Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus can't use computer at all. [Solved]


  • This topic is locked This topic is locked

#1
Bobcat Bob

Bobcat Bob

    Member

  • Member
  • PipPipPip
  • 111 posts
My mothers Tobisha laptop was Vista now upgraded to Windows 7, it has a virus that opens 20 of its self and then runs a phony scan, and can not do anything on the computer, I tried to down load OTL but the computer won't let me open any links ( it has this problem before virus) Also the start menu only has IE and downloads for a option everything else is missing.

Sorry about the double post :)

Update: I was able to figure out a way around the link problem and to run the OTL log.


OTL logfile created on: 7/16/2012 8:28:51 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Book Worm\Links
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 3.25 Gb Available Physical Memory | 81.88% Memory free
7.93 Gb Paging File | 7.26 Gb Available in Paging File | 91.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.35 Gb Total Space | 190.11 Gb Free Space | 66.39% Space Free | Partition Type: NTFS
Drive D: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOOKWORM-PC | User Name: Book Worm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/16 20:28:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Book Worm\Links\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/04/24 13:40:26 | 000,242,176 | -H-- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/17 13:48:54 | 000,084,480 | -H-- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 20:30:32 | 000,488,288 | -H-- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 16:53:28 | 000,055,808 | -H-- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/08/22 12:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/16 20:42:58 | 000,020,544 | -H-- | M] (TOSHIBA) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 18:57:22 | 000,083,312 | -H-- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/10 20:51:20 | 000,046,448 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 19:27:10 | 000,036,864 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 18:15:32 | 000,242,424 | -H-- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/18 13:59:44 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 13:48:00 | 000,573,440 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/03 04:39:42 | 000,234,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/03/25 19:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/03/19 15:52:02 | 000,016,392 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PMCF.sys -- (PMCF)
DRV:64bit: - [2009/03/18 13:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/02/12 17:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/02/11 19:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/14 15:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 12:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2007/04/23 15:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RtlProt.sys -- (RtlProt)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D9FF2B7C-515B-4143-A51E-EFF739B0B122}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{D9FF2B7C-515B-4143-A51E-EFF739B0B122}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{11D7C32B-22AB-0D04-AB2E-9B7673A21173}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSHB_enUS337
IE - HKCU\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2011/09/20 15:33:48 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2011/09/20 15:33:48 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/20 15:34:24 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/20 15:34:23 | 000,000,000 | -H-D | M]

[2011/09/20 15:50:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Book Worm\AppData\Roaming\Mozilla\Extensions
[2010/07/29 14:37:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Book Worm\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | -H-D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | -H-D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | -H-D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/09/03 08:24:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [hOHHphGoNe.exe] C:\ProgramData\hOHHphGoNe.exe (GFW)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" File not found
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKCU..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Oqrybysom] C:\Users\Book Worm\AppData\Roaming\Ytumk\aziv.exe ()
O4 - HKCU..\Run: [VvunMOI7lABmpv] C:\ProgramData\VvunMOI7lABmpv.exe (GFW)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29E1443A-312E-43AA-8A69-EA08E720E14C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30:64bit: - LSA: Security Packages - (s) - File not found
O30 - LSA: Security Packages - (s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/12 04:38:58 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9ad0be05-e3c6-11e0-9715-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ad0be05-e3c6-11e0-9715-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2011/04/12 04:38:58 | 000,106,768 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/16 20:36:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/16 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\Book Worm\AppData\Local\ElevatedDiagnostics
[2012/07/13 13:51:11 | 000,000,000 | ---D | C] -- C:\Users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012/07/13 13:51:03 | 000,249,344 | ---- | C] (GFW) -- C:\ProgramData\VvunMOI7lABmpv.exe
[2012/07/12 22:46:43 | 000,339,968 | -H-- | C] (GFW) -- C:\ProgramData\hOHHphGoNe.exe
[2012/07/11 21:00:58 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Ymwufo
[2012/07/11 21:00:58 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Uqpoov
[2012/07/11 21:00:58 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Olery
[2012/07/11 19:01:57 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Uwudh
[2012/07/11 19:01:57 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Uhikky
[2012/07/11 19:01:57 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Izatho
[2012/07/08 22:27:32 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/07/08 18:57:25 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Vuuve
[2012/07/08 18:57:25 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Oncuu
[2012/07/08 18:57:25 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Hace
[2012/07/07 21:16:18 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Tyzobe
[2012/07/07 21:16:18 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Kayt
[2012/07/07 21:16:18 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Dyavxo
[2012/07/07 09:14:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/06 19:47:11 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Ytumk
[2012/07/06 19:47:11 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Laop
[2012/07/06 19:47:11 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Baemoh

========== Files - Modified Within 30 Days ==========

[2012/07/16 20:36:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/16 20:05:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/16 20:05:22 | 3192,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/16 19:50:12 | 345,390,196 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/16 19:48:02 | 000,000,368 | ---- | M] () -- C:\ProgramData\VvunMOI7lABmpv
[2012/07/16 19:47:46 | 000,000,072 | ---- | M] () -- C:\ProgramData\-VvunMOI7lABmpvr
[2012/07/16 19:47:46 | 000,000,072 | ---- | M] () -- C:\ProgramData\-VvunMOI7lABmpv
[2012/07/16 19:46:38 | 000,000,894 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/15 10:53:35 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 10:53:35 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 13:51:12 | 000,000,691 | ---- | M] () -- C:\Users\Book Worm\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/07/13 13:51:12 | 000,000,667 | ---- | M] () -- C:\Users\Book Worm\Desktop\File_Recovery.lnk
[2012/07/13 13:51:03 | 000,249,344 | ---- | M] (GFW) -- C:\ProgramData\VvunMOI7lABmpv.exe
[2012/07/13 13:37:10 | 000,000,898 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/13 11:25:17 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At12.job
[2012/07/13 11:25:17 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At11.job
[2012/07/13 11:25:17 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At10.job
[2012/07/13 11:25:13 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At36.job
[2012/07/13 11:25:13 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At35.job
[2012/07/13 11:25:13 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At34.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At9.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At8.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At7.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At6.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At5.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At4.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At3.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At2.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At1.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At33.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At32.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At31.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At30.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At29.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At28.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At27.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At26.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At25.job
[2012/07/12 23:06:34 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At24.job
[2012/07/12 23:00:01 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At48.job
[2012/07/12 22:44:28 | 000,339,968 | -H-- | M] (GFW) -- C:\ProgramData\hOHHphGoNe.exe
[2012/07/12 22:13:12 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At47.job
[2012/07/12 22:13:12 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At46.job
[2012/07/12 22:13:12 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At45.job
[2012/07/12 22:13:12 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At23.job
[2012/07/12 22:13:12 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At22.job
[2012/07/12 22:13:12 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At21.job
[2012/07/12 19:00:05 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At20.job
[2012/07/12 19:00:00 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At44.job
[2012/07/12 18:57:19 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At19.job
[2012/07/12 18:57:15 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At43.job
[2012/07/12 17:01:53 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At18.job
[2012/07/12 17:00:01 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At42.job
[2012/07/12 14:02:27 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At15.job
[2012/07/12 14:00:00 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At39.job
[2012/07/12 12:28:44 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At13.job
[2012/07/12 12:28:41 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At37.job
[2012/07/11 16:51:39 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At17.job
[2012/07/11 16:51:39 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At16.job
[2012/07/11 16:51:35 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At41.job
[2012/07/11 16:51:35 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At40.job
[2012/07/11 13:51:41 | 000,000,340 | -H-- | M] () -- C:\Windows\tasks\At14.job
[2012/07/11 13:51:36 | 000,000,342 | -H-- | M] () -- C:\Windows\tasks\At38.job
[2012/07/06 19:47:10 | 000,085,504 | -H-- | M] () -- C:\ProgramData\8PABgDkh.exe

========== Files Created - No Company Name ==========

[2012/07/13 13:51:12 | 000,000,691 | ---- | C] () -- C:\Users\Book Worm\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/07/13 13:51:12 | 000,000,667 | ---- | C] () -- C:\Users\Book Worm\Desktop\File_Recovery.lnk
[2012/07/13 13:51:12 | 000,000,072 | ---- | C] () -- C:\ProgramData\-VvunMOI7lABmpvr
[2012/07/13 13:51:12 | 000,000,072 | ---- | C] () -- C:\ProgramData\-VvunMOI7lABmpv
[2012/07/13 13:51:05 | 000,000,368 | ---- | C] () -- C:\ProgramData\VvunMOI7lABmpv
[2012/07/06 19:47:46 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At48.job
[2012/07/06 19:47:46 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At47.job
[2012/07/06 19:47:45 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At46.job
[2012/07/06 19:47:44 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At45.job
[2012/07/06 19:47:44 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At44.job
[2012/07/06 19:47:44 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At43.job
[2012/07/06 19:47:43 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At42.job
[2012/07/06 19:47:42 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At41.job
[2012/07/06 19:47:42 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At40.job
[2012/07/06 19:47:42 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At39.job
[2012/07/06 19:47:42 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At38.job
[2012/07/06 19:47:41 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At37.job
[2012/07/06 19:47:41 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At36.job
[2012/07/06 19:47:41 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At35.job
[2012/07/06 19:47:40 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At34.job
[2012/07/06 19:47:40 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At33.job
[2012/07/06 19:47:40 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At32.job
[2012/07/06 19:47:40 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At31.job
[2012/07/06 19:47:39 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At30.job
[2012/07/06 19:47:38 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At29.job
[2012/07/06 19:47:38 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At28.job
[2012/07/06 19:47:38 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At27.job
[2012/07/06 19:47:37 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At26.job
[2012/07/06 19:47:36 | 000,000,342 | -H-- | C] () -- C:\Windows\tasks\At25.job
[2012/07/06 19:47:36 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At24.job
[2012/07/06 19:47:35 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At23.job
[2012/07/06 19:47:35 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At22.job
[2012/07/06 19:47:35 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At21.job
[2012/07/06 19:47:34 | 000,232,960 | -H-- | C] () -- C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\U\00000008.@
[2012/07/06 19:47:34 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\U\80000032.@
[2012/07/06 19:47:34 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\U\80000064.@
[2012/07/06 19:47:34 | 000,000,804 | -H-- | C] () -- C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\L\00000004.@
[2012/07/06 19:47:34 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At20.job
[2012/07/06 19:47:34 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At19.job
[2012/07/06 19:47:33 | 000,001,632 | -H-- | C] () -- C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\U\000000cb.@
[2012/07/06 19:47:33 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At18.job
[2012/07/06 19:47:32 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At17.job
[2012/07/06 19:47:32 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At16.job
[2012/07/06 19:47:30 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At15.job
[2012/07/06 19:47:30 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At14.job
[2012/07/06 19:47:29 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At13.job
[2012/07/06 19:47:29 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At12.job
[2012/07/06 19:47:28 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At11.job
[2012/07/06 19:47:28 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At10.job
[2012/07/06 19:47:27 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At9.job
[2012/07/06 19:47:27 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At8.job
[2012/07/06 19:47:26 | 000,016,896 | -H-- | C] () -- C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\U\80000000.@
[2012/07/06 19:47:26 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At7.job
[2012/07/06 19:47:26 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At6.job
[2012/07/06 19:47:25 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At5.job
[2012/07/06 19:47:24 | 000,002,048 | -H-- | C] () -- C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\U\00000004.@
[2012/07/06 19:47:22 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At4.job
[2012/07/06 19:47:21 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At3.job
[2012/07/06 19:47:20 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At2.job
[2012/07/06 19:47:14 | 000,085,504 | -H-- | C] () -- C:\ProgramData\8PABgDkh.exe
[2012/07/06 19:47:14 | 000,000,340 | -H-- | C] () -- C:\Windows\tasks\At1.job
[2012/01/11 13:30:54 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2d2acad4-c402-2a72-e034-af3f329b8048}\@
[2012/01/11 13:30:54 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{2d2acad4-c402-2a72-e034-af3f329b8048}\@
[2012/01/11 13:30:54 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\@
[2011/09/03 08:03:09 | 000,256,000 | -H-- | C] () -- C:\Windows\PEV.exe
[2011/09/03 08:03:09 | 000,208,896 | -H-- | C] () -- C:\Windows\MBR.exe
[2011/09/03 08:03:09 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe
[2011/09/03 08:03:09 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe
[2011/09/03 08:03:09 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe
[2010/11/08 10:23:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/25 17:02:55 | 000,000,000 | -H-- | C] () -- C:\Users\Book Worm\jagex__preferences3.dat
[2010/08/25 17:02:47 | 000,000,099 | -H-- | C] () -- C:\Users\Book Worm\jagex_runescape_preferences2.dat
[2010/08/25 17:01:26 | 000,000,046 | -H-- | C] () -- C:\Users\Book Worm\jagex_runescape_preferences.dat

========== LOP Check ==========

[2012/07/13 11:25:17 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Baemoh
[2012/07/07 21:16:18 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Dyavxo
[2011/09/20 15:50:22 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\eMusic
[2012/07/08 18:57:25 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Hace
[2012/07/11 19:01:57 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Izatho
[2012/07/07 21:16:18 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Kayt
[2012/07/06 19:47:11 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Laop
[2011/09/20 15:50:24 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Merscom
[2012/07/11 21:00:58 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Olery
[2012/07/08 18:57:25 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Oncuu
[2011/09/20 15:50:30 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\PowerCinema
[2011/09/20 15:50:32 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\toshiba
[2012/07/07 21:16:18 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Tyzobe
[2012/07/11 19:01:57 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Uhikky
[2012/07/11 21:00:58 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Uqpoov
[2012/07/11 19:01:57 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Uwudh
[2012/07/08 18:57:25 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Vuuve
[2011/09/20 15:50:32 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\WildTangent
[2011/09/20 15:50:32 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\WinBatch
[2011/09/20 15:50:32 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Xilisoft
[2012/07/11 21:00:58 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Ymwufo
[2012/07/06 19:47:11 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Ytumk
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At1.job
[2012/07/13 11:25:17 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At10.job
[2012/07/13 11:25:17 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At11.job
[2012/07/13 11:25:17 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At12.job
[2012/07/12 12:28:44 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At13.job
[2012/07/11 13:51:41 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At14.job
[2012/07/12 14:02:27 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At15.job
[2012/07/11 16:51:39 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At16.job
[2012/07/11 16:51:39 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At17.job
[2012/07/12 17:01:53 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At18.job
[2012/07/12 18:57:19 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At19.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At2.job
[2012/07/12 19:00:05 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At20.job
[2012/07/12 22:13:12 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At21.job
[2012/07/12 22:13:12 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At22.job
[2012/07/12 22:13:12 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At23.job
[2012/07/12 23:06:34 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At24.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At25.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At26.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At27.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At28.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At29.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At3.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At30.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At31.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At32.job
[2012/07/13 08:34:46 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At33.job
[2012/07/13 11:25:13 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At34.job
[2012/07/13 11:25:13 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At35.job
[2012/07/13 11:25:13 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At36.job
[2012/07/12 12:28:41 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At37.job
[2012/07/11 13:51:36 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At38.job
[2012/07/12 14:00:00 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At39.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At4.job
[2012/07/11 16:51:35 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At40.job
[2012/07/11 16:51:35 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At41.job
[2012/07/12 17:00:01 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At42.job
[2012/07/12 18:57:15 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At43.job
[2012/07/12 19:00:00 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At44.job
[2012/07/12 22:13:12 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At45.job
[2012/07/12 22:13:12 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At46.job
[2012/07/12 22:13:12 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At47.job
[2012/07/12 23:00:01 | 000,000,342 | -H-- | M] () -- C:\Windows\Tasks\At48.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At5.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At6.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At7.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At8.job
[2012/07/13 08:34:48 | 000,000,340 | -H-- | M] () -- C:\Windows\Tasks\At9.job
[2012/05/05 22:18:24 | 000,032,538 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Bobcat Bob, 16 July 2012 - 08:17 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Bobcat Bob and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [hOHHphGoNe.exe] C:\ProgramData\hOHHphGoNe.exe (GFW)
    O4 - HKCU..\Run: [Oqrybysom] C:\Users\Book Worm\AppData\Roaming\Ytumk\aziv.exe ()
    O4 - HKCU..\Run: [VvunMOI7lABmpv] C:\ProgramData\VvunMOI7lABmpv.exe (GFW)
    O32 - AutoRun File - [2011/04/12 04:38:58 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{9ad0be05-e3c6-11e0-9715-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{9ad0be05-e3c6-11e0-9715-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2011/04/12 04:38:58 | 000,106,768 | R--- | M] (Microsoft Corporation)
    [2012/07/13 13:51:03 | 000,249,344 | ---- | C] (GFW) -- C:\ProgramData\VvunMOI7lABmpv.exe
    [2012/07/12 22:46:43 | 000,339,968 | -H-- | C] (GFW) -- C:\ProgramData\hOHHphGoNe.exe
    [2012/07/11 21:00:58 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Ymwufo
    [2012/07/11 21:00:58 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Uqpoov
    [2012/07/11 21:00:58 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Olery
    [2012/07/11 19:01:57 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Uwudh
    [2012/07/11 19:01:57 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Uhikky
    [2012/07/11 19:01:57 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Izatho
    [2012/07/08 18:57:25 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Vuuve
    [2012/07/08 18:57:25 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Oncuu
    [2012/07/08 18:57:25 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Hace
    [2012/07/07 21:16:18 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Tyzobe
    [2012/07/07 21:16:18 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Kayt
    [2012/07/07 21:16:18 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Dyavxo
    [2012/07/06 19:47:11 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Ytumk
    [2012/07/06 19:47:11 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Laop
    [2012/07/06 19:47:11 | 000,000,000 | -H-D | C] -- C:\Users\Book Worm\AppData\Roaming\Baemoh
    [2012/07/16 19:48:02 | 000,000,368 | ---- | M] () -- C:\ProgramData\VvunMOI7lABmpv
    [2012/07/16 19:47:46 | 000,000,072 | ---- | M] () -- C:\ProgramData\-VvunMOI7lABmpvr
    [2012/07/16 19:47:46 | 000,000,072 | ---- | M] () -- C:\ProgramData\-VvunMOI7lABmpv
    [2012/07/13 13:51:12 | 000,000,691 | ---- | M] () -- C:\Users\Book Worm\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
    [2012/07/13 13:51:12 | 000,000,667 | ---- | M] () -- C:\Users\Book Worm\Desktop\File_Recovery.lnk
    [2012/07/13 13:51:03 | 000,249,344 | ---- | M] (GFW) -- C:\ProgramData\VvunMOI7lABmpv.exe
    [2012/07/13 13:51:11 | 000,000,000 | ---D | C] -- C:\Users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
    [2012/07/12 22:44:28 | 000,339,968 | -H-- | M] (GFW) -- C:\ProgramData\hOHHphGoNe.exe
    [2012/07/06 19:47:10 | 000,085,504 | -H-- | M] () -- C:\ProgramData\8PABgDkh.exe

    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job
    C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2d2acad4-c402-2a72-e034-af3f329b8048}

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Bobcat Bob

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
Thanks for the help :)

Here is the first log.



========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hOHHphGoNe.exe deleted successfully.
C:\ProgramData\hOHHphGoNe.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Oqrybysom deleted successfully.
C:\Users\Book Worm\AppData\Roaming\Ytumk\aziv.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\VvunMOI7lABmpv deleted successfully.
C:\ProgramData\VvunMOI7lABmpv.exe moved successfully.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ad0be05-e3c6-11e0-9715-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ad0be05-e3c6-11e0-9715-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ad0be05-e3c6-11e0-9715-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ad0be05-e3c6-11e0-9715-806e6f6e6963}\ not found.
File move failed. D:\setup.exe scheduled to be moved on reboot.
File C:\ProgramData\VvunMOI7lABmpv.exe not found.
File C:\ProgramData\hOHHphGoNe.exe not found.
C:\Users\Book Worm\AppData\Roaming\Ymwufo folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Uqpoov folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Olery folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Uwudh folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Uhikky folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Izatho folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Vuuve folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Oncuu folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Hace folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Tyzobe folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Kayt folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Dyavxo folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Ytumk folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Laop folder moved successfully.
C:\Users\Book Worm\AppData\Roaming\Baemoh folder moved successfully.
C:\ProgramData\VvunMOI7lABmpv moved successfully.
C:\ProgramData\-VvunMOI7lABmpvr moved successfully.
C:\ProgramData\-VvunMOI7lABmpv moved successfully.
C:\Users\Book Worm\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk moved successfully.
C:\Users\Book Worm\Desktop\File_Recovery.lnk moved successfully.
File C:\ProgramData\VvunMOI7lABmpv.exe not found.
C:\Users\Book Worm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery folder moved successfully.
File C:\ProgramData\hOHHphGoNe.exe not found.
C:\ProgramData\8PABgDkh.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Book Worm\Links\cmd.bat deleted successfully.
C:\Users\Book Worm\Links\cmd.txt deleted successfully.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\U folder moved successfully.
C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048}\L folder moved successfully.
C:\Windows\Installer\{2d2acad4-c402-2a72-e034-af3f329b8048} folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2d2acad4-c402-2a72-e034-af3f329b8048}\U folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2d2acad4-c402-2a72-e034-af3f329b8048}\L folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2d2acad4-c402-2a72-e034-af3f329b8048} folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.54.0 log created on 07172012_031638
  • 0

#4
Bobcat Bob

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
When I ran the Combofix it finished and restarted the computer and said it was preparing the log the log never came up after about 15-20 minutes of preparing it, the computer started playing some random ads and music for a few mins then went to a blue screen and restarted. I guess I should have stated that I had been running the computer in safe mode.. :help:

Edited by Bobcat Bob, 17 July 2012 - 03:14 AM.

  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This malware doesn't like to be touched. Let's try these tools.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply
Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#6
Bobcat Bob

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
First one


04:22:42.0349 1220 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
04:22:42.0817 1220 ============================================================
04:22:42.0817 1220 Current date / time: 2012/07/17 04:22:42.0817
04:22:42.0817 1220 SystemInfo:
04:22:42.0817 1220
04:22:42.0817 1220 OS Version: 6.1.7601 ServicePack: 1.0
04:22:42.0817 1220 Product type: Workstation
04:22:42.0817 1220 ComputerName: BOOKWORM-PC
04:22:42.0817 1220 UserName: Book Worm
04:22:42.0817 1220 Windows directory: C:\Windows
04:22:42.0817 1220 System windows directory: C:\Windows
04:22:42.0817 1220 Running under WOW64
04:22:42.0817 1220 Processor architecture: Intel x64
04:22:42.0817 1220 Number of processors: 2
04:22:42.0817 1220 Page size: 0x1000
04:22:42.0817 1220 Boot type: Safe boot with network
04:22:42.0817 1220 ============================================================
04:22:43.0643 1220 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:22:43.0659 1220 ============================================================
04:22:43.0659 1220 \Device\Harddisk0\DR0:
04:22:43.0659 1220 MBR partitions:
04:22:43.0659 1220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23CB1800
04:22:43.0659 1220 ============================================================
04:22:43.0675 1220 C: <-> \Device\Harddisk0\DR0\Partition0
04:22:43.0675 1220 ============================================================
04:22:43.0675 1220 Initialize success
04:22:43.0675 1220 ============================================================
04:23:27.0589 1696 ============================================================
04:23:27.0589 1696 Scan started
04:23:27.0589 1696 Mode: Manual; SigCheck; TDLFS;
04:23:27.0589 1696 ============================================================
04:23:28.0228 1696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:23:28.0400 1696 1394ohci - ok
04:23:28.0462 1696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:23:28.0478 1696 ACPI - ok
04:23:28.0509 1696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:23:28.0618 1696 AcpiPmi - ok
04:23:28.0790 1696 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:23:28.0883 1696 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
04:23:28.0883 1696 AdobeFlashPlayerUpdateSvc - detected UnsignedFile.Multi.Generic (1)
04:23:28.0961 1696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
04:23:28.0977 1696 adp94xx - ok
04:23:29.0039 1696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
04:23:29.0055 1696 adpahci - ok
04:23:29.0102 1696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
04:23:29.0102 1696 adpu320 - ok
04:23:29.0164 1696 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:23:29.0507 1696 AeLookupSvc - ok
04:23:29.0882 1696 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
04:23:29.0960 1696 AFD - ok
04:23:30.0412 1696 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
04:23:30.0553 1696 AgereSoftModem - ok
04:23:30.0646 1696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:23:30.0662 1696 agp440 - ok
04:23:30.0787 1696 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:23:30.0974 1696 ALG - ok
04:23:31.0083 1696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:23:31.0083 1696 aliide - ok
04:23:31.0145 1696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:23:31.0161 1696 amdide - ok
04:23:31.0239 1696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
04:23:31.0286 1696 AmdK8 - ok
04:23:31.0364 1696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
04:23:31.0411 1696 AmdPPM - ok
04:23:31.0567 1696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:23:31.0582 1696 amdsata - ok
04:23:31.0707 1696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
04:23:31.0738 1696 amdsbs - ok
04:23:31.0816 1696 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:23:31.0816 1696 amdxata - ok
04:23:31.0972 1696 ApfiltrService (7eaf337dfa1d6766b585c0559d55e27f) C:\Windows\system32\DRIVERS\Apfiltr.sys
04:23:32.0284 1696 ApfiltrService ( UnsignedFile.Multi.Generic ) - warning
04:23:32.0284 1696 ApfiltrService - detected UnsignedFile.Multi.Generic (1)
04:23:32.0362 1696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:23:32.0534 1696 AppID - ok
04:23:32.0612 1696 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:23:32.0674 1696 AppIDSvc - ok
04:23:32.0768 1696 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
04:23:32.0815 1696 Appinfo - ok
04:23:32.0955 1696 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:23:33.0002 1696 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
04:23:33.0002 1696 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
04:23:33.0064 1696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
04:23:33.0080 1696 arc - ok
04:23:33.0111 1696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
04:23:33.0111 1696 arcsas - ok
04:23:33.0158 1696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:23:33.0236 1696 AsyncMac - ok
04:23:33.0283 1696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:23:33.0298 1696 atapi - ok
04:23:33.0376 1696 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:23:33.0454 1696 AudioEndpointBuilder - ok
04:23:33.0470 1696 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:23:33.0501 1696 AudioSrv - ok
04:23:33.0563 1696 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
04:23:33.0657 1696 AxInstSV - ok
04:23:33.0735 1696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
04:23:33.0751 1696 b06bdrv - ok
04:23:33.0829 1696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:23:33.0875 1696 b57nd60a - ok
04:23:33.0938 1696 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:23:33.0985 1696 BDESVC - ok
04:23:34.0047 1696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:23:34.0094 1696 Beep - ok
04:23:34.0172 1696 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
04:23:34.0234 1696 BFE - ok
04:23:34.0297 1696 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
04:23:34.0390 1696 BITS - ok
04:23:34.0484 1696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:23:34.0515 1696 blbdrive - ok
04:23:34.0609 1696 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
04:23:34.0655 1696 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
04:23:34.0655 1696 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
04:23:34.0702 1696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:23:34.0749 1696 bowser - ok
04:23:34.0780 1696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
04:23:34.0811 1696 BrFiltLo - ok
04:23:34.0827 1696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
04:23:34.0858 1696 BrFiltUp - ok
04:23:34.0921 1696 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:23:34.0967 1696 BridgeMP - ok
04:23:35.0030 1696 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
04:23:35.0092 1696 Browser - ok
04:23:35.0123 1696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:23:35.0139 1696 Brserid - ok
04:23:35.0186 1696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:23:35.0217 1696 BrSerWdm - ok
04:23:35.0233 1696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:23:35.0279 1696 BrUsbMdm - ok
04:23:35.0295 1696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:23:35.0342 1696 BrUsbSer - ok
04:23:35.0373 1696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
04:23:35.0404 1696 BTHMODEM - ok
04:23:35.0513 1696 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:23:35.0545 1696 bthserv - ok
04:23:35.0638 1696 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
04:23:35.0685 1696 camsvc ( UnsignedFile.Multi.Generic ) - warning
04:23:35.0685 1696 camsvc - detected UnsignedFile.Multi.Generic (1)
04:23:35.0825 1696 catchme - ok
04:23:35.0857 1696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:23:35.0919 1696 cdfs - ok
04:23:35.0981 1696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
04:23:35.0997 1696 cdrom - ok
04:23:36.0059 1696 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:23:36.0122 1696 CertPropSvc - ok
04:23:36.0184 1696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
04:23:36.0200 1696 circlass - ok
04:23:36.0215 1696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:23:36.0231 1696 CLFS - ok
04:23:36.0309 1696 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:23:36.0496 1696 clr_optimization_v2.0.50727_32 - ok
04:23:36.0559 1696 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:23:36.0699 1696 clr_optimization_v2.0.50727_64 - ok
04:23:36.0777 1696 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:23:36.0933 1696 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - warning
04:23:36.0933 1696 clr_optimization_v4.0.30319_32 - detected UnsignedFile.Multi.Generic (1)
04:23:36.0964 1696 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:23:37.0089 1696 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - warning
04:23:37.0089 1696 clr_optimization_v4.0.30319_64 - detected UnsignedFile.Multi.Generic (1)
04:23:37.0151 1696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:23:37.0183 1696 CmBatt - ok
04:23:37.0198 1696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:23:37.0198 1696 cmdide - ok
04:23:37.0245 1696 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:23:37.0276 1696 CNG - ok
04:23:37.0354 1696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:23:37.0354 1696 Compbatt - ok
04:23:37.0417 1696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
04:23:37.0448 1696 CompositeBus - ok
04:23:37.0463 1696 COMSysApp - ok
04:23:37.0619 1696 ConfigFree Gadget Service (bcf2c3177e4777e3793310bac0244c1a) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
04:23:37.0619 1696 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - warning
04:23:37.0619 1696 ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic (1)
04:23:37.0651 1696 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
04:23:37.0666 1696 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
04:23:37.0666 1696 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
04:23:37.0697 1696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
04:23:37.0713 1696 crcdisk - ok
04:23:37.0807 1696 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
04:23:37.0838 1696 CryptSvc - ok
04:23:37.0900 1696 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:23:37.0963 1696 DcomLaunch - ok
04:23:38.0009 1696 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:23:38.0056 1696 defragsvc - ok
04:23:38.0119 1696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:23:38.0150 1696 DfsC - ok
04:23:38.0228 1696 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
04:23:38.0275 1696 Dhcp - ok
04:23:38.0321 1696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:23:38.0368 1696 discache - ok
04:23:38.0509 1696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
04:23:38.0540 1696 Disk - ok
04:23:38.0618 1696 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
04:23:38.0665 1696 Dnscache - ok
04:23:38.0711 1696 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
04:23:38.0758 1696 dot3svc - ok
04:23:38.0774 1696 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
04:23:38.0821 1696 DPS - ok
04:23:38.0883 1696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:23:38.0914 1696 drmkaud - ok
04:23:39.0023 1696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:23:39.0086 1696 DXGKrnl - ok
04:23:39.0117 1696 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:23:39.0179 1696 EapHost - ok
04:23:39.0320 1696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
04:23:39.0398 1696 ebdrv - ok
04:23:39.0507 1696 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
04:23:39.0538 1696 EFS - ok
04:23:39.0616 1696 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
04:23:39.0679 1696 ehRecvr - ok
04:23:39.0741 1696 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:23:39.0772 1696 ehSched - ok
04:23:39.0897 1696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
04:23:39.0913 1696 elxstor - ok
04:23:39.0959 1696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:23:39.0975 1696 ErrDev - ok
04:23:40.0037 1696 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:23:40.0100 1696 EventSystem - ok
04:23:40.0147 1696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:23:40.0193 1696 exfat - ok
04:23:40.0240 1696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:23:40.0303 1696 fastfat - ok
04:23:40.0427 1696 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
04:23:40.0505 1696 Fax - ok
04:23:40.0568 1696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
04:23:40.0599 1696 fdc - ok
04:23:40.0661 1696 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:23:40.0739 1696 fdPHost - ok
04:23:40.0771 1696 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:23:40.0849 1696 FDResPub - ok
04:23:40.0895 1696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:23:40.0911 1696 FileInfo - ok
04:23:40.0927 1696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:23:40.0989 1696 Filetrace - ok
04:23:41.0020 1696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
04:23:41.0051 1696 flpydisk - ok
04:23:41.0176 1696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:23:41.0192 1696 FltMgr - ok
04:23:41.0379 1696 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
04:23:41.0473 1696 FontCache - ok
04:23:41.0551 1696 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:23:41.0831 1696 FontCache3.0.0.0 - ok
04:23:41.0894 1696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:23:41.0894 1696 FsDepends - ok
04:23:41.0941 1696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:23:41.0941 1696 Fs_Rec - ok
04:23:42.0003 1696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:23:42.0019 1696 fvevol - ok
04:23:42.0128 1696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
04:23:42.0128 1696 gagp30kx - ok
04:23:42.0393 1696 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
04:23:42.0830 1696 GameConsoleService ( UnsignedFile.Multi.Generic ) - warning
04:23:42.0830 1696 GameConsoleService - detected UnsignedFile.Multi.Generic (1)
04:23:42.0861 1696 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:23:43.0469 1696 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - warning
04:23:43.0469 1696 GEARAspiWDM - detected UnsignedFile.Multi.Generic (1)
04:23:43.0532 1696 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
04:23:43.0594 1696 gpsvc - ok
04:23:43.0688 1696 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:23:43.0745 1696 gupdate ( UnsignedFile.Multi.Generic ) - warning
04:23:43.0745 1696 gupdate - detected UnsignedFile.Multi.Generic (1)
04:23:43.0765 1696 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:23:43.0785 1696 gupdatem ( UnsignedFile.Multi.Generic ) - warning
04:23:43.0785 1696 gupdatem - detected UnsignedFile.Multi.Generic (1)
04:23:43.0825 1696 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:23:43.0865 1696 gusvc ( UnsignedFile.Multi.Generic ) - warning
04:23:43.0865 1696 gusvc - detected UnsignedFile.Multi.Generic (1)
04:23:43.0895 1696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:23:43.0955 1696 hcw85cir - ok
04:23:44.0005 1696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:23:44.0035 1696 HDAudBus - ok
04:23:44.0055 1696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
04:23:44.0085 1696 HidBatt - ok
04:23:44.0125 1696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
04:23:44.0175 1696 HidBth - ok
04:23:44.0195 1696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
04:23:44.0215 1696 HidIr - ok
04:23:44.0255 1696 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:23:44.0305 1696 hidserv - ok
04:23:44.0375 1696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:23:44.0395 1696 HidUsb - ok
04:23:44.0405 1696 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
04:23:44.0495 1696 hkmsvc - ok
04:23:44.0535 1696 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
04:23:44.0585 1696 HomeGroupListener - ok
04:23:44.0625 1696 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
04:23:44.0655 1696 HomeGroupProvider - ok
04:23:44.0705 1696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:23:44.0715 1696 HpSAMD - ok
04:23:44.0785 1696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:23:44.0835 1696 HTTP - ok
04:23:44.0855 1696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:23:44.0865 1696 hwpolicy - ok
04:23:44.0935 1696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
04:23:44.0945 1696 i8042prt - ok
04:23:44.0995 1696 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\drivers\iaStor.sys
04:23:45.0655 1696 iaStor ( UnsignedFile.Multi.Generic ) - warning
04:23:45.0655 1696 iaStor - detected UnsignedFile.Multi.Generic (1)
04:23:45.0795 1696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:23:45.0815 1696 iaStorV - ok
04:23:45.0955 1696 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
04:23:45.0985 1696 IDriverT ( UnsignedFile.Multi.Generic ) - warning
04:23:45.0985 1696 IDriverT - detected UnsignedFile.Multi.Generic (1)
04:23:46.0095 1696 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:23:46.0395 1696 idsvc - ok
04:23:46.0765 1696 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
04:23:47.0025 1696 igfx - ok
04:23:47.0165 1696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
04:23:47.0175 1696 iirsp - ok
04:23:47.0265 1696 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
04:23:47.0325 1696 IKEEXT - ok
04:23:47.0475 1696 IntcAzAudAddService (b6e61b181884527cc5b68c2d79504b43) C:\Windows\system32\drivers\RTKVHD64.sys
04:23:47.0735 1696 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
04:23:47.0735 1696 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
04:23:47.0875 1696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:23:47.0885 1696 intelide - ok
04:23:47.0895 1696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:23:47.0915 1696 intelppm - ok
04:23:47.0985 1696 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:23:48.0025 1696 IPBusEnum - ok
04:23:48.0105 1696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:23:48.0175 1696 IpFilterDriver - ok
04:23:48.0295 1696 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
04:23:48.0355 1696 iphlpsvc - ok
04:23:48.0375 1696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:23:48.0415 1696 IPMIDRV - ok
04:23:48.0465 1696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:23:48.0515 1696 IPNAT - ok
04:23:48.0825 1696 iPod Service (f0eac938ecc1b2764d04ce16f8627e56) C:\Program Files\iPod\bin\iPodService.exe
04:23:49.0005 1696 iPod Service ( UnsignedFile.Multi.Generic ) - warning
04:23:49.0005 1696 iPod Service - detected UnsignedFile.Multi.Generic (1)
04:23:49.0085 1696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:23:49.0135 1696 IRENUM - ok
04:23:49.0205 1696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:23:49.0215 1696 isapnp - ok
04:23:49.0255 1696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:23:49.0315 1696 iScsiPrt - ok
04:23:49.0405 1696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
04:23:49.0415 1696 kbdclass - ok
04:23:49.0455 1696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:23:49.0465 1696 kbdhid - ok
04:23:49.0525 1696 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:23:49.0545 1696 KeyIso - ok
04:23:49.0585 1696 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:23:49.0595 1696 KSecDD - ok
04:23:49.0645 1696 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:23:49.0655 1696 KSecPkg - ok
04:23:49.0725 1696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:23:49.0795 1696 ksthunk - ok
04:23:50.0035 1696 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:23:50.0175 1696 KtmRm - ok
04:23:50.0255 1696 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
04:23:50.0305 1696 LanmanServer - ok
04:23:50.0435 1696 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
04:23:50.0515 1696 LanmanWorkstation - ok
04:23:50.0695 1696 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
04:23:50.0755 1696 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
04:23:50.0755 1696 LightScribeService - detected UnsignedFile.Multi.Generic (1)
04:23:50.0925 1696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:23:51.0015 1696 lltdio - ok
04:23:51.0125 1696 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:23:51.0215 1696 lltdsvc - ok
04:23:51.0255 1696 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:23:51.0335 1696 lmhosts - ok
04:23:51.0435 1696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
04:23:51.0455 1696 LSI_FC - ok
04:23:51.0515 1696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
04:23:51.0575 1696 LSI_SAS - ok
04:23:51.0635 1696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
04:23:51.0645 1696 LSI_SAS2 - ok
04:23:51.0685 1696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
04:23:51.0695 1696 LSI_SCSI - ok
04:23:51.0815 1696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:23:51.0965 1696 luafv - ok
04:23:52.0205 1696 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
04:23:52.0235 1696 Mcx2Svc - ok
04:23:52.0275 1696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
04:23:52.0295 1696 megasas - ok
04:23:52.0385 1696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
04:23:52.0405 1696 MegaSR - ok
04:23:52.0465 1696 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:23:52.0535 1696 MMCSS - ok
04:23:52.0635 1696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:23:52.0745 1696 Modem - ok
04:23:52.0815 1696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:23:52.0855 1696 monitor - ok
04:23:52.0975 1696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:23:52.0995 1696 mouclass - ok
04:23:53.0215 1696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:23:53.0275 1696 mouhid - ok
04:23:53.0335 1696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:23:53.0355 1696 mountmgr - ok
04:23:53.0515 1696 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
04:23:53.0535 1696 MpFilter - ok
04:23:53.0575 1696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:23:53.0585 1696 mpio - ok
04:23:53.0795 1696 MpKsle154af47 - ok
04:23:53.0905 1696 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
04:23:54.0665 1696 MpNWMon ( UnsignedFile.Multi.Generic ) - warning
04:23:54.0665 1696 MpNWMon - detected UnsignedFile.Multi.Generic (1)
04:23:54.0795 1696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:23:54.0865 1696 mpsdrv - ok
04:23:54.0965 1696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:23:55.0015 1696 MRxDAV - ok
04:23:55.0215 1696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:23:55.0295 1696 mrxsmb - ok
04:23:56.0235 1696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:23:56.0295 1696 mrxsmb10 - ok
04:23:56.0485 1696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:23:56.0575 1696 mrxsmb20 - ok
04:23:56.0695 1696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:23:56.0725 1696 msahci - ok
04:23:57.0235 1696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:23:57.0245 1696 msdsm - ok
04:23:57.0325 1696 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:23:57.0425 1696 MSDTC - ok
04:23:57.0485 1696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:23:57.0575 1696 Msfs - ok
04:23:57.0615 1696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:23:57.0725 1696 mshidkmdf - ok
04:23:57.0805 1696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:23:57.0815 1696 msisadrv - ok
04:23:58.0115 1696 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:23:58.0255 1696 MSiSCSI - ok
04:23:58.0265 1696 msiserver - ok
04:23:58.0382 1696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:23:58.0530 1696 MSKSSRV - ok
04:23:58.0575 1696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:23:58.0688 1696 MSPCLOCK - ok
04:23:58.0746 1696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:23:58.0894 1696 MSPQM - ok
04:23:58.0948 1696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:23:58.0968 1696 MsRPC - ok
04:23:59.0020 1696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
04:23:59.0037 1696 mssmbios - ok
04:23:59.0128 1696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:23:59.0223 1696 MSTEE - ok
04:23:59.0276 1696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
04:23:59.0389 1696 MTConfig - ok
04:23:59.0524 1696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:23:59.0536 1696 Mup - ok
04:23:59.0662 1696 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
04:23:59.0732 1696 napagent - ok
04:23:59.0845 1696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:23:59.0901 1696 NativeWifiP - ok
04:24:00.0030 1696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:24:00.0065 1696 NDIS - ok
04:24:00.0110 1696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:24:00.0219 1696 NdisCap - ok
04:24:00.0292 1696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:24:00.0370 1696 NdisTapi - ok
04:24:00.0584 1696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:24:00.0712 1696 Ndisuio - ok
04:24:00.0745 1696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:24:00.0851 1696 NdisWan - ok
04:24:00.0893 1696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:24:01.0093 1696 NDProxy - ok
04:24:01.0152 1696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:24:01.0362 1696 NetBIOS - ok
04:24:01.0534 1696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:24:01.0630 1696 NetBT - ok
04:24:01.0697 1696 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:24:01.0740 1696 Netlogon - ok
04:24:01.0948 1696 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:24:02.0089 1696 Netman - ok
04:24:02.0238 1696 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:24:02.0334 1696 netprofm - ok
04:24:02.0478 1696 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:24:03.0254 1696 NetTcpPortSharing - ok
04:24:03.0563 1696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
04:24:03.0603 1696 nfrd960 - ok
04:24:03.0883 1696 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:24:05.0062 1696 NisDrv ( UnsignedFile.Multi.Generic ) - warning
04:24:05.0062 1696 NisDrv - detected UnsignedFile.Multi.Generic (1)
04:24:05.0324 1696 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
04:24:05.0486 1696 NisSrv - ok
04:24:06.0304 1696 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
04:24:06.0437 1696 NlaSvc - ok
04:24:06.0501 1696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:24:06.0589 1696 Npfs - ok
04:24:06.0629 1696 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:24:06.0729 1696 nsi - ok
04:24:06.0805 1696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:24:06.0957 1696 nsiproxy - ok
04:24:08.0612 1696 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:24:08.0810 1696 Ntfs - ok
04:24:09.0123 1696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:24:09.0196 1696 Null - ok
04:24:09.0293 1696 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:24:09.0307 1696 nvraid - ok
04:24:09.0819 1696 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:24:09.0872 1696 nvstor - ok
04:24:09.0978 1696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:24:09.0991 1696 nv_agp - ok
04:24:10.0172 1696 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:24:10.0563 1696 odserv ( UnsignedFile.Multi.Generic ) - warning
04:24:10.0563 1696 odserv - detected UnsignedFile.Multi.Generic (1)
04:24:10.0593 1696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:24:10.0616 1696 ohci1394 - ok
04:24:10.0683 1696 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:24:10.0855 1696 ose ( UnsignedFile.Multi.Generic ) - warning
04:24:10.0855 1696 ose - detected UnsignedFile.Multi.Generic (1)
04:24:10.0910 1696 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:24:11.0041 1696 p2pimsvc - ok
04:24:11.0112 1696 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:24:11.0194 1696 p2psvc - ok
04:24:11.0230 1696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
04:24:11.0285 1696 Parport - ok
04:24:11.0335 1696 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:24:11.0352 1696 partmgr - ok
04:24:11.0778 1696 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:24:11.0883 1696 PcaSvc - ok
04:24:11.0931 1696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:24:12.0023 1696 pci - ok
04:24:12.0086 1696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:24:12.0105 1696 pciide - ok
04:24:12.0220 1696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
04:24:12.0252 1696 pcmcia - ok
04:24:12.0296 1696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:24:12.0307 1696 pcw - ok
04:24:12.0504 1696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:24:12.0587 1696 PEAUTH - ok
04:24:12.0814 1696 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:24:13.0066 1696 PerfHost - ok
04:24:13.0243 1696 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
04:24:13.0556 1696 PGEffect ( UnsignedFile.Multi.Generic ) - warning
04:24:13.0557 1696 PGEffect - detected UnsignedFile.Multi.Generic (1)
04:24:14.0317 1696 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
04:24:14.0433 1696 pla - ok
04:24:14.0585 1696 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
04:24:14.0699 1696 PlugPlay - ok
04:24:14.0759 1696 PMCF (b7a792764e896e8621901550908d6ad8) C:\Windows\system32\drivers\PMCF.sys
04:24:15.0021 1696 PMCF ( UnsignedFile.Multi.Generic ) - warning
04:24:15.0021 1696 PMCF - detected UnsignedFile.Multi.Generic (1)
04:24:15.0155 1696 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:24:15.0234 1696 PNRPAutoReg - ok
04:24:16.0059 1696 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:24:16.0214 1696 PNRPsvc - ok
04:24:16.0343 1696 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
04:24:16.0455 1696 PolicyAgent - ok
04:24:16.0524 1696 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:24:16.0593 1696 Power - ok
04:24:16.0682 1696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:24:16.0739 1696 PptpMiniport - ok
04:24:16.0793 1696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
04:24:16.0835 1696 Processor - ok
04:24:16.0910 1696 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
04:24:16.0988 1696 ProfSvc - ok
04:24:17.0023 1696 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:24:17.0038 1696 ProtectedStorage - ok
04:24:17.0082 1696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:24:17.0122 1696 Psched - ok
04:24:17.0211 1696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
04:24:17.0261 1696 ql2300 - ok
04:24:18.0077 1696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
04:24:18.0089 1696 ql40xx - ok
04:24:18.0207 1696 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:24:18.0261 1696 QWAVE - ok
04:24:18.0317 1696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:24:18.0374 1696 QWAVEdrv - ok
04:24:18.0418 1696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:24:18.0510 1696 RasAcd - ok
04:24:18.0570 1696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:24:18.0643 1696 RasAgileVpn - ok
04:24:18.0678 1696 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:24:18.0757 1696 RasAuto - ok
04:24:18.0804 1696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:24:18.0880 1696 Rasl2tp - ok
04:24:18.0966 1696 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
04:24:19.0131 1696 RasMan - ok
04:24:19.0187 1696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:24:19.0259 1696 RasPppoe - ok
04:24:19.0849 1696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:24:19.0975 1696 RasSstp - ok
04:24:20.0058 1696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:24:20.0109 1696 rdbss - ok
04:24:20.0138 1696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
04:24:20.0179 1696 rdpbus - ok
04:24:20.0198 1696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:24:20.0290 1696 RDPCDD - ok
04:24:20.0344 1696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:24:20.0422 1696 RDPENCDD - ok
04:24:20.0450 1696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:24:20.0510 1696 RDPREFMP - ok
04:24:20.0546 1696 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
04:24:20.0649 1696 RDPWD - ok
04:24:20.0744 1696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:24:20.0769 1696 rdyboost - ok
04:24:20.0859 1696 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
04:24:20.0987 1696 RemoteAccess - ok
04:24:21.0103 1696 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:24:21.0157 1696 RemoteRegistry - ok
04:24:21.0198 1696 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
04:24:21.0508 1696 rimspci ( UnsignedFile.Multi.Generic ) - warning
04:24:21.0508 1696 rimspci - detected UnsignedFile.Multi.Generic (1)
04:24:21.0620 1696 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
04:24:21.0916 1696 rixdpcie ( UnsignedFile.Multi.Generic ) - warning
04:24:21.0916 1696 rixdpcie - detected UnsignedFile.Multi.Generic (1)
04:24:21.0968 1696 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:24:22.0034 1696 RpcEptMapper - ok
04:24:22.0069 1696 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:24:22.0086 1696 RpcLocator - ok
04:24:22.0172 1696 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
04:24:22.0332 1696 RpcSs - ok
04:24:22.0409 1696 RSELSVC - ok
04:24:22.0485 1696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:24:22.0595 1696 rspndr - ok
04:24:22.0666 1696 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
04:24:23.0094 1696 RTL8169 ( UnsignedFile.Multi.Generic ) - warning
04:24:23.0094 1696 RTL8169 - detected UnsignedFile.Multi.Generic (1)
04:24:23.0181 1696 rtl819xpn64 (44062ea1bdb558d28c1a5f36c24a1db8) C:\Windows\system32\DRIVERS\rtl819xp.sys
04:24:23.0546 1696 rtl819xpn64 ( UnsignedFile.Multi.Generic ) - warning
04:24:23.0546 1696 rtl819xpn64 - detected UnsignedFile.Multi.Generic (1)
04:24:23.0821 1696 RtlProt (d1664991a07acf2703d4a4e5be4b6c80) C:\Windows\system32\DRIVERS\rtlprot.sys
04:24:24.0214 1696 RtlProt ( UnsignedFile.Multi.Generic ) - warning
04:24:24.0214 1696 RtlProt - detected UnsignedFile.Multi.Generic (1)
04:24:24.0357 1696 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:24:24.0380 1696 SamSs - ok
04:24:24.0476 1696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:24:24.0498 1696 sbp2port - ok
04:24:24.0651 1696 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:24:24.0755 1696 SCardSvr - ok
04:24:24.0790 1696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:24:24.0846 1696 scfilter - ok
04:24:25.0355 1696 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
04:24:25.0449 1696 Schedule - ok
04:24:25.0768 1696 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:24:25.0970 1696 SCPolicySvc - ok
04:24:26.0060 1696 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
04:24:26.0114 1696 sdbus - ok
04:24:26.0159 1696 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
04:24:26.0208 1696 SDRSVC - ok
04:24:26.0401 1696 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
04:24:26.0418 1696 SeaPort - ok
04:24:26.0480 1696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:24:26.0531 1696 secdrv - ok
04:24:26.0602 1696 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
04:24:26.0659 1696 seclogon - ok
04:24:26.0674 1696 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:24:26.0808 1696 SENS - ok
04:24:26.0851 1696 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:24:26.0927 1696 SensrSvc - ok
04:24:27.0020 1696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
04:24:27.0042 1696 Serenum - ok
04:24:27.0145 1696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
04:24:27.0234 1696 Serial - ok
04:24:27.0283 1696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
04:24:27.0299 1696 sermouse - ok
04:24:27.0424 1696 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
04:24:27.0466 1696 SessionEnv - ok
04:24:27.0525 1696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:24:27.0570 1696 sffdisk - ok
04:24:27.0589 1696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:24:27.0616 1696 sffp_mmc - ok
04:24:27.0650 1696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:24:27.0671 1696 sffp_sd - ok
04:24:27.0719 1696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
04:24:27.0779 1696 sfloppy - ok
04:24:27.0880 1696 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:24:27.0962 1696 SharedAccess - ok
04:24:28.0116 1696 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
04:24:28.0222 1696 ShellHWDetection - ok
04:24:28.0337 1696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
04:24:28.0348 1696 SiSRaid2 - ok
04:24:28.0407 1696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
04:24:28.0419 1696 SiSRaid4 - ok
04:24:28.0446 1696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:24:28.0534 1696 Smb - ok
04:24:28.0608 1696 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:24:28.0625 1696 SNMPTRAP - ok
04:24:28.0669 1696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:24:28.0683 1696 spldr - ok
04:24:28.0759 1696 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
04:24:28.0824 1696 Spooler - ok
04:24:29.0842 1696 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
04:24:30.0006 1696 sppsvc - ok
04:24:30.0237 1696 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:24:30.0307 1696 sppuinotify - ok
04:24:30.0407 1696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:24:30.0472 1696 srv - ok
04:24:30.0510 1696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:24:30.0566 1696 srv2 - ok
04:24:30.0604 1696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:24:30.0697 1696 srvnet - ok
04:24:30.0796 1696 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:24:30.0916 1696 SSDPSRV - ok
04:24:30.0999 1696 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:24:31.0175 1696 SstpSvc - ok
04:24:31.0207 1696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
04:24:31.0218 1696 stexstor - ok
04:24:31.0400 1696 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
04:24:31.0764 1696 stisvc - ok
04:24:31.0908 1696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
04:24:31.0922 1696 swenum - ok
04:24:32.0224 1696 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:24:32.0277 1696 swprv - ok
04:24:32.0325 1696 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
04:24:32.0596 1696 SymIM ( UnsignedFile.Multi.Generic ) - warning
04:24:32.0596 1696 SymIM - detected UnsignedFile.Multi.Generic (1)
04:24:32.0755 1696 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
04:24:32.0850 1696 SysMain - ok
04:24:33.0004 1696 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
04:24:33.0033 1696 TabletInputService - ok
04:24:33.0066 1696 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
04:24:33.0160 1696 TapiSrv - ok
04:24:33.0175 1696 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:24:33.0219 1696 TBS - ok
04:24:33.0716 1696 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:24:33.0766 1696 Tcpip - ok
04:24:34.0100 1696 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:24:34.0184 1696 TCPIP6 - ok
04:24:34.0437 1696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:24:34.0497 1696 tcpipreg - ok
04:24:34.0557 1696 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
04:24:35.0076 1696 tdcmdpst ( UnsignedFile.Multi.Generic ) - warning
04:24:35.0076 1696 tdcmdpst - detected UnsignedFile.Multi.Generic (1)
04:24:35.0094 1696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:24:35.0131 1696 TDPIPE - ok
04:24:35.0164 1696 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
04:24:35.0184 1696 TDTCP - ok
04:24:35.0227 1696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:24:35.0277 1696 tdx - ok
04:24:35.0289 1696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
04:24:35.0304 1696 TermDD - ok
04:24:35.0357 1696 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
04:24:35.0472 1696 TermService - ok
04:24:35.0757 1696 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:24:35.0859 1696 Themes - ok
04:24:35.0911 1696 Thpdrv (e29a0c5c97615bffab138abe308733b4) C:\Windows\system32\DRIVERS\thpdrv.sys
04:24:36.0257 1696 Thpdrv ( UnsignedFile.Multi.Generic ) - warning
04:24:36.0257 1696 Thpdrv - detected UnsignedFile.Multi.Generic (1)
04:24:36.0318 1696 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
04:24:36.0700 1696 Thpevm ( UnsignedFile.Multi.Generic ) - warning
04:24:36.0700 1696 Thpevm - detected UnsignedFile.Multi.Generic (1)
04:24:36.0787 1696 Thpsrv (8f0d1a0c9c25cc61e193c0c22422a9ea) C:\Windows\system32\ThpSrv.exe
04:24:36.0835 1696 Thpsrv ( UnsignedFile.Multi.Generic ) - warning
04:24:36.0835 1696 Thpsrv - detected UnsignedFile.Multi.Generic (1)
04:24:36.0872 1696 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:24:36.0916 1696 THREADORDER - ok
04:24:37.0118 1696 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
04:24:37.0145 1696 TNaviSrv ( UnsignedFile.Multi.Generic ) - warning
04:24:37.0145 1696 TNaviSrv - detected UnsignedFile.Multi.Generic (1)
04:24:37.0214 1696 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
04:24:37.0232 1696 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
04:24:37.0233 1696 TODDSrv - detected UnsignedFile.Multi.Generic (1)
04:24:37.0361 1696 TosCoSrv (7810e3a97e004cd2641fd3fc5d2a62cd) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
04:24:37.0404 1696 TosCoSrv ( UnsignedFile.Multi.Generic ) - warning
04:24:37.0404 1696 TosCoSrv - detected UnsignedFile.Multi.Generic (1)
04:24:37.0925 1696 TOSHIBA eco Utility Service (97735d78da5737ea8428d551fa263eea) C:\Program Files\TOSHIBA\TECO\TecoService.exe
04:24:37.0953 1696 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - warning
04:24:37.0953 1696 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic (1)
04:24:37.0991 1696 TOSHIBA HDD SSD Alert Service (b67c69e2982769355d9ff76dd3b2a0fd) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
04:24:38.0075 1696 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - warning
04:24:38.0075 1696 TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic (1)
04:24:38.0114 1696 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:24:38.0182 1696 TrkWks - ok
04:24:38.0252 1696 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
04:24:38.0344 1696 TrustedInstaller - ok
04:24:38.0399 1696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:24:38.0461 1696 tssecsrv - ok
04:24:38.0518 1696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:24:38.0581 1696 TsUsbFlt - ok
04:24:38.0596 1696 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
04:24:38.0672 1696 TsUsbGD - ok
04:24:38.0734 1696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:24:38.0789 1696 tunnel - ok
04:24:38.0847 1696 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
04:24:39.0087 1696 TVALZ ( UnsignedFile.Multi.Generic ) - warning
04:24:39.0087 1696 TVALZ - detected UnsignedFile.Multi.Generic (1)
04:24:39.0127 1696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
04:24:39.0139 1696 uagp35 - ok
04:24:39.0161 1696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:24:39.0276 1696 udfs - ok
04:24:39.0336 1696 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:24:39.0423 1696 UI0Detect - ok
04:24:39.0498 1696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:24:39.0510 1696 uliagpkx - ok
04:24:39.0563 1696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
04:24:39.0638 1696 umbus - ok
04:24:39.0671 1696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
04:24:39.0685 1696 UmPass - ok
04:24:39.0763 1696 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:24:39.0907 1696 upnphost - ok
04:24:39.0945 1696 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:24:40.0163 1696 usbccgp - ok
04:24:40.0238 1696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:24:40.0258 1696 usbcir - ok
04:24:40.0269 1696 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
04:24:40.0298 1696 usbehci - ok
04:24:40.0320 1696 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:24:40.0421 1696 usbhub - ok
04:24:40.0463 1696 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:24:40.0501 1696 usbohci - ok
04:24:40.0560 1696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:24:40.0583 1696 usbprint - ok
04:24:40.0611 1696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:24:40.0629 1696 usbscan - ok
04:24:40.0644 1696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:24:40.0688 1696 USBSTOR - ok
04:24:40.0716 1696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
04:24:40.0754 1696 usbuhci - ok
04:24:40.0832 1696 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
04:24:40.0853 1696 usbvideo - ok
04:24:40.0889 1696 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:24:40.0948 1696 UxSms - ok
04:24:40.0981 1696 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:24:41.0004 1696 VaultSvc - ok
04:24:41.0045 1696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:24:41.0056 1696 vdrvroot - ok
04:24:41.0093 1696 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
04:24:41.0150 1696 vds - ok
04:24:41.0207 1696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:24:41.0338 1696 vga - ok
04:24:41.0356 1696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:24:41.0407 1696 VgaSave - ok
04:24:41.0762 1696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:24:41.0780 1696 vhdmp - ok
04:24:41.0813 1696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:24:41.0823 1696 viaide - ok
04:24:41.0856 1696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:24:41.0867 1696 volmgr - ok
04:24:41.0928 1696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:24:41.0946 1696 volmgrx - ok
04:24:41.0991 1696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:24:42.0014 1696 volsnap - ok
04:24:42.0091 1696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
04:24:42.0108 1696 vsmraid - ok
04:24:42.0247 1696 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
04:24:42.0320 1696 VSS - ok
04:24:42.0511 1696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:24:42.0566 1696 vwifibus - ok
04:24:42.0662 1696 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:24:42.0805 1696 W32Time - ok
04:24:42.0848 1696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
04:24:42.0890 1696 WacomPen - ok
04:24:42.0945 1696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:24:43.0024 1696 WANARP - ok
04:24:43.0033 1696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:24:43.0120 1696 Wanarpv6 - ok
04:24:43.0243 1696 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:24:43.0281 1696 WatAdminSvc - ok
04:24:43.0912 1696 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
04:24:44.0001 1696 wbengine - ok
04:24:44.0173 1696 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:24:44.0209 1696 WbioSrvc - ok
04:24:44.0249 1696 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
04:24:44.0309 1696 wcncsvc - ok
04:24:44.0332 1696 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:24:44.0359 1696 WcsPlugInService - ok
04:24:44.0412 1696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
04:24:44.0423 1696 Wd - ok
04:24:44.0458 1696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:24:44.0487 1696 Wdf01000 - ok
04:24:44.0535 1696 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:24:44.0600 1696 WdiServiceHost - ok
04:24:44.0605 1696 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:24:44.0638 1696 WdiSystemHost - ok
04:24:44.0695 1696 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
04:24:44.0731 1696 WebClient - ok
04:24:44.0793 1696 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:24:44.0861 1696 Wecsvc - ok
04:24:44.0878 1696 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:24:45.0044 1696 wercplsupport - ok
04:24:45.0090 1696 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:24:45.0171 1696 WerSvc - ok
04:24:45.0273 1696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:24:45.0318 1696 WfpLwf - ok
04:24:45.0356 1696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:24:45.0366 1696 WIMMount - ok
04:24:45.0620 1696 WinDefend - ok
04:24:45.0628 1696 WinHttpAutoProxySvc - ok
04:24:45.0885 1696 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:24:45.0944 1696 Winmgmt - ok
04:24:46.0177 1696 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
04:24:46.0312 1696 WinRM - ok
04:24:46.0554 1696 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:24:46.0610 1696 Wlansvc - ok
04:24:46.0941 1696 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:24:47.0248 1696 wlidsvc ( UnsignedFile.Multi.Generic ) - warning
04:24:47.0248 1696 wlidsvc - detected UnsignedFile.Multi.Generic (1)
04:24:47.0521 1696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:24:47.0581 1696 WmiAcpi - ok
04:24:47.0789 1696 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:24:47.0815 1696 wmiApSrv - ok
04:24:47.0924 1696 WMPNetworkSvc - ok
04:24:47.0972 1696 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:24:48.0015 1696 WPCSvc - ok
04:24:48.0056 1696 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
04:24:48.0119 1696 WPDBusEnum - ok
04:24:48.0193 1696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:24:48.0265 1696 ws2ifsl - ok
04:24:48.0315 1696 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
04:24:48.0349 1696 wscsvc - ok
04:24:48.0354 1696 WSearch - ok
04:24:48.0491 1696 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
04:24:48.0631 1696 wuauserv - ok
04:24:48.0797 1696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:24:48.0926 1696 WudfPf - ok
04:24:48.0990 1696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:24:49.0046 1696 WUDFRd - ok
04:24:49.0093 1696 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
04:24:49.0159 1696 wudfsvc - ok
04:24:49.0197 1696 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:24:49.0221 1696 WwanSvc - ok
04:24:49.0911 1696 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
04:24:50.0021 1696 YahooAUService ( UnsignedFile.Multi.Generic ) - warning
04:24:50.0021 1696 YahooAUService - detected UnsignedFile.Multi.Generic (1)
04:24:50.0081 1696 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
04:24:50.0108 1696 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
04:24:50.0108 1696 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
04:24:50.0205 1696 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:24:50.0205 1696 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:24:50.0232 1696 Boot (0x1200) (d50544ec9348457d07cc71f3569c40b9) \Device\Harddisk0\DR0\Partition0
04:24:50.0239 1696 \Device\Harddisk0\DR0\Partition0 - ok
04:24:50.0244 1696 ============================================================
04:24:50.0244 1696 Scan finished
04:24:50.0245 1696 ============================================================
04:24:50.0269 1244 Detected object count: 45
04:24:50.0269 1244 Actual detected object count: 45
04:26:44.0702 1244 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0702 1244 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0702 1244 ApfiltrService ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0702 1244 ApfiltrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0705 1244 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0705 1244 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0708 1244 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0709 1244 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0712 1244 camsvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0712 1244 camsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0714 1244 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0715 1244 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0718 1244 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0718 1244 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0721 1244 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0721 1244 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0724 1244 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0725 1244 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0730 1244 GameConsoleService ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0730 1244 GameConsoleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0733 1244 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0733 1244 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0736 1244 gupdate ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0736 1244 gupdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0739 1244 gupdatem ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0739 1244 gupdatem ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0743 1244 gusvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0743 1244 gusvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0753 1244 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0753 1244 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0762 1244 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0762 1244 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0765 1244 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0765 1244 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0768 1244 iPod Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0768 1244 iPod Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0771 1244 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0772 1244 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0775 1244 MpNWMon ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0775 1244 MpNWMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0778 1244 NisDrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0778 1244 NisDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0781 1244 odserv ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0781 1244 odserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0784 1244 ose ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0784 1244 ose ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0795 1244 PGEffect ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0795 1244 PGEffect ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0797 1244 PMCF ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0797 1244 PMCF ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0801 1244 rimspci ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0801 1244 rimspci ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0804 1244 rixdpcie ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0804 1244 rixdpcie ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0811 1244 RTL8169 ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0811 1244 RTL8169 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0817 1244 rtl819xpn64 ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0817 1244 rtl819xpn64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0820 1244 RtlProt ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0820 1244 RtlProt ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0823 1244 SymIM ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0823 1244 SymIM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0830 1244 tdcmdpst ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0830 1244 tdcmdpst ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0833 1244 Thpdrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0833 1244 Thpdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0837 1244 Thpevm ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0837 1244 Thpevm ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0841 1244 Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0841 1244 Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0844 1244 TNaviSrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0844 1244 TNaviSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0847 1244 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0847 1244 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0850 1244 TosCoSrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0850 1244 TosCoSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0853 1244 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0853 1244 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0856 1244 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0856 1244 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0859 1244 TVALZ ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0860 1244 TVALZ ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0864 1244 wlidsvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0864 1244 wlidsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:44.0872 1244 YahooAUService ( UnsignedFile.Multi.Generic ) - skipped by user
04:26:44.0872 1244 YahooAUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:26:46.0202 1244 \Device\Harddisk0\DR0\# - copied to quarantine
04:26:46.0203 1244 \Device\Harddisk0\DR0 - copied to quarantine
04:26:46.0254 1244 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
04:26:46.0259 1244 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
04:26:46.0268 1244 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
04:26:46.0280 1244 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
04:26:46.0281 1244 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
04:26:46.0311 1244 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
04:26:46.0314 1244 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
04:26:46.0347 1244 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
04:26:46.0350 1244 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
04:26:46.0352 1244 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
04:26:46.0396 1244 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
04:26:46.0424 1244 \Device\Harddisk0\DR0 - ok
04:26:49.0704 1244 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
04:26:49.0704 1244 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
04:26:49.0705 1244 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
04:26:58.0972 1212 Deinitialize success

Edited by Bobcat Bob, 17 July 2012 - 03:39 AM.

  • 0

#7
Bobcat Bob

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 04:35:49
-----------------------------
04:35:49.306 OS Version: Windows x64 6.1.7601 Service Pack 1
04:35:49.306 Number of processors: 2 586 0x170A
04:35:49.306 ComputerName: BOOKWORM-PC UserName: Book Worm
04:35:50.211 Initialize success
04:36:05.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:36:05.967 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
04:36:05.982 Disk 0 MBR read successfully
04:36:05.982 Disk 0 MBR scan
04:36:05.982 Disk 0 Windows 7 default MBR code
04:36:05.998 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
04:36:06.029 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 293219 MB offset 3074048
04:36:06.060 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10525 MB offset 603586560
04:36:06.107 Disk 0 scanning C:\Windows\system32\drivers
04:36:12.175 Service scanning
04:36:34.655 Modules scanning
04:36:34.655 Disk 0 trace - called modules:
04:36:34.671 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys
04:36:34.686 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a6060]
04:36:35.186 3 CLASSPNP.SYS[fffff880019bb43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004bd11b0]
04:36:35.186 Scan finished successfully
04:39:27.580 Disk 0 MBR has been saved successfully to "C:\Users\Book Worm\Documents\MBR.dat"
04:39:27.580 The log file has been saved successfully to "C:\Users\Book Worm\Documents\aswMBR.txt"
04:40:27.259 Disk 0 MBR has been saved successfully to "C:\Users\Book Worm\Desktop\MBR.dat"
04:40:27.259 The log file has been saved successfully to "C:\Users\Book Worm\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.dat   512bytes   170 downloads

  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good job! We still have work to do.

Step 1

Please run TDSSKiller one more time. For this line

\Device\Harddisk0\DR0 ( TDSS File System )

Select Delete option and remove it. Post log as you did last time.

Step 2

Now try to run Combofix again. If all goes fine post log here for me.

Step 3


Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#9
Bobcat Bob

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
04:48:45.0389 2352 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
04:48:45.0716 2352 ============================================================
04:48:45.0716 2352 Current date / time: 2012/07/17 04:48:45.0716
04:48:45.0716 2352 SystemInfo:
04:48:45.0716 2352
04:48:45.0716 2352 OS Version: 6.1.7601 ServicePack: 1.0
04:48:45.0716 2352 Product type: Workstation
04:48:45.0716 2352 ComputerName: BOOKWORM-PC
04:48:45.0716 2352 UserName: Book Worm
04:48:45.0716 2352 Windows directory: C:\Windows
04:48:45.0716 2352 System windows directory: C:\Windows
04:48:45.0716 2352 Running under WOW64
04:48:45.0716 2352 Processor architecture: Intel x64
04:48:45.0716 2352 Number of processors: 2
04:48:45.0716 2352 Page size: 0x1000
04:48:45.0716 2352 Boot type: Normal boot
04:48:45.0716 2352 ============================================================
04:48:46.0247 2352 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:48:46.0262 2352 ============================================================
04:48:46.0262 2352 \Device\Harddisk0\DR0:
04:48:46.0262 2352 MBR partitions:
04:48:46.0262 2352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23CB1800
04:48:46.0262 2352 ============================================================
04:48:46.0278 2352 C: <-> \Device\Harddisk0\DR0\Partition0
04:48:46.0278 2352 ============================================================
04:48:46.0278 2352 Initialize success
04:48:46.0278 2352 ============================================================
04:49:04.0717 2120 ============================================================
04:49:04.0717 2120 Scan started
04:49:04.0717 2120 Mode: Manual; SigCheck; TDLFS;
04:49:04.0717 2120 ============================================================
04:49:05.0154 2120 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:49:05.0279 2120 1394ohci - ok
04:49:05.0341 2120 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:49:05.0372 2120 ACPI - ok
04:49:05.0419 2120 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:49:05.0513 2120 AcpiPmi - ok
04:49:05.0684 2120 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:49:05.0762 2120 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
04:49:05.0762 2120 AdobeFlashPlayerUpdateSvc - detected UnsignedFile.Multi.Generic (1)
04:49:05.0840 2120 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
04:49:05.0856 2120 adp94xx - ok
04:49:05.0918 2120 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
04:49:05.0934 2120 adpahci - ok
04:49:05.0965 2120 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
04:49:05.0965 2120 adpu320 - ok
04:49:06.0012 2120 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:49:06.0121 2120 AeLookupSvc - ok
04:49:06.0199 2120 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
04:49:06.0246 2120 AFD - ok
04:49:06.0371 2120 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
04:49:06.0464 2120 AgereSoftModem - ok
04:49:06.0527 2120 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:49:06.0527 2120 agp440 - ok
04:49:06.0589 2120 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:49:06.0667 2120 ALG - ok
04:49:06.0730 2120 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:49:06.0745 2120 aliide - ok
04:49:06.0745 2120 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:49:06.0761 2120 amdide - ok
04:49:06.0776 2120 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
04:49:06.0823 2120 AmdK8 - ok
04:49:06.0854 2120 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
04:49:06.0886 2120 AmdPPM - ok
04:49:06.0948 2120 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:49:06.0964 2120 amdsata - ok
04:49:06.0979 2120 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
04:49:06.0995 2120 amdsbs - ok
04:49:06.0995 2120 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:49:07.0010 2120 amdxata - ok
04:49:07.0088 2120 ApfiltrService (7eaf337dfa1d6766b585c0559d55e27f) C:\Windows\system32\DRIVERS\Apfiltr.sys
04:49:07.0354 2120 ApfiltrService ( UnsignedFile.Multi.Generic ) - warning
04:49:07.0354 2120 ApfiltrService - detected UnsignedFile.Multi.Generic (1)
04:49:07.0447 2120 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:49:07.0603 2120 AppID - ok
04:49:07.0666 2120 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:49:07.0712 2120 AppIDSvc - ok
04:49:07.0775 2120 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
04:49:07.0837 2120 Appinfo - ok
04:49:07.0962 2120 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:49:08.0009 2120 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
04:49:08.0009 2120 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
04:49:08.0087 2120 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
04:49:08.0087 2120 arc - ok
04:49:08.0118 2120 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
04:49:08.0134 2120 arcsas - ok
04:49:08.0180 2120 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:49:08.0258 2120 AsyncMac - ok
04:49:08.0305 2120 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:49:08.0321 2120 atapi - ok
04:49:08.0414 2120 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:49:08.0492 2120 AudioEndpointBuilder - ok
04:49:08.0508 2120 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:49:08.0555 2120 AudioSrv - ok
04:49:08.0586 2120 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
04:49:08.0695 2120 AxInstSV - ok
04:49:08.0773 2120 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
04:49:08.0804 2120 b06bdrv - ok
04:49:08.0851 2120 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:49:08.0914 2120 b57nd60a - ok
04:49:08.0960 2120 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:49:09.0007 2120 BDESVC - ok
04:49:09.0054 2120 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:49:09.0101 2120 Beep - ok
04:49:09.0179 2120 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
04:49:09.0241 2120 BFE - ok
04:49:09.0304 2120 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
04:49:09.0413 2120 BITS - ok
04:49:09.0475 2120 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:49:09.0522 2120 blbdrive - ok
04:49:09.0616 2120 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
04:49:09.0662 2120 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
04:49:09.0662 2120 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
04:49:09.0709 2120 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:49:09.0740 2120 bowser - ok
04:49:09.0803 2120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
04:49:09.0834 2120 BrFiltLo - ok
04:49:09.0850 2120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
04:49:09.0896 2120 BrFiltUp - ok
04:49:09.0943 2120 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:49:10.0006 2120 BridgeMP - ok
04:49:10.0068 2120 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
04:49:10.0130 2120 Browser - ok
04:49:10.0177 2120 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:49:10.0208 2120 Brserid - ok
04:49:10.0240 2120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:49:10.0271 2120 BrSerWdm - ok
04:49:10.0302 2120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:49:10.0333 2120 BrUsbMdm - ok
04:49:10.0364 2120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:49:10.0396 2120 BrUsbSer - ok
04:49:10.0442 2120 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
04:49:10.0489 2120 BTHMODEM - ok
04:49:10.0552 2120 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:49:10.0583 2120 bthserv - ok
04:49:10.0692 2120 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
04:49:10.0723 2120 camsvc ( UnsignedFile.Multi.Generic ) - warning
04:49:10.0723 2120 camsvc - detected UnsignedFile.Multi.Generic (1)
04:49:10.0895 2120 catchme - ok
04:49:10.0957 2120 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:49:11.0020 2120 cdfs - ok
04:49:11.0066 2120 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
04:49:11.0098 2120 cdrom - ok
04:49:11.0160 2120 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:49:11.0222 2120 CertPropSvc - ok
04:49:11.0254 2120 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
04:49:11.0269 2120 circlass - ok
04:49:11.0332 2120 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:49:11.0347 2120 CLFS - ok
04:49:11.0425 2120 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:49:11.0612 2120 clr_optimization_v2.0.50727_32 - ok
04:49:11.0659 2120 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:49:11.0815 2120 clr_optimization_v2.0.50727_64 - ok
04:49:11.0893 2120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:49:12.0112 2120 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - warning
04:49:12.0112 2120 clr_optimization_v4.0.30319_32 - detected UnsignedFile.Multi.Generic (1)
04:49:12.0143 2120 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:49:12.0283 2120 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - warning
04:49:12.0283 2120 clr_optimization_v4.0.30319_64 - detected UnsignedFile.Multi.Generic (1)
04:49:12.0330 2120 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:49:12.0361 2120 CmBatt - ok
04:49:12.0377 2120 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:49:12.0392 2120 cmdide - ok
04:49:12.0470 2120 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:49:12.0502 2120 CNG - ok
04:49:12.0580 2120 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:49:12.0595 2120 Compbatt - ok
04:49:12.0658 2120 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
04:49:12.0704 2120 CompositeBus - ok
04:49:12.0720 2120 COMSysApp - ok
04:49:12.0814 2120 ConfigFree Gadget Service (bcf2c3177e4777e3793310bac0244c1a) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
04:49:12.0829 2120 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - warning
04:49:12.0829 2120 ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic (1)
04:49:12.0860 2120 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
04:49:12.0876 2120 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
04:49:12.0876 2120 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
04:49:12.0938 2120 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
04:49:12.0954 2120 crcdisk - ok
04:49:13.0032 2120 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
04:49:13.0079 2120 CryptSvc - ok
04:49:13.0157 2120 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:49:13.0219 2120 DcomLaunch - ok
04:49:13.0282 2120 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:49:13.0344 2120 defragsvc - ok
04:49:13.0375 2120 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:49:13.0406 2120 DfsC - ok
04:49:13.0469 2120 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
04:49:13.0531 2120 Dhcp - ok
04:49:13.0562 2120 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:49:13.0609 2120 discache - ok
04:49:13.0672 2120 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
04:49:13.0687 2120 Disk - ok
04:49:13.0734 2120 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
04:49:13.0812 2120 Dnscache - ok
04:49:13.0843 2120 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
04:49:13.0906 2120 dot3svc - ok
04:49:13.0921 2120 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
04:49:13.0984 2120 DPS - ok
04:49:14.0046 2120 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:49:14.0077 2120 drmkaud - ok
04:49:14.0140 2120 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:49:14.0171 2120 DXGKrnl - ok
04:49:14.0202 2120 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:49:14.0264 2120 EapHost - ok
04:49:14.0420 2120 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
04:49:14.0483 2120 ebdrv - ok
04:49:14.0576 2120 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
04:49:14.0592 2120 EFS - ok
04:49:14.0686 2120 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
04:49:14.0732 2120 ehRecvr - ok
04:49:14.0748 2120 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:49:14.0779 2120 ehSched - ok
04:49:14.0888 2120 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
04:49:14.0904 2120 elxstor - ok
04:49:14.0920 2120 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:49:14.0951 2120 ErrDev - ok
04:49:14.0998 2120 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:49:15.0060 2120 EventSystem - ok
04:49:15.0122 2120 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:49:15.0185 2120 exfat - ok
04:49:15.0216 2120 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:49:15.0278 2120 fastfat - ok
04:49:15.0356 2120 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
04:49:15.0419 2120 Fax - ok
04:49:15.0481 2120 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
04:49:15.0512 2120 fdc - ok
04:49:15.0544 2120 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:49:15.0606 2120 fdPHost - ok
04:49:15.0637 2120 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:49:15.0684 2120 FDResPub - ok
04:49:15.0731 2120 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:49:15.0746 2120 FileInfo - ok
04:49:15.0762 2120 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:49:15.0824 2120 Filetrace - ok
04:49:15.0871 2120 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
04:49:15.0902 2120 flpydisk - ok
04:49:15.0934 2120 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:49:15.0949 2120 FltMgr - ok
04:49:16.0027 2120 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
04:49:16.0105 2120 FontCache - ok
04:49:16.0168 2120 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:49:16.0324 2120 FontCache3.0.0.0 - ok
04:49:16.0370 2120 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:49:16.0370 2120 FsDepends - ok
04:49:16.0386 2120 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:49:16.0402 2120 Fs_Rec - ok
04:49:16.0448 2120 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:49:16.0464 2120 fvevol - ok
04:49:16.0511 2120 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
04:49:16.0526 2120 gagp30kx - ok
04:49:16.0620 2120 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
04:49:16.0729 2120 GameConsoleService ( UnsignedFile.Multi.Generic ) - warning
04:49:16.0729 2120 GameConsoleService - detected UnsignedFile.Multi.Generic (1)
04:49:16.0760 2120 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:49:16.0932 2120 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - warning
04:49:16.0932 2120 GEARAspiWDM - detected UnsignedFile.Multi.Generic (1)
04:49:17.0057 2120 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
04:49:17.0119 2120 gpsvc - ok
04:49:17.0197 2120 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:49:17.0228 2120 gupdate ( UnsignedFile.Multi.Generic ) - warning
04:49:17.0228 2120 gupdate - detected UnsignedFile.Multi.Generic (1)
04:49:17.0244 2120 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:49:17.0260 2120 gupdatem ( UnsignedFile.Multi.Generic ) - warning
04:49:17.0260 2120 gupdatem - detected UnsignedFile.Multi.Generic (1)
04:49:17.0306 2120 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:49:17.0338 2120 gusvc ( UnsignedFile.Multi.Generic ) - warning
04:49:17.0338 2120 gusvc - detected UnsignedFile.Multi.Generic (1)
04:49:17.0384 2120 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:49:17.0431 2120 hcw85cir - ok
04:49:17.0478 2120 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:49:17.0509 2120 HDAudBus - ok
04:49:17.0540 2120 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
04:49:17.0572 2120 HidBatt - ok
04:49:17.0603 2120 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
04:49:17.0634 2120 HidBth - ok
04:49:17.0696 2120 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
04:49:17.0728 2120 HidIr - ok
04:49:17.0759 2120 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:49:17.0806 2120 hidserv - ok
04:49:17.0868 2120 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:49:17.0884 2120 HidUsb - ok
04:49:17.0899 2120 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
04:49:17.0993 2120 hkmsvc - ok
04:49:18.0008 2120 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
04:49:18.0086 2120 HomeGroupListener - ok
04:49:18.0133 2120 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
04:49:18.0164 2120 HomeGroupProvider - ok
04:49:18.0211 2120 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:49:18.0211 2120 HpSAMD - ok
04:49:18.0320 2120 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:49:18.0367 2120 HTTP - ok
04:49:18.0398 2120 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:49:18.0398 2120 hwpolicy - ok
04:49:18.0476 2120 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
04:49:18.0476 2120 i8042prt - ok
04:49:18.0539 2120 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\drivers\iaStor.sys
04:49:18.0710 2120 iaStor ( UnsignedFile.Multi.Generic ) - warning
04:49:18.0710 2120 iaStor - detected UnsignedFile.Multi.Generic (1)
04:49:18.0788 2120 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:49:18.0804 2120 iaStorV - ok
04:49:18.0898 2120 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
04:49:18.0929 2120 IDriverT ( UnsignedFile.Multi.Generic ) - warning
04:49:18.0929 2120 IDriverT - detected UnsignedFile.Multi.Generic (1)
04:49:19.0038 2120 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:49:19.0194 2120 idsvc - ok
04:49:19.0537 2120 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
04:49:19.0740 2120 igfx - ok
04:49:19.0896 2120 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
04:49:19.0896 2120 iirsp - ok
04:49:19.0990 2120 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
04:49:20.0052 2120 IKEEXT - ok
04:49:20.0192 2120 IntcAzAudAddService (b6e61b181884527cc5b68c2d79504b43) C:\Windows\system32\drivers\RTKVHD64.sys
04:49:20.0442 2120 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
04:49:20.0442 2120 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
04:49:20.0614 2120 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:49:20.0629 2120 intelide - ok
04:49:20.0676 2120 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:49:20.0707 2120 intelppm - ok
04:49:20.0770 2120 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:49:20.0816 2120 IPBusEnum - ok
04:49:20.0832 2120 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:49:20.0863 2120 IpFilterDriver - ok
04:49:20.0941 2120 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
04:49:21.0004 2120 iphlpsvc - ok
04:49:21.0019 2120 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:49:21.0050 2120 IPMIDRV - ok
04:49:21.0097 2120 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:49:21.0160 2120 IPNAT - ok
04:49:21.0269 2120 iPod Service (f0eac938ecc1b2764d04ce16f8627e56) C:\Program Files\iPod\bin\iPodService.exe
04:49:21.0316 2120 iPod Service ( UnsignedFile.Multi.Generic ) - warning
04:49:21.0316 2120 iPod Service - detected UnsignedFile.Multi.Generic (1)
04:49:21.0362 2120 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:49:21.0409 2120 IRENUM - ok
04:49:21.0456 2120 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:49:21.0456 2120 isapnp - ok
04:49:21.0487 2120 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:49:21.0503 2120 iScsiPrt - ok
04:49:21.0503 2120 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
04:49:21.0518 2120 kbdclass - ok
04:49:21.0565 2120 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:49:21.0581 2120 kbdhid - ok
04:49:21.0596 2120 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:49:21.0612 2120 KeyIso - ok
04:49:21.0628 2120 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:49:21.0628 2120 KSecDD - ok
04:49:21.0659 2120 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:49:21.0674 2120 KSecPkg - ok
04:49:21.0706 2120 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:49:21.0768 2120 ksthunk - ok
04:49:21.0846 2120 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:49:21.0877 2120 KtmRm - ok
04:49:21.0955 2120 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
04:49:22.0002 2120 LanmanServer - ok
04:49:22.0064 2120 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
04:49:22.0096 2120 LanmanWorkstation - ok
04:49:22.0189 2120 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
04:49:22.0205 2120 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
04:49:22.0205 2120 LightScribeService - detected UnsignedFile.Multi.Generic (1)
04:49:22.0267 2120 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:49:22.0330 2120 lltdio - ok
04:49:22.0392 2120 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:49:22.0454 2120 lltdsvc - ok
04:49:22.0501 2120 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:49:22.0564 2120 lmhosts - ok
04:49:22.0610 2120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
04:49:22.0626 2120 LSI_FC - ok
04:49:22.0642 2120 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
04:49:22.0657 2120 LSI_SAS - ok
04:49:22.0673 2120 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
04:49:22.0688 2120 LSI_SAS2 - ok
04:49:22.0704 2120 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
04:49:22.0720 2120 LSI_SCSI - ok
04:49:22.0735 2120 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:49:22.0782 2120 luafv - ok
04:49:22.0829 2120 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
04:49:22.0844 2120 Mcx2Svc - ok
04:49:22.0844 2120 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
04:49:22.0860 2120 megasas - ok
04:49:22.0922 2120 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
04:49:22.0938 2120 MegaSR - ok
04:49:22.0969 2120 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:49:23.0000 2120 MMCSS - ok
04:49:23.0047 2120 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:49:23.0110 2120 Modem - ok
04:49:23.0156 2120 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:49:23.0172 2120 monitor - ok
04:49:23.0219 2120 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:49:23.0234 2120 mouclass - ok
04:49:23.0281 2120 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:49:23.0312 2120 mouhid - ok
04:49:23.0390 2120 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:49:23.0406 2120 mountmgr - ok
04:49:23.0453 2120 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
04:49:23.0468 2120 MpFilter - ok
04:49:23.0484 2120 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:49:23.0500 2120 mpio - ok
04:49:23.0609 2120 MpKsle154af47 - ok
04:49:23.0640 2120 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
04:49:23.0936 2120 MpNWMon ( UnsignedFile.Multi.Generic ) - warning
04:49:23.0936 2120 MpNWMon - detected UnsignedFile.Multi.Generic (1)
04:49:24.0030 2120 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:49:24.0092 2120 mpsdrv - ok
04:49:24.0124 2120 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:49:24.0155 2120 MRxDAV - ok
04:49:24.0202 2120 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:49:24.0217 2120 mrxsmb - ok
04:49:24.0248 2120 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:49:24.0280 2120 mrxsmb10 - ok
04:49:24.0311 2120 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:49:24.0342 2120 mrxsmb20 - ok
04:49:24.0373 2120 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:49:24.0373 2120 msahci - ok
04:49:24.0389 2120 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:49:24.0404 2120 msdsm - ok
04:49:24.0436 2120 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:49:24.0467 2120 MSDTC - ok
04:49:24.0529 2120 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:49:24.0592 2120 Msfs - ok
04:49:24.0623 2120 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:49:24.0670 2120 mshidkmdf - ok
04:49:24.0701 2120 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:49:24.0701 2120 msisadrv - ok
04:49:24.0779 2120 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:49:24.0841 2120 MSiSCSI - ok
04:49:24.0841 2120 msiserver - ok
04:49:24.0888 2120 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:49:24.0935 2120 MSKSSRV - ok
04:49:24.0966 2120 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:49:25.0013 2120 MSPCLOCK - ok
04:49:25.0044 2120 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:49:25.0106 2120 MSPQM - ok
04:49:25.0138 2120 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:49:25.0153 2120 MsRPC - ok
04:49:25.0184 2120 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
04:49:25.0184 2120 mssmbios - ok
04:49:25.0231 2120 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:49:25.0262 2120 MSTEE - ok
04:49:25.0278 2120 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
04:49:25.0309 2120 MTConfig - ok
04:49:25.0340 2120 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:49:25.0356 2120 Mup - ok
04:49:25.0403 2120 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
04:49:25.0450 2120 napagent - ok
04:49:25.0528 2120 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:49:25.0559 2120 NativeWifiP - ok
04:49:25.0621 2120 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:49:25.0652 2120 NDIS - ok
04:49:25.0715 2120 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:49:25.0762 2120 NdisCap - ok
04:49:25.0808 2120 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:49:25.0871 2120 NdisTapi - ok
04:49:25.0933 2120 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:49:25.0980 2120 Ndisuio - ok
04:49:26.0011 2120 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:49:26.0074 2120 NdisWan - ok
04:49:26.0105 2120 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:49:26.0167 2120 NDProxy - ok
04:49:26.0198 2120 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:49:26.0261 2120 NetBIOS - ok
04:49:26.0308 2120 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:49:26.0370 2120 NetBT - ok
04:49:26.0401 2120 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:49:26.0417 2120 Netlogon - ok
04:49:26.0495 2120 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:49:26.0557 2120 Netman - ok
04:49:26.0604 2120 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:49:26.0651 2120 netprofm - ok
04:49:26.0729 2120 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:49:26.0900 2120 NetTcpPortSharing - ok
04:49:26.0963 2120 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
04:49:26.0963 2120 nfrd960 - ok
04:49:26.0994 2120 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:49:27.0259 2120 NisDrv ( UnsignedFile.Multi.Generic ) - warning
04:49:27.0259 2120 NisDrv - detected UnsignedFile.Multi.Generic (1)
04:49:27.0353 2120 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
04:49:27.0368 2120 NisSrv - ok
04:49:27.0446 2120 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
04:49:27.0478 2120 NlaSvc - ok
04:49:27.0493 2120 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:49:27.0540 2120 Npfs - ok
04:49:27.0556 2120 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:49:27.0618 2120 nsi - ok
04:49:27.0665 2120 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:49:27.0727 2120 nsiproxy - ok
04:49:27.0821 2120 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:49:27.0868 2120 Ntfs - ok
04:49:27.0992 2120 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:49:28.0055 2120 Null - ok
04:49:28.0117 2120 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:49:28.0133 2120 nvraid - ok
04:49:28.0148 2120 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:49:28.0164 2120 nvstor - ok
04:49:28.0180 2120 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:49:28.0180 2120 nv_agp - ok
04:49:28.0336 2120 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:49:28.0476 2120 odserv ( UnsignedFile.Multi.Generic ) - warning
04:49:28.0476 2120 odserv - detected UnsignedFile.Multi.Generic (1)
04:49:28.0507 2120 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:49:28.0507 2120 ohci1394 - ok
04:49:28.0538 2120 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:49:28.0632 2120 ose ( UnsignedFile.Multi.Generic ) - warning
04:49:28.0632 2120 ose - detected UnsignedFile.Multi.Generic (1)
04:49:28.0694 2120 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:49:28.0741 2120 p2pimsvc - ok
04:49:28.0772 2120 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:49:28.0819 2120 p2psvc - ok
04:49:28.0850 2120 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
04:49:28.0866 2120 Parport - ok
04:49:28.0882 2120 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:49:28.0897 2120 partmgr - ok
04:49:28.0928 2120 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:49:28.0960 2120 PcaSvc - ok
04:49:28.0991 2120 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:49:29.0006 2120 pci - ok
04:49:29.0022 2120 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:49:29.0038 2120 pciide - ok
04:49:29.0084 2120 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
04:49:29.0100 2120 pcmcia - ok
04:49:29.0100 2120 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:49:29.0116 2120 pcw - ok
04:49:29.0162 2120 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:49:29.0209 2120 PEAUTH - ok
04:49:29.0272 2120 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:49:29.0303 2120 PerfHost - ok
04:49:29.0350 2120 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
04:49:29.0521 2120 PGEffect ( UnsignedFile.Multi.Generic ) - warning
04:49:29.0521 2120 PGEffect - detected UnsignedFile.Multi.Generic (1)
04:49:29.0693 2120 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
04:49:29.0740 2120 pla - ok
04:49:29.0818 2120 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
04:49:29.0880 2120 PlugPlay - ok
04:49:29.0927 2120 PMCF (b7a792764e896e8621901550908d6ad8) C:\Windows\system32\drivers\PMCF.sys
04:49:29.0958 2120 PMCF ( UnsignedFile.Multi.Generic ) - warning
04:49:29.0958 2120 PMCF - detected UnsignedFile.Multi.Generic (1)
04:49:29.0989 2120 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:49:30.0020 2120 PNRPAutoReg - ok
04:49:30.0052 2120 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:49:30.0067 2120 PNRPsvc - ok
04:49:30.0130 2120 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
04:49:30.0208 2120 PolicyAgent - ok
04:49:30.0254 2120 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:49:30.0317 2120 Power - ok
04:49:30.0364 2120 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:49:30.0410 2120 PptpMiniport - ok
04:49:30.0426 2120 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
04:49:30.0457 2120 Processor - ok
04:49:30.0488 2120 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
04:49:30.0551 2120 ProfSvc - ok
04:49:30.0582 2120 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:49:30.0598 2120 ProtectedStorage - ok
04:49:30.0660 2120 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:49:30.0691 2120 Psched - ok
04:49:30.0769 2120 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
04:49:30.0800 2120 ql2300 - ok
04:49:30.0941 2120 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
04:49:30.0956 2120 ql40xx - ok
04:49:31.0003 2120 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:49:31.0019 2120 QWAVE - ok
04:49:31.0034 2120 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:49:31.0066 2120 QWAVEdrv - ok
04:49:31.0081 2120 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:49:31.0144 2120 RasAcd - ok
04:49:31.0206 2120 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:49:31.0253 2120 RasAgileVpn - ok
04:49:31.0300 2120 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:49:31.0331 2120 RasAuto - ok
04:49:31.0378 2120 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:49:31.0440 2120 Rasl2tp - ok
04:49:31.0471 2120 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
04:49:31.0534 2120 RasMan - ok
04:49:31.0565 2120 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:49:31.0627 2120 RasPppoe - ok
04:49:31.0658 2120 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:49:31.0721 2120 RasSstp - ok
04:49:31.0752 2120 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:49:31.0799 2120 rdbss - ok
04:49:31.0814 2120 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
04:49:31.0846 2120 rdpbus - ok
04:49:31.0877 2120 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:49:31.0939 2120 RDPCDD - ok
04:49:31.0970 2120 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:49:32.0033 2120 RDPENCDD - ok
04:49:32.0048 2120 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:49:32.0080 2120 RDPREFMP - ok
04:49:32.0126 2120 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
04:49:32.0173 2120 RDPWD - ok
04:49:32.0220 2120 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:49:32.0236 2120 rdyboost - ok
04:49:32.0298 2120 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
04:49:32.0360 2120 RemoteAccess - ok
04:49:32.0392 2120 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:49:32.0423 2120 RemoteRegistry - ok
04:49:32.0454 2120 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
04:49:32.0610 2120 rimspci ( UnsignedFile.Multi.Generic ) - warning
04:49:32.0610 2120 rimspci - detected UnsignedFile.Multi.Generic (1)
04:49:32.0657 2120 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
04:49:32.0782 2120 rixdpcie ( UnsignedFile.Multi.Generic ) - warning
04:49:32.0782 2120 rixdpcie - detected UnsignedFile.Multi.Generic (1)
04:49:32.0797 2120 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:49:32.0844 2120 RpcEptMapper - ok
04:49:32.0875 2120 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:49:32.0891 2120 RpcLocator - ok
04:49:32.0922 2120 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
04:49:32.0953 2120 RpcSs - ok
04:49:33.0031 2120 RSELSVC - ok
04:49:33.0109 2120 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:49:33.0156 2120 rspndr - ok
04:49:33.0234 2120 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
04:49:33.0421 2120 RTL8169 ( UnsignedFile.Multi.Generic ) - warning
04:49:33.0421 2120 RTL8169 - detected UnsignedFile.Multi.Generic (1)
04:49:33.0562 2120 rtl819xpn64 (44062ea1bdb558d28c1a5f36c24a1db8) C:\Windows\system32\DRIVERS\rtl819xp.sys
04:49:33.0749 2120 rtl819xpn64 ( UnsignedFile.Multi.Generic ) - warning
04:49:33.0749 2120 rtl819xpn64 - detected UnsignedFile.Multi.Generic (1)
04:49:33.0811 2120 RtlProt (d1664991a07acf2703d4a4e5be4b6c80) C:\Windows\system32\DRIVERS\rtlprot.sys
04:49:33.0983 2120 RtlProt ( UnsignedFile.Multi.Generic ) - warning
04:49:33.0983 2120 RtlProt - detected UnsignedFile.Multi.Generic (1)
04:49:33.0998 2120 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:49:34.0014 2120 SamSs - ok
04:49:34.0030 2120 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:49:34.0030 2120 sbp2port - ok
04:49:34.0076 2120 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:49:34.0123 2120 SCardSvr - ok
04:49:34.0170 2120 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:49:34.0201 2120 scfilter - ok
04:49:34.0279 2120 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
04:49:34.0342 2120 Schedule - ok
04:49:34.0373 2120 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:49:34.0404 2120 SCPolicySvc - ok
04:49:34.0466 2120 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
04:49:34.0498 2120 sdbus - ok
04:49:34.0529 2120 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
04:49:34.0560 2120 SDRSVC - ok
04:49:34.0654 2120 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
04:49:34.0669 2120 SeaPort - ok
04:49:34.0732 2120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:49:34.0763 2120 secdrv - ok
04:49:34.0810 2120 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
04:49:34.0841 2120 seclogon - ok
04:49:34.0856 2120 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:49:34.0903 2120 SENS - ok
04:49:34.0919 2120 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:49:34.0950 2120 SensrSvc - ok
04:49:35.0012 2120 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
04:49:35.0012 2120 Serenum - ok
04:49:35.0075 2120 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
04:49:35.0106 2120 Serial - ok
04:49:35.0122 2120 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
04:49:35.0137 2120 sermouse - ok
04:49:35.0184 2120 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
04:49:35.0215 2120 SessionEnv - ok
04:49:35.0231 2120 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:49:35.0278 2120 sffdisk - ok
04:49:35.0309 2120 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:49:35.0324 2120 sffp_mmc - ok
04:49:35.0340 2120 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:49:35.0356 2120 sffp_sd - ok
04:49:35.0387 2120 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
04:49:35.0402 2120 sfloppy - ok
04:49:35.0480 2120 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:49:35.0543 2120 SharedAccess - ok
04:49:35.0590 2120 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
04:49:35.0636 2120 ShellHWDetection - ok
04:49:35.0699 2120 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
04:49:35.0714 2120 SiSRaid2 - ok
04:49:35.0730 2120 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
04:49:35.0730 2120 SiSRaid4 - ok
04:49:35.0792 2120 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:49:35.0839 2120 Smb - ok
04:49:35.0917 2120 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:49:35.0933 2120 SNMPTRAP - ok
04:49:35.0964 2120 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:49:35.0980 2120 spldr - ok
04:49:36.0011 2120 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
04:49:36.0058 2120 Spooler - ok
04:49:36.0198 2120 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
04:49:36.0292 2120 sppsvc - ok
04:49:36.0416 2120 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:49:36.0479 2120 sppuinotify - ok
04:49:36.0526 2120 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:49:36.0588 2120 srv - ok
04:49:36.0635 2120 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:49:36.0666 2120 srv2 - ok
04:49:36.0682 2120 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:49:36.0713 2120 srvnet - ok
04:49:36.0791 2120 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:49:36.0853 2120 SSDPSRV - ok
04:49:36.0884 2120 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:49:36.0931 2120 SstpSvc - ok
04:49:36.0978 2120 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
04:49:36.0978 2120 stexstor - ok
04:49:37.0056 2120 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
04:49:37.0118 2120 stisvc - ok
04:49:37.0134 2120 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
04:49:37.0150 2120 swenum - ok
04:49:37.0196 2120 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:49:37.0243 2120 swprv - ok
04:49:37.0274 2120 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
04:49:37.0430 2120 SymIM ( UnsignedFile.Multi.Generic ) - warning
04:49:37.0430 2120 SymIM - detected UnsignedFile.Multi.Generic (1)
04:49:37.0586 2120 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
04:49:37.0649 2120 SysMain - ok
04:49:37.0774 2120 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
04:49:37.0789 2120 TabletInputService - ok
04:49:37.0820 2120 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
04:49:37.0867 2120 TapiSrv - ok
04:49:37.0883 2120 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:49:37.0914 2120 TBS - ok
04:49:38.0054 2120 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:49:38.0101 2120 Tcpip - ok
04:49:38.0335 2120 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:49:38.0366 2120 TCPIP6 - ok
04:49:38.0507 2120 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:49:38.0554 2120 tcpipreg - ok
04:49:38.0616 2120 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
04:49:38.0788 2120 tdcmdpst ( UnsignedFile.Multi.Generic ) - warning
04:49:38.0788 2120 tdcmdpst - detected UnsignedFile.Multi.Generic (1)
04:49:38.0803 2120 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:49:38.0819 2120 TDPIPE - ok
04:49:38.0819 2120 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
04:49:38.0834 2120 TDTCP - ok
04:49:38.0850 2120 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:49:38.0897 2120 tdx - ok
04:49:38.0944 2120 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
04:49:38.0959 2120 TermDD - ok
04:49:39.0022 2120 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
04:49:39.0084 2120 TermService - ok
04:49:39.0115 2120 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:49:39.0146 2120 Themes - ok
04:49:39.0178 2120 Thpdrv (e29a0c5c97615bffab138abe308733b4) C:\Windows\system32\DRIVERS\thpdrv.sys
04:49:39.0334 2120 Thpdrv ( UnsignedFile.Multi.Generic ) - warning
04:49:39.0334 2120 Thpdrv - detected UnsignedFile.Multi.Generic (1)
04:49:39.0443 2120 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
04:49:39.0630 2120 Thpevm ( UnsignedFile.Multi.Generic ) - warning
04:49:39.0630 2120 Thpevm - detected UnsignedFile.Multi.Generic (1)
04:49:39.0739 2120 Thpsrv (8f0d1a0c9c25cc61e193c0c22422a9ea) C:\Windows\system32\ThpSrv.exe
04:49:39.0770 2120 Thpsrv ( UnsignedFile.Multi.Generic ) - warning
04:49:39.0770 2120 Thpsrv - detected UnsignedFile.Multi.Generic (1)
04:49:39.0802 2120 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:49:39.0833 2120 THREADORDER - ok
04:49:39.0942 2120 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
04:49:39.0958 2120 TNaviSrv ( UnsignedFile.Multi.Generic ) - warning
04:49:39.0958 2120 TNaviSrv - detected UnsignedFile.Multi.Generic (1)
04:49:40.0020 2120 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
04:49:40.0020 2120 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
04:49:40.0020 2120 TODDSrv - detected UnsignedFile.Multi.Generic (1)
04:49:40.0129 2120 TosCoSrv (7810e3a97e004cd2641fd3fc5d2a62cd) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
04:49:40.0160 2120 TosCoSrv ( UnsignedFile.Multi.Generic ) - warning
04:49:40.0160 2120 TosCoSrv - detected UnsignedFile.Multi.Generic (1)
04:49:40.0207 2120 TOSHIBA eco Utility Service (97735d78da5737ea8428d551fa263eea) C:\Program Files\TOSHIBA\TECO\TecoService.exe
04:49:40.0223 2120 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - warning
04:49:40.0223 2120 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic (1)
04:49:40.0254 2120 TOSHIBA HDD SSD Alert Service (b67c69e2982769355d9ff76dd3b2a0fd) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
04:49:40.0301 2120 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - warning
04:49:40.0301 2120 TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic (1)
04:49:40.0332 2120 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:49:40.0379 2120 TrkWks - ok
04:49:40.0441 2120 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
04:49:40.0472 2120 TrustedInstaller - ok
04:49:40.0535 2120 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:49:40.0582 2120 tssecsrv - ok
04:49:40.0628 2120 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:49:40.0691 2120 TsUsbFlt - ok
04:49:40.0706 2120 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
04:49:40.0753 2120 TsUsbGD - ok
04:49:40.0800 2120 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:49:40.0831 2120 tunnel - ok
04:49:40.0894 2120 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
04:49:41.0018 2120 TVALZ ( UnsignedFile.Multi.Generic ) - warning
04:49:41.0018 2120 TVALZ - detected UnsignedFile.Multi.Generic (1)
04:49:41.0128 2120 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
04:49:41.0143 2120 uagp35 - ok
04:49:41.0174 2120 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:49:41.0221 2120 udfs - ok
04:49:41.0252 2120 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:49:41.0299 2120 UI0Detect - ok
04:49:41.0330 2120 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:49:41.0330 2120 uliagpkx - ok
04:49:41.0393 2120 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
04:49:41.0424 2120 umbus - ok
04:49:41.0471 2120 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
04:49:41.0486 2120 UmPass - ok
04:49:41.0518 2120 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:49:41.0564 2120 upnphost - ok
04:49:41.0596 2120 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:49:41.0627 2120 usbccgp - ok
04:49:41.0627 2120 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:49:41.0642 2120 usbcir - ok
04:49:41.0658 2120 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
04:49:41.0674 2120 usbehci - ok
04:49:41.0705 2120 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:49:41.0752 2120 usbhub - ok
04:49:41.0783 2120 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:49:41.0814 2120 usbohci - ok
04:49:41.0876 2120 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:49:41.0892 2120 usbprint - ok
04:49:41.0923 2120 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:49:41.0939 2120 usbscan - ok
04:49:41.0970 2120 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:49:42.0017 2120 USBSTOR - ok
04:49:42.0032 2120 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
04:49:42.0064 2120 usbuhci - ok
04:49:42.0126 2120 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
04:49:42.0142 2120 usbvideo - ok
04:49:42.0188 2120 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:49:42.0220 2120 UxSms - ok
04:49:42.0251 2120 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:49:42.0251 2120 VaultSvc - ok
04:49:42.0282 2120 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:49:42.0298 2120 vdrvroot - ok
04:49:42.0329 2120 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
04:49:42.0376 2120 vds - ok
04:49:42.0422 2120 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:49:42.0438 2120 vga - ok
04:49:42.0454 2120 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:49:42.0485 2120 VgaSave - ok
04:49:42.0516 2120 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:49:42.0532 2120 vhdmp - ok
04:49:42.0547 2120 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:49:42.0563 2120 viaide - ok
04:49:42.0578 2120 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:49:42.0594 2120 volmgr - ok
04:49:42.0625 2120 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:49:42.0641 2120 volmgrx - ok
04:49:42.0656 2120 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:49:42.0672 2120 volsnap - ok
04:49:42.0734 2120 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
04:49:42.0750 2120 vsmraid - ok
04:49:42.0844 2120 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
04:49:42.0906 2120 VSS - ok
04:49:43.0031 2120 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:49:43.0062 2120 vwifibus - ok
04:49:43.0140 2120 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:49:43.0187 2120 W32Time - ok
04:49:43.0202 2120 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
04:49:43.0218 2120 WacomPen - ok
04:49:43.0265 2120 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:49:43.0327 2120 WANARP - ok
04:49:43.0343 2120 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:49:43.0374 2120 Wanarpv6 - ok
04:49:43.0468 2120 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:49:43.0514 2120 WatAdminSvc - ok
04:49:43.0592 2120 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
04:49:43.0670 2120 wbengine - ok
04:49:43.0780 2120 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:49:43.0842 2120 WbioSrvc - ok
04:49:43.0873 2120 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
04:49:43.0904 2120 wcncsvc - ok
04:49:43.0920 2120 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:49:43.0951 2120 WcsPlugInService - ok
04:49:43.0998 2120 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
04:49:43.0998 2120 Wd - ok
04:49:44.0045 2120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:49:44.0060 2120 Wdf01000 - ok
04:49:44.0107 2120 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:49:44.0154 2120 WdiServiceHost - ok
04:49:44.0154 2120 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:49:44.0185 2120 WdiSystemHost - ok
04:49:44.0201 2120 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
04:49:44.0232 2120 WebClient - ok
04:49:44.0263 2120 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:49:44.0294 2120 Wecsvc - ok
04:49:44.0326 2120 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:49:44.0388 2120 wercplsupport - ok
04:49:44.0435 2120 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:49:44.0497 2120 WerSvc - ok
04:49:44.0591 2120 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:49:44.0622 2120 WfpLwf - ok
04:49:44.0653 2120 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:49:44.0653 2120 WIMMount - ok
04:49:44.0716 2120 WinDefend - ok
04:49:44.0731 2120 WinHttpAutoProxySvc - ok
04:49:44.0794 2120 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:49:44.0825 2120 Winmgmt - ok
04:49:44.0934 2120 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
04:49:45.0012 2120 WinRM - ok
04:49:45.0199 2120 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:49:45.0246 2120 Wlansvc - ok
04:49:45.0433 2120 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:49:45.0605 2120 wlidsvc ( UnsignedFile.Multi.Generic ) - warning
04:49:45.0605 2120 wlidsvc - detected UnsignedFile.Multi.Generic (1)
04:49:45.0730 2120 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:49:45.0761 2120 WmiAcpi - ok
04:49:45.0823 2120 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:49:45.0839 2120 wmiApSrv - ok
04:49:45.0901 2120 WMPNetworkSvc - ok
04:49:45.0932 2120 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:49:45.0964 2120 WPCSvc - ok
04:49:45.0979 2120 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
04:49:45.0995 2120 WPDBusEnum - ok
04:49:46.0026 2120 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:49:46.0088 2120 ws2ifsl - ok
04:49:46.0135 2120 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
04:49:46.0151 2120 wscsvc - ok
04:49:46.0151 2120 WSearch - ok
04:49:46.0276 2120 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
04:49:46.0369 2120 wuauserv - ok
04:49:46.0510 2120 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:49:46.0572 2120 WudfPf - ok
04:49:46.0634 2120 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:49:46.0666 2120 WUDFRd - ok
04:49:46.0712 2120 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
04:49:46.0744 2120 wudfsvc - ok
04:49:46.0775 2120 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:49:46.0790 2120 WwanSvc - ok
04:49:46.0900 2120 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
04:49:46.0946 2120 YahooAUService ( UnsignedFile.Multi.Generic ) - warning
04:49:46.0946 2120 YahooAUService - detected UnsignedFile.Multi.Generic (1)
04:49:46.0978 2120 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:49:47.0212 2120 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
04:49:47.0212 2120 \Device\Harddisk0\DR0 - detected TDSS File System (1)
04:49:47.0212 2120 Boot (0x1200) (d50544ec9348457d07cc71f3569c40b9) \Device\Harddisk0\DR0\Partition0
04:49:47.0212 2120 \Device\Harddisk0\DR0\Partition0 - ok
04:49:47.0212 2120 ============================================================
04:49:47.0212 2120 Scan finished
04:49:47.0212 2120 ============================================================
04:49:47.0227 3388 Detected object count: 44
04:49:47.0227 3388 Actual detected object count: 44
04:50:49.0378 3388 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0378 3388 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0378 3388 ApfiltrService ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0378 3388 ApfiltrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0378 3388 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0378 3388 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0378 3388 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0378 3388 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0378 3388 camsvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0378 3388 camsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0378 3388 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0378 3388 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0393 3388 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0393 3388 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0393 3388 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0393 3388 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0393 3388 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0393 3388 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0393 3388 GameConsoleService ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0393 3388 GameConsoleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0393 3388 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0393 3388 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0409 3388 gupdate ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0409 3388 gupdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0409 3388 gupdatem ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0409 3388 gupdatem ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0409 3388 gusvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0409 3388 gusvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0409 3388 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0409 3388 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0409 3388 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0409 3388 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0425 3388 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0425 3388 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0425 3388 iPod Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0425 3388 iPod Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0425 3388 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0425 3388 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0425 3388 MpNWMon ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0425 3388 MpNWMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0425 3388 NisDrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0425 3388 NisDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0425 3388 odserv ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0425 3388 odserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0440 3388 ose ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0440 3388 ose ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0440 3388 PGEffect ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0440 3388 PGEffect ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0440 3388 PMCF ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0440 3388 PMCF ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0440 3388 rimspci ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0440 3388 rimspci ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0440 3388 rixdpcie ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0440 3388 rixdpcie ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0440 3388 RTL8169 ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0440 3388 RTL8169 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0456 3388 rtl819xpn64 ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0456 3388 rtl819xpn64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0456 3388 RtlProt ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0456 3388 RtlProt ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0456 3388 SymIM ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0456 3388 SymIM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0456 3388 tdcmdpst ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0456 3388 tdcmdpst ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0456 3388 Thpdrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0456 3388 Thpdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0456 3388 Thpevm ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0456 3388 Thpevm ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0471 3388 Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0471 3388 Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0471 3388 TNaviSrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0471 3388 TNaviSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0471 3388 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0471 3388 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0471 3388 TosCoSrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0471 3388 TosCoSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0471 3388 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0471 3388 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0471 3388 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0471 3388 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0487 3388 TVALZ ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0487 3388 TVALZ ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0487 3388 wlidsvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0487 3388 wlidsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0487 3388 YahooAUService ( UnsignedFile.Multi.Generic ) - skipped by user
04:50:49.0487 3388 YahooAUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:50:49.0503 3388 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
04:50:49.0503 3388 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
04:50:49.0503 3388 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
04:50:49.0518 3388 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
04:50:49.0549 3388 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
04:50:49.0549 3388 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
04:50:49.0549 3388 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
04:50:49.0549 3388 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
04:50:49.0549 3388 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
04:50:49.0549 3388 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
04:50:49.0549 3388 \Device\Harddisk0\DR0\TDLFS - deleted
04:50:49.0549 3388 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
04:52:17.0690 2152 ============================================================
04:52:17.0690 2152 Scan started
04:52:17.0690 2152 Mode: Manual; SigCheck; TDLFS;
04:52:17.0690 2152 ============================================================
04:52:17.0877 2152 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:52:17.0892 2152 1394ohci - ok
04:52:17.0924 2152 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:52:17.0939 2152 ACPI - ok
04:52:17.0955 2152 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:52:17.0970 2152 AcpiPmi - ok
04:52:18.0095 2152 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:52:18.0111 2152 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
04:52:18.0111 2152 AdobeFlashPlayerUpdateSvc - detected UnsignedFile.Multi.Generic (1)
04:52:18.0173 2152 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
04:52:18.0189 2152 adp94xx - ok
04:52:18.0204 2152 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
04:52:18.0220 2152 adpahci - ok
04:52:18.0251 2152 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
04:52:18.0251 2152 adpu320 - ok
04:52:18.0298 2152 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:52:18.0345 2152 AeLookupSvc - ok
04:52:18.0376 2152 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
04:52:18.0392 2152 AFD - ok
04:52:18.0454 2152 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
04:52:18.0485 2152 AgereSoftModem - ok
04:52:18.0516 2152 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:52:18.0532 2152 agp440 - ok
04:52:18.0548 2152 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:52:18.0563 2152 ALG - ok
04:52:18.0579 2152 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:52:18.0579 2152 aliide - ok
04:52:18.0594 2152 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:52:18.0594 2152 amdide - ok
04:52:18.0610 2152 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
04:52:18.0626 2152 AmdK8 - ok
04:52:18.0641 2152 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
04:52:18.0657 2152 AmdPPM - ok
04:52:18.0672 2152 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:52:18.0688 2152 amdsata - ok
04:52:18.0704 2152 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
04:52:18.0719 2152 amdsbs - ok
04:52:18.0735 2152 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:52:18.0735 2152 amdxata - ok
04:52:18.0782 2152 ApfiltrService (7eaf337dfa1d6766b585c0559d55e27f) C:\Windows\system32\DRIVERS\Apfiltr.sys
04:52:19.0000 2152 ApfiltrService ( UnsignedFile.Multi.Generic ) - warning
04:52:19.0000 2152 ApfiltrService - detected UnsignedFile.Multi.Generic (1)
04:52:19.0016 2152 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:52:19.0047 2152 AppID - ok
04:52:19.0094 2152 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:52:19.0125 2152 AppIDSvc - ok
04:52:19.0140 2152 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
04:52:19.0172 2152 Appinfo - ok
04:52:19.0281 2152 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:52:19.0296 2152 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
04:52:19.0296 2152 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
04:52:19.0312 2152 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
04:52:19.0328 2152 arc - ok
04:52:19.0359 2152 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
04:52:19.0359 2152 arcsas - ok
04:52:19.0374 2152 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:52:19.0421 2152 AsyncMac - ok
04:52:19.0437 2152 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:52:19.0437 2152 atapi - ok
04:52:19.0499 2152 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:52:19.0546 2152 AudioEndpointBuilder - ok
04:52:19.0562 2152 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:52:19.0624 2152 AudioSrv - ok
04:52:19.0718 2152 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
04:52:19.0733 2152 AxInstSV - ok
04:52:19.0780 2152 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
04:52:19.0796 2152 b06bdrv - ok
04:52:19.0842 2152 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:52:19.0858 2152 b57nd60a - ok
04:52:19.0874 2152 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:52:19.0889 2152 BDESVC - ok
04:52:19.0920 2152 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:52:19.0952 2152 Beep - ok
04:52:20.0014 2152 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
04:52:20.0061 2152 BFE - ok
04:52:20.0123 2152 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
04:52:20.0186 2152 BITS - ok
04:52:20.0248 2152 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:52:20.0264 2152 blbdrive - ok
04:52:20.0357 2152 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
04:52:20.0373 2152 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
04:52:20.0373 2152 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
04:52:20.0388 2152 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:52:20.0404 2152 bowser - ok
04:52:20.0420 2152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
04:52:20.0435 2152 BrFiltLo - ok
04:52:20.0435 2152 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
04:52:20.0451 2152 BrFiltUp - ok
04:52:20.0482 2152 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:52:20.0529 2152 BridgeMP - ok
04:52:20.0576 2152 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
04:52:20.0607 2152 Browser - ok
04:52:20.0638 2152 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:52:20.0654 2152 Brserid - ok
04:52:20.0669 2152 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:52:20.0685 2152 BrSerWdm - ok
04:52:20.0700 2152 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:52:20.0716 2152 BrUsbMdm - ok
04:52:20.0732 2152 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:52:20.0732 2152 BrUsbSer - ok
04:52:20.0747 2152 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
04:52:20.0763 2152 BTHMODEM - ok
04:52:20.0794 2152 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:52:20.0825 2152 bthserv - ok
04:52:20.0903 2152 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
04:52:20.0919 2152 camsvc ( UnsignedFile.Multi.Generic ) - warning
04:52:20.0919 2152 camsvc - detected UnsignedFile.Multi.Generic (1)
04:52:21.0028 2152 catchme - ok
04:52:21.0059 2152 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:52:21.0106 2152 cdfs - ok
04:52:21.0122 2152 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
04:52:21.0122 2152 cdrom - ok
04:52:21.0168 2152 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:52:21.0200 2152 CertPropSvc - ok
04:52:21.0231 2152 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
04:52:21.0246 2152 circlass - ok
04:52:21.0278 2152 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:52:21.0293 2152 CLFS - ok
04:52:21.0371 2152 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:52:21.0512 2152 clr_optimization_v2.0.50727_32 - ok
04:52:21.0558 2152 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:52:21.0683 2152 clr_optimization_v2.0.50727_64 - ok
04:52:21.0746 2152 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:52:21.0870 2152 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - warning
04:52:21.0870 2152 clr_optimization_v4.0.30319_32 - detected UnsignedFile.Multi.Generic (1)
04:52:21.0902 2152 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:52:22.0182 2152 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - warning
04:52:22.0182 2152 clr_optimization_v4.0.30319_64 - detected UnsignedFile.Multi.Generic (1)
04:52:22.0229 2152 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:52:22.0245 2152 CmBatt - ok
04:52:22.0260 2152 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:52:22.0276 2152 cmdide - ok
04:52:22.0323 2152 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:52:22.0354 2152 CNG - ok
04:52:22.0370 2152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:52:22.0401 2152 Compbatt - ok
04:52:22.0416 2152 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
04:52:22.0432 2152 CompositeBus - ok
04:52:22.0432 2152 COMSysApp - ok
04:52:22.0526 2152 ConfigFree Gadget Service (bcf2c3177e4777e3793310bac0244c1a) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
04:52:22.0526 2152 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - warning
04:52:22.0526 2152 ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic (1)
04:52:22.0557 2152 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
04:52:22.0572 2152 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
04:52:22.0572 2152 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
04:52:22.0619 2152 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
04:52:22.0619 2152 crcdisk - ok
04:52:22.0666 2152 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
04:52:22.0697 2152 CryptSvc - ok
04:52:22.0760 2152 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:52:22.0806 2152 DcomLaunch - ok
04:52:22.0822 2152 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:52:22.0869 2152 defragsvc - ok
04:52:22.0884 2152 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:52:22.0931 2152 DfsC - ok
04:52:22.0947 2152 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
04:52:22.0994 2152 Dhcp - ok
04:52:23.0025 2152 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:52:23.0056 2152 discache - ok
04:52:23.0087 2152 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
04:52:23.0087 2152 Disk - ok
04:52:23.0118 2152 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
04:52:23.0134 2152 Dnscache - ok
04:52:23.0165 2152 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
04:52:23.0212 2152 dot3svc - ok
04:52:23.0228 2152 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
04:52:23.0274 2152 DPS - ok
04:52:23.0321 2152 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:52:23.0321 2152 drmkaud - ok
04:52:23.0399 2152 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:52:23.0415 2152 DXGKrnl - ok
04:52:23.0446 2152 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:52:23.0477 2152 EapHost - ok
04:52:23.0618 2152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
04:52:23.0680 2152 ebdrv - ok
04:52:23.0789 2152 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
04:52:23.0789 2152 EFS - ok
04:52:23.0883 2152 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
04:52:23.0914 2152 ehRecvr - ok
04:52:23.0930 2152 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:52:23.0945 2152 ehSched - ok
04:52:24.0023 2152 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
04:52:24.0039 2152 elxstor - ok
04:52:24.0054 2152 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:52:24.0070 2152 ErrDev - ok
04:52:24.0117 2152 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:52:24.0164 2152 EventSystem - ok
04:52:24.0179 2152 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:52:24.0226 2152 exfat - ok
04:52:24.0242 2152 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:52:24.0273 2152 fastfat - ok
04:52:24.0320 2152 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
04:52:24.0335 2152 Fax - ok
04:52:24.0366 2152 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
04:52:24.0382 2152 fdc - ok
04:52:24.0398 2152 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:52:24.0429 2152 fdPHost - ok
04:52:24.0460 2152 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:52:24.0507 2152 FDResPub - ok
04:52:24.0507 2152 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:52:24.0522 2152 FileInfo - ok
04:52:24.0538 2152 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:52:24.0569 2152 Filetrace - ok
04:52:24.0585 2152 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
04:52:24.0600 2152 flpydisk - ok
04:52:24.0616 2152 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:52:24.0632 2152 FltMgr - ok
04:52:24.0694 2152 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
04:52:24.0725 2152 FontCache - ok
04:52:24.0803 2152 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:52:24.0928 2152 FontCache3.0.0.0 - ok
04:52:25.0037 2152 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:52:25.0053 2152 FsDepends - ok
04:52:25.0068 2152 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:52:25.0068 2152 Fs_Rec - ok
04:52:25.0084 2152 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:52:25.0100 2152 fvevol - ok
04:52:25.0115 2152 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
04:52:25.0131 2152 gagp30kx - ok
04:52:25.0240 2152 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
04:52:25.0318 2152 GameConsoleService ( UnsignedFile.Multi.Generic ) - warning
04:52:25.0318 2152 GameConsoleService - detected UnsignedFile.Multi.Generic (1)
04:52:25.0349 2152 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:52:25.0474 2152 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - warning
04:52:25.0474 2152 GEARAspiWDM - detected UnsignedFile.Multi.Generic (1)
04:52:25.0536 2152 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
04:52:25.0583 2152 gpsvc - ok
04:52:25.0661 2152 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:52:25.0677 2152 gupdate ( UnsignedFile.Multi.Generic ) - warning
04:52:25.0677 2152 gupdate - detected UnsignedFile.Multi.Generic (1)
04:52:25.0677 2152 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:52:25.0692 2152 gupdatem ( UnsignedFile.Multi.Generic ) - warning
04:52:25.0692 2152 gupdatem - detected UnsignedFile.Multi.Generic (1)
04:52:25.0739 2152 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:52:25.0755 2152 gusvc ( UnsignedFile.Multi.Generic ) - warning
04:52:25.0755 2152 gusvc - detected UnsignedFile.Multi.Generic (1)
04:52:25.0786 2152 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:52:25.0802 2152 hcw85cir - ok
04:52:25.0833 2152 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:52:25.0848 2152 HDAudBus - ok
04:52:25.0864 2152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
04:52:25.0864 2152 HidBatt - ok
04:52:25.0880 2152 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
04:52:25.0895 2152 HidBth - ok
04:52:25.0911 2152 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
04:52:25.0926 2152 HidIr - ok
04:52:25.0973 2152 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:52:26.0004 2152 hidserv - ok
04:52:26.0020 2152 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:52:26.0036 2152 HidUsb - ok
04:52:26.0051 2152 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
04:52:26.0098 2152 hkmsvc - ok
04:52:26.0114 2152 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
04:52:26.0129 2152 HomeGroupListener - ok
04:52:26.0160 2152 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
04:52:26.0176 2152 HomeGroupProvider - ok
04:52:26.0207 2152 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:52:26.0207 2152 HpSAMD - ok
04:52:26.0254 2152 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:52:26.0301 2152 HTTP - ok
04:52:26.0332 2152 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:52:26.0348 2152 hwpolicy - ok
04:52:26.0363 2152 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
04:52:26.0379 2152 i8042prt - ok
04:52:26.0426 2152 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\drivers\iaStor.sys
04:52:26.0582 2152 iaStor ( UnsignedFile.Multi.Generic ) - warning
04:52:26.0582 2152 iaStor - detected UnsignedFile.Multi.Generic (1)
04:52:26.0628 2152 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:52:26.0644 2152 iaStorV - ok
04:52:26.0738 2152 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
04:52:26.0738 2152 IDriverT ( UnsignedFile.Multi.Generic ) - warning
04:52:26.0738 2152 IDriverT - detected UnsignedFile.Multi.Generic (1)
04:52:26.0847 2152 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:52:26.0987 2152 idsvc - ok
04:52:27.0284 2152 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
04:52:27.0377 2152 igfx - ok
04:52:27.0502 2152 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
04:52:27.0502 2152 iirsp - ok
04:52:27.0564 2152 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
04:52:27.0611 2152 IKEEXT - ok
04:52:27.0720 2152 IntcAzAudAddService (b6e61b181884527cc5b68c2d79504b43) C:\Windows\system32\drivers\RTKVHD64.sys
04:52:27.0939 2152 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
04:52:27.0939 2152 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
04:52:28.0110 2152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:52:28.0110 2152 intelide - ok
04:52:28.0126 2152 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:52:28.0142 2152 intelppm - ok
04:52:28.0173 2152 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:52:28.0204 2152 IPBusEnum - ok
04:52:28.0235 2152 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:52:28.0266 2152 IpFilterDriver - ok
04:52:28.0329 2152 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
04:52:28.0360 2152 iphlpsvc - ok
04:52:28.0391 2152 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:52:28.0391 2152 IPMIDRV - ok
04:52:28.0422 2152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:52:28.0469 2152 IPNAT - ok
04:52:28.0578 2152 iPod Service (f0eac938ecc1b2764d04ce16f8627e56) C:\Program Files\iPod\bin\iPodService.exe
04:52:28.0610 2152 iPod Service ( UnsignedFile.Multi.Generic ) - warning
04:52:28.0610 2152 iPod Service - detected UnsignedFile.Multi.Generic (1)
04:52:28.0641 2152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:52:28.0656 2152 IRENUM - ok
04:52:28.0672 2152 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:52:28.0672 2152 isapnp - ok
04:52:28.0703 2152 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:52:28.0719 2152 iScsiPrt - ok
04:52:28.0734 2152 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
04:52:28.0734 2152 kbdclass - ok
04:52:28.0750 2152 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:52:28.0766 2152 kbdhid - ok
04:52:28.0781 2152 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:52:28.0797 2152 KeyIso - ok
04:52:28.0812 2152 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:52:28.0812 2152 KSecDD - ok
04:52:28.0844 2152 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:52:28.0859 2152 KSecPkg - ok
04:52:28.0890 2152 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:52:28.0937 2152 ksthunk - ok
04:52:28.0984 2152 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:52:29.0031 2152 KtmRm - ok
04:52:29.0062 2152 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
04:52:29.0109 2152 LanmanServer - ok
04:52:29.0140 2152 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
04:52:29.0187 2152 LanmanWorkstation - ok
04:52:29.0296 2152 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
04:52:29.0296 2152 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
04:52:29.0296 2152 LightScribeService - detected UnsignedFile.Multi.Generic (1)
04:52:29.0343 2152 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:52:29.0374 2152 lltdio - ok
04:52:29.0421 2152 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:52:29.0452 2152 lltdsvc - ok
04:52:29.0483 2152 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:52:29.0530 2152 lmhosts - ok
04:52:29.0546 2152 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
04:52:29.0561 2152 LSI_FC - ok
04:52:29.0592 2152 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
04:52:29.0608 2152 LSI_SAS - ok
04:52:29.0624 2152 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
04:52:29.0639 2152 LSI_SAS2 - ok
04:52:29.0686 2152 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
04:52:29.0702 2152 LSI_SCSI - ok
04:52:29.0733 2152 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:52:29.0780 2152 luafv - ok
04:52:29.0811 2152 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
04:52:29.0826 2152 Mcx2Svc - ok
04:52:29.0858 2152 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
04:52:29.0873 2152 megasas - ok
04:52:29.0904 2152 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
04:52:29.0920 2152 MegaSR - ok
04:52:29.0936 2152 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:52:29.0982 2152 MMCSS - ok
04:52:30.0014 2152 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:52:30.0060 2152 Modem - ok
04:52:30.0076 2152 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:52:30.0107 2152 monitor - ok
04:52:30.0123 2152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:52:30.0138 2152 mouclass - ok
04:52:30.0154 2152 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:52:30.0170 2152 mouhid - ok
04:52:30.0185 2152 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:52:30.0201 2152 mountmgr - ok
04:52:30.0248 2152 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
04:52:30.0263 2152 MpFilter - ok
04:52:30.0279 2152 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:52:30.0294 2152 mpio - ok
04:52:30.0372 2152 MpKsle154af47 - ok
04:52:30.0404 2152 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
04:52:30.0684 2152 MpNWMon ( UnsignedFile.Multi.Generic ) - warning
04:52:30.0684 2152 MpNWMon - detected UnsignedFile.Multi.Generic (1)
04:52:30.0731 2152 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:52:30.0778 2152 mpsdrv - ok
04:52:30.0794 2152 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:52:30.0825 2152 MRxDAV - ok
04:52:30.0856 2152 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:52:30.0872 2152 mrxsmb - ok
04:52:30.0903 2152 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:52:30.0918 2152 mrxsmb10 - ok
04:52:30.0950 2152 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:52:30.0965 2152 mrxsmb20 - ok
04:52:30.0981 2152 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:52:30.0996 2152 msahci - ok
04:52:31.0012 2152 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:52:31.0028 2152 msdsm - ok
04:52:31.0059 2152 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:52:31.0074 2152 MSDTC - ok
04:52:31.0137 2152 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:52:31.0168 2152 Msfs - ok
04:52:31.0184 2152 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:52:31.0230 2152 mshidkmdf - ok
04:52:31.0246 2152 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:52:31.0262 2152 msisadrv - ok
04:52:31.0308 2152 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:52:31.0340 2152 MSiSCSI - ok
04:52:31.0355 2152 msiserver - ok
04:52:31.0386 2152 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:52:31.0433 2152 MSKSSRV - ok
04:52:31.0449 2152 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:52:31.0496 2152 MSPCLOCK - ok
04:52:31.0496 2152 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:52:31.0542 2152 MSPQM - ok
04:52:31.0574 2152 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:52:31.0605 2152 MsRPC - ok
04:52:31.0636 2152 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
04:52:31.0652 2152 mssmbios - ok
04:52:31.0667 2152 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:52:31.0714 2152 MSTEE - ok
04:52:31.0730 2152 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
04:52:31.0745 2152 MTConfig - ok
04:52:31.0761 2152 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:52:31.0776 2152 Mup - ok
04:52:31.0823 2152 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
04:52:31.0870 2152 napagent - ok
04:52:31.0901 2152 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:52:31.0932 2152 NativeWifiP - ok
04:52:31.0995 2152 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:52:32.0026 2152 NDIS - ok
04:52:32.0057 2152 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:52:32.0088 2152 NdisCap - ok
04:52:32.0120 2152 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:52:32.0151 2152 NdisTapi - ok
04:52:32.0182 2152 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:52:32.0213 2152 Ndisuio - ok
04:52:32.0229 2152 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:52:32.0291 2152 NdisWan - ok
04:52:32.0322 2152 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:52:32.0354 2152 NDProxy - ok
04:52:32.0369 2152 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:52:32.0416 2152 NetBIOS - ok
04:52:32.0463 2152 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:52:32.0494 2152 NetBT - ok
04:52:32.0525 2152 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:52:32.0541 2152 Netlogon - ok
04:52:32.0572 2152 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:52:32.0619 2152 Netman - ok
04:52:32.0650 2152 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:52:32.0697 2152 netprofm - ok
04:52:32.0790 2152 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:52:32.0931 2152 NetTcpPortSharing - ok
04:52:33.0024 2152 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
04:52:33.0024 2152 nfrd960 - ok
04:52:33.0071 2152 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:52:33.0352 2152 NisDrv ( UnsignedFile.Multi.Generic ) - warning
04:52:33.0352 2152 NisDrv - detected UnsignedFile.Multi.Generic (1)
04:52:33.0477 2152 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
04:52:33.0492 2152 NisSrv - ok
04:52:33.0539 2152 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
04:52:33.0570 2152 NlaSvc - ok
04:52:33.0586 2152 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:52:33.0633 2152 Npfs - ok
04:52:33.0648 2152 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:52:33.0680 2152 nsi - ok
04:52:33.0711 2152 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:52:33.0742 2152 nsiproxy - ok
04:52:33.0851 2152 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:52:33.0898 2152 Ntfs - ok
04:52:34.0023 2152 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:52:34.0070 2152 Null - ok
04:52:34.0101 2152 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:52:34.0116 2152 nvraid - ok
04:52:34.0132 2152 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:52:34.0148 2152 nvstor - ok
04:52:34.0179 2152 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:52:34.0179 2152 nv_agp - ok
04:52:34.0288 2152 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:52:34.0428 2152 odserv ( UnsignedFile.Multi.Generic ) - warning
04:52:34.0428 2152 odserv - detected UnsignedFile.Multi.Generic (1)
04:52:34.0522 2152 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:52:34.0538 2152 ohci1394 - ok
04:52:34.0569 2152 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:52:34.0631 2152 ose ( UnsignedFile.Multi.Generic ) - warning
04:52:34.0631 2152 ose - detected UnsignedFile.Multi.Generic (1)
04:52:34.0678 2152 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:52:34.0694 2152 p2pimsvc - ok
04:52:34.0740 2152 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:52:34.0756 2152 p2psvc - ok
04:52:34.0772 2152 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
04:52:34.0787 2152 Parport - ok
04:52:34.0803 2152 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:52:34.0803 2152 partmgr - ok
04:52:34.0834 2152 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:52:34.0850 2152 PcaSvc - ok
04:52:34.0881 2152 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:52:34.0896 2152 pci - ok
04:52:34.0896 2152 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:52:34.0912 2152 pciide - ok
04:52:34.0928 2152 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
04:52:34.0943 2152 pcmcia - ok
04:52:34.0959 2152 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:52:34.0974 2152 pcw - ok
04:52:35.0006 2152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:52:35.0052 2152 PEAUTH - ok
04:52:35.0146 2152 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:52:35.0162 2152 PerfHost - ok
04:52:35.0208 2152 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
04:52:35.0349 2152 PGEffect ( UnsignedFile.Multi.Generic ) - warning
04:52:35.0349 2152 PGEffect - detected UnsignedFile.Multi.Generic (1)
04:52:35.0489 2152 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
04:52:35.0536 2152 pla - ok
04:52:35.0598 2152 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
04:52:35.0614 2152 PlugPlay - ok
04:52:35.0676 2152 PMCF (b7a792764e896e8621901550908d6ad8) C:\Windows\system32\drivers\PMCF.sys
04:52:35.0692 2152 PMCF ( UnsignedFile.Multi.Generic ) - warning
04:52:35.0692 2152 PMCF - detected UnsignedFile.Multi.Generic (1)
04:52:35.0723 2152 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:52:35.0739 2152 PNRPAutoReg - ok
04:52:35.0770 2152 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:52:35.0786 2152 PNRPsvc - ok
04:52:35.0832 2152 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
04:52:35.0879 2152 PolicyAgent - ok
04:52:35.0942 2152 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:52:35.0988 2152 Power - ok
04:52:36.0035 2152 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:52:36.0082 2152 PptpMiniport - ok
04:52:36.0098 2152 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
04:52:36.0113 2152 Processor - ok
04:52:36.0160 2152 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
04:52:36.0191 2152 ProfSvc - ok
04:52:36.0222 2152 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:52:36.0238 2152 ProtectedStorage - ok
04:52:36.0254 2152 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:52:36.0300 2152 Psched - ok
04:52:36.0378 2152 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
04:52:36.0425 2152 ql2300 - ok
04:52:36.0550 2152 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
04:52:36.0566 2152 ql40xx - ok
04:52:36.0597 2152 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:52:36.0628 2152 QWAVE - ok
04:52:36.0644 2152 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:52:36.0659 2152 QWAVEdrv - ok
04:52:36.0675 2152 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:52:36.0706 2152 RasAcd - ok
04:52:36.0737 2152 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:52:36.0784 2152 RasAgileVpn - ok
04:52:36.0800 2152 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:52:36.0831 2152 RasAuto - ok
04:52:36.0846 2152 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:52:36.0893 2152 Rasl2tp - ok
04:52:36.0940 2152 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
04:52:36.0987 2152 RasMan - ok
04:52:37.0002 2152 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:52:37.0034 2152 RasPppoe - ok
04:52:37.0065 2152 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:52:37.0112 2152 RasSstp - ok
04:52:37.0127 2152 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:52:37.0174 2152 rdbss - ok
04:52:37.0190 2152 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
04:52:37.0205 2152 rdpbus - ok
04:52:37.0205 2152 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:52:37.0252 2152 RDPCDD - ok
04:52:37.0268 2152 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:52:37.0299 2152 RDPENCDD - ok
04:52:37.0314 2152 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:52:37.0361 2152 RDPREFMP - ok
04:52:37.0392 2152 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
04:52:37.0408 2152 RDPWD - ok
04:52:37.0424 2152 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:52:37.0439 2152 rdyboost - ok
04:52:37.0470 2152 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
04:52:37.0517 2152 RemoteAccess - ok
04:52:37.0548 2152 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:52:37.0580 2152 RemoteRegistry - ok
04:52:37.0611 2152 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
04:52:37.0736 2152 rimspci ( UnsignedFile.Multi.Generic ) - warning
04:52:37.0736 2152 rimspci - detected UnsignedFile.Multi.Generic (1)
04:52:37.0814 2152 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
04:52:37.0938 2152 rixdpcie ( UnsignedFile.Multi.Generic ) - warning
04:52:37.0938 2152 rixdpcie - detected UnsignedFile.Multi.Generic (1)
04:52:37.0954 2152 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:52:38.0001 2152 RpcEptMapper - ok
04:52:38.0016 2152 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:52:38.0032 2152 RpcLocator - ok
04:52:38.0063 2152 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
04:52:38.0110 2152 RpcSs - ok
04:52:38.0172 2152 RSELSVC - ok
04:52:38.0219 2152 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:52:38.0250 2152 rspndr - ok
04:52:38.0297 2152 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
04:52:38.0453 2152 RTL8169 ( UnsignedFile.Multi.Generic ) - warning
04:52:38.0453 2152 RTL8169 - detected UnsignedFile.Multi.Generic (1)
04:52:38.0547 2152 rtl819xpn64 (44062ea1bdb558d28c1a5f36c24a1db8) C:\Windows\system32\DRIVERS\rtl819xp.sys
04:52:38.0687 2152 rtl819xpn64 ( UnsignedFile.Multi.Generic ) - warning
04:52:38.0687 2152 rtl819xpn64 - detected UnsignedFile.Multi.Generic (1)
04:52:38.0734 2152 RtlProt (d1664991a07acf2703d4a4e5be4b6c80) C:\Windows\system32\DRIVERS\rtlprot.sys
04:52:38.0906 2152 RtlProt ( UnsignedFile.Multi.Generic ) - warning
04:52:38.0906 2152 RtlProt - detected UnsignedFile.Multi.Generic (1)
04:52:38.0921 2152 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:52:38.0937 2152 SamSs - ok
04:52:38.0952 2152 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:52:38.0968 2152 sbp2port - ok
04:52:38.0999 2152 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:52:39.0046 2152 SCardSvr - ok
04:52:39.0077 2152 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:52:39.0108 2152 scfilter - ok
04:52:39.0171 2152 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
04:52:39.0233 2152 Schedule - ok
04:52:39.0264 2152 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:52:39.0296 2152 SCPolicySvc - ok
04:52:39.0342 2152 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
04:52:39.0358 2152 sdbus - ok
04:52:39.0389 2152 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
04:52:39.0405 2152 SDRSVC - ok
04:52:39.0498 2152 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
04:52:39.0498 2152 SeaPort - ok
04:52:39.0545 2152 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:52:39.0576 2152 secdrv - ok
04:52:39.0592 2152 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
04:52:39.0623 2152 seclogon - ok
04:52:39.0654 2152 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:52:39.0701 2152 SENS - ok
04:52:39.0717 2152 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:52:39.0717 2152 SensrSvc - ok
04:52:39.0732 2152 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
04:52:39.0748 2152 Serenum - ok
04:52:39.0764 2152 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
04:52:39.0779 2152 Serial - ok
04:52:39.0779 2152 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
04:52:39.0795 2152 sermouse - ok
04:52:39.0826 2152 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
04:52:39.0873 2152 SessionEnv - ok
04:52:39.0904 2152 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:52:39.0920 2152 sffdisk - ok
04:52:39.0920 2152 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:52:39.0935 2152 sffp_mmc - ok
04:52:39.0951 2152 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:52:39.0966 2152 sffp_sd - ok
04:52:39.0982 2152 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
04:52:39.0998 2152 sfloppy - ok
04:52:40.0044 2152 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:52:40.0076 2152 SharedAccess - ok
04:52:40.0122 2152 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
04:52:40.0169 2152 ShellHWDetection - ok
04:52:40.0200 2152 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
04:52:40.0216 2152 SiSRaid2 - ok
04:52:40.0232 2152 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
04:52:40.0247 2152 SiSRaid4 - ok
04:52:40.0278 2152 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:52:40.0310 2152 Smb - ok
04:52:40.0341 2152 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:52:40.0341 2152 SNMPTRAP - ok
04:52:40.0356 2152 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:52:40.0372 2152 spldr - ok
04:52:40.0403 2152 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
04:52:40.0450 2152 Spooler - ok
04:52:40.0622 2152 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
04:52:40.0700 2152 sppsvc - ok
04:52:40.0824 2152 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:52:40.0856 2152 sppuinotify - ok
04:52:40.0902 2152 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:52:40.0918 2152 srv - ok
04:52:40.0949 2152 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:52:40.0965 2152 srv2 - ok
04:52:40.0980 2152 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:52:40.0996 2152 srvnet - ok
04:52:41.0012 2152 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:52:41.0058 2152 SSDPSRV - ok
04:52:41.0074 2152 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:52:41.0121 2152 SstpSvc - ok
04:52:41.0152 2152 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
04:52:41.0152 2152 stexstor - ok
04:52:41.0214 2152 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
04:52:41.0246 2152 stisvc - ok
04:52:41.0261 2152 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
04:52:41.0261 2152 swenum - ok
04:52:41.0308 2152 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:52:41.0355 2152 swprv - ok
04:52:41.0370 2152 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
04:52:41.0511 2152 SymIM ( UnsignedFile.Multi.Generic ) - warning
04:52:41.0511 2152 SymIM - detected UnsignedFile.Multi.Generic (1)
04:52:41.0682 2152 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
04:52:41.0714 2152 SysMain - ok
04:52:41.0838 2152 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
04:52:41.0854 2152 TabletInputService - ok
04:52:41.0901 2152 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
04:52:41.0932 2152 TapiSrv - ok
04:52:41.0948 2152 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:52:41.0994 2152 TBS - ok
04:52:42.0088 2152 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:52:42.0135 2152 Tcpip - ok
04:52:42.0353 2152 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:52:42.0400 2152 TCPIP6 - ok
04:52:42.0556 2152 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:52:42.0587 2152 tcpipreg - ok
04:52:42.0618 2152 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
04:52:42.0759 2152 tdcmdpst ( UnsignedFile.Multi.Generic ) - warning
04:52:42.0759 2152 tdcmdpst - detected UnsignedFile.Multi.Generic (1)
04:52:42.0774 2152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:52:42.0790 2152 TDPIPE - ok
04:52:42.0806 2152 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
04:52:42.0821 2152 TDTCP - ok
04:52:42.0837 2152 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:52:42.0868 2152 tdx - ok
04:52:42.0884 2152 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
04:52:42.0884 2152 TermDD - ok
04:52:42.0946 2152 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
04:52:42.0993 2152 TermService - ok
04:52:43.0008 2152 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:52:43.0024 2152 Themes - ok
04:52:43.0055 2152 Thpdrv (e29a0c5c97615bffab138abe308733b4) C:\Windows\system32\DRIVERS\thpdrv.sys
04:52:43.0196 2152 Thpdrv ( UnsignedFile.Multi.Generic ) - warning
04:52:43.0196 2152 Thpdrv - detected UnsignedFile.Multi.Generic (1)
04:52:43.0211 2152 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
04:52:43.0352 2152 Thpevm ( UnsignedFile.Multi.Generic ) - warning
04:52:43.0352 2152 Thpevm - detected UnsignedFile.Multi.Generic (1)
04:52:43.0383 2152 Thpsrv (8f0d1a0c9c25cc61e193c0c22422a9ea) C:\Windows\system32\ThpSrv.exe
04:52:43.0414 2152 Thpsrv ( UnsignedFile.Multi.Generic ) - warning
04:52:43.0414 2152 Thpsrv - detected UnsignedFile.Multi.Generic (1)
04:52:43.0445 2152 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:52:43.0476 2152 THREADORDER - ok
04:52:43.0586 2152 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
04:52:43.0601 2152 TNaviSrv ( UnsignedFile.Multi.Generic ) - warning
04:52:43.0601 2152 TNaviSrv - detected UnsignedFile.Multi.Generic (1)
04:52:43.0632 2152 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
04:52:43.0632 2152 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
04:52:43.0632 2152 TODDSrv - detected UnsignedFile.Multi.Generic (1)
04:52:43.0742 2152 TosCoSrv (7810e3a97e004cd2641fd3fc5d2a62cd) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
04:52:43.0757 2152 TosCoSrv ( UnsignedFile.Multi.Generic ) - warning
04:52:43.0757 2152 TosCoSrv - detected UnsignedFile.Multi.Generic (1)
04:52:43.0820 2152 TOSHIBA eco Utility Service (97735d78da5737ea8428d551fa263eea) C:\Program Files\TOSHIBA\TECO\TecoService.exe
04:52:43.0835 2152 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - warning
04:52:43.0835 2152 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic (1)
04:52:43.0866 2152 TOSHIBA HDD SSD Alert Service (b67c69e2982769355d9ff76dd3b2a0fd) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
04:52:43.0866 2152 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - warning
04:52:43.0866 2152 TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic (1)
04:52:43.0913 2152 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:52:43.0944 2152 TrkWks - ok
04:52:44.0007 2152 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
04:52:44.0054 2152 TrustedInstaller - ok
04:52:44.0100 2152 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:52:44.0132 2152 tssecsrv - ok
04:52:44.0147 2152 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:52:44.0163 2152 TsUsbFlt - ok
04:52:44.0178 2152 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
04:52:44.0194 2152 TsUsbGD - ok
04:52:44.0210 2152 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:52:44.0241 2152 tunnel - ok
04:52:44.0272 2152 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
04:52:44.0412 2152 TVALZ ( UnsignedFile.Multi.Generic ) - warning
04:52:44.0412 2152 TVALZ - detected UnsignedFile.Multi.Generic (1)
04:52:44.0428 2152 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
04:52:44.0444 2152 uagp35 - ok
04:52:44.0459 2152 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:52:44.0506 2152 udfs - ok
04:52:44.0553 2152 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:52:44.0568 2152 UI0Detect - ok
04:52:44.0584 2152 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:52:44.0600 2152 uliagpkx - ok
04:52:44.0615 2152 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
04:52:44.0615 2152 umbus - ok
04:52:44.0646 2152 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
04:52:44.0646 2152 UmPass - ok
04:52:44.0678 2152 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:52:44.0724 2152 upnphost - ok
04:52:44.0756 2152 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:52:44.0771 2152 usbccgp - ok
04:52:44.0787 2152 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:52:44.0802 2152 usbcir - ok
04:52:44.0818 2152 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
04:52:44.0834 2152 usbehci - ok
04:52:44.0849 2152 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:52:44.0865 2152 usbhub - ok
04:52:44.0880 2152 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:52:44.0896 2152 usbohci - ok
04:52:44.0927 2152 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:52:44.0943 2152 usbprint - ok
04:52:44.0974 2152 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:52:44.0990 2152 usbscan - ok
04:52:45.0021 2152 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:52:45.0036 2152 USBSTOR - ok
04:52:45.0052 2152 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
04:52:45.0068 2152 usbuhci - ok
04:52:45.0083 2152 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
04:52:45.0114 2152 usbvideo - ok
04:52:45.0161 2152 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:52:45.0192 2152 UxSms - ok
04:52:45.0224 2152 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:52:45.0224 2152 VaultSvc - ok
04:52:45.0255 2152 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:52:45.0270 2152 vdrvroot - ok
04:52:45.0302 2152 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
04:52:45.0348 2152 vds - ok
04:52:45.0364 2152 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:52:45.0380 2152 vga - ok
04:52:45.0395 2152 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:52:45.0426 2152 VgaSave - ok
04:52:45.0458 2152 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:52:45.0458 2152 vhdmp - ok
04:52:45.0489 2152 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:52:45.0489 2152 viaide - ok
04:52:45.0504 2152 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:52:45.0520 2152 volmgr - ok
04:52:46.0191 2152 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:52:46.0206 2152 volmgrx - ok
04:52:46.0222 2152 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:52:46.0238 2152 volsnap - ok
04:52:46.0284 2152 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
04:52:46.0284 2152 vsmraid - ok
04:52:46.0378 2152 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
04:52:46.0440 2152 VSS - ok
04:52:46.0565 2152 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:52:46.0581 2152 vwifibus - ok
04:52:46.0643 2152 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:52:46.0674 2152 W32Time - ok
04:52:46.0690 2152 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
04:52:46.0706 2152 WacomPen - ok
04:52:46.0721 2152 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:52:46.0752 2152 WANARP - ok
04:52:46.0768 2152 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:52:46.0799 2152 Wanarpv6 - ok
04:52:46.0893 2152 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:52:46.0924 2152 WatAdminSvc - ok
04:52:47.0002 2152 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
04:52:47.0033 2152 wbengine - ok
04:52:47.0142 2152 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:52:47.0158 2152 WbioSrvc - ok
04:52:47.0189 2152 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
04:52:47.0205 2152 wcncsvc - ok
04:52:47.0252 2152 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:52:47.0252 2152 WcsPlugInService - ok
04:52:47.0298 2152 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
04:52:47.0314 2152 Wd - ok
04:52:47.0345 2152 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:52:47.0376 2152 Wdf01000 - ok
04:52:47.0376 2152 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:52:47.0408 2152 WdiServiceHost - ok
04:52:47.0408 2152 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:52:47.0423 2152 WdiSystemHost - ok
04:52:47.0454 2152 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
04:52:47.0486 2152 WebClient - ok
04:52:47.0501 2152 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:52:47.0548 2152 Wecsvc - ok
04:52:47.0579 2152 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:52:47.0626 2152 wercplsupport - ok
04:52:47.0642 2152 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:52:47.0673 2152 WerSvc - ok
04:52:47.0751 2152 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:52:47.0782 2152 WfpLwf - ok
04:52:47.0798 2152 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:52:47.0813 2152 WIMMount - ok
04:52:47.0829 2152 WinDefend - ok
04:52:47.0844 2152 WinHttpAutoProxySvc - ok
04:52:47.0907 2152 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:52:47.0954 2152 Winmgmt - ok
04:52:48.0047 2152 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
04:52:48.0110 2152 WinRM - ok
04:52:48.0266 2152 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:52:48.0297 2152 Wlansvc - ok
04:52:48.0468 2152 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:52:48.0640 2152 wlidsvc ( UnsignedFile.Multi.Generic ) - warning
04:52:48.0640 2152 wlidsvc - detected UnsignedFile.Multi.Generic (1)
04:52:48.0812 2152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:52:48.0827 2152 WmiAcpi - ok
04:52:48.0874 2152 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:52:48.0890 2152 wmiApSrv - ok
04:52:48.0936 2152 WMPNetworkSvc - ok
04:52:48.0968 2152 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:52:48.0983 2152 WPCSvc - ok
04:52:48.0983 2152 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
04:52:48.0999 2152 WPDBusEnum - ok
04:52:49.0046 2152 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:52:49.0077 2152 ws2ifsl - ok
04:52:49.0092 2152 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
04:52:49.0108 2152 wscsvc - ok
04:52:49.0124 2152 WSearch - ok
04:52:49.0233 2152 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
04:52:49.0326 2152 wuauserv - ok
04:52:49.0841 2152 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:52:49.0888 2152 WudfPf - ok
04:52:49.0904 2152 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:52:49.0950 2152 WUDFRd - ok
04:52:50.0044 2152 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
04:52:50.0091 2152 wudfsvc - ok
04:52:50.0122 2152 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:52:50.0138 2152 WwanSvc - ok
04:52:50.0247 2152 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
04:52:50.0262 2152 YahooAUService ( UnsignedFile.Multi.Generic ) - warning
04:52:50.0262 2152 YahooAUService - detected UnsignedFile.Multi.Generic (1)
04:52:50.0278 2152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:52:50.0590 2152 \Device\Harddisk0\DR0 - ok
04:52:50.0606 2152 Boot (0x1200) (d50544ec9348457d07cc71f3569c40b9) \Device\Harddisk0\DR0\Partition0
04:52:50.0606 2152 \Device\Harddisk0\DR0\Partition0 - ok
04:52:50.0606 2152 ============================================================
04:52:50.0606 2152 Scan finished
04:52:50.0606 2152 ============================================================
04:52:50.0621 0364 Detected object count: 43
04:52:50.0621 0364 Actual detected object count: 43
04:53:17.0469 0364 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0469 0364 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0469 0364 ApfiltrService ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0469 0364 ApfiltrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0484 0364 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0484 0364 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0484 0364 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0484 0364 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0484 0364 camsvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0484 0364 camsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0484 0364 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0484 0364 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0484 0364 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0484 0364 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0484 0364 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0484 0364 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0500 0364 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0500 0364 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0500 0364 GameConsoleService ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0500 0364 GameConsoleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0500 0364 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0500 0364 GEARAspiWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0500 0364 gupdate ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0500 0364 gupdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0500 0364 gupdatem ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0516 0364 gupdatem ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0516 0364 gusvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0516 0364 gusvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0516 0364 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0516 0364 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0516 0364 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0516 0364 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0516 0364 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0516 0364 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0516 0364 iPod Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0516 0364 iPod Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0531 0364 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0531 0364 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0531 0364 MpNWMon ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0531 0364 MpNWMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0531 0364 NisDrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0531 0364 NisDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0531 0364 odserv ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0531 0364 odserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0531 0364 ose ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0531 0364 ose ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0531 0364 PGEffect ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0531 0364 PGEffect ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0531 0364 PMCF ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0547 0364 PMCF ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0547 0364 rimspci ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0547 0364 rimspci ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0547 0364 rixdpcie ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0547 0364 rixdpcie ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0547 0364 RTL8169 ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0547 0364 RTL8169 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0547 0364 rtl819xpn64 ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0547 0364 rtl819xpn64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0547 0364 RtlProt ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0547 0364 RtlProt ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0547 0364 SymIM ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0562 0364 SymIM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0562 0364 tdcmdpst ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0562 0364 tdcmdpst ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0562 0364 Thpdrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0562 0364 Thpdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0562 0364 Thpevm ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0562 0364 Thpevm ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0562 0364 Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0562 0364 Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0562 0364 TNaviSrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0562 0364 TNaviSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0562 0364 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0562 0364 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0578 0364 TosCoSrv ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0578 0364 TosCoSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0578 0364 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0578 0364 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0578 0364 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0578 0364 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0578 0364 TVALZ ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0578 0364 TVALZ ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0578 0364 wlidsvc ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0578 0364 wlidsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:17.0594 0364 YahooAUService ( UnsignedFile.Multi.Generic ) - skipped by user
04:53:17.0594 0364 YahooAUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:53:22.0991 2728 Deinitialize success
  • 0

#10
Bobcat Bob

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
It seems to have gotten stuck at the same point as before.

It says

System File is infected!! attempting to restore

"C:\Windows\SysWow64\Drivers\atapi.sys"
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Restart your system and leave Combofix for now.

Step 1

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Press button named None Posted Image
  • Under the Custom Scan/Fixes box paste this in

    /md5start
    atapi.*
    /md5stop
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

Step 2

This step will take some time to finish...

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 3

Please don't forget to include these items in your reply:

  • OTL scan log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#12
Bobcat Bob

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
Ok will do after I get me some sleep.

I just didn't want to touch it and make things worse. :unsure:
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You did right thing and ask me. Goodnight and hear you later...
  • 0

#14
Bobcat Bob

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
OTL logfile created on: 7/17/2012 11:29:27 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Book Worm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.67% Memory free
7.93 Gb Paging File | 6.85 Gb Available in Paging File | 86.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.35 Gb Total Space | 191.91 Gb Free Space | 67.02% Space Free | Partition Type: NTFS
Drive D: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOOKWORM-PC | User Name: Book Worm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/16 20:36:09 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/07/16 20:28:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Book Worm\Desktop\OTL.exe
PRC - [2009/04/16 20:42:58 | 000,020,544 | -H-- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 18:57:22 | 000,083,312 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/06 19:27:10 | 000,036,864 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/24 13:40:26 | 000,242,176 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/03/17 13:48:54 | 000,084,480 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 20:30:32 | 000,488,288 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 16:53:28 | 000,055,808 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/08/22 12:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/07/16 20:36:12 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/16 20:42:58 | 000,020,544 | -H-- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 18:57:22 | 000,083,312 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/10 20:51:20 | 000,046,448 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 19:27:10 | 000,036,864 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 18:15:32 | 000,242,424 | -H-- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/08/18 13:59:44 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 13:48:00 | 000,573,440 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/03 04:39:42 | 000,234,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/03/25 19:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/03/19 15:52:02 | 000,016,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PMCF.sys -- (PMCF)
DRV:64bit: - [2009/03/18 13:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/02/12 17:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/02/11 19:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/14 15:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/04 12:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2007/04/23 15:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RtlProt.sys -- (RtlProt)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D9FF2B7C-515B-4143-A51E-EFF739B0B122}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{D9FF2B7C-515B-4143-A51E-EFF739B0B122}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{11D7C32B-22AB-0D04-AB2E-9B7673A21173}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSHB_enUS337
IE - HKCU\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2011/09/20 15:33:48 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2011/09/20 15:33:48 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/20 15:34:24 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/20 15:34:23 | 000,000,000 | -H-D | M]

[2011/09/20 15:50:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Book Worm\AppData\Roaming\Mozilla\Extensions
[2010/07/29 14:37:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Book Worm\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | -H-D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | -H-D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/09/20 15:33:48 | 000,000,000 | -H-D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES (X86)\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/07/17 03:49:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" File not found
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKCU..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ccsjzu.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29E1443A-312E-43AA-8A69-EA08E720E14C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5458E34-ABD2-4FD2-B65C-EB976008761B}: DhcpNameServer = 168.94.0.15 168.94.0.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30:64bit: - LSA: Security Packages - (s) - File not found
O30 - LSA: Security Packages - (s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/12 04:38:58 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 04:57:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/17 04:35:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Book Worm\Desktop\aswMBR.exe
[2012/07/17 04:26:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/17 04:22:17 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Book Worm\Desktop\tdsskiller.exe
[2012/07/17 03:49:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/17 03:47:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/17 03:23:54 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Book Worm\Desktop\ComboFix.exe
[2012/07/17 03:16:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/16 20:36:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/16 20:28:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Book Worm\Desktop\OTL.exe
[2012/07/16 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\Book Worm\AppData\Local\ElevatedDiagnostics
[2012/07/08 22:27:32 | 000,000,000 | ---D | C] -- C:\found.002
[2012/07/07 09:14:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

========== Files - Modified Within 30 Days ==========

[2012/07/17 11:37:02 | 000,000,898 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/17 11:31:31 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 11:31:31 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 11:23:57 | 000,000,894 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/17 11:23:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/17 11:22:50 | 3192,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 04:40:27 | 000,000,512 | ---- | M] () -- C:\Users\Book Worm\Desktop\MBR.dat
[2012/07/17 04:39:27 | 000,000,512 | ---- | M] () -- C:\Users\Book Worm\Documents\MBR.dat
[2012/07/17 04:35:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Book Worm\Desktop\aswMBR.exe
[2012/07/17 04:22:41 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Book Worm\Desktop\tdsskiller.exe
[2012/07/17 04:04:42 | 398,249,076 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/17 03:49:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/17 03:23:58 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Book Worm\Desktop\ComboFix.exe
[2012/07/16 20:36:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/16 20:28:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Book Worm\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2012/07/17 04:40:27 | 000,000,512 | ---- | C] () -- C:\Users\Book Worm\Desktop\MBR.dat
[2012/07/17 04:39:27 | 000,000,512 | ---- | C] () -- C:\Users\Book Worm\Documents\MBR.dat
[2012/07/16 20:36:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/09/03 08:03:09 | 000,256,000 | -H-- | C] () -- C:\Windows\PEV.exe
[2011/09/03 08:03:09 | 000,208,896 | -H-- | C] () -- C:\Windows\MBR.exe
[2011/09/03 08:03:09 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe
[2011/09/03 08:03:09 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe
[2011/09/03 08:03:09 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe
[2010/11/08 10:23:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/25 17:02:55 | 000,000,000 | -H-- | C] () -- C:\Users\Book Worm\jagex__preferences3.dat
[2010/08/25 17:02:47 | 000,000,099 | -H-- | C] () -- C:\Users\Book Worm\jagex_runescape_preferences2.dat
[2010/08/25 17:01:26 | 000,000,046 | -H-- | C] () -- C:\Users\Book Worm\jagex_runescape_preferences.dat

========== LOP Check ==========

[2011/09/20 15:50:22 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\eMusic
[2011/09/20 15:50:24 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Merscom
[2011/09/20 15:50:30 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\PowerCinema
[2011/09/20 15:50:32 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\toshiba
[2011/09/20 15:50:32 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\WildTangent
[2011/09/20 15:50:32 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\WinBatch
[2011/09/20 15:50:32 | 000,000,000 | -H-D | M] -- C:\Users\Book Worm\AppData\Roaming\Xilisoft
[2012/05/05 22:18:24 | 000,032,538 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/04/11 01:15:02 | 000,020,952 | -H-- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\ERDNT\cache64\atapi.sys

< MD5 for: ATAPI.SYS.ND_ >
[2012/07/17 05:08:59 | 000,000,014 | ---- | M] () MD5=4AFCADFC14B4B10564A4D2F2CF50CBC0 -- C:\ComboFix\atapi.sys.ND_

< End of report >
  • 0

#15
Bobcat Bob

Bobcat Bob

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 111 posts
The 2nd scan is running now and has been going for 2 hours and has been stuck at 18% for about an hour now it seems to be stuck on the same file (C:\Documents and Settings\Book Worm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\78c01aa1-2a754d47/buildService/BuildClass.class) for that time, it also says eta to completion is 11 hours is that normal?

So far it has found 3 threats. Also on the left of the screen is a box that has Alarm at the top and has the name of a threat and the file and asks me if I want to Delete or skip do I have to do anything there?

Edited by Bobcat Bob, 17 July 2012 - 01:34 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP