Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help removing trojan.gen.2, trojan.gen and trojan.zeroaccess.b [S

Started by adiii , Jul 21 2012 02:15 PM

Page 3 of 6
1
2
3
4
5

This topic is locked

#31
WhiteHat

Posted 03 August 2012 - 12:04 PM

Trusted Helper

Retired Staff
1,925 posts

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

#32
adiii

Posted 03 August 2012 - 10:02 PM

Member

Topic Starter
Member
47 posts

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: owner [Admin rights]
Mode: Scan -- Date: 08/03/2012 23:45:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x8289B5C3 -> HOOKED (Unknown @ 0x91F37A80)
SSDT[14] : NtAlertThread @ 0x82814255 -> HOOKED (Unknown @ 0x91F37B60)
SSDT[18] : NtAllocateVirtualMemory @ 0x828504FB -> HOOKED (Unknown @ 0x971F03F8)
SSDT[21] : NtAlpcConnectPort @ 0x827F2887 -> HOOKED (Unknown @ 0x87D3CF70)
SSDT[42] : NtAssignProcessToJobObject @ 0x827C5B43 -> HOOKED (Unknown @ 0x91F0BCC8)
SSDT[67] : NtCreateMutant @ 0x82828812 -> HOOKED (Unknown @ 0x91F142B0)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x827C835A -> HOOKED (Unknown @ 0x91F0CE60)
SSDT[78] : NtCreateThread @ 0x82899BE0 -> HOOKED (Unknown @ 0x91F07180)
SSDT[116] : NtDebugActiveProcess @ 0x8286CD22 -> HOOKED (Unknown @ 0x91F0BDA8)
SSDT[129] : NtDuplicateObject @ 0x82800551 -> HOOKED (Unknown @ 0x91FD5C58)
SSDT[147] : NtFreeVirtualMemory @ 0x8268CF1D -> HOOKED (Unknown @ 0x971F0218)
SSDT[156] : NtImpersonateAnonymousToken @ 0x827C2F12 -> HOOKED (Unknown @ 0x91F143A0)
SSDT[158] : NtImpersonateThread @ 0x827D854F -> HOOKED (Unknown @ 0x91F14008)
SSDT[165] : NtLoadDriver @ 0x82773DEE -> HOOKED (Unknown @ 0x87D3CEF8)
SSDT[177] : NtMapViewOfSection @ 0x8281889A -> HOOKED (Unknown @ 0x971F0118)
SSDT[184] : NtOpenEvent @ 0x82801DCF -> HOOKED (Unknown @ 0x91F141D0)
SSDT[194] : NtOpenProcess @ 0x82828FAE -> HOOKED (Unknown @ 0x91F07068)
SSDT[195] : NtOpenProcessToken @ 0x82809A2E -> HOOKED (Unknown @ 0x91FD5B98)
SSDT[197] : NtOpenSection @ 0x8281966D -> HOOKED (Unknown @ 0x91F0BFD0)
SSDT[201] : NtOpenThread @ 0x828244FF -> HOOKED (Unknown @ 0x91FD5D28)
SSDT[210] : NtProtectVirtualMemory @ 0x828222E2 -> HOOKED (Unknown @ 0x91F0BBD8)
SSDT[282] : NtResumeThread @ 0x82823B4A -> HOOKED (Unknown @ 0x91F37C40)
SSDT[289] : NtSetContextThread @ 0x8289B06F -> HOOKED (Unknown @ 0x91FD4C40)
SSDT[305] : NtSetInformationProcess @ 0x8281C8C8 -> HOOKED (Unknown @ 0x91FD4D20)
SSDT[317] : NtSetSystemInformation @ 0x827EEEEB -> HOOKED (Unknown @ 0x91F0BE88)
SSDT[330] : NtSuspendProcess @ 0x8289B4FF -> HOOKED (Unknown @ 0x91F140F0)
SSDT[331] : NtSuspendThread @ 0x827A292B -> HOOKED (Unknown @ 0x91F37D20)
SSDT[334] : NtTerminateProcess @ 0x827F9143 -> HOOKED (Unknown @ 0x91F07260)
SSDT[335] : NtTerminateThread @ 0x82824534 -> HOOKED (Unknown @ 0x91FD4B60)
SSDT[348] : NtUnmapViewOfSection @ 0x82818B5D -> HOOKED (Unknown @ 0x91FD4E10)
SSDT[358] : NtWriteVirtualMemory @ 0x8281592D -> HOOKED (Unknown @ 0x971F0308)
SSDT[382] : NtCreateThreadEx @ 0x82823FE9 -> HOOKED (Unknown @ 0x91F0CF50)
S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x972A28C8)
S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x971DF1A0)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x971DF0E0)
S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x86F125C0)
S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x971DF2E8)
S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x9732F378)
S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x9732F008)
S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x9732F448)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x86F143C8)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x86F0EAA0)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHX2250BT ATA Device +++++
--- User ---
[MBR] 5fda213a8146ffd7df142aa50ce8c7a4
[BSP] 2c60e3e08a4fa002faabe1a5a0bd19e2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 236974 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#33
adiii

Posted 03 August 2012 - 10:03 PM

Member

Topic Starter
Member
47 posts

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: owner [Admin rights]
Mode: Remove -- Date: 08/03/2012 23:48:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x8289B5C3 -> HOOKED (Unknown @ 0x91F37A80)
SSDT[14] : NtAlertThread @ 0x82814255 -> HOOKED (Unknown @ 0x91F37B60)
SSDT[18] : NtAllocateVirtualMemory @ 0x828504FB -> HOOKED (Unknown @ 0x971F03F8)
SSDT[21] : NtAlpcConnectPort @ 0x827F2887 -> HOOKED (Unknown @ 0x87D3CF70)
SSDT[42] : NtAssignProcessToJobObject @ 0x827C5B43 -> HOOKED (Unknown @ 0x91F0BCC8)
SSDT[67] : NtCreateMutant @ 0x82828812 -> HOOKED (Unknown @ 0x91F142B0)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x827C835A -> HOOKED (Unknown @ 0x91F0CE60)
SSDT[78] : NtCreateThread @ 0x82899BE0 -> HOOKED (Unknown @ 0x91F07180)
SSDT[116] : NtDebugActiveProcess @ 0x8286CD22 -> HOOKED (Unknown @ 0x91F0BDA8)
SSDT[129] : NtDuplicateObject @ 0x82800551 -> HOOKED (Unknown @ 0x91FD5C58)
SSDT[147] : NtFreeVirtualMemory @ 0x8268CF1D -> HOOKED (Unknown @ 0x971F0218)
SSDT[156] : NtImpersonateAnonymousToken @ 0x827C2F12 -> HOOKED (Unknown @ 0x91F143A0)
SSDT[158] : NtImpersonateThread @ 0x827D854F -> HOOKED (Unknown @ 0x91F14008)
SSDT[165] : NtLoadDriver @ 0x82773DEE -> HOOKED (Unknown @ 0x87D3CEF8)
SSDT[177] : NtMapViewOfSection @ 0x8281889A -> HOOKED (Unknown @ 0x971F0118)
SSDT[184] : NtOpenEvent @ 0x82801DCF -> HOOKED (Unknown @ 0x91F141D0)
SSDT[194] : NtOpenProcess @ 0x82828FAE -> HOOKED (Unknown @ 0x91F07068)
SSDT[195] : NtOpenProcessToken @ 0x82809A2E -> HOOKED (Unknown @ 0x91FD5B98)
SSDT[197] : NtOpenSection @ 0x8281966D -> HOOKED (Unknown @ 0x91F0BFD0)
SSDT[201] : NtOpenThread @ 0x828244FF -> HOOKED (Unknown @ 0x91FD5D28)
SSDT[210] : NtProtectVirtualMemory @ 0x828222E2 -> HOOKED (Unknown @ 0x91F0BBD8)
SSDT[282] : NtResumeThread @ 0x82823B4A -> HOOKED (Unknown @ 0x91F37C40)
SSDT[289] : NtSetContextThread @ 0x8289B06F -> HOOKED (Unknown @ 0x91FD4C40)
SSDT[305] : NtSetInformationProcess @ 0x8281C8C8 -> HOOKED (Unknown @ 0x91FD4D20)
SSDT[317] : NtSetSystemInformation @ 0x827EEEEB -> HOOKED (Unknown @ 0x91F0BE88)
SSDT[330] : NtSuspendProcess @ 0x8289B4FF -> HOOKED (Unknown @ 0x91F140F0)
SSDT[331] : NtSuspendThread @ 0x827A292B -> HOOKED (Unknown @ 0x91F37D20)
SSDT[334] : NtTerminateProcess @ 0x827F9143 -> HOOKED (Unknown @ 0x91F07260)
SSDT[335] : NtTerminateThread @ 0x82824534 -> HOOKED (Unknown @ 0x91FD4B60)
SSDT[348] : NtUnmapViewOfSection @ 0x82818B5D -> HOOKED (Unknown @ 0x91FD4E10)
SSDT[358] : NtWriteVirtualMemory @ 0x8281592D -> HOOKED (Unknown @ 0x971F0308)
SSDT[382] : NtCreateThreadEx @ 0x82823FE9 -> HOOKED (Unknown @ 0x91F0CF50)
S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x972A28C8)
S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x971DF1A0)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x971DF0E0)
S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x86F125C0)
S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x971DF2E8)
S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x9732F378)
S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x9732F008)
S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x9732F448)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x86F143C8)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x86F0EAA0)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHX2250BT ATA Device +++++
--- User ---
[MBR] 5fda213a8146ffd7df142aa50ce8c7a4
[BSP] 2c60e3e08a4fa002faabe1a5a0bd19e2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 236974 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#34
adiii

Posted 03 August 2012 - 10:03 PM

Member

Topic Starter
Member
47 posts

#35
WhiteHat

Posted 04 August 2012 - 12:45 PM

Trusted Helper

Retired Staff
1,925 posts

Hi,

# Step 1 #
Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Get the report by selecting Reports

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#36
adiii

Posted 05 August 2012 - 04:37 PM

Member

Topic Starter
Member
47 posts

18:15:43.0313 5620 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:15:44.0277 5620 ============================================================
18:15:44.0277 5620 Current date / time: 2012/08/05 18:15:44.0277
18:15:44.0277 5620 SystemInfo:
18:15:44.0277 5620
18:15:44.0277 5620 OS Version: 6.0.6002 ServicePack: 2.0
18:15:44.0277 5620 Product type: Workstation
18:15:44.0278 5620 ComputerName: OWNER-PC
18:15:44.0278 5620 UserName: owner
18:15:44.0278 5620 Windows directory: C:\Windows
18:15:44.0278 5620 System windows directory: C:\Windows
18:15:44.0278 5620 Processor architecture: Intel x86
18:15:44.0279 5620 Number of processors: 2
18:15:44.0279 5620 Page size: 0x1000
18:15:44.0279 5620 Boot type: Normal boot
18:15:44.0279 5620 ============================================================
18:15:48.0091 5620 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:15:48.0142 5620 ============================================================
18:15:48.0143 5620 \Device\Harddisk0\DR0:
18:15:48.0143 5620 MBR partitions:
18:15:48.0143 5620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED7000
18:15:48.0143 5620 ============================================================
18:15:48.0209 5620 C: <-> \Device\Harddisk0\DR0\Partition0
18:15:48.0209 5620 ============================================================
18:15:48.0209 5620 Initialize success
18:15:48.0209 5620 ============================================================
18:19:58.0693 5060 ============================================================
18:19:58.0693 5060 Scan started
18:19:58.0693 5060 Mode: Manual; SigCheck; TDLFS;
18:19:58.0693 5060 ============================================================
18:20:00.0335 5060 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:20:00.0596 5060 ACPI - ok
18:20:02.0882 5060 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:20:03.0029 5060 AdobeFlashPlayerUpdateSvc - ok
18:20:04.0024 5060 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:20:04.0121 5060 adp94xx - ok
18:20:04.0534 5060 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:20:04.0699 5060 adpahci - ok
18:20:04.0979 5060 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:20:05.0032 5060 adpu160m - ok
18:20:05.0630 5060 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:20:05.0735 5060 adpu320 - ok
18:20:06.0345 5060 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:20:08.0648 5060 AeLookupSvc - ok
18:20:09.0345 5060 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:20:09.0797 5060 AFD - ok
18:20:10.0034 5060 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
18:20:10.0255 5060 AgereModemAudio - ok
18:20:10.0855 5060 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:20:11.0056 5060 AgereSoftModem - ok
18:20:11.0117 5060 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:20:11.0137 5060 agp440 - ok
18:20:11.0300 5060 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:20:11.0323 5060 aic78xx - ok
18:20:11.0466 5060 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:20:12.0309 5060 ALG - ok
18:20:12.0389 5060 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:20:12.0408 5060 aliide - ok
18:20:12.0464 5060 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:20:12.0484 5060 amdagp - ok
18:20:12.0533 5060 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:20:12.0555 5060 amdide - ok
18:20:12.0598 5060 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:20:12.0930 5060 AmdK7 - ok
18:20:13.0094 5060 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
18:20:13.0161 5060 AmdK8 - ok
18:20:13.0227 5060 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:20:13.0336 5060 ApfiltrService - ok
18:20:13.0445 5060 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:20:13.0562 5060 Appinfo - ok
18:20:13.0782 5060 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:20:13.0820 5060 Apple Mobile Device - ok
18:20:13.0967 5060 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:20:13.0989 5060 arc - ok
18:20:14.0034 5060 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:20:14.0056 5060 arcsas - ok
18:20:14.0203 5060 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:14.0320 5060 AsyncMac - ok
18:20:14.0418 5060 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:20:14.0438 5060 atapi - ok
18:20:14.0741 5060 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
18:20:15.0051 5060 athr - ok
18:20:15.0518 5060 Ati External Event Utility (826c36ef415e0a0af7a78ba435aefd86) C:\Windows\system32\Ati2evxx.exe
18:20:15.0676 5060 Ati External Event Utility - ok
18:20:17.0934 5060 atikmdag (462a206dda06fb77af792a009375c899) C:\Windows\system32\DRIVERS\atikmdag.sys
18:20:18.0216 5060 atikmdag - ok
18:20:19.0178 5060 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:20:19.0340 5060 AudioEndpointBuilder - ok
18:20:19.0356 5060 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:20:19.0431 5060 Audiosrv - ok
18:20:19.0913 5060 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:20:19.0940 5060 BBSvc - ok
18:20:20.0095 5060 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:20:20.0173 5060 Beep - ok
18:20:20.0260 5060 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:20:20.0340 5060 BFE - ok
18:20:21.0752 5060 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
18:20:21.0965 5060 BHDrvx86 - ok
18:20:22.0093 5060 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
18:20:22.0238 5060 BITS - ok
18:20:22.0293 5060 blbdrive - ok
18:20:22.0416 5060 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:20:22.0458 5060 Bonjour Service - ok
18:20:22.0498 5060 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:20:22.0586 5060 bowser - ok
18:20:22.0638 5060 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:20:22.0699 5060 BrFiltLo - ok
18:20:22.0728 5060 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:20:22.0782 5060 BrFiltUp - ok
18:20:22.0953 5060 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:20:23.0034 5060 Browser - ok
18:20:23.0081 5060 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:20:23.0179 5060 Brserid - ok
18:20:23.0243 5060 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:20:23.0311 5060 BrSerWdm - ok
18:20:23.0368 5060 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:20:23.0575 5060 BrUsbMdm - ok
18:20:23.0676 5060 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:20:23.0814 5060 BrUsbSer - ok
18:20:23.0994 5060 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:20:24.0142 5060 BTHMODEM - ok
18:20:24.0249 5060 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
18:20:24.0297 5060 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
18:20:24.0297 5060 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
18:20:24.0343 5060 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:20:24.0418 5060 cdfs - ok
18:20:24.0464 5060 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:20:24.0567 5060 cdrom - ok
18:20:24.0757 5060 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:20:24.0817 5060 CertPropSvc - ok
18:20:25.0050 5060 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:20:25.0082 5060 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
18:20:25.0082 5060 CFSvcs - detected UnsignedFile.Multi.Generic (1)
18:20:25.0299 5060 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:20:25.0458 5060 circlass - ok
18:20:26.0560 5060 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:20:26.0687 5060 CLFS - ok
18:20:27.0539 5060 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:27.0650 5060 clr_optimization_v2.0.50727_32 - ok
18:20:27.0982 5060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:28.0037 5060 clr_optimization_v4.0.30319_32 - ok
18:20:28.0086 5060 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:20:28.0185 5060 CmBatt - ok
18:20:28.0414 5060 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:20:28.0450 5060 cmdide - ok
18:20:28.0488 5060 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:20:28.0508 5060 Compbatt - ok
18:20:28.0514 5060 COMSysApp - ok
18:20:28.0768 5060 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:20:28.0836 5060 crcdisk - ok
18:20:28.0985 5060 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:20:29.0144 5060 Crusoe - ok
18:20:29.0541 5060 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:20:29.0642 5060 CryptSvc - ok
18:20:29.0963 5060 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:20:30.0130 5060 DcomLaunch - ok
18:20:30.0339 5060 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:20:30.0445 5060 DfsC - ok
18:20:32.0883 5060 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:20:33.0186 5060 DFSR - ok
18:20:34.0558 5060 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:20:34.0669 5060 Dhcp - ok
18:20:34.0880 5060 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:20:34.0923 5060 disk - ok
18:20:34.0974 5060 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:20:35.0060 5060 Dnscache - ok
18:20:35.0125 5060 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:20:35.0182 5060 dot3svc - ok
18:20:35.0356 5060 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:20:35.0477 5060 Dot4 - ok
18:20:35.0549 5060 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:20:35.0617 5060 Dot4Print - ok
18:20:35.0728 5060 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:20:35.0810 5060 dot4usb - ok
18:20:35.0919 5060 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:20:36.0022 5060 DPS - ok
18:20:36.0107 5060 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:20:36.0175 5060 drmkaud - ok
18:20:36.0735 5060 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:20:36.0861 5060 DXGKrnl - ok
18:20:37.0059 5060 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:20:37.0180 5060 E1G60 - ok
18:20:37.0379 5060 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:20:37.0476 5060 EapHost - ok
18:20:37.0764 5060 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:20:37.0807 5060 Ecache - ok
18:20:38.0264 5060 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:20:38.0344 5060 eeCtrl - ok
18:20:38.0683 5060 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:20:38.0780 5060 ehRecvr - ok
18:20:38.0798 5060 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:20:38.0895 5060 ehSched - ok
18:20:38.0917 5060 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:20:38.0965 5060 ehstart - ok
18:20:39.0274 5060 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:20:39.0330 5060 elxstor - ok
18:20:39.0940 5060 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:20:40.0099 5060 EMDMgmt - ok
18:20:40.0450 5060 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:20:40.0494 5060 EraserUtilRebootDrv - ok
18:20:40.0694 5060 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:20:40.0779 5060 EventSystem - ok
18:20:41.0042 5060 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:20:41.0131 5060 exfat - ok
18:20:41.0234 5060 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:20:41.0336 5060 fastfat - ok
18:20:41.0394 5060 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:20:41.0543 5060 fdc - ok
18:20:41.0606 5060 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:20:41.0640 5060 fdPHost - ok
18:20:41.0774 5060 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:20:41.0869 5060 FDResPub - ok
18:20:41.0933 5060 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:20:41.0954 5060 FileInfo - ok
18:20:41.0993 5060 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:20:42.0033 5060 Filetrace - ok
18:20:42.0070 5060 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:20:42.0181 5060 flpydisk - ok
18:20:42.0268 5060 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:20:42.0295 5060 FltMgr - ok
18:20:42.0554 5060 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:20:42.0700 5060 FontCache - ok
18:20:42.0810 5060 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:20:42.0850 5060 FontCache3.0.0.0 - ok
18:20:42.0963 5060 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
18:20:42.0997 5060 fssfltr - ok
18:20:44.0168 5060 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:20:44.0354 5060 fsssvc - ok
18:20:45.0351 5060 FsUsbExDisk (d63a9e3cb27c5f98f01850b414ef65ff) C:\Windows\system32\FsUsbExDisk.SYS
18:20:45.0461 5060 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:20:45.0461 5060 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:20:45.0600 5060 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:20:45.0738 5060 Fs_Rec - ok
18:20:45.0898 5060 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:20:45.0947 5060 gagp30kx - ok
18:20:46.0266 5060 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
18:20:46.0326 5060 GameConsoleService - ok
18:20:46.0367 5060 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:20:46.0385 5060 GEARAspiWDM - ok
18:20:48.0066 5060 GoogleDesktopManager (6d02c93bc3cd52cfe3f5120d9bcb9265) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:20:48.0313 5060 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
18:20:48.0314 5060 GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
18:20:49.0442 5060 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:20:49.0568 5060 gpsvc - ok
18:20:49.0722 5060 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:20:49.0760 5060 gupdate - ok
18:20:49.0795 5060 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:20:49.0839 5060 gupdatem - ok
18:20:49.0921 5060 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:20:49.0961 5060 gusvc - ok
18:20:50.0459 5060 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:20:50.0673 5060 HdAudAddService - ok
18:20:50.0973 5060 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:20:51.0073 5060 HDAudBus - ok
18:20:51.0203 5060 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:20:51.0355 5060 HidBth - ok
18:20:51.0389 5060 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:20:51.0492 5060 HidIr - ok
18:20:51.0584 5060 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
18:20:51.0701 5060 hidserv - ok
18:20:51.0784 5060 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:20:51.0830 5060 HidUsb - ok
18:20:51.0947 5060 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:20:52.0009 5060 hkmsvc - ok
18:20:52.0153 5060 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:20:52.0211 5060 HpCISSs - ok
18:20:53.0059 5060 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:20:53.0198 5060 HPSLPSVC - ok
18:20:53.0634 5060 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:20:53.0793 5060 HTTP - ok
18:20:53.0882 5060 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:20:53.0927 5060 i2omp - ok
18:20:53.0982 5060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:20:54.0013 5060 i8042prt - ok
18:20:54.0053 5060 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:20:54.0080 5060 iaStorV - ok
18:20:54.0302 5060 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:20:54.0359 5060 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:20:54.0359 5060 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:20:54.0875 5060 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:20:55.0052 5060 idsvc - ok
18:20:55.0775 5060 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120803.002\IDSvix86.sys
18:20:55.0859 5060 IDSVix86 - ok
18:20:56.0544 5060 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:20:56.0588 5060 iirsp - ok
18:20:56.0913 5060 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:20:57.0021 5060 IKEEXT - ok
18:20:57.0486 5060 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
18:20:57.0724 5060 IntcAzAudAddService - ok
18:20:57.0900 5060 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
18:20:57.0924 5060 intelide - ok
18:20:57.0983 5060 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
18:20:58.0066 5060 intelppm - ok
18:20:58.0109 5060 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:20:58.0176 5060 IPBusEnum - ok
18:20:58.0220 5060 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:58.0288 5060 IpFilterDriver - ok
18:20:58.0294 5060 IpInIp - ok
18:20:58.0331 5060 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:20:58.0398 5060 IPMIDRV - ok
18:20:58.0437 5060 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:20:58.0508 5060 IPNAT - ok
18:20:58.0691 5060 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
18:20:58.0784 5060 iPod Service - ok
18:20:58.0851 5060 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:20:58.0915 5060 IRENUM - ok
18:20:58.0984 5060 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:20:59.0005 5060 isapnp - ok
18:20:59.0321 5060 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:20:59.0397 5060 iScsiPrt - ok
18:20:59.0510 5060 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:20:59.0543 5060 iteatapi - ok
18:20:59.0656 5060 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:20:59.0690 5060 iteraid - ok
18:20:59.0756 5060 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:20:59.0782 5060 kbdclass - ok
18:20:59.0810 5060 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:20:59.0890 5060 kbdhid - ok
18:21:00.0005 5060 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:21:00.0098 5060 KeyIso - ok
18:21:00.0486 5060 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
18:21:00.0578 5060 KR10I ( UnsignedFile.Multi.Generic ) - warning
18:21:00.0578 5060 KR10I - detected UnsignedFile.Multi.Generic (1)
18:21:00.0638 5060 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
18:21:00.0699 5060 KR10N ( UnsignedFile.Multi.Generic ) - warning
18:21:00.0700 5060 KR10N - detected UnsignedFile.Multi.Generic (1)
18:21:00.0765 5060 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
18:21:00.0862 5060 KR3NPXP ( UnsignedFile.Multi.Generic ) - warning
18:21:00.0862 5060 KR3NPXP - detected UnsignedFile.Multi.Generic (1)
18:21:01.0556 5060 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
18:21:01.0652 5060 KSecDD - ok
18:21:01.0934 5060 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:21:02.0045 5060 KtmRm - ok
18:21:02.0228 5060 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
18:21:02.0343 5060 LanmanServer - ok
18:21:02.0424 5060 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:21:02.0500 5060 LanmanWorkstation - ok
18:21:02.0594 5060 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:21:02.0659 5060 lltdio - ok
18:21:03.0111 5060 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:21:03.0254 5060 lltdsvc - ok
18:21:03.0315 5060 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:21:03.0425 5060 lmhosts - ok
18:21:03.0482 5060 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
18:21:03.0585 5060 LPCFilter - ok
18:21:03.0699 5060 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:21:03.0728 5060 LSI_FC - ok
18:21:03.0758 5060 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:21:03.0801 5060 LSI_SAS - ok
18:21:03.0955 5060 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:21:03.0977 5060 LSI_SCSI - ok
18:21:04.0067 5060 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:21:04.0206 5060 luafv - ok
18:21:04.0298 5060 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
18:21:04.0337 5060 MBAMSwissArmy - ok
18:21:04.0392 5060 McShield - ok
18:21:04.0401 5060 McSysmon - ok
18:21:04.0457 5060 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:21:04.0477 5060 Mcx2Svc - ok
18:21:04.0519 5060 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:21:04.0540 5060 megasas - ok
18:21:04.0671 5060 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:21:04.0793 5060 MMCSS - ok
18:21:04.0897 5060 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:21:04.0971 5060 Modem - ok
18:21:05.0100 5060 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:21:05.0141 5060 monitor - ok
18:21:05.0177 5060 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:21:05.0199 5060 mouclass - ok
18:21:05.0219 5060 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:21:05.0279 5060 mouhid - ok
18:21:05.0325 5060 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:21:05.0347 5060 MountMgr - ok
18:21:05.0516 5060 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:21:05.0563 5060 MozillaMaintenance - ok
18:21:05.0750 5060 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:21:05.0801 5060 mpio - ok
18:21:05.0894 5060 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:21:05.0952 5060 mpsdrv - ok
18:21:06.0034 5060 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:21:06.0115 5060 MpsSvc - ok
18:21:06.0175 5060 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:21:06.0196 5060 Mraid35x - ok
18:21:06.0223 5060 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:21:06.0289 5060 MRxDAV - ok
18:21:06.0492 5060 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:21:06.0643 5060 mrxsmb - ok
18:21:06.0847 5060 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:21:06.0924 5060 mrxsmb10 - ok
18:21:06.0968 5060 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:21:07.0034 5060 mrxsmb20 - ok
18:21:07.0085 5060 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:21:07.0126 5060 msahci - ok
18:21:07.0155 5060 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:21:07.0177 5060 msdsm - ok
18:21:07.0295 5060 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:21:07.0340 5060 MSDTC - ok
18:21:07.0400 5060 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:21:07.0469 5060 Msfs - ok
18:21:07.0520 5060 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:21:07.0542 5060 msisadrv - ok
18:21:07.0891 5060 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:21:07.0940 5060 MSiSCSI - ok
18:21:07.0945 5060 msiserver - ok
18:21:07.0984 5060 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:21:08.0055 5060 MSKSSRV - ok
18:21:08.0102 5060 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:21:08.0173 5060 MSPCLOCK - ok
18:21:08.0203 5060 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:21:08.0248 5060 MSPQM - ok
18:21:08.0446 5060 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:21:08.0499 5060 MsRPC - ok
18:21:08.0587 5060 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:21:08.0607 5060 mssmbios - ok
18:21:08.0681 5060 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:21:08.0749 5060 MSTEE - ok
18:21:08.0854 5060 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:21:08.0912 5060 Mup - ok
18:21:08.0992 5060 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:21:09.0055 5060 napagent - ok
18:21:09.0118 5060 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:21:09.0180 5060 NativeWifiP - ok
18:21:09.0567 5060 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120804.009\NAVENG.SYS
18:21:09.0619 5060 NAVENG - ok
18:21:10.0405 5060 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120804.009\NAVEX15.SYS
18:21:10.0641 5060 NAVEX15 - ok
18:21:11.0854 5060 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:21:11.0956 5060 NDIS - ok
18:21:12.0072 5060 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:21:12.0165 5060 NdisTapi - ok
18:21:12.0259 5060 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:21:12.0336 5060 Ndisuio - ok
18:21:12.0461 5060 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:21:12.0514 5060 NdisWan - ok
18:21:12.0605 5060 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:21:12.0706 5060 NDProxy - ok
18:21:12.0909 5060 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
18:21:12.0970 5060 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:21:12.0970 5060 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:21:13.0025 5060 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:21:13.0134 5060 NetBIOS - ok
18:21:13.0198 5060 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:21:13.0233 5060 netbt - ok
18:21:13.0267 5060 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:21:13.0288 5060 Netlogon - ok
18:21:13.0548 5060 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:21:13.0655 5060 Netman - ok
18:21:14.0017 5060 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:21:14.0137 5060 netprofm - ok
18:21:14.0327 5060 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:21:14.0363 5060 NetTcpPortSharing - ok
18:21:14.0548 5060 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:21:14.0615 5060 nfrd960 - ok
18:21:14.0862 5060 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
18:21:14.0936 5060 NIS - ok
18:21:15.0127 5060 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:21:15.0266 5060 NlaSvc - ok
18:21:15.0334 5060 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:21:15.0410 5060 Npfs - ok
18:21:15.0458 5060 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:21:15.0538 5060 nsi - ok
18:21:15.0614 5060 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:21:15.0724 5060 nsiproxy - ok
18:21:16.0221 5060 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:21:16.0344 5060 Ntfs - ok
18:21:16.0406 5060 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:21:16.0502 5060 ntrigdigi - ok
18:21:16.0547 5060 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:21:16.0618 5060 Null - ok
18:21:16.0754 5060 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:21:16.0790 5060 nvraid - ok
18:21:16.0884 5060 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:21:16.0932 5060 nvstor - ok
18:21:16.0957 5060 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:21:16.0980 5060 nv_agp - ok
18:21:16.0986 5060 NwlnkFlt - ok
18:21:16.0996 5060 NwlnkFwd - ok
18:21:17.0211 5060 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:21:17.0325 5060 odserv - ok
18:21:17.0517 5060 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:21:17.0582 5060 ohci1394 - ok
18:21:18.0021 5060 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:21:18.0074 5060 ose - ok
18:21:18.0176 5060 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:21:18.0433 5060 p2pimsvc - ok
18:21:18.0456 5060 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:21:18.0545 5060 p2psvc - ok
18:21:18.0697 5060 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:21:18.0797 5060 Parport - ok
18:21:18.0845 5060 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:21:18.0867 5060 partmgr - ok
18:21:18.0909 5060 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:21:18.0976 5060 Parvdm - ok
18:21:19.0059 5060 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:21:19.0167 5060 PcaSvc - ok
18:21:19.0216 5060 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:21:19.0253 5060 pci - ok
18:21:19.0275 5060 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:21:19.0301 5060 pciide - ok
18:21:19.0328 5060 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
18:21:19.0354 5060 pcmcia - ok
18:21:19.0994 5060 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:21:20.0254 5060 PEAUTH - ok
18:21:20.0347 5060 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\Toshiba\IVP\ISM\pinger.exe
18:21:20.0366 5060 pinger - ok
18:21:20.0725 5060 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:21:20.0929 5060 pla - ok
18:21:21.0383 5060 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:21:21.0504 5060 PlugPlay - ok
18:21:21.0597 5060 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
18:21:21.0607 5060 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:21:21.0607 5060 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:21:21.0724 5060 PnkBstrB (6a60b8ad0f2e2aaf29d41a94521e54b2) C:\Windows\system32\PnkBstrB.exe
18:21:21.0935 5060 PnkBstrB - ok
18:21:22.0125 5060 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:21:22.0210 5060 PNRPAutoReg - ok
18:21:22.0221 5060 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:21:22.0347 5060 PNRPsvc - ok
18:21:22.0556 5060 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:21:22.0637 5060 PolicyAgent - ok
18:21:22.0832 5060 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:21:22.0931 5060 PptpMiniport - ok
18:21:23.0030 5060 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:21:23.0150 5060 Processor - ok
18:21:23.0187 5060 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:21:23.0221 5060 ProfSvc - ok
18:21:23.0269 5060 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:21:23.0293 5060 ProtectedStorage - ok
18:21:23.0452 5060 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:21:23.0538 5060 PSched - ok
18:21:23.0648 5060 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
18:21:23.0657 5060 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:21:23.0657 5060 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:21:23.0766 5060 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:21:23.0891 5060 ql2300 - ok
18:21:23.0944 5060 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:21:23.0967 5060 ql40xx - ok
18:21:24.0025 5060 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:21:24.0076 5060 QWAVE - ok
18:21:24.0189 5060 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:21:24.0246 5060 QWAVEdrv - ok
18:21:24.0312 5060 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:21:24.0385 5060 RasAcd - ok
18:21:24.0571 5060 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:21:24.0629 5060 RasAuto - ok
18:21:24.0827 5060 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:21:24.0946 5060 Rasl2tp - ok
18:21:25.0171 5060 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:21:25.0253 5060 RasMan - ok
18:21:25.0398 5060 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:21:25.0475 5060 RasPppoe - ok
18:21:25.0577 5060 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:21:25.0636 5060 RasSstp - ok
18:21:25.0700 5060 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:21:25.0755 5060 rdbss - ok
18:21:25.0794 5060 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:21:25.0839 5060 RDPCDD - ok
18:21:25.0992 5060 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:21:26.0064 5060 rdpdr - ok
18:21:26.0098 5060 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:21:26.0177 5060 RDPENCDD - ok
18:21:26.0402 5060 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:21:26.0497 5060 RDPWD - ok
18:21:26.0551 5060 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:21:26.0616 5060 RemoteAccess - ok
18:21:26.0658 5060 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:21:26.0715 5060 RemoteRegistry - ok
18:21:26.0775 5060 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
18:21:26.0827 5060 RimUsb - ok
18:21:26.0891 5060 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:21:26.0931 5060 RpcLocator - ok
18:21:27.0036 5060 rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\Windows\system32\rpcnet.exe
18:21:27.0066 5060 rpcnet - ok
18:21:27.0200 5060 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:21:27.0248 5060 RpcSs - ok
18:21:27.0344 5060 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:21:27.0428 5060 rspndr - ok
18:21:27.0490 5060 RTL8169 (f875e277a79ef9d6f3ac89abb557a689) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:21:27.0593 5060 RTL8169 - ok
18:21:27.0653 5060 samhid (71cec3f79b3e921d417cb8e541fff10a) C:\Windows\system32\drivers\samhid.sys
18:21:27.0738 5060 samhid ( UnsignedFile.Multi.Generic ) - warning
18:21:27.0738 5060 samhid - detected UnsignedFile.Multi.Generic (1)
18:21:27.0796 5060 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:21:27.0818 5060 SamSs - ok
18:21:27.0914 5060 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:21:27.0937 5060 sbp2port - ok
18:21:28.0027 5060 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:21:28.0088 5060 SCardSvr - ok
18:21:28.0189 5060 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:21:28.0345 5060 Schedule - ok
18:21:28.0378 5060 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:21:28.0436 5060 SCPolicySvc - ok
18:21:28.0499 5060 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
18:21:28.0530 5060 sdbus - ok
18:21:28.0611 5060 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:21:28.0689 5060 SDRSVC - ok
18:21:29.0017 5060 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:21:29.0056 5060 SeaPort - ok
18:21:29.0103 5060 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:21:29.0206 5060 secdrv - ok
18:21:29.0261 5060 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:21:29.0301 5060 seclogon - ok
18:21:29.0378 5060 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
18:21:29.0419 5060 SENS - ok
18:21:29.0520 5060 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:21:29.0664 5060 Serenum - ok
18:21:29.0847 5060 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:21:29.0943 5060 Serial - ok
18:21:30.0079 5060 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:21:30.0163 5060 sermouse - ok
18:21:30.0218 5060 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:21:30.0282 5060 SessionEnv - ok
18:21:30.0349 5060 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
18:21:30.0419 5060 sffdisk - ok
18:21:30.0461 5060 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:21:30.0548 5060 sffp_mmc - ok
18:21:30.0674 5060 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:21:30.0735 5060 sffp_sd - ok
18:21:30.0797 5060 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:21:30.0934 5060 sfloppy - ok
18:21:31.0165 5060 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:21:31.0206 5060 SharedAccess - ok
18:21:31.0256 5060 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:21:31.0340 5060 ShellHWDetection - ok
18:21:31.0584 5060 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:21:31.0659 5060 sisagp - ok
18:21:31.0807 5060 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:21:31.0848 5060 SiSRaid2 - ok
18:21:31.0891 5060 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:21:31.0934 5060 SiSRaid4 - ok
18:21:32.0161 5060 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
18:21:32.0180 5060 SkypeUpdate - ok
18:21:34.0627 5060 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:21:34.0941 5060 slsvc - ok
18:21:35.0190 5060 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:21:35.0248 5060 SLUINotify - ok
18:21:35.0432 5060 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:21:35.0505 5060 Smb - ok
18:21:35.0616 5060 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:21:35.0643 5060 SNMPTRAP - ok
18:21:35.0696 5060 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:21:35.0738 5060 spldr - ok
18:21:35.0856 5060 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:21:35.0950 5060 Spooler - ok
18:21:36.0262 5060 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS
18:21:36.0338 5060 SRTSP - ok
18:21:36.0599 5060 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS
18:21:36.0638 5060 SRTSPX - ok
18:21:36.0829 5060 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:21:36.0978 5060 srv - ok
18:21:37.0075 5060 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:21:37.0201 5060 srv2 - ok
18:21:37.0244 5060 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:21:37.0290 5060 srvnet - ok
18:21:37.0510 5060 sscdbus (92b69020fc480219683d429dca068d71) C:\Windows\system32\DRIVERS\sscdbus.sys
18:21:37.0543 5060 sscdbus - ok
18:21:37.0699 5060 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:21:37.0823 5060 SSDPSRV - ok
18:21:37.0973 5060 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:21:38.0055 5060 SstpSvc - ok
18:21:38.0134 5060 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
18:21:38.0190 5060 StillCam - ok
18:21:38.0761 5060 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:21:38.0952 5060 stisvc - ok
18:21:39.0012 5060 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:21:39.0047 5060 swenum - ok
18:21:39.0103 5060 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:21:39.0171 5060 swprv - ok
18:21:39.0247 5060 Swupdtmr (327786c5d6bcf284fab14c2b5751f514) c:\Toshiba\IVP\swupdate\swupdtmr.exe
18:21:39.0263 5060 Swupdtmr - ok
18:21:39.0303 5060 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:21:39.0321 5060 Symc8xx - ok
18:21:40.0209 5060 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1207020.003\SYMDS.SYS
18:21:40.0290 5060 SymDS - ok
18:21:41.0986 5060 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1207020.003\SYMEFA.SYS
18:21:42.0120 5060 SymEFA - ok
18:21:42.0224 5060 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:21:42.0245 5060 SymEvent - ok
18:21:42.0956 5060 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS
18:21:42.0999 5060 SymIRON - ok
18:21:43.0169 5060 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\NIS\1207020.003\SYMTDIV.SYS
18:21:43.0225 5060 SYMTDIv - ok
18:21:43.0429 5060 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:21:43.0482 5060 Sym_hi - ok
18:21:43.0606 5060 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:21:43.0626 5060 Sym_u3 - ok
18:21:43.0698 5060 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
18:21:43.0722 5060 SynTP - ok
18:21:43.0782 5060 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:21:43.0888 5060 SysMain - ok
18:21:44.0057 5060 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:21:44.0122 5060 TabletInputService - ok
18:21:44.0933 5060 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:21:45.0067 5060 TapiSrv - ok
18:21:45.0205 5060 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:21:45.0288 5060 TBS - ok
18:21:47.0218 5060 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:21:47.0368 5060 Tcpip - ok
18:21:47.0400 5060 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:21:47.0482 5060 Tcpip6 - ok
18:21:47.0853 5060 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:21:47.0998 5060 tcpipreg - ok
18:21:48.0098 5060 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:21:48.0210 5060 tdcmdpst - ok
18:21:48.0380 5060 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:21:48.0464 5060 TDPIPE - ok
18:21:48.0578 5060 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:21:48.0681 5060 TDTCP - ok
18:21:48.0946 5060 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:21:48.0992 5060 tdx - ok
18:21:49.0157 5060 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:21:49.0201 5060 TermDD - ok
18:21:51.0002 5060 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:21:51.0144 5060 TermService - ok
18:21:51.0983 5060 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:21:52.0038 5060 Themes - ok
18:21:52.0381 5060 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:21:52.0461 5060 THREADORDER - ok
18:21:52.0588 5060 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
18:21:52.0735 5060 tifm21 - ok
18:21:53.0163 5060 TNaviSrv (38e18dce385ff2ded57423a279559dbc) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
18:21:53.0201 5060 TNaviSrv ( UnsignedFile.Multi.Generic ) - warning
18:21:53.0202 5060 TNaviSrv - detected UnsignedFile.Multi.Generic (1)
18:21:54.0049 5060 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
18:21:54.0078 5060 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
18:21:54.0079 5060 TODDSrv - detected UnsignedFile.Multi.Generic (1)
18:21:55.0168 5060 TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
18:21:55.0260 5060 TosCoSrv - ok
18:21:55.0971 5060 TOSHIBA Bluetooth Service (87843b2da99051bc66e2d6c211e3d6a4) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
18:21:56.0012 5060 TOSHIBA Bluetooth Service - ok
18:21:56.0031 5060 Tosrfcom - ok
18:21:56.0245 5060 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:21:56.0379 5060 tos_sps32 - ok
18:21:56.0412 5060 TpChoice - ok
18:21:56.0465 5060 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:21:56.0542 5060 TrkWks - ok
18:21:56.0929 5060 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:21:56.0990 5060 TrustedInstaller - ok
18:21:57.0178 5060 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:21:57.0235 5060 tssecsrv - ok
18:21:57.0305 5060 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:21:57.0437 5060 tunmp - ok
18:21:57.0611 5060 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:21:57.0662 5060 tunnel - ok
18:21:57.0808 5060 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:21:57.0836 5060 TVALZ - ok
18:21:57.0963 5060 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:21:57.0983 5060 uagp35 - ok
18:21:58.0238 5060 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:21:58.0332 5060 udfs - ok
18:21:58.0530 5060 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:21:58.0606 5060 UI0Detect - ok
18:21:58.0821 5060 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:21:58.0855 5060 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
18:21:58.0855 5060 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
18:21:58.0972 5060 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:21:59.0014 5060 uliagpkx - ok
18:21:59.0252 5060 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:21:59.0279 5060 uliahci - ok
18:22:00.0023 5060 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:22:00.0072 5060 UlSata - ok
18:22:00.0172 5060 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:22:00.0217 5060 ulsata2 - ok
18:22:00.0632 5060 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:22:00.0740 5060 umbus - ok
18:22:00.0983 5060 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:22:01.0029 5060 upnphost - ok
18:22:01.0167 5060 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:22:01.0260 5060 USBAAPL - ok
18:22:01.0296 5060 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:01.0372 5060 usbccgp - ok
18:22:01.0916 5060 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:22:02.0122 5060 usbcir - ok
18:22:02.0185 5060 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:02.0244 5060 usbehci - ok
18:22:03.0208 5060 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:03.0331 5060 usbhub - ok
18:22:03.0474 5060 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:22:03.0552 5060 usbohci - ok
18:22:03.0738 5060 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:03.0848 5060 usbprint - ok
18:22:03.0979 5060 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:22:04.0078 5060 usbscan - ok
18:22:04.0188 5060 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:04.0219 5060 USBSTOR - ok
18:22:04.0352 5060 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:04.0466 5060 usbuhci - ok
18:22:04.0561 5060 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
18:22:04.0659 5060 usbvideo - ok
18:22:04.0903 5060 UVCFTR (5701a984efa8e209848a6d556dd02933) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS
18:22:05.0111 5060 UVCFTR - ok
18:22:05.0293 5060 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:22:05.0398 5060 UxSms - ok
18:22:06.0260 5060 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:22:06.0412 5060 vds - ok
18:22:06.0770 5060 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:06.0982 5060 vga - ok
18:22:07.0209 5060 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:22:07.0290 5060 VgaSave - ok
18:22:07.0993 5060 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:22:08.0071 5060 viaagp - ok
18:22:08.0177 5060 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:22:08.0341 5060 ViaC7 - ok
18:22:08.0643 5060 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:22:08.0703 5060 viaide - ok
18:22:09.0000 5060 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
18:22:09.0057 5060 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
18:22:09.0057 5060 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
18:22:09.0209 5060 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:22:09.0252 5060 volmgr - ok
18:22:10.0013 5060 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:22:10.0072 5060 volmgrx - ok
18:22:10.0224 5060 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:22:10.0252 5060 volsnap - ok
18:22:10.0644 5060 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:22:10.0728 5060 vsmraid - ok
18:22:12.0216 5060 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:22:12.0405 5060 VSS - ok
18:22:12.0962 5060 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:22:13.0080 5060 W32Time - ok
18:22:13.0974 5060 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:22:14.0114 5060 WacomPen - ok
18:22:14.0213 5060 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:14.0272 5060 Wanarp - ok
18:22:14.0277 5060 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:14.0306 5060 Wanarpv6 - ok
18:22:14.0989 5060 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:22:15.0100 5060 wcncsvc - ok
18:22:15.0408 5060 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:22:15.0477 5060 WcsPlugInService - ok
18:22:15.0764 5060 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:22:15.0889 5060 Wd - ok
18:22:17.0087 5060 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:22:17.0201 5060 Wdf01000 - ok
18:22:17.0913 5060 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:22:18.0058 5060 WdiServiceHost - ok
18:22:18.0070 5060 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:22:18.0143 5060 WdiSystemHost - ok
18:22:18.0193 5060 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:22:18.0249 5060 WebClient - ok
18:22:18.0981 5060 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:22:19.0042 5060 Wecsvc - ok
18:22:19.0194 5060 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:22:19.0281 5060 wercplsupport - ok
18:22:20.0175 5060 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:22:20.0258 5060 WerSvc - ok
18:22:20.0279 5060 WinHttpAutoProxySvc - ok
18:22:21.0223 5060 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:22:21.0288 5060 Winmgmt - ok
18:22:24.0042 5060 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:22:24.0261 5060 WinRM - ok
18:22:25.0011 5060 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:22:25.0140 5060 Wlansvc - ok
18:22:28.0320 5060 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:22:28.0541 5060 wlidsvc - ok
18:22:30.0276 5060 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:22:30.0453 5060 WmiAcpi - ok
18:22:31.0060 5060 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:22:31.0135 5060 wmiApSrv - ok
18:22:32.0574 5060 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:22:32.0828 5060 WMPNetworkSvc - ok
18:22:33.0129 5060 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:22:33.0212 5060 WPCSvc - ok
18:22:33.0791 5060 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:22:33.0961 5060 WPDBusEnum - ok
18:22:34.0579 5060 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:22:34.0673 5060 WpdUsb - ok
18:22:36.0893 5060 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:22:37.0091 5060 WPFFontCache_v0400 - ok
18:22:37.0184 5060 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:37.0246 5060 ws2ifsl - ok
18:22:37.0814 5060 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
18:22:37.0914 5060 wscsvc - ok
18:22:37.0926 5060 WSearch - ok
18:22:40.0336 5060 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:22:40.0651 5060 wuauserv - ok
18:22:42.0161 5060 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:42.0306 5060 WUDFRd - ok
18:22:43.0011 5060 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:22:43.0095 5060 wudfsvc - ok
18:22:44.0284 5060 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:22:44.0386 5060 YahooAUService - ok
18:22:44.0462 5060 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:22:48.0584 5060 \Device\Harddisk0\DR0 - ok
18:22:48.0658 5060 Boot (0x1200) (4c665477e7a79fdb1f3f319443854ef8) \Device\Harddisk0\DR0\Partition0
18:22:48.0715 5060 \Device\Harddisk0\DR0\Partition0 - ok
18:22:48.0716 5060 ============================================================
18:22:48.0716 5060 Scan finished
18:22:48.0716 5060 ============================================================
18:22:48.0754 5196 Detected object count: 16
18:22:48.0754 5196 Actual detected object count: 16
18:32:40.0056 5196 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0056 5196 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0064 5196 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0065 5196 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0072 5196 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0073 5196 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0081 5196 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0081 5196 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0089 5196 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0089 5196 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0097 5196 KR10I ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0097 5196 KR10I ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0105 5196 KR10N ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0105 5196 KR10N ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0113 5196 KR3NPXP ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0114 5196 KR3NPXP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0121 5196 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0122 5196 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0130 5196 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0130 5196 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0135 5196 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0135 5196 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0140 5196 samhid ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0140 5196 samhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0143 5196 TNaviSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0143 5196 TNaviSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0146 5196 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0146 5196 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0149 5196 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0149 5196 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:40.0152 5196 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:40.0153 5196 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

#37
WhiteHat

Posted 05 August 2012 - 07:31 PM

Trusted Helper

Retired Staff
1,925 posts

Hi adiii,

How is your computer? Norton is still detecting Zero Access infection?

Edited by WhiteHat, 05 August 2012 - 07:31 PM.

#38
adiii

Posted 06 August 2012 - 06:33 PM

Member

Topic Starter
Member
47 posts

It seems okay. No detection by Norton. Now what about the 2 shaded desktop.ini icons on my desktop - should i delete them?

#39
WhiteHat

Posted 07 August 2012 - 01:01 PM

Trusted Helper

Retired Staff
1,925 posts

Hi,

Now what about the 2 shaded desktop.ini icons on my desktop - should i delete them?

No.

Please, run Farbar Service Scanner again and post the log (FSS.txt)

#40
adiii

Posted 07 August 2012 - 07:52 PM

Member

Topic Starter
Member
47 posts

Farbar Service Scanner Version: 22-07-2012
Ran by owner (administrator) on 07-08-2012 at 21:49:46
Running from "C:\Users\owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 22:02] - [2012-03-30 08:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#41
WhiteHat

Posted 08 August 2012 - 11:49 AM

Trusted Helper

Retired Staff
1,925 posts

Hi adiii,

Please reopen Posted Image

on your desktop.

Under the

box at the bottom, paste in the following

:Files
Net Stop MpsSvc /c
Net Start MpsSvc /c
Net Stop bfe /c
Net Start bfe /c
Net Stop wscsvc /c
Net Start wscsvc /c
Net Stop sharedaccess /c
Net Start sharedaccess /c
ipconfig /flushdns /c

:Commands
[CREATERESTOREPOINT]
[REBOOT]

Then click the button at the top
Let the program run unhindered, reboot the PC when it is done
Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

#42
adiii

Posted 09 August 2012 - 09:43 PM

Member

Topic Starter
Member
47 posts

========== FILES ==========
< Net Stop MpsSvc /c >
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
< Net Start MpsSvc /c >
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
< Net Stop bfe /c >
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
< Net Start bfe /c >
The Base Filtering Engine service is starting.
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
< Net Stop wscsvc /c >
The Security Center service is stopping..
The Security Center service was stopped successfully.
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
< Net Start wscsvc /c >
The Security Center service is starting.
The Security Center service was started successfully.
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
< Net Stop sharedaccess /c >
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
< Net Start sharedaccess /c >
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\owner\Desktop\cmd.bat deleted successfully.
C:\Users\owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 08092012_231553

#43
WhiteHat

Posted 10 August 2012 - 10:27 AM

Trusted Helper

Retired Staff
1,925 posts

Hi Adiii,

Please, run Farbar Service Scanner again and post the log (FSS.txt)

#44
adiii

Posted 12 August 2012 - 07:15 PM

Member

Topic Starter
Member
47 posts

Farbar Service Scanner Version: 22-07-2012
Ran by owner (administrator) on 12-08-2012 at 21:13:04
Running from "C:\Users\owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 22:02] - [2012-03-30 08:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****