93b03f0b) C:\WINDOWS\system32\drivers\CLBUDF.sys
    20:43:13.0015 2240 CLBUDF - ok
    20:43:13.0015 2240 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    20:43:13.0125 2240 ClipSrv - ok
    20:43:13.0203 2240 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:43:13.0218 2240 clr_optimization_v2.0.50727_32 - ok
    20:43:13.0281 2240 cmbatt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\swwd.dll
    20:43:13.0296 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\swwd.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:13.0296 2240 cmbatt ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:13.0296 2240 cmbatt - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:13.0296 2240 CmdIde - ok
    20:43:13.0312 2240 CoachUsb - ok
    20:43:13.0312 2240 commserver - ok
    20:43:13.0328 2240 COMSysApp - ok
    20:43:13.0328 2240 Cpqarray - ok
    20:43:13.0421 2240 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    20:43:13.0421 2240 cpudrv - ok
    20:43:13.0484 2240 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    20:43:13.0562 2240 CryptSvc - ok
    20:43:13.0609 2240 ctprxy2k (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\fsdfwd.dll
    20:43:13.0609 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\fsdfwd.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:13.0609 2240 ctprxy2k ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:13.0609 2240 ctprxy2k - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:13.0703 2240 curtainssyssvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\imountsrv.dll
    20:43:13.0703 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\imountsrv.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:13.0703 2240 curtainssyssvc ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:13.0703 2240 curtainssyssvc - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:13.0781 2240 CXAVXBAR (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\PQNTDrv.dll
    20:43:13.0796 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\PQNTDrv.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:13.0796 2240 CXAVXBAR ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:13.0796 2240 CXAVXBAR - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:13.0796 2240 cygserver - ok
    20:43:13.0796 2240 dac2w2k - ok
    20:43:13.0812 2240 dac960nt - ok
    20:43:13.0812 2240 DC21x4 - ok
    20:43:13.0890 2240 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    20:43:13.0937 2240 DcomLaunch - ok
    20:43:14.0015 2240 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    20:43:14.0109 2240 Dhcp - ok
    20:43:14.0171 2240 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:43:14.0281 2240 Disk - ok
    20:43:14.0328 2240 dladresn - ok
    20:43:14.0328 2240 dmadmin - ok
    20:43:14.0437 2240 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    20:43:14.0562 2240 dmboot - ok
    20:43:14.0609 2240 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    20:43:14.0718 2240 dmio - ok
    20:43:14.0765 2240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:43:14.0859 2240 dmload - ok
    20:43:15.0156 2240 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    20:43:15.0250 2240 dmserver - ok
    20:43:15.0312 2240 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:43:15.0406 2240 DMusic - ok
    20:43:15.0468 2240 DNE (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\PNDIS5.dll
    20:43:15.0500 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\PNDIS5.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:15.0500 2240 DNE ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:15.0500 2240 DNE - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:15.0562 2240 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    20:43:15.0609 2240 Dnscache - ok
    20:43:15.0671 2240 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    20:43:15.0765 2240 Dot3svc - ok
    20:43:15.0781 2240 dpti2o - ok
    20:43:15.0828 2240 dptrackerd (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\aavmker4.dll
    20:43:15.0859 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\aavmker4.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:15.0859 2240 dptrackerd ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:15.0859 2240 dptrackerd - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:15.0890 2240 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:43:15.0984 2240 drmkaud - ok
    20:43:16.0062 2240 DS1410D (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\amdagp.dll
    20:43:16.0171 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\amdagp.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:16.0171 2240 DS1410D ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:16.0171 2240 DS1410D - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:16.0203 2240 EACSvrMngr - ok
    20:43:16.0281 2240 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    20:43:16.0375 2240 EapHost - ok
    20:43:16.0437 2240 EL90X - ok
    20:43:16.0500 2240 eloggersvc6 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\logonsvcid.dll
    20:43:16.0515 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\logonsvcid.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:16.0515 2240 eloggersvc6 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:16.0515 2240 eloggersvc6 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:16.0562 2240 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    20:43:16.0656 2240 ERSvc - ok
    20:43:16.0781 2240 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
    20:43:16.0796 2240 esgiguard - ok
    20:43:16.0796 2240 EU3_USB - ok
    20:43:16.0859 2240 EUSBMSD (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ZSMC301b.dll
    20:43:16.0859 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\ZSMC301b.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:16.0859 2240 EUSBMSD ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:16.0859 2240 EUSBMSD - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:16.0906 2240 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    20:43:16.0953 2240 Eventlog - ok
    20:43:17.0000 2240 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    20:43:17.0046 2240 EventSystem - ok
    20:43:17.0156 2240 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:43:17.0250 2240 Fastfat - ok
    20:43:17.0328 2240 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:43:17.0359 2240 FastUserSwitchingCompatibility - ok
    20:43:17.0437 2240 FaxTalk FaxCenter Pro 8 (18ef9f53f127b8758b257117983df520) C:\Program Files\FaxTalk\FTmsgsvc.exe
    20:43:17.0453 2240 FaxTalk FaxCenter Pro 8 - ok
    20:43:17.0484 2240 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    20:43:17.0578 2240 Fdc - ok
    20:43:17.0593 2240 FINEPIX_PCC - ok
    20:43:17.0625 2240 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    20:43:17.0734 2240 Fips - ok
    20:43:17.0765 2240 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    20:43:17.0843 2240 Flpydisk - ok
    20:43:17.0890 2240 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    20:43:17.0968 2240 FltMgr - ok
    20:43:18.0140 2240 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    20:43:18.0156 2240 FontCache3.0.0.0 - ok
    20:43:18.0218 2240 forcewarewebinterface (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\VRADFIL.dll
    20:43:18.0218 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\VRADFIL.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:18.0218 2240 forcewarewebinterface ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:18.0218 2240 forcewarewebinterface - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:18.0265 2240 fsaa - ok
    20:43:18.0296 2240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:43:18.0406 2240 Fs_Rec - ok
    20:43:18.0453 2240 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:43:18.0546 2240 Ftdisk - ok
    20:43:18.0625 2240 fuj02b1 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\zpnodecollector.dll
    20:43:18.0625 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\zpnodecollector.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:18.0625 2240 fuj02b1 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:18.0625 2240 fuj02b1 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:18.0687 2240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    20:43:18.0687 2240 GEARAspiWDM - ok
    20:43:18.0750 2240 generichidservice (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\purgeieservice.dll
    20:43:18.0765 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\purgeieservice.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:18.0765 2240 generichidservice ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:18.0765 2240 generichidservice - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:18.0765 2240 getPlusHelper - ok
    20:43:18.0781 2240 giveio - ok
    20:43:18.0843 2240 GoProto (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ikfileflt.dll
    20:43:18.0843 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\ikfileflt.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:18.0843 2240 GoProto ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:18.0843 2240 GoProto - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:18.0890 2240 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:43:18.0984 2240 Gpc - ok
    20:43:19.0156 2240 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:43:19.0171 2240 gupdate - ok
    20:43:19.0187 2240 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:43:19.0203 2240 gupdatem - ok
    20:43:19.0328 2240 ham50 (575976cd9f6a60be788f8aebaef44ae5) C:\WINDOWS\system32\DRIVERS\IntelH51.sys
    20:43:19.0359 2240 ham50 ( UnsignedFile.Multi.Generic ) - warning
    20:43:19.0359 2240 ham50 - detected UnsignedFile.Multi.Generic (1)
    20:43:19.0375 2240 hap16v2k - ok
    20:43:19.0406 2240 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    20:43:19.0500 2240 HDAudBus - ok
    20:43:19.0531 2240 helpsvc - ok
    20:43:19.0546 2240 HidServ - ok
    20:43:19.0609 2240 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    20:43:19.0703 2240 hkmsvc - ok
    20:43:19.0703 2240 hpn - ok
    20:43:19.0765 2240 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    20:43:19.0812 2240 HSFHWBS2 - ok
    20:43:19.0859 2240 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    20:43:19.0906 2240 HSF_DPV - ok
    20:43:20.0015 2240 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:43:20.0062 2240 HTTP - ok
    20:43:20.0125 2240 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    20:43:20.0234 2240 HTTPFilter - ok
    20:43:20.0296 2240 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
    20:43:20.0375 2240 i2omgmt - ok
    20:43:20.0375 2240 i2omp - ok
    20:43:20.0421 2240 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:43:20.0531 2240 i8042prt - ok
    20:43:20.0531 2240 icdsptsv - ok
    20:43:20.0687 2240 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:43:20.0718 2240 idsvc - ok
    20:43:20.0828 2240 ikfileflt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\us30service.dll
    20:43:20.0843 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\us30service.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:20.0843 2240 ikfileflt ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:20.0843 2240 ikfileflt - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:20.0921 2240 imap4d32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ino_flpy.dll
    20:43:20.0921 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\ino_flpy.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:20.0921 2240 imap4d32 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:20.0921 2240 imap4d32 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:20.0968 2240 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:43:21.0046 2240 Imapi - ok
    20:43:21.0125 2240 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    20:43:21.0203 2240 ImapiService - ok
    20:43:21.0281 2240 infrastructure (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cvintdrv.dll
    20:43:21.0281 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\cvintdrv.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:21.0281 2240 infrastructure ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:21.0281 2240 infrastructure - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:21.0296 2240 ini910u - ok
    20:43:21.0296 2240 int15 - ok
    20:43:21.0515 2240 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    20:43:21.0750 2240 IntcAzAudAddService - ok
    20:43:21.0765 2240 IntelIde - ok
    20:43:21.0843 2240 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:43:21.0921 2240 intelppm - ok
    20:43:21.0937 2240 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    20:43:22.0031 2240 Ip6Fw - ok
    20:43:22.0046 2240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:43:22.0156 2240 IpFilterDriver - ok
    20:43:22.0156 2240 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:43:22.0250 2240 IpInIp - ok
    20:43:22.0296 2240 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:43:22.0390 2240 IpNat - ok
    20:43:22.0531 2240 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
    20:43:22.0546 2240 iPod Service - ok
    20:43:22.0609 2240 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:43:22.0718 2240 IPSec - ok
    20:43:22.0765 2240 ipsraidn (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\viagfx.dll
    20:43:22.0765 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\viagfx.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:22.0765 2240 ipsraidn ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:22.0765 2240 ipsraidn - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:22.0781 2240 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:43:22.0828 2240 IRENUM - ok
    20:43:22.0859 2240 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:43:22.0953 2240 isapnp - ok
    20:43:23.0015 2240 iviregmgr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MpFilter.dll
    20:43:23.0015 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\MpFilter.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:23.0015 2240 iviregmgr ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:23.0015 2240 iviregmgr - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:23.0078 2240 IWCA (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\btwavdt.dll
    20:43:23.0078 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\btwavdt.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:23.0078 2240 IWCA ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:23.0078 2240 IWCA - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:23.0156 2240 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
    20:43:23.0171 2240 JavaQuickStarterService - ok
    20:43:23.0250 2240 JGOGO (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pml.dll
    20:43:23.0265 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\pml.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:23.0265 2240 JGOGO ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:23.0265 2240 JGOGO - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:23.0312 2240 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:43:23.0390 2240 Kbdclass - ok
    20:43:23.0437 2240 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:43:23.0531 2240 kmixer - ok
    20:43:23.0609 2240 kodakccs (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\iaimfp0.dll
    20:43:23.0609 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\iaimfp0.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:23.0609 2240 kodakccs ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:23.0609 2240 kodakccs - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:23.0625 2240 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:43:23.0656 2240 KSecDD - ok
    20:43:23.0718 2240 l8042pr2 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tpkmpsvc.dll
    20:43:23.0718 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\tpkmpsvc.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:23.0718 2240 l8042pr2 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:23.0718 2240 l8042pr2 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:23.0765 2240 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    20:43:23.0796 2240 lanmanserver - ok
    20:43:23.0828 2240 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    20:43:23.0828 2240 lanmanworkstation - ok
    20:43:23.0890 2240 lbrtfdc (cc50a66548c2f285bc8a7b0b8aa578e3) C:\WINDOWS\system32\drivers\lbrtfdc.sys
    20:43:23.0968 2240 lbrtfdc - ok
    20:43:24.0031 2240 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    20:43:24.0109 2240 LmHosts - ok
    20:43:24.0171 2240 lxbs_device (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SrvcSSIOMngr.dll
    20:43:24.0234 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\SrvcSSIOMngr.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:24.0234 2240 lxbs_device ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:24.0234 2240 lxbs_device - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:24.0281 2240 lxce_device (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\cicsclient.dll
    20:43:24.0296 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\cicsclient.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:24.0296 2240 lxce_device ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:24.0296 2240 lxce_device - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:24.0359 2240 lxct_device (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\st330service.dll
    20:43:24.0375 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\st330service.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:24.0375 2240 lxct_device ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:24.0375 2240 lxct_device - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:24.0375 2240 lxrsge10s - ok
    20:43:24.0531 2240 MatSvc (0cf633a54c681c65297c63106c4bc376) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
    20:43:24.0546 2240 MatSvc - ok
    20:43:24.0578 2240 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
    20:43:24.0593 2240 MBAMProtector - ok
    20:43:24.0656 2240 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    20:43:24.0687 2240 MBAMService - ok
    20:43:24.0796 2240 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    20:43:24.0812 2240 McComponentHostService - ok
    20:43:24.0921 2240 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    20:43:24.0953 2240 mdmxsdk - ok
    20:43:25.0031 2240 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    20:43:25.0125 2240 Messenger - ok
    20:43:25.0140 2240 mf - ok
    20:43:25.0187 2240 mi-raysat_3dsMax2008_32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\W8335XP.dll
    20:43:25.0203 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\W8335XP.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:25.0203 2240 mi-raysat_3dsMax2008_32 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:25.0203 2240 mi-raysat_3dsMax2008_32 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:25.0203 2240 mindrepair - ok
    20:43:25.0265 2240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:43:25.0359 2240 mnmdd - ok
    20:43:25.0406 2240 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    20:43:25.0515 2240 mnmsrvc - ok
    20:43:25.0546 2240 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    20:43:25.0656 2240 Modem - ok
    20:43:25.0703 2240 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    20:43:25.0796 2240 MODEMCSA - ok
    20:43:25.0875 2240 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    20:43:25.0921 2240 Monfilt - ok
    20:43:25.0953 2240 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:43:26.0046 2240 Mouclass - ok
    20:43:26.0062 2240 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:43:26.0171 2240 MountMgr - ok
    20:43:26.0171 2240 MR97310_USB_DUAL_CAMERA - ok
    20:43:26.0187 2240 mraid35x - ok
    20:43:26.0187 2240 MRV6X32P - ok
    20:43:26.0218 2240 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:43:26.0312 2240 MRxDAV - ok
    20:43:26.0421 2240 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:43:26.0453 2240 MRxSmb - ok
    20:43:26.0484 2240 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    20:43:26.0562 2240 MSDTC - ok
    20:43:26.0578 2240 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:43:26.0671 2240 Msfs - ok
    20:43:26.0687 2240 MSICPL - ok
    20:43:26.0687 2240 MSIServer - ok
    20:43:26.0703 2240 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:43:26.0781 2240 MSKSSRV - ok
    20:43:26.0843 2240 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:43:26.0921 2240 MSPCLOCK - ok
    20:43:26.0937 2240 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:43:27.0015 2240 MSPQM - ok
    20:43:27.0078 2240 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:43:27.0156 2240 mssmbios - ok
    20:43:27.0234 2240 mssql$sqlexpress (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tap0901.dll
    20:43:27.0234 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\tap0901.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:27.0234 2240 mssql$sqlexpress ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:27.0234 2240 mssql$sqlexpress - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:27.0281 2240 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    20:43:27.0312 2240 Mup - ok
    20:43:27.0312 2240 Mvc25U870_VID_1262&PID_25FD - ok
    20:43:27.0359 2240 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    20:43:27.0437 2240 napagent - ok
    20:43:27.0500 2240 navapel (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ndassvc.dll
    20:43:27.0500 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\ndassvc.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:27.0515 2240 navapel ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:27.0515 2240 navapel - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:27.0578 2240 nchssvad (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\k750mdfl.dll
    20:43:27.0578 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\k750mdfl.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:27.0578 2240 nchssvad ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:27.0578 2240 nchssvad - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:27.0593 2240 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:43:27.0687 2240 NDIS - ok
    20:43:27.0734 2240 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:43:27.0765 2240 NdisTapi - ok
    20:43:27.0796 2240 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:43:27.0875 2240 Ndisuio - ok
    20:43:27.0875 2240 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:43:27.0984 2240 NdisWan - ok
    20:43:28.0015 2240 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:43:28.0015 2240 NDProxy - ok
    20:43:28.0046 2240 NeroMediaHomeService.4 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\UsbserFilt.dll
    20:43:28.0062 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\UsbserFilt.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:28.0062 2240 NeroMediaHomeService.4 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:28.0062 2240 NeroMediaHomeService.4 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:28.0062 2240 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:43:28.0171 2240 NetBIOS - ok
    20:43:28.0203 2240 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:43:28.0312 2240 NetBT - ok
    20:43:28.0328 2240 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    20:43:28.0421 2240 NetDDE - ok
    20:43:28.0437 2240 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    20:43:28.0515 2240 NetDDEdsdm - ok
    20:43:28.0562 2240 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:43:28.0656 2240 Netlogon - ok
    20:43:28.0703 2240 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    20:43:28.0812 2240 Netman - ok
    20:43:29.0000 2240 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:43:29.0000 2240 NetTcpPortSharing - ok
    20:43:29.0046 2240 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    20:43:29.0156 2240 NIC1394 - ok
    20:43:29.0234 2240 nicconfigsvc (9c454cd857b4c0ccf7a614b047616503) C:\WINDOWS\system32\SimpTcp.dll
    20:43:29.0328 2240 nicconfigsvc - ok
    20:43:29.0406 2240 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    20:43:29.0437 2240 Nla - ok
    20:43:29.0531 2240 NMSCFG (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\kbdclass.dll
    20:43:29.0562 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\kbdclass.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:29.0562 2240 NMSCFG ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:29.0562 2240 NMSCFG - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:29.0625 2240 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\WINDOWS\system32\drivers\ccdcmb.sys
    20:43:29.0703 2240 nmwcd - ok
    20:43:29.0734 2240 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    20:43:29.0796 2240 nmwcdc - ok
    20:43:29.0828 2240 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
    20:43:29.0906 2240 nmwcdnsu - ok
    20:43:29.0921 2240 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
    20:43:30.0000 2240 nmwcdnsuc - ok
    20:43:30.0046 2240 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:43:30.0156 2240 Npfs - ok
    20:43:30.0218 2240 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:43:30.0328 2240 Ntfs - ok
    20:43:30.0406 2240 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:43:30.0484 2240 NtLmSsp - ok
    20:43:30.0531 2240 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    20:43:30.0640 2240 NtmsSvc - ok
    20:43:30.0750 2240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:43:30.0843 2240 Null - ok
    20:43:31.0109 2240 nv (ceab17ba3e0f7de96a4649f896b35131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    20:43:31.0328 2240 nv ( UnsignedFile.Multi.Generic ) - warning
    20:43:31.0328 2240 nv - detected UnsignedFile.Multi.Generic (1)
    20:43:31.0390 2240 NVR0FLASHDev (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\MA8032M.dll
    20:43:31.0390 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\MA8032M.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:31.0390 2240 NVR0FLASHDev ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:31.0390 2240 NVR0FLASHDev - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:31.0468 2240 NVSvc (df6fd57d6807ae459b3463fbfda02d49) C:\WINDOWS\system32\nvsvc32.exe
    20:43:31.0484 2240 NVSvc ( UnsignedFile.Multi.Generic ) - warning
    20:43:31.0484 2240 NVSvc - detected UnsignedFile.Multi.Generic (1)
    20:43:31.0500 2240 NWHOST - ok
    20:43:31.0578 2240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:43:31.0687 2240 NwlnkFlt - ok
    20:43:31.0687 2240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:43:31.0765 2240 NwlnkFwd - ok
    20:43:31.0843 2240 NWSIPX32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SGIR.dll
    20:43:31.0843 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\SGIR.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:31.0843 2240 NWSIPX32 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:31.0843 2240 NWSIPX32 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:31.0875 2240 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    20:43:31.0968 2240 ohci1394 - ok
    20:43:31.0968 2240 omci - ok
    20:43:32.0046 2240 omniusb (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ZuneBusEnum.dll
    20:43:32.0046 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\ZuneBusEnum.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:32.0046 2240 omniusb ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:32.0046 2240 omniusb - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:32.0125 2240 ood2000 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mouhid.dll
    20:43:32.0125 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\mouhid.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:32.0125 2240 ood2000 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:32.0125 2240 ood2000 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:32.0156 2240 osanbm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\O2SCBUS.dll
    20:43:32.0156 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\O2SCBUS.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:32.0156 2240 osanbm ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:32.0156 2240 osanbm - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:32.0281 2240 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:43:32.0281 2240 ose - ok
    20:43:32.0359 2240 Packet (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\HPFXBULK.dll
    20:43:32.0359 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\HPFXBULK.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:32.0359 2240 Packet ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:32.0359 2240 Packet - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:32.0406 2240 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    20:43:32.0500 2240 Parport - ok
    20:43:32.0609 2240 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:43:32.0703 2240 PartMgr - ok
    20:43:32.0781 2240 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:43:32.0875 2240 ParVdm - ok
    20:43:32.0937 2240 pav_service (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\tmmbd.dll
    20:43:32.0937 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\tmmbd.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:32.0937 2240 pav_service ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:32.0937 2240 pav_service - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:33.0015 2240 pca (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\adsexpb.dll
    20:43:33.0015 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\adsexpb.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:33.0015 2240 pca ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:33.0015 2240 pca - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:33.0078 2240 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    20:43:33.0109 2240 pccsmcfd - ok
    20:43:33.0140 2240 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:43:33.0250 2240 PCI - ok
    20:43:33.0281 2240 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:43:33.0375 2240 PCIIde - ok
    20:43:33.0406 2240 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:43:33.0500 2240 Pcmcia - ok
    20:43:33.0515 2240 pdlndldl - ok
    20:43:33.0546 2240 pdlnepkt (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\pctfw1.dll
    20:43:33.0546 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\pctfw1.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:33.0546 2240 pdlnepkt ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:33.0546 2240 pdlnepkt - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:33.0546 2240 perc2 - ok
    20:43:33.0562 2240 perc2hib - ok
    20:43:33.0578 2240 pgpsdkservice - ok
    20:43:33.0640 2240 PGPwded (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ni_nic.dll
    20:43:33.0750 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\ni_nic.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:33.0750 2240 PGPwded ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:33.0750 2240 PGPwded - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:33.0750 2240 pktfilter - ok
    20:43:33.0812 2240 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    20:43:33.0828 2240 PlugPlay - ok
    20:43:33.0859 2240 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:43:33.0937 2240 PolicyAgent - ok
    20:43:34.0000 2240 pop3d32 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\diskperf.dll
    20:43:34.0015 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\diskperf.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:34.0015 2240 pop3d32 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:34.0015 2240 pop3d32 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:34.0078 2240 ppped (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\wdelmgr20.dll
    20:43:34.0093 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\wdelmgr20.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:34.0093 2240 ppped ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:34.0093 2240 ppped - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:34.0140 2240 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:43:34.0234 2240 PptpMiniport - ok
    20:43:34.0328 2240 prism_a02 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\fasttrackinstallerservice.dll
    20:43:34.0343 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\fasttrackinstallerservice.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:34.0343 2240 prism_a02 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:34.0343 2240 prism_a02 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:34.0343 2240 procexp100 - ok
    20:43:34.0359 2240 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:43:34.0437 2240 ProtectedStorage - ok
    20:43:34.0437 2240 protectionservice - ok
    20:43:34.0484 2240 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:43:34.0578 2240 PSched - ok
    20:43:34.0640 2240 pshost (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ICM10USB.dll
    20:43:34.0656 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\ICM10USB.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:34.0656 2240 pshost ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:34.0656 2240 pshost - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:34.0656 2240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:43:34.0765 2240 Ptilink - ok
    20:43:34.0765 2240 ql1080 - ok
    20:43:34.0765 2240 Ql10wnt - ok
    20:43:34.0781 2240 ql12160 - ok
    20:43:34.0781 2240 ql1240 - ok
    20:43:34.0796 2240 ql1280 - ok
    20:43:34.0859 2240 ql2100 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\trackcam4.dll
    20:43:34.0875 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\trackcam4.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:34.0875 2240 ql2100 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:34.0875 2240 ql2100 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:34.0953 2240 QWAVEDRV (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\eeyeevnt.dll
    20:43:34.0953 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\eeyeevnt.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:34.0953 2240 QWAVEDRV ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:34.0953 2240 QWAVEDRV - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:35.0015 2240 RalinkRegistryWriter (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\se2Bunic.dll
    20:43:35.0031 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\se2Bunic.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:35.0031 2240 RalinkRegistryWriter ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:35.0031 2240 RalinkRegistryWriter - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:35.0203 2240 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
    20:43:35.0218 2240 RapportCerberus_34302 - ok
    20:43:35.0328 2240 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
    20:43:35.0328 2240 RapportEI - ok
    20:43:35.0437 2240 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
    20:43:35.0453 2240 RapportIaso - ok
    20:43:35.0468 2240 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\WINDOWS\system32\Drivers\RapportKELL.sys
    20:43:35.0484 2240 RapportKELL - ok
    20:43:35.0531 2240 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    20:43:35.0562 2240 RapportMgmtService - ok
    20:43:35.0609 2240 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
    20:43:35.0625 2240 RapportPG - ok
    20:43:35.0656 2240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:43:35.0734 2240 RasAcd - ok
    20:43:35.0796 2240 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    20:43:35.0890 2240 RasAuto - ok
    20:43:35.0953 2240 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:43:36.0046 2240 Rasl2tp - ok
    20:43:36.0109 2240 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    20:43:36.0187 2240 RasMan - ok
    20:43:36.0296 2240 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:43:36.0390 2240 RasPppoe - ok
    20:43:36.0484 2240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:43:36.0578 2240 Raspti - ok
    20:43:36.0609 2240 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:43:36.0687 2240 Rdbss - ok
    20:43:36.0718 2240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:43:36.0812 2240 RDPCDD - ok
    20:43:36.0875 2240 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    20:43:36.0984 2240 rdpdr - ok
    20:43:37.0046 2240 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:43:37.0078 2240 RDPWD - ok
    20:43:37.0109 2240 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    20:43:37.0203 2240 RDSessMgr - ok
    20:43:37.0515 2240 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:43:37.0640 2240 redbook - ok
    20:43:38.0171 2240 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    20:43:38.0281 2240 RemoteAccess - ok
    20:43:38.0796 2240 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    20:43:38.0921 2240 RemoteRegistry - ok
    20:43:38.0984 2240 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    20:43:39.0078 2240 RFCOMM - ok
    20:43:39.0312 2240 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    20:43:39.0328 2240 RichVideo - ok
    20:43:39.0328 2240 roxmediadb - ok
    20:43:39.0406 2240 roxmediadb9 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\bdfdll.dll
    20:43:39.0406 2240 Suspicious file (NoAccess): C:\WINDOWS\system32\bdfdll.dll. md5: 11028c6a84a967070cb1286550f2058f
    20:43:39.0406 2240 roxmediadb9 ( Backdoor.Multi.ZAccess.gen ) - infected
    20:43:39.0406 2240 roxmediadb9 - detected Backdoor.Multi.ZAccess.gen (0)
    20:43:39.0453 2240 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •