Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Programs hang, then computer freezes, malwarebytes found & removed

Started by msujedi , Nov 10 2012 11:58 AM

This topic is locked

#16
godawgs

Posted 14 November 2012 - 11:40 PM

Teacher

Retired Staff
8,228 posts

Step-1.

TDSSKiller

Please carefully read and follow these steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip. DO Not change the default action, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

#17
msujedi

Posted 15 November 2012 - 08:21 PM

Member

Topic Starter
Member
61 posts

I downloaded TDSSKiller.exe. Before it was able to fully open my computer gave me a BSOD. It was a page fault, and I believe it also said "file.sys". This happened twice. I tried again with Norton turned off, but I arrived at the same BSOD. I was not able to run TDSSKiller.

I'm having the same hanging, freezing, not opening, volume control issues.

#18
godawgs

Posted 16 November 2012 - 11:05 AM

Teacher

Retired Staff
8,228 posts

OK, let's see if we can get a different tool to run. I have included instructions to rename the tool before downloading it so don't miss that.

If you have any external hard drives attached to the computer, disconnect them before proceeding.

Step-1.

Posted Image

Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* VERY IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations, but rename it to wonkbreath.com before downloading it:

Link 1
Link 2

Right click on the wonkbreath.com file and click Run as Administrator to run it. Follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to reenable your Anti-Virus

Step-2.

Things For Your Next Post:
1. The ComboFix log

#19
msujedi

Posted 16 November 2012 - 06:57 PM

Member

Topic Starter
Member
61 posts

I disabled norton's antivirus and antispyware. I then renamed combofix prior to downloading, then ran the program from my desktop.

It seemed to be running fine, but I stepped away for 30min for family dinner. When I returned, the 'wonkbreath' window was blue with white text saying it was attempting to create a restore point. There was a cursor blinking below that text. I let the computer sit like that for about an hour and a half with no sign of progress.

Norton kicked back on, so I disabled it again. Maybe I should've just left the computer alone, but it really didn't seem as if 'wonkbreath' was still active. I closed the 'wonkbreath' window and looked in C: for a log. There was no log. I was tempted to re-run it, but didn't per your instructions.

Thank you for your persistence. I'm really at a loss here.

Edited by msujedi, 16 November 2012 - 06:58 PM.

#20
godawgs

Posted 16 November 2012 - 10:17 PM

Teacher

Retired Staff
8,228 posts

Hi,

If you haven't done so already please reboot the computer again and then see if there is a C:\ComboFix.txt file. If there isn't, please make sure that Norton is disabled for a minimum of 5 hours and run ComboFix again. It might be helpful if you can do it at a time when you can monitor the progress. And if you have any external drives attached to the computer please disconnect them before running the scan.

#21
msujedi

Posted 17 November 2012 - 07:45 PM

Member

Topic Starter
Member
61 posts

Ok, combofix ran successfully the 2nd time around. Watching it all the way through, a window popped up requesting an active internet connection in order to download something from Windows. After opening IE, combofix continued its work & was able to finish. Log below.

ComboFix 12-11-16.02 - Jed 11/17/2012 20:15:35.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2479 [GMT -5:00]
Running from: c:\documents and settings\Jed\Desktop\wonkbreath.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Jed\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe
c:\documents and settings\Jed\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Jed\WINDOWS
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
J:\xcrashdump.dat
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-17 04:14 . 2012-10-02 18:04 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2012-11-16 02:00 . 2012-11-16 02:00 177496 ----a-w- c:\windows\system32\drivers\82314910.sys
2012-11-13 04:16 . 2012-11-13 04:16 -------- d-----w- c:\program files\BlueStacks
2012-11-13 04:15 . 2012-11-13 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks
2012-11-13 02:14 . 2012-11-13 02:14 -------- d-----w- c:\documents and settings\Jed\Local Settings\Application Data\Sun
2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\program files\Common Files\Java
2012-11-13 01:46 . 2012-11-13 01:45 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-13 01:46 . 2012-11-13 01:45 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-12 01:58 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 01:58 . 2012-11-12 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-11 17:33 . 2012-11-11 17:33 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 01:32 . 2009-12-26 04:59 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-11-18 01:31 . 2010-05-22 03:38 17488 ----a-w- c:\windows\gdrv.sys
2012-11-17 05:07 . 2009-12-26 05:04 17488 ----a-w- c:\windows\etdrv.sys
2012-11-13 01:45 . 2010-05-06 00:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-13 01:45 . 2010-05-06 00:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 19:21 . 2012-04-05 19:56 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:21 . 2011-12-18 04:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 21:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2005-06-29 1346560]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
"ContourCameraFinder"="c:\program files\ContourStoryteller\ContourAutoplay.exe" [2012-02-21 101048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-08-26 1970176]
"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2008-09-25 160112]
"NswUiTray"="c:\program files\Norton SystemWorks\NswUiTray.exe" [2008-09-25 85360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"FlashIcon"="c:\program files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe" [2004-07-21 40960]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2012-10-25 593784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Audio Bible Ambassador\\ABA3.exe"=
"c:\\Program Files\\Audio Bible Ambassador\\webupdater.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\symds.sys [10/1/2012 4:34 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\symefa.sys [10/1/2012 4:34 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 6:34 PM 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccsetx86.sys [10/1/2012 4:34 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\ironx86.sys [10/1/2012 4:34 PM 149624]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [9/1/2004 2:50 PM 188416]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [11/12/2011 8:29 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [11/12/2011 8:29 PM 49152]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [10/25/2012 5:33 PM 63864]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [10/25/2012 5:33 PM 384888]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [12/12/2009 4:18 PM 68136]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [10/1/2012 4:34 PM 138272]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~3\NORTON~1\NPROTECT.EXE [9/25/2008 2:53 PM 95600]
R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [12/9/2011 12:56 AM 361472]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [11/12/2011 8:29 PM 246936]
R3 AODDriver;AODDriver;c:\program files\Gigabyte\ET6\i386\AODDriver.sys [2/23/2009 12:16 AM 7168]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2/10/2005 11:55 AM 62976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2012 1:58 PM 106656]
R3 filter;filter;c:\windows\system32\drivers\filter.sys [7/5/2004 1:20 AM 8832]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121116.001\IDSXpx86.sys [11/16/2012 9:21 PM 373728]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [10/25/2012 5:33 PM 393080]
S2 crd;crd;c:\docume~1\Jed\LOCALS~1\Temp\IXP002.TMP\poststp.exe --> c:\docume~1\Jed\LOCALS~1\Temp\IXP002.TMP\poststp.exe [?]
S3 15054305;15054305;c:\windows\system32\drivers\60380022.sys --> c:\windows\system32\drivers\60380022.sys [?]
S3 40565831;40565831;c:\windows\system32\drivers\82142187.sys --> c:\windows\system32\drivers\82142187.sys [?]
S3 74570371;74570371;c:\windows\system32\drivers\82314910.sys [11/15/2012 9:00 PM 177496]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2009 4:18 PM 1684736]
S3 AVerFx2hbtv;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [12/12/2009 11:58 PM 273152]
S3 etdrv;etdrv;c:\windows\etdrv.sys [12/26/2009 12:04 AM 17488]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 7168]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [8/28/2011 12:56 PM 33792]
SUnknown GVTDrv;GVTDrv; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:21]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 05:54]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 05:54]
.
2012-10-29 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2008-09-25 19:52]
.
2012-11-17 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]
.
2012-11-01 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]
.
2012-11-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 21:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: k12.mi.us\myrcs.rochester
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {86151F1E-864B-4419-BAB5-318476BD831B} - hxxps://myrcs.rochester.k12.mi.us/swproxy/rdp/TrustedSitesControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
SafeBoot-15054305.sys
SafeBoot-40565831.sys
SafeBoot-74570371.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-17 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200822AS rev.3.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A09A2E2
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1644)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\progra~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-11-17 20:39:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-18 01:39
.
Pre-Run: 89,599,418,368 bytes free
Post-Run: 89,514,102,784 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /usepmtimer /NoExecute=OptIn
.
- - End Of File - - D86466B9E7CA4D3115B8FF744F682516

#22
godawgs

Posted 17 November 2012 - 10:55 PM

Teacher

Retired Staff
8,228 posts

Hi,

Maybe the initial ComboFix run and the next ComboFix run will clear the system enough to let TDSSKiller run.

Step-1.

Posted Image

Run a CFScript

1. Download the attached CFScript.txt file and save it to the desktop.[attachment=61564:CFScript.txt]

2. Close any open Windows, especially browsers.

IMPORTANT:- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This fix will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to the link here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

3. Referring to the animation below, drag the CFScript.txt file onto the ComboFix.exe Cat icon and drop it.
ComboFix will launch and run the CFScript file
.
Posted Image

Note:
1. Do not mouse click ComboFix's window while it's running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.
When finished, ComboFix will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Do not forget to restart your AntiVirus and Antispyware programs

Now let's see if TDSSKiller will run

Step-2.

TDSSKiller

Please read carefully and follow these steps.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip. DO NOT change the dafault action, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the files unless I request it.
1. The ComboFix log
2. The TDSSKiller log

#23
msujedi

Posted 18 November 2012 - 11:11 AM

Member

Topic Starter
Member
61 posts

I was able to run combofix again, but it took 2 attempts. I was able to run tdsskiller, but it also took 2 attempts. And, tdsskiller started up again to finish the process after rebooting, but I got the BSOD error ... filter.sys page fault. I was concerned there would be no report, but fortunately there was a report. I just don't know if it is a complete report or if the 1 'cured' registry error was really 'cured'.

ComboFix 12-11-16.02 - Jed 11/18/2012 11:15:34.3.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2645 [GMT -5:00]
Running from: c:\documents and settings\Jed\Desktop\wonkbreath.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Jed\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Jed\Local Settings\Temp\1.tmp\F_IN_BOX.dll
.
---- Previous Run -------
.
c:\docume~1\Jed\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Jed\Local Settings\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CRD
-------\Service_15054305
-------\Service_40565831
-------\Service_74570371
-------\Service_crd
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-17 04:14 . 2012-10-02 18:04 58368 -c----w- c:\windows\system32\dllcache\synceng.dll
2012-11-16 02:00 . 2012-11-16 02:00 177496 ----a-w- c:\windows\system32\drivers\82314910.sys
2012-11-13 04:16 . 2012-11-13 04:16 -------- d-----w- c:\program files\BlueStacks
2012-11-13 04:15 . 2012-11-13 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks
2012-11-13 02:14 . 2012-11-13 02:14 -------- d-----w- c:\documents and settings\Jed\Local Settings\Application Data\Sun
2012-11-13 01:46 . 2012-11-13 01:46 -------- d-----w- c:\program files\Common Files\Java
2012-11-13 01:46 . 2012-11-13 01:45 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-13 01:46 . 2012-11-13 01:45 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-12 01:58 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 01:58 . 2012-11-12 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-11 17:33 . 2012-11-11 17:33 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 16:30 . 2010-05-22 03:38 17488 ----a-w- c:\windows\gdrv.sys
2012-11-18 16:04 . 2009-12-26 04:59 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-11-17 05:07 . 2009-12-26 05:04 17488 ----a-w- c:\windows\etdrv.sys
2012-11-13 01:45 . 2010-05-06 00:00 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-13 01:45 . 2010-05-06 00:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 19:21 . 2012-04-05 19:56 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:21 . 2011-12-18 04:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 21:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-08-26 1970176]
"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2008-09-25 160112]
"NswUiTray"="c:\program files\Norton SystemWorks\NswUiTray.exe" [2008-09-25 85360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"FlashIcon"="c:\program files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe" [2004-07-21 40960]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2012-10-25 593784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContourCameraFinder]
2012-02-21 01:05 101048 ----a-w- c:\program files\ContourStoryteller\ContourAutoplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 22:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
2005-06-29 16:34 1346560 ----a-w- c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Audio Bible Ambassador\\ABA3.exe"=
"c:\\Program Files\\Audio Bible Ambassador\\webupdater.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\symds.sys [10/1/2012 4:34 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\symefa.sys [10/1/2012 4:34 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 6:34 PM 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccsetx86.sys [10/1/2012 4:34 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\ironx86.sys [10/1/2012 4:34 PM 149624]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [9/1/2004 2:50 PM 188416]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [11/12/2011 8:29 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [11/12/2011 8:29 PM 49152]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [10/25/2012 5:33 PM 63864]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [10/25/2012 5:33 PM 384888]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [12/12/2009 4:18 PM 68136]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [10/1/2012 4:34 PM 138272]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~3\NORTON~1\NPROTECT.EXE [9/25/2008 2:53 PM 95600]
R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [12/9/2011 12:56 AM 361472]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [11/12/2011 8:29 PM 246936]
R3 AODDriver;AODDriver;c:\program files\Gigabyte\ET6\i386\AODDriver.sys [2/23/2009 12:16 AM 7168]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2/10/2005 11:55 AM 62976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/6/2012 1:58 PM 106656]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [12/25/2009 11:59 PM 24944]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121116.001\IDSXpx86.sys [11/16/2012 9:21 PM 373728]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [10/25/2012 5:33 PM 393080]
S3 13259072;13259072;c:\windows\system32\drivers\58086342.sys --> c:\windows\system32\drivers\58086342.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2009 4:18 PM 1684736]
S3 AVerFx2hbtv;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [12/12/2009 11:58 PM 273152]
S3 etdrv;etdrv;c:\windows\etdrv.sys [12/26/2009 12:04 AM 17488]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 7168]
S3 filter;filter;c:\windows\system32\drivers\filter.sys [7/5/2004 1:20 AM 8832]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [8/28/2011 12:56 PM 33792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:21]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 05:54]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-13 05:54]
.
2012-10-29 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2008-09-25 19:52]
.
2012-11-17 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-01-28 21:19]
.
2012-11-01 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-01-28 21:19]
.
2012-11-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 21:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: k12.mi.us\myrcs.rochester
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {86151F1E-864B-4419-BAB5-318476BD831B} - hxxps://myrcs.rochester.k12.mi.us/swproxy/rdp/TrustedSitesControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-13259072.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-18 11:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\GVTunner.ref 4 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200822AS rev.3.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A0EB2E2
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1124)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\program files\GIGABYTE\ET6\GUI.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-11-18 11:36:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-18 16:36
.
Pre-Run: 89,402,576,896 bytes free
Post-Run: 89,280,520,192 bytes free
.
- - End Of File - - 6D717AE15303D8152AF072A4388F5EA5

11:41:44.0718 3000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:41:45.0125 3000 ============================================================
11:41:45.0125 3000 Current date / time: 2012/11/18 11:41:45.0125
11:41:45.0125 3000 SystemInfo:
11:41:45.0125 3000
11:41:45.0125 3000 OS Version: 5.1.2600 ServicePack: 3.0
11:41:45.0125 3000 Product type: Workstation
11:41:45.0125 3000 ComputerName: HOME-STUDY
11:41:45.0125 3000 UserName: Jed
11:41:45.0125 3000 Windows directory: C:\WINDOWS
11:41:45.0125 3000 System windows directory: C:\WINDOWS
11:41:45.0125 3000 Processor architecture: Intel x86
11:41:45.0125 3000 Number of processors: 4
11:41:45.0125 3000 Page size: 0x1000
11:41:45.0125 3000 Boot type: Normal boot
11:41:45.0125 3000 ============================================================
11:41:47.0109 3000 Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:41:47.0140 3000 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:41:47.0156 3000 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:41:47.0156 3000 ============================================================
11:41:47.0156 3000 \Device\Harddisk0\DR0:
11:41:47.0156 3000 MBR partitions:
11:41:47.0156 3000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
11:41:47.0156 3000 \Device\Harddisk1\DR1:
11:41:47.0156 3000 MBR partitions:
11:41:47.0156 3000 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:41:47.0156 3000 \Device\Harddisk2\DR2:
11:41:47.0156 3000 MBR partitions:
11:41:47.0156 3000 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
11:41:47.0156 3000 ============================================================
11:41:47.0203 3000 C: <-> \Device\Harddisk0\DR0\Partition1
11:41:47.0312 3000 J: <-> \Device\Harddisk2\DR2\Partition1
11:41:47.0343 3000 K: <-> \Device\Harddisk1\DR1\Partition1
11:41:47.0343 3000 ============================================================
11:41:47.0343 3000 Initialize success
11:41:47.0343 3000 ============================================================
11:42:01.0843 2180 ============================================================
11:42:01.0843 2180 Scan started
11:42:01.0843 2180 Mode: Manual; SigCheck; TDLFS;
11:42:01.0843 2180 ============================================================
11:42:02.0984 2180 ================ Scan system memory ========================
11:42:02.0984 2180 System memory - ok
11:42:02.0984 2180 ================ Scan services =============================
11:42:03.0109 2180 13259072 - ok
11:42:03.0109 2180 Abiosdsk - ok
11:42:03.0109 2180 abp480n5 - ok
11:42:03.0156 2180 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:42:04.0546 2180 ACPI - ok
11:42:04.0687 2180 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:42:04.0828 2180 ACPIEC - ok
11:42:04.0937 2180 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:42:04.0953 2180 AdobeFlashPlayerUpdateSvc - ok
11:42:04.0953 2180 adpu160m - ok
11:42:05.0015 2180 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:42:05.0125 2180 aec - ok
11:42:05.0187 2180 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:42:05.0343 2180 AFD - ok
11:42:05.0640 2180 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
11:42:05.0718 2180 AffinegyService - ok
11:42:05.0734 2180 AFGMp50 - ok
11:42:05.0781 2180 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
11:42:05.0796 2180 AFGSp50 - ok
11:42:05.0796 2180 Aha154x - ok
11:42:05.0812 2180 aic78u2 - ok
11:42:05.0812 2180 aic78xx - ok
11:42:05.0890 2180 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:42:06.0015 2180 Alerter - ok
11:42:06.0031 2180 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:42:06.0250 2180 ALG - ok
11:42:06.0250 2180 AliIde - ok
11:42:06.0453 2180 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
11:42:06.0625 2180 Ambfilt - ok
11:42:06.0703 2180 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
11:42:06.0765 2180 AmdPPM - ok
11:42:06.0781 2180 amsint - ok
11:42:06.0921 2180 [ 21CA6A013A75FCF6F930D4B08803973A ] AODDriver C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys
11:42:06.0968 2180 AODDriver ( UnsignedFile.Multi.Generic ) - warning
11:42:06.0968 2180 AODDriver - detected UnsignedFile.Multi.Generic (1)
11:42:07.0171 2180 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:42:07.0234 2180 Apple Mobile Device - ok
11:42:07.0234 2180 AppMgmt - ok
11:42:07.0312 2180 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:42:07.0468 2180 Arp1394 - ok
11:42:07.0531 2180 [ 4F9CBBF95E8F7A0D4C0EDCFE3B78102E ] ASAPIW2K C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
11:42:07.0593 2180 ASAPIW2K ( UnsignedFile.Multi.Generic ) - warning
11:42:07.0593 2180 ASAPIW2K - detected UnsignedFile.Multi.Generic (1)
11:42:07.0593 2180 asc - ok
11:42:07.0593 2180 asc3350p - ok
11:42:07.0609 2180 asc3550 - ok
11:42:07.0890 2180 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:42:07.0906 2180 aspnet_state - ok
11:42:07.0937 2180 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:42:08.0062 2180 AsyncMac - ok
11:42:08.0140 2180 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:42:08.0250 2180 atapi - ok
11:42:08.0250 2180 Atdisk - ok
11:42:08.0281 2180 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:42:08.0406 2180 Atmarpc - ok
11:42:08.0453 2180 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:42:08.0578 2180 AudioSrv - ok
11:42:08.0625 2180 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:42:08.0734 2180 audstub - ok
11:42:08.0843 2180 [ 721409129AB3503B6C96404FE8D8CDF0 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
11:42:08.0890 2180 Automatic LiveUpdate Scheduler - ok
11:42:08.0968 2180 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
11:42:09.0078 2180 Avc - ok
11:42:09.0140 2180 [ C653D38371706D51FF465F512C4E6A99 ] AVerFx2hbtv C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys
11:42:09.0187 2180 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - warning
11:42:09.0187 2180 AVerFx2hbtv - detected UnsignedFile.Multi.Generic (1)
11:42:09.0296 2180 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:42:09.0453 2180 Beep - ok
11:42:09.0578 2180 [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
11:42:09.0671 2180 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - warning
11:42:09.0671 2180 Belkin Local Backup Service - detected UnsignedFile.Multi.Generic (1)
11:42:09.0718 2180 [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
11:42:09.0750 2180 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - warning
11:42:09.0750 2180 Belkin Network USB Helper - detected UnsignedFile.Multi.Generic (1)
11:42:10.0109 2180 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
11:42:10.0140 2180 BHDrvx86 - ok
11:42:10.0343 2180 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:42:10.0468 2180 BITS - ok
11:42:10.0593 2180 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:42:10.0671 2180 Browser - ok
11:42:10.0875 2180 [ A9C4AEE6AC10D41BB815468D2E734045 ] BstHdAndroidSvc C:\Program Files\BlueStacks\HD-Service.exe
11:42:10.0937 2180 BstHdAndroidSvc - ok
11:42:11.0015 2180 [ B8A4C0D53D445E170735C0861516F758 ] BstHdDrv C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys
11:42:11.0031 2180 BstHdDrv - ok
11:42:11.0109 2180 [ CD96992A52B454CDBB77E56F9F7FA151 ] BstHdLogRotatorSvc C:\Program Files\BlueStacks\HD-LogRotatorService.exe
11:42:11.0218 2180 BstHdLogRotatorSvc - ok
11:42:11.0218 2180 catchme - ok
11:42:11.0265 2180 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:42:11.0421 2180 cbidf2k - ok
11:42:11.0437 2180 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:42:11.0515 2180 CCDECODE - ok
11:42:11.0593 2180 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys
11:42:11.0593 2180 ccSet_NIS - ok
11:42:11.0593 2180 cd20xrnt - ok
11:42:11.0625 2180 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:42:11.0734 2180 Cdaudio - ok
11:42:11.0781 2180 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:42:11.0843 2180 Cdfs - ok
11:42:11.0875 2180 [ 1407BC5C00EA37B1BEF106C1A225FF6D ] cdrdrv C:\WINDOWS\system32\Drivers\Cdrdrv.sys
11:42:11.0875 2180 cdrdrv ( UnsignedFile.Multi.Generic ) - warning
11:42:11.0875 2180 cdrdrv - detected UnsignedFile.Multi.Generic (1)
11:42:11.0937 2180 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:42:12.0015 2180 Cdrom - ok
11:42:12.0015 2180 Changer - ok
11:42:12.0046 2180 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:42:12.0125 2180 CiSvc - ok
11:42:12.0140 2180 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:42:12.0218 2180 ClipSrv - ok
11:42:12.0281 2180 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:12.0296 2180 clr_optimization_v2.0.50727_32 - ok
11:42:12.0328 2180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:12.0328 2180 clr_optimization_v4.0.30319_32 - ok
11:42:12.0343 2180 CmdIde - ok
11:42:12.0343 2180 COMSysApp - ok
11:42:12.0359 2180 Cpqarray - ok
11:42:12.0375 2180 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:42:12.0453 2180 CryptSvc - ok
11:42:12.0453 2180 dac2w2k - ok
11:42:12.0453 2180 dac960nt - ok
11:42:12.0609 2180 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:42:12.0796 2180 DcomLaunch - ok
11:42:12.0859 2180 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:42:12.0984 2180 Dhcp - ok
11:42:13.0015 2180 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:42:13.0234 2180 Disk - ok
11:42:13.0234 2180 dmadmin - ok
11:42:13.0328 2180 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:42:13.0640 2180 dmboot - ok
11:42:13.0671 2180 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:42:13.0765 2180 dmio - ok
11:42:13.0796 2180 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:42:14.0031 2180 dmload - ok
11:42:14.0062 2180 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:42:14.0125 2180 dmserver - ok
11:42:14.0140 2180 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:42:14.0218 2180 DMusic - ok
11:42:14.0250 2180 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:42:14.0312 2180 Dnscache - ok
11:42:14.0343 2180 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:42:14.0406 2180 Dot3svc - ok
11:42:14.0406 2180 dpti2o - ok
11:42:14.0406 2180 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:42:14.0484 2180 drmkaud - ok
11:42:14.0515 2180 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:42:14.0578 2180 EapHost - ok
11:42:14.0671 2180 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:42:14.0687 2180 eeCtrl - ok
11:42:14.0718 2180 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:42:14.0734 2180 EraserUtilRebootDrv - ok
11:42:14.0765 2180 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:42:14.0843 2180 ERSvc - ok
11:42:14.0875 2180 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
11:42:14.0875 2180 ES lite Service - ok
11:42:14.0906 2180 [ 3AF0AE042AFE486B22644CD3FBEBF2E2 ] etdrv C:\WINDOWS\etdrv.sys
11:42:14.0921 2180 etdrv - ok
11:42:14.0953 2180 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:42:14.0968 2180 Eventlog - ok
11:42:15.0015 2180 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:42:15.0062 2180 EventSystem - ok
11:42:15.0109 2180 [ 76984D46B2ABAA46F8B3FCEF82C9217D ] EverestDriver C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
11:42:15.0125 2180 EverestDriver ( UnsignedFile.Multi.Generic ) - warning
11:42:15.0125 2180 EverestDriver - detected UnsignedFile.Multi.Generic (1)
11:42:15.0171 2180 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:42:15.0250 2180 Fastfat - ok
11:42:15.0281 2180 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:42:15.0312 2180 FastUserSwitchingCompatibility - ok
11:42:15.0328 2180 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:42:15.0406 2180 Fdc - ok
11:42:15.0437 2180 [ ECA6DDD07F0AEC7FCE08F8ABBE4D9204 ] filter C:\WINDOWS\system32\drivers\filter.sys
11:42:15.0437 2180 filter ( UnsignedFile.Multi.Generic ) - warning
11:42:15.0437 2180 filter - detected UnsignedFile.Multi.Generic (1)
11:42:15.0453 2180 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:42:15.0531 2180 Fips - ok
11:42:15.0546 2180 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:42:15.0609 2180 Flpydisk - ok
11:42:15.0640 2180 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:42:15.0703 2180 FltMgr - ok
11:42:15.0750 2180 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:42:15.0750 2180 FontCache3.0.0.0 - ok
11:42:15.0765 2180 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:42:15.0828 2180 Fs_Rec - ok
11:42:15.0859 2180 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:42:15.0953 2180 Ftdisk - ok
11:42:15.0984 2180 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
11:42:15.0984 2180 gdrv - ok
11:42:16.0015 2180 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:42:16.0015 2180 GEARAspiWDM - ok
11:42:16.0031 2180 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:42:16.0109 2180 Gpc - ok
11:42:16.0140 2180 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
11:42:16.0171 2180 grmnusb - ok
11:42:16.0250 2180 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:42:16.0250 2180 gupdate - ok
11:42:16.0265 2180 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:42:16.0265 2180 gupdatem - ok
11:42:16.0328 2180 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:42:16.0343 2180 gusvc - ok
11:42:16.0375 2180 [ 689A8EEF2A2D62B28A0A578A6196531C ] GVTDrv C:\WINDOWS\system32\Drivers\GVTDrv.sys
11:42:16.0390 2180 GVTDrv - ok
11:42:16.0453 2180 [ 4236E014632F4163F53EBB717F41594C ] HCF_MSFT C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
11:42:16.0578 2180 HCF_MSFT - ok
11:42:16.0671 2180 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:42:16.0750 2180 HDAudBus - ok
11:42:16.0812 2180 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:42:16.0890 2180 helpsvc - ok
11:42:16.0921 2180 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:42:16.0984 2180 HidServ - ok
11:42:17.0015 2180 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:42:17.0078 2180 HidUsb - ok
11:42:17.0109 2180 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:42:17.0171 2180 hkmsvc - ok
11:42:17.0187 2180 hpn - ok
11:42:17.0234 2180 [ 287A63BD8509BD78E7978823B38AFA81 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:42:17.0265 2180 HPZid412 - ok
11:42:17.0265 2180 [ 0B4FDA2657C3E0315EAA57F9C6D4FD1F ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:42:17.0296 2180 HPZipr12 - ok
11:42:17.0328 2180 [ 29559DB25258B60510A60C4E470FCE32 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:42:17.0375 2180 HPZius12 - ok
11:42:17.0421 2180 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:42:17.0453 2180 HTTP - ok
11:42:17.0484 2180 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:42:17.0546 2180 HTTPFilter - ok
11:42:17.0562 2180 i2omgmt - ok
11:42:17.0562 2180 i2omp - ok
11:42:17.0578 2180 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:42:17.0656 2180 i8042prt - ok
11:42:17.0734 2180 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:42:17.0750 2180 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:42:17.0750 2180 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:42:17.0796 2180 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:42:17.0859 2180 idsvc - ok
11:42:17.0968 2180 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121116.001\IDSxpx86.sys
11:42:17.0984 2180 IDSxpx86 - ok
11:42:18.0031 2180 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:42:18.0093 2180 Imapi - ok
11:42:18.0140 2180 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:42:18.0218 2180 ImapiService - ok
11:42:18.0218 2180 ini910u - ok
11:42:18.0406 2180 [ E8656858D8B2DA7C9CF59FB4E5CE32ED ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:42:18.0656 2180 IntcAzAudAddService - ok
11:42:18.0656 2180 IntelIde - ok
11:42:18.0703 2180 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:42:18.0781 2180 Ip6Fw - ok
11:42:18.0812 2180 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:42:18.0875 2180 IpFilterDriver - ok
11:42:18.0890 2180 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:42:18.0968 2180 IpInIp - ok
11:42:19.0000 2180 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:42:19.0062 2180 IpNat - ok
11:42:19.0125 2180 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:42:19.0156 2180 iPod Service - ok
11:42:19.0203 2180 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:42:19.0265 2180 IPSec - ok
11:42:19.0296 2180 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:42:19.0359 2180 IRENUM - ok
11:42:19.0390 2180 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:42:19.0453 2180 isapnp - ok
11:42:19.0531 2180 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:42:19.0531 2180 JavaQuickStarterService - ok
11:42:19.0546 2180 [ 7D5053A827FF5BE3A7D0AE5DD5DBA308 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
11:42:19.0562 2180 JRAID - ok
11:42:19.0593 2180 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:42:19.0656 2180 Kbdclass - ok
11:42:19.0718 2180 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:42:19.0781 2180 kbdhid - ok
11:42:19.0796 2180 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:42:19.0875 2180 kmixer - ok
11:42:19.0906 2180 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:42:19.0953 2180 KSecDD - ok
11:42:19.0984 2180 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:42:20.0031 2180 lanmanserver - ok
11:42:20.0078 2180 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:42:20.0125 2180 lanmanworkstation - ok
11:42:20.0125 2180 lbrtfdc - ok
11:42:20.0156 2180 [ 5CFFDA921FE0C9E9EBDE3150D3C81594 ] Leapfrog-USBLAN C:\WINDOWS\system32\DRIVERS\btblan.sys
11:42:20.0203 2180 Leapfrog-USBLAN - ok
11:42:20.0328 2180 [ 36375738DC0B3CD1F764268008E74FDF ] LiveUpdate C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
11:42:20.0515 2180 LiveUpdate - ok
11:42:20.0562 2180 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:42:20.0625 2180 LmHosts - ok
11:42:20.0656 2180 [ 269C14D512B74CC28D2812FF7D1EB066 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
11:42:20.0671 2180 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
11:42:20.0671 2180 MarvinBus - detected UnsignedFile.Multi.Generic (1)
11:42:20.0703 2180 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:42:20.0781 2180 Messenger - ok
11:42:20.0796 2180 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:42:20.0890 2180 mnmdd - ok
11:42:20.0937 2180 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:42:21.0000 2180 mnmsrvc - ok
11:42:21.0015 2180 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:42:21.0078 2180 Modem - ok
11:42:21.0125 2180 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
11:42:21.0281 2180 Monfilt - ok
11:42:21.0281 2180 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:42:21.0359 2180 Mouclass - ok
11:42:21.0390 2180 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:42:21.0484 2180 mouhid - ok
11:42:21.0500 2180 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:42:21.0562 2180 MountMgr - ok
11:42:21.0593 2180 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
11:42:21.0656 2180 MPE - ok
11:42:21.0656 2180 mraid35x - ok
11:42:21.0656 2180 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:42:21.0718 2180 MRxDAV - ok
11:42:21.0765 2180 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:42:21.0812 2180 MRxSmb - ok
11:42:21.0843 2180 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:42:21.0906 2180 MSDTC - ok
11:42:21.0937 2180 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
11:42:22.0015 2180 MSDV - ok
11:42:22.0031 2180 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:42:22.0093 2180 Msfs - ok
11:42:22.0109 2180 MSIServer - ok
11:42:22.0125 2180 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:42:22.0187 2180 MSKSSRV - ok
11:42:22.0187 2180 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:42:22.0265 2180 MSPCLOCK - ok
11:42:22.0281 2180 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:42:22.0359 2180 MSPQM - ok
11:42:22.0390 2180 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:42:22.0453 2180 mssmbios - ok
11:42:22.0484 2180 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:42:22.0531 2180 MSTEE - ok
11:42:22.0578 2180 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:42:22.0609 2180 Mup - ok
11:42:22.0656 2180 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:42:22.0734 2180 NABTSFEC - ok
11:42:22.0765 2180 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:42:22.0843 2180 napagent - ok
11:42:22.0921 2180 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
11:42:22.0953 2180 NAUpdate - ok
11:42:23.0015 2180 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121117.005\NAVENG.SYS
11:42:23.0031 2180 NAVENG - ok
11:42:23.0093 2180 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121117.005\NAVEX15.SYS
11:42:23.0203 2180 NAVEX15 - ok
11:42:23.0250 2180 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:42:23.0312 2180 NDIS - ok
11:42:23.0328 2180 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:42:23.0406 2180 NdisIP - ok
11:42:23.0453 2180 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:42:23.0500 2180 NdisTapi - ok
11:42:23.0531 2180 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:42:23.0593 2180 Ndisuio - ok
11:42:23.0609 2180 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:42:23.0671 2180 NdisWan - ok
11:42:23.0703 2180 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:42:23.0718 2180 NDProxy - ok
11:42:23.0750 2180 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:42:23.0843 2180 NetBIOS - ok
11:42:23.0859 2180 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:42:23.0937 2180 NetBT - ok
11:42:23.0968 2180 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:42:24.0031 2180 NetDDE - ok
11:42:24.0031 2180 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:42:24.0078 2180 NetDDEdsdm - ok
11:42:24.0125 2180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:42:24.0171 2180 Netlogon - ok
11:42:24.0218 2180 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:42:24.0281 2180 Netman - ok
11:42:24.0328 2180 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:42:24.0328 2180 NetTcpPortSharing - ok
11:42:24.0359 2180 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:42:24.0421 2180 NIC1394 - ok
11:42:24.0500 2180 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
11:42:24.0500 2180 NIS - ok
11:42:24.0562 2180 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:42:24.0593 2180 Nla - ok
11:42:24.0625 2180 [ 65194F525AEF541EAA5056EB3D53A25B ] NPDriver C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
11:42:24.0640 2180 NPDriver - ok
11:42:24.0640 2180 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:42:24.0718 2180 Npfs - ok
11:42:24.0968 2180 [ CFF46776A6886231CE782A3D63495F20 ] NProtectService C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
11:42:24.0984 2180 NProtectService - ok
11:42:25.0031 2180 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:42:25.0093 2180 Ntfs - ok
11:42:25.0125 2180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:42:25.0187 2180 NtLmSsp - ok
11:42:25.0218 2180 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:42:25.0296 2180 NtmsSvc - ok
11:42:25.0312 2180 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:42:25.0406 2180 Null - ok
11:42:25.0703 2180 [ A05D99CBF55EB493C9E82B4BCA848EF5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:42:26.0625 2180 nv - ok
11:42:26.0671 2180 [ A86A2F2B2BF5D5EED075B6417DE5CF1C ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
11:42:26.0687 2180 nvsvc - ok
11:42:26.0703 2180 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:42:26.0796 2180 NwlnkFlt - ok
11:42:26.0812 2180 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:42:26.0906 2180 NwlnkFwd - ok
11:42:26.0937 2180 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:42:27.0000 2180 ohci1394 - ok
11:42:27.0031 2180 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:42:27.0109 2180 Parport - ok
11:42:27.0109 2180 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:42:27.0171 2180 PartMgr - ok
11:42:27.0187 2180 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:42:27.0281 2180 ParVdm - ok
11:42:27.0328 2180 [ 9C049ACD0CB71931AF89E055427DFAC9 ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
11:42:27.0359 2180 pcCMService ( UnsignedFile.Multi.Generic ) - warning
11:42:27.0359 2180 pcCMService - detected UnsignedFile.Multi.Generic (1)
11:42:27.0359 2180 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:42:27.0421 2180 PCI - ok
11:42:27.0421 2180 PCIDump - ok
11:42:27.0421 2180 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:42:27.0500 2180 PCIIde - ok
11:42:27.0546 2180 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\WINDOWS\system32\drivers\pclepci.sys
11:42:27.0562 2180 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
11:42:27.0562 2180 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
11:42:27.0593 2180 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:42:27.0656 2180 Pcmcia - ok
11:42:27.0656 2180 PDCOMP - ok
11:42:27.0656 2180 PDFRAME - ok
11:42:27.0656 2180 PDRELI - ok
11:42:27.0671 2180 PDRFRAME - ok
11:42:27.0671 2180 perc2 - ok
11:42:27.0671 2180 perc2hib - ok
11:42:27.0703 2180 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:42:27.0718 2180 PlugPlay - ok
11:42:27.0765 2180 [ 5C1CADD1CB67C0B9D8A84EC6E4D6B5CC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
11:42:27.0781 2180 Pml Driver HPZ12 - ok
11:42:27.0781 2180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:42:27.0828 2180 PolicyAgent - ok
11:42:27.0875 2180 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:42:27.0953 2180 PptpMiniport - ok
11:42:27.0953 2180 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:42:28.0015 2180 Processor - ok
11:42:28.0015 2180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:42:28.0078 2180 ProtectedStorage - ok
11:42:28.0078 2180 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:42:28.0140 2180 PSched - ok
11:42:28.0171 2180 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:42:28.0265 2180 Ptilink - ok
11:42:28.0265 2180 ql1080 - ok
11:42:28.0281 2180 Ql10wnt - ok
11:42:28.0281 2180 ql12160 - ok
11:42:28.0281 2180 ql1240 - ok
11:42:28.0281 2180 ql1280 - ok
11:42:28.0312 2180 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:42:28.0390 2180 RasAcd - ok
11:42:28.0421 2180 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:42:28.0500 2180 RasAuto - ok
11:42:28.0515 2180 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:42:28.0562 2180 Rasl2tp - ok
11:42:28.0625 2180 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:42:28.0671 2180 RasMan - ok
11:42:28.0687 2180 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:42:28.0750 2180 RasPppoe - ok
11:42:28.0750 2180 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:42:28.0828 2180 Raspti - ok
11:42:28.0906 2180 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:42:28.0953 2180 Rdbss - ok
11:42:28.0968 2180 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:42:29.0046 2180 RDPCDD - ok
11:42:29.0093 2180 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:42:29.0140 2180 RDPWD - ok
11:42:29.0171 2180 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:42:29.0234 2180 RDSessMgr - ok
11:42:29.0265 2180 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:42:29.0328 2180 redbook - ok
11:42:29.0359 2180 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:42:29.0437 2180 RemoteAccess - ok
11:42:29.0515 2180 [ 41DDCF1ADD1FB7DE23DCF671740DDBE6 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
11:42:29.0531 2180 RichVideo - ok
11:42:29.0562 2180 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:42:29.0609 2180 RpcLocator - ok
11:42:29.0640 2180 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:42:29.0656 2180 RpcSs - ok
11:42:29.0703 2180 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:42:29.0796 2180 RSVP - ok
11:42:29.0843 2180 [ 79B4FE884C18DD82D5449F6B6026D092 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:42:29.0921 2180 RTLE8023xp - ok
11:42:29.0937 2180 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:42:30.0000 2180 SamSs - ok
11:42:30.0031 2180 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:42:30.0109 2180 SCardSvr - ok
11:42:30.0156 2180 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:42:30.0234 2180 Schedule - ok
11:42:30.0265 2180 [ 11B5E1DA4566A68A881A7D73222F4C78 ] SDdriver C:\WINDOWS\system32\Drivers\sddriver.sys
11:42:30.0265 2180 SDdriver - ok
11:42:30.0281 2180 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:42:30.0359 2180 Secdrv - ok
11:42:30.0375 2180 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:42:30.0437 2180 seclogon - ok
11:42:30.0468 2180 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:42:30.0531 2180 SENS - ok
11:42:30.0562 2180 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:42:30.0625 2180 serenum - ok
11:42:30.0640 2180 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:42:30.0718 2180 Serial - ok
11:42:30.0734 2180 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:42:30.0812 2180 Sfloppy - ok
11:42:30.0859 2180 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:42:30.0921 2180 SharedAccess - ok
11:42:30.0953 2180 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:42:30.0968 2180 ShellHWDetection - ok
11:42:30.0984 2180 Simbad - ok
11:42:31.0000 2180 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:42:31.0078 2180 SLIP - ok
11:42:31.0093 2180 Sparrow - ok
11:42:31.0140 2180 [ CAA0DED075B7F499CB788E7646016857 ] Speed Disk service C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
11:42:31.0156 2180 Speed Disk service - ok
11:42:31.0187 2180 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:42:31.0265 2180 splitter - ok
11:42:31.0296 2180 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:42:31.0328 2180 Spooler - ok
11:42:31.0343 2180 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:42:31.0406 2180 sr - ok
11:42:31.0437 2180 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:42:31.0515 2180 srservice - ok
11:42:31.0546 2180 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS
11:42:31.0578 2180 SRTSP - ok
11:42:31.0625 2180 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS
11:42:31.0625 2180 SRTSPX - ok
11:42:31.0687 2180 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:42:31.0734 2180 Srv - ok
11:42:31.0750 2180 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:42:31.0812 2180 SSDPSRV - ok
11:42:31.0859 2180 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:42:31.0937 2180 stisvc - ok
11:42:31.0937 2180 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:42:32.0015 2180 streamip - ok
11:42:32.0046 2180 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:42:32.0109 2180 swenum - ok
11:42:32.0140 2180 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:42:32.0203 2180 swmidi - ok
11:42:32.0203 2180 SwPrv - ok
11:42:32.0218 2180 [ C8A43978DADCF12B7E40A0577227DFBC ] sxuptp C:\WINDOWS\system32\DRIVERS\sxuptp.sys
11:42:32.0234 2180 sxuptp - ok
11:42:32.0234 2180 symc810 - ok
11:42:32.0234 2180 symc8xx - ok
11:42:32.0281 2180 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMDS.SYS
11:42:32.0296 2180 SymDS - ok
11:42:32.0375 2180 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMEFA.SYS
11:42:32.0421 2180 SymEFA - ok
11:42:32.0453 2180 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:42:32.0468 2180 SymEvent - ok
11:42:32.0500 2180 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS
11:42:32.0515 2180 SymIRON - ok
11:42:32.0578 2180 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS
11:42:32.0593 2180 SYMTDI - ok
11:42:32.0593 2180 sym_hi - ok
11:42:32.0593 2180 sym_u3 - ok
11:42:32.0640 2180 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:42:32.0718 2180 sysaudio - ok
11:42:32.0734 2180 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:42:32.0812 2180 SysmonLog - ok
11:42:32.0859 2180 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:42:32.0921 2180 TapiSrv - ok
11:42:32.0968 2180 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:42:33.0000 2180 Tcpip - ok
11:42:33.0015 2180 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:42:33.0093 2180 TDPIPE - ok
11:42:33.0109 2180 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:42:33.0171 2180 TDTCP - ok
11:42:33.0203 2180 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:42:33.0250 2180 TermDD - ok
11:42:33.0281 2180 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:42:33.0343 2180 TermService - ok
11:42:33.0359 2180 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:42:33.0375 2180 Themes - ok
11:42:33.0375 2180 TosIde - ok
11:42:33.0390 2180 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:42:33.0453 2180 TrkWks - ok
11:42:33.0484 2180 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:42:33.0546 2180 Udfs - ok
11:42:33.0562 2180 ultra - ok
11:42:33.0609 2180 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:42:33.0671 2180 Update - ok
11:42:33.0687 2180 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:42:33.0765 2180 upnphost - ok
11:42:33.0781 2180 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:42:33.0828 2180 UPS - ok
11:42:33.0859 2180 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
11:42:33.0906 2180 USBAAPL - ok
11:42:33.0937 2180 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:42:34.0000 2180 usbaudio - ok
11:42:34.0015 2180 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:42:34.0093 2180 usbccgp - ok
11:42:34.0125 2180 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:42:34.0187 2180 usbehci - ok
11:42:34.0234 2180 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:42:34.0296 2180 usbhub - ok
11:42:34.0296 2180 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:42:34.0375 2180 usbohci - ok
11:42:34.0375 2180 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:42:34.0437 2180 usbprint - ok
11:42:34.0453 2180 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:42:34.0515 2180 usbscan - ok
11:42:34.0515 2180 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:42:34.0578 2180 usbstor - ok
11:42:34.0593 2180 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:42:34.0640 2180 VgaSave - ok
11:42:34.0640 2180 ViaIde - ok
11:42:34.0671 2180 [ 705C36BC6E13FDB304486898D6D8512B ] vobcom C:\WINDOWS\system32\drivers\vobcom.sys
11:42:34.0687 2180 vobcom ( UnsignedFile.Multi.Generic ) - warning
11:42:34.0687 2180 vobcom - detected UnsignedFile.Multi.Generic (1)
11:42:34.0703 2180 [ 1DD1D1E3C3FAE2BF7CE5ED2F71A356A1 ] vobiw C:\WINDOWS\system32\drivers\vobiw.sys
11:42:34.0703 2180 vobiw ( UnsignedFile.Multi.Generic ) - warning
11:42:34.0703 2180 vobiw - detected UnsignedFile.Multi.Generic (1)
11:42:34.0718 2180 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:42:34.0781 2180 VolSnap - ok
11:42:34.0812 2180 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:42:34.0890 2180 VSS - ok
11:42:35.0015 2180 [ 42870675B4D84ACD81A9DA69B83F14C5 ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys
11:42:35.0187 2180 VX3000 - ok
11:42:35.0218 2180 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:42:35.0281 2180 W32Time - ok
11:42:35.0328 2180 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:42:35.0390 2180 Wanarp - ok
11:42:35.0390 2180 WDICA - ok
11:42:35.0421 2180 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:42:35.0484 2180 wdmaud - ok
11:42:35.0531 2180 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:42:35.0593 2180 WebClient - ok
11:42:35.0671 2180 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:42:35.0734 2180 winmgmt - ok
11:42:35.0765 2180 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:42:35.0812 2180 WmdmPmSN - ok
11:42:35.0859 2180 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:42:35.0906 2180 WmiAcpi - ok
11:42:35.0953 2180 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:42:36.0031 2180 WmiApSrv - ok
11:42:36.0125 2180 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:42:36.0203 2180 WMPNetworkSvc - ok
11:42:36.0234 2180 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:42:36.0234 2180 WpdUsb - ok
11:42:36.0343 2180 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:42:36.0390 2180 WPFFontCache_v0400 - ok
11:42:36.0437 2180 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:42:36.0531 2180 WS2IFSL - ok
11:42:36.0578 2180 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:42:36.0640 2180 wscsvc - ok
11:42:36.0671 2180 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:42:36.0734 2180 WSTCODEC - ok
11:42:36.0750 2180 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:42:36.0812 2180 wuauserv - ok
11:42:36.0859 2180 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:42:36.0875 2180 WudfPf - ok
11:42:36.0890 2180 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:42:36.0906 2180 WudfRd - ok
11:42:36.0921 2180 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:42:36.0921 2180 WudfSvc - ok
11:42:37.0015 2180 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:42:37.0093 2180 WZCSVC - ok
11:42:37.0125 2180 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:42:37.0187 2180 xmlprov - ok
11:42:37.0203 2180 [ 41CF36A3CC7786575247ED456918E112 ] XUIF C:\WINDOWS\system32\Drivers\x10ufx2.sys
11:42:37.0250 2180 XUIF - ok
11:42:37.0250 2180 ================ Scan global ===============================
11:42:37.0281 2180 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:42:37.0328 2180 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:42:37.0343 2180 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:42:37.0359 2180 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:42:37.0359 2180 [Global] - ok
11:42:37.0359 2180 ================ Scan MBR ==================================
11:42:37.0375 2180 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:42:37.0375 2180 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:42:37.0406 2180 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:42:37.0406 2180 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:42:37.0437 2180 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:42:37.0437 2180 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:42:37.0453 2180 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:42:37.0546 2180 \Device\Harddisk1\DR1 - ok
11:42:37.0546 2180 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
11:42:37.0609 2180 \Device\Harddisk2\DR2 - ok
11:42:37.0609 2180 ================ Scan VBR ==================================
11:42:37.0609 2180 [ FF8A16B0D1C22AE5BA865ACE331DFC86 ] \Device\Harddisk0\DR0\Partition1
11:42:37.0609 2180 \Device\Harddisk0\DR0\Partition1 - ok
11:42:37.0609 2180 [ 1C7879D19F1ED05269C836002C2782B0 ] \Device\Harddisk1\DR1\Partition1
11:42:37.0609 2180 \Device\Harddisk1\DR1\Partition1 - ok
11:42:37.0609 2180 [ A5BC8EB83640748495977027EFD4C2DD ] \Device\Harddisk2\DR2\Partition1
11:42:37.0609 2180 \Device\Harddisk2\DR2\Partition1 - ok
11:42:37.0609 2180 ============================================================
11:42:37.0609 2180 Scan finished
11:42:37.0609 2180 ============================================================
11:42:37.0734 1288 Detected object count: 16
11:42:37.0734 1288 Actual detected object count: 16
11:42:52.0078 1288 AODDriver ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0078 1288 AODDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0078 1288 ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0078 1288 ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0078 1288 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0078 1288 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 cdrdrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 cdrdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 EverestDriver ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 EverestDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 filter ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 filter ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 vobcom ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 vobcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0093 1288 vobiw ( UnsignedFile.Multi.Generic ) - skipped by user
11:42:52.0093 1288 vobiw ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:42:52.0562 1288 \Device\Harddisk0\DR0\# - copied to quarantine
11:42:52.0578 1288 \Device\Harddisk0\DR0 - copied to quarantine
11:42:52.0656 1288 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:42:52.0671 1288 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:42:52.0671 1288 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:42:52.0687 1288 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:42:52.0687 1288 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:42:52.0687 1288 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:42:52.0703 1288 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:42:52.0734 1288 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:42:52.0734 1288 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:42:52.0734 1288 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:42:52.0734 1288 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:42:52.0750 1288 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:42:52.0750 1288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:42:52.0750 1288 \Device\Harddisk0\DR0 - ok
11:42:53.0812 1288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:42:53.0812 1288 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:42:53.0812 1288 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:43:03.0812 2784 Deinitialize success

#24
godawgs

Posted 18 November 2012 - 12:18 PM

Teacher

Retired Staff
8,228 posts

Hi,

Well TDSSKiller got the rootkit. Man, this one was like a tick on a dog....it was dug in and didn't want to be found. :lol:

We still need to kill the TDSS File system but before we do that I would be doing you a disservice if I didn't apprise you of the following:

:alarm:

Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:

All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterward.
Since we have already killed the large part, we need to go ahead and kill the rest. Then scan for residual files. If you decide to reinstall the operating system you can let me know after that

After this run please let me know how the computer is running and what problems, if any, remain.

Step-1.

Delete the TDSS File System

Re-run TDSSKiller please with the same settings as before - when you see the following Threats Detected screen change the default action from Skip to Delete on the following entry:
- TDSS File System
You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new TDSSKiller log
2. Tell me what issues, if any, remain.

#25
msujedi

Posted 18 November 2012 - 07:37 PM

Member

Topic Starter
Member
61 posts

Progress has been slow, but it is satisfying nonetheless. The wave volume issue seems to be resolved. It has not reset to zero in the past few hours. I've had no bizarre hangs or freezes in that time either.

However, TDSSKiller continues to produce BSOD errors & will not run. I previously persisted & after a few tries and BSOD errors & reboots, it would run successfully. This time, however, I've tried 5 or 6 times only to get BSOD errors regarding that same filter.sys I mentioned before. After the 2nd failed TDSSKiller attempt I re-ran Combofix to possibly 'clear the way' for TDSSKiller as before. To no avail. I was met with continued BSOD errors on 3 or 4 more attempts to run TDSSKiller.

I feel like I'm pushing into the realm of insanity...continuing to try the same thing and expect a different result. Is there something else I should do to ensure that TDSSKiller can run?

Is there another way to remove the TDSS file system? Another program? Manually selecting the files in DOS or after Windows opens? Thanks for seeing this problem through to its bitter end!

#26
godawgs

Posted 18 November 2012 - 10:57 PM

Teacher

Retired Staff
8,228 posts

You're welcome. Let's see if we can get TDSSKiller to run through another program you already have, MalwareBytes.

Locate a folder on your system

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon.

Copy and paste a copy of TDSSKiller.exe into that folder, and keep it open - you'll be back in there in a few seconds
.
Click the Start Orb, then click Run and copy and paste the following bold text, making sure to get it all, into the text box and hit OK:
- "C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o
Locate and double click the TDSSKiller.exe file that you copied to the Chameleon folder..
Click Change parameters and check the two boxes under Additional Options.
Click Start scan and allow the tool to do just that.
When you see the following Threats Detected screen change the default action from Skip to Delete on the following entry:
- TDSS File System
You must leave all the other default actions on the Threats Detected screen set to Skip and then click Continue to remove the TDSS File System.
If the tool has identified any Malicious Threats allow it to carry out it's default action of Cure - you'll need to click Continue where appropriate.
Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
The log that the tool creates will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt. - i'd like a copy of the contents in your next reply.
Please check that you get the one with the right date and time.

Post the contents of the TDSSKiller log in your next reply.

#27
msujedi

Posted 19 November 2012 - 07:43 PM

Member

Topic Starter
Member
61 posts

The computer is still running well ... no hanging/freezing programs, and no random wave volume resets.

I was not able to run TDSSKiller though. I've provided more detail below. Hopefully some of it provides you some additional insight.

TDSSKiller begins to Initialize ... 15%, then 40%, then 80%, then BSOD. TDSSKiller isn't even opening. Maybe I should've specified that before. Also, right-clicking, then selecting 'run as' does not give me the option of running it as an administrator. I click 'run as', then 'run' in the next window, then I am only able to select 'current user (home\study-Jed)'. There is a check-box below the 'current user' selection that says 'protect my computer from unauthorized program activity'. I make sure that is deselected before running the program. (I have tried it both ways several times though) I really have no idea how it ran successfully that one time ... but, I'm glad it did.

Here's what I did per your most recent instructions:
I copied and pasted TDSSKiller.exe into the Chameleon sub-folder of Malewarebytes. Having Win XP, I clicked on the green 'Start' button (rather than the Win 7 orb), then run, then pasted the contents of the quotes "C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe", then clicked the 'ok' button. A black window opened with the prompt 'Press any key to continue ...', so I did. Malwarebytes updated a driver, then ran through its own sequence.

I repeated the process several times, double clicking on TDSSKiller from within the chameleon folder ... before 'pressing any key' ... after 'pressing any key', but while those processes were running ... and after all of the processes had completed. I tried running TDSSKiller on its own again. I tried a few variations over 6 times and all resulted in a BSOD requiring a restart.

#28
godawgs

Posted 20 November 2012 - 11:15 AM

Teacher

Retired Staff
8,228 posts

Hi,

Here's what I did per your most recent instructions:
I copied and pasted TDSSKiller.exe into the Chameleon sub-folder of Malewarebytes. Having Win XP, I clicked on the green 'Start' button (rather than the Win 7 orb), then run, then pasted the contents of the quotes "C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe", then clicked the 'ok' button. A black window opened with the prompt 'Press any key to continue ...', so I did. Malwarebytes updated a driver, then ran through its own sequence.

Is that all you copied/pasted into the Run box? My instructions were:

Click the Start Orb (I should have changed it to Start button....my bad ), then click Run and copy and paste the following bold text, making sure to get it all, into the text box and hit OK:

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

There is an /o switch at the end of the line. (The o is the small letter o, not the number 0.

If you didn't include the /o switch, please rerun the instructions. If you did include the switch and just made an error in what you posted in your last reply, let me know.

#29
msujedi

Posted 20 November 2012 - 06:25 PM

Member

Topic Starter
Member
61 posts

Cool. I had copied everything bolded the first time. I didn't notice until I tried again, but when I pasted it the small bullet in front of the first quotation had been included. The result was an error message, saying the file was not found. I manually deleted the bullet after pasting it & the chameleon began to run.

I did have to try twice. It prompted me to press any key, said the driver was loaded, then prompted me to press any key a 2nd time. Chameleon ended & I tried to run TDSSKiller ... resulting in a BSOD.

After a reboot I tried again. This time I dble clicked TDSSKiller after the first 'press any key' and before the 2nd. It ran successfully. Haha, I had over 12 partial reports from the failed attempts to sort through. Successful report follows:

19:13:12.0843 2024 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:13:13.0156 2024 ============================================================
19:13:13.0156 2024 Current date / time: 2012/11/20 19:13:13.0156
19:13:13.0156 2024 SystemInfo:
19:13:13.0156 2024
19:13:13.0156 2024 OS Version: 5.1.2600 ServicePack: 3.0
19:13:13.0156 2024 Product type: Workstation
19:13:13.0156 2024 ComputerName: HOME-STUDY
19:13:13.0156 2024 Windows directory: C:\WINDOWS
19:13:13.0156 2024 System windows directory: C:\WINDOWS
19:13:13.0156 2024 Processor architecture: Intel x86
19:13:13.0156 2024 Number of processors: 4
19:13:13.0156 2024 Page size: 0x1000
19:13:13.0156 2024 Boot type: Normal boot
19:13:13.0156 2024 ============================================================
19:13:15.0484 2024 Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:13:15.0500 2024 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:13:15.0515 2024 Drive \Device\Harddisk2\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:13:15.0515 2024 ============================================================
19:13:15.0515 2024 \Device\Harddisk0\DR0:
19:13:15.0515 2024 MBR partitions:
19:13:15.0515 2024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
19:13:15.0515 2024 \Device\Harddisk1\DR1:
19:13:15.0515 2024 MBR partitions:
19:13:15.0515 2024 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
19:13:15.0515 2024 \Device\Harddisk2\DR2:
19:13:15.0515 2024 MBR partitions:
19:13:15.0515 2024 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
19:13:15.0515 2024 ============================================================
19:13:15.0578 2024 C: <-> \Device\Harddisk0\DR0\Partition1
19:13:15.0640 2024 J: <-> \Device\Harddisk2\DR2\Partition1
19:13:15.0671 2024 K: <-> \Device\Harddisk1\DR1\Partition1
19:13:15.0671 2024 ============================================================
19:13:15.0671 2024 Initialize success
19:13:15.0671 2024 ============================================================
19:13:24.0640 4336 ============================================================
19:13:24.0640 4336 Scan started
19:13:24.0640 4336 Mode: Manual; SigCheck; TDLFS;
19:13:24.0640 4336 ============================================================
19:13:26.0343 4336 ================ Scan system memory ========================
19:13:26.0359 4336 System memory - ok
19:13:26.0359 4336 ================ Scan services =============================
19:13:26.0453 4336 01252258 - ok
19:13:26.0468 4336 05876603 - ok
19:13:26.0468 4336 11579134 - ok
19:13:26.0468 4336 13259072 - ok
19:13:26.0468 4336 13774688 - ok
19:13:26.0484 4336 15130377 - ok
19:13:26.0484 4336 19561505 - ok
19:13:26.0515 4336 [ 2A8681AEA24003040CA7D677BE9F1702 ] 21133191 C:\WINDOWS\system32\drivers\43464843.sys
19:13:26.0734 4336 21133191 - ok
19:13:26.0734 4336 25389074 - ok
19:13:26.0750 4336 30676609 - ok
19:13:26.0750 4336 39780917 - ok
19:13:26.0843 4336 [ 2A8681AEA24003040CA7D677BE9F1702 ] 40273033 C:\WINDOWS\system32\drivers\27966473.sys
19:13:26.0890 4336 40273033 - ok
19:13:26.0890 4336 57106531 - ok
19:13:26.0890 4336 69414001 - ok
19:13:26.0890 4336 71044900 - ok
19:13:26.0906 4336 73930823 - ok
19:13:26.0937 4336 [ 2A8681AEA24003040CA7D677BE9F1702 ] 79694497 C:\WINDOWS\system32\drivers\33338982.sys
19:13:26.0984 4336 79694497 - ok
19:13:27.0015 4336 81281435 - ok
19:13:27.0093 4336 [ 2A8681AEA24003040CA7D677BE9F1702 ] 91902631 C:\WINDOWS\system32\drivers\97114780.sys
19:13:27.0140 4336 91902631 - ok
19:13:27.0140 4336 97483336 - ok
19:13:27.0156 4336 Abiosdsk - ok
19:13:27.0156 4336 abp480n5 - ok
19:13:27.0250 4336 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:13:27.0421 4336 ACPI ( UnsignedFile.Multi.Generic ) - warning
19:13:27.0421 4336 ACPI - detected UnsignedFile.Multi.Generic (1)
19:13:27.0484 4336 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:13:27.0500 4336 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
19:13:27.0500 4336 ACPIEC - detected UnsignedFile.Multi.Generic (1)
19:13:27.0734 4336 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:13:27.0812 4336 AdobeFlashPlayerUpdateSvc - ok
19:13:27.0812 4336 adpu160m - ok
19:13:27.0875 4336 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:13:27.0906 4336 aec ( UnsignedFile.Multi.Generic ) - warning
19:13:27.0906 4336 aec - detected UnsignedFile.Multi.Generic (1)
19:13:27.0984 4336 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:13:28.0031 4336 AFD ( UnsignedFile.Multi.Generic ) - warning
19:13:28.0031 4336 AFD - detected UnsignedFile.Multi.Generic (1)
19:13:28.0265 4336 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
19:13:28.0328 4336 AffinegyService - ok
19:13:28.0328 4336 AFGMp50 - ok
19:13:28.0359 4336 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
19:13:28.0375 4336 AFGSp50 - ok
19:13:28.0375 4336 Aha154x - ok
19:13:28.0390 4336 aic78u2 - ok
19:13:28.0390 4336 aic78xx - ok
19:13:28.0421 4336 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:13:28.0484 4336 Alerter ( UnsignedFile.Multi.Generic ) - warning
19:13:28.0484 4336 Alerter - detected UnsignedFile.Multi.Generic (1)
19:13:28.0546 4336 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:13:28.0546 4336 ALG ( UnsignedFile.Multi.Generic ) - warning
19:13:28.0546 4336 ALG - detected UnsignedFile.Multi.Generic (1)
19:13:28.0546 4336 AliIde - ok
19:13:28.0859 4336 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
19:13:29.0218 4336 Ambfilt ( UnsignedFile.Multi.Generic ) - warning
19:13:29.0218 4336 Ambfilt - detected UnsignedFile.Multi.Generic (1)
19:13:29.0328 4336 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
19:13:29.0343 4336 AmdPPM ( UnsignedFile.Multi.Generic ) - warning
19:13:29.0343 4336 AmdPPM - detected UnsignedFile.Multi.Generic (1)
19:13:29.0343 4336 amsint - ok
19:13:29.0437 4336 [ 21CA6A013A75FCF6F930D4B08803973A ] AODDriver C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys
19:13:29.0437 4336 AODDriver ( UnsignedFile.Multi.Generic ) - warning
19:13:29.0437 4336 AODDriver - detected UnsignedFile.Multi.Generic (1)
19:13:29.0812 4336 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:13:29.0828 4336 Apple Mobile Device - ok
19:13:29.0843 4336 AppMgmt - ok
19:13:29.0875 4336 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:13:29.0921 4336 Arp1394 ( UnsignedFile.Multi.Generic ) - warning
19:13:29.0921 4336 Arp1394 - detected UnsignedFile.Multi.Generic (1)
19:13:30.0000 4336 [ 4F9CBBF95E8F7A0D4C0EDCFE3B78102E ] ASAPIW2K C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
19:13:30.0000 4336 ASAPIW2K ( UnsignedFile.Multi.Generic ) - warning
19:13:30.0000 4336 ASAPIW2K - detected UnsignedFile.Multi.Generic (1)
19:13:30.0015 4336 asc - ok
19:13:30.0015 4336 asc3350p - ok
19:13:30.0015 4336 asc3550 - ok
19:13:30.0296 4336 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:13:30.0406 4336 aspnet_state - ok
19:13:30.0453 4336 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:13:30.0468 4336 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
19:13:30.0468 4336 AsyncMac - detected UnsignedFile.Multi.Generic (1)
19:13:30.0531 4336 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:13:30.0531 4336 atapi ( UnsignedFile.Multi.Generic ) - warning
19:13:30.0531 4336 atapi - detected UnsignedFile.Multi.Generic (1)
19:13:30.0531 4336 Atdisk - ok
19:13:30.0593 4336 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:13:30.0718 4336 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
19:13:30.0718 4336 Atmarpc - detected UnsignedFile.Multi.Generic (1)
19:13:30.0781 4336 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:13:30.0796 4336 AudioSrv ( UnsignedFile.Multi.Generic ) - warning
19:13:30.0796 4336 AudioSrv - detected UnsignedFile.Multi.Generic (1)
19:13:30.0859 4336 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:13:30.0875 4336 audstub ( UnsignedFile.Multi.Generic ) - warning
19:13:30.0875 4336 audstub - detected UnsignedFile.Multi.Generic (1)
19:13:31.0046 4336 [ 721409129AB3503B6C96404FE8D8CDF0 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
19:13:31.0046 4336 Automatic LiveUpdate Scheduler - ok
19:13:31.0109 4336 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
19:13:31.0156 4336 Avc ( UnsignedFile.Multi.Generic ) - warning
19:13:31.0156 4336 Avc - detected UnsignedFile.Multi.Generic (1)
19:13:31.0187 4336 [ C653D38371706D51FF465F512C4E6A99 ] AVerFx2hbtv C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys
19:13:31.0203 4336 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - warning
19:13:31.0203 4336 AVerFx2hbtv - detected UnsignedFile.Multi.Generic (1)
19:13:31.0281 4336 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:13:31.0312 4336 Beep ( UnsignedFile.Multi.Generic ) - warning
19:13:31.0312 4336 Beep - detected UnsignedFile.Multi.Generic (1)
19:13:31.0453 4336 [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
19:13:31.0453 4336 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - warning
19:13:31.0453 4336 Belkin Local Backup Service - detected UnsignedFile.Multi.Generic (1)
19:13:31.0500 4336 [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
19:13:31.0515 4336 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - warning
19:13:31.0515 4336 Belkin Network USB Helper - detected UnsignedFile.Multi.Generic (1)
19:13:31.0984 4336 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
19:13:32.0109 4336 BHDrvx86 - ok
19:13:32.0250 4336 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:13:32.0375 4336 BITS ( UnsignedFile.Multi.Generic ) - warning
19:13:32.0375 4336 BITS - detected UnsignedFile.Multi.Generic (1)
19:13:32.0484 4336 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:13:32.0484 4336 Browser ( UnsignedFile.Multi.Generic ) - warning
19:13:32.0484 4336 Browser - detected UnsignedFile.Multi.Generic (1)
19:13:32.0734 4336 [ A9C4AEE6AC10D41BB815468D2E734045 ] BstHdAndroidSvc C:\Program Files\BlueStacks\HD-Service.exe
19:13:32.0796 4336 BstHdAndroidSvc - ok
19:13:32.0859 4336 [ B8A4C0D53D445E170735C0861516F758 ] BstHdDrv C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys
19:13:32.0875 4336 BstHdDrv - ok
19:13:32.0953 4336 [ CD96992A52B454CDBB77E56F9F7FA151 ] BstHdLogRotatorSvc C:\Program Files\BlueStacks\HD-LogRotatorService.exe
19:13:33.0015 4336 BstHdLogRotatorSvc - ok
19:13:33.0015 4336 catchme - ok
19:13:33.0078 4336 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:13:33.0078 4336 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0078 4336 cbidf2k - detected UnsignedFile.Multi.Generic (1)
19:13:33.0109 4336 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:13:33.0125 4336 CCDECODE ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0125 4336 CCDECODE - detected UnsignedFile.Multi.Generic (1)
19:13:33.0265 4336 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys
19:13:33.0281 4336 ccSet_NIS - ok
19:13:33.0281 4336 cd20xrnt - ok
19:13:33.0328 4336 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:13:33.0328 4336 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0328 4336 Cdaudio - detected UnsignedFile.Multi.Generic (1)
19:13:33.0406 4336 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:13:33.0421 4336 Cdfs ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0421 4336 Cdfs - detected UnsignedFile.Multi.Generic (1)
19:13:33.0468 4336 [ 1407BC5C00EA37B1BEF106C1A225FF6D ] cdrdrv C:\WINDOWS\system32\Drivers\Cdrdrv.sys
19:13:33.0468 4336 cdrdrv ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0468 4336 cdrdrv - detected UnsignedFile.Multi.Generic (1)
19:13:33.0515 4336 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:13:33.0531 4336 Cdrom ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0531 4336 Cdrom - detected UnsignedFile.Multi.Generic (1)
19:13:33.0531 4336 Changer - ok
19:13:33.0562 4336 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:13:33.0562 4336 CiSvc ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0562 4336 CiSvc - detected UnsignedFile.Multi.Generic (1)
19:13:33.0578 4336 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:13:33.0578 4336 ClipSrv ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0578 4336 ClipSrv - detected UnsignedFile.Multi.Generic (1)
19:13:33.0687 4336 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:33.0812 4336 clr_optimization_v2.0.50727_32 - ok
19:13:33.0859 4336 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:33.0953 4336 clr_optimization_v4.0.30319_32 - ok
19:13:33.0953 4336 CmdIde - ok
19:13:33.0953 4336 COMSysApp - ok
19:13:33.0968 4336 Cpqarray - ok
19:13:34.0000 4336 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:13:34.0015 4336 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0015 4336 CryptSvc - detected UnsignedFile.Multi.Generic (1)
19:13:34.0015 4336 dac2w2k - ok
19:13:34.0015 4336 dac960nt - ok
19:13:34.0093 4336 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:13:34.0125 4336 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0125 4336 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
19:13:34.0171 4336 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:13:34.0171 4336 Dhcp ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0171 4336 Dhcp - detected UnsignedFile.Multi.Generic (1)
19:13:34.0218 4336 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:13:34.0234 4336 Disk ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0234 4336 Disk - detected UnsignedFile.Multi.Generic (1)
19:13:34.0234 4336 dmadmin - ok
19:13:34.0265 4336 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:13:34.0312 4336 dmboot ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0312 4336 dmboot - detected UnsignedFile.Multi.Generic (1)
19:13:34.0375 4336 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:13:34.0390 4336 dmio ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0390 4336 dmio - detected UnsignedFile.Multi.Generic (1)
19:13:34.0406 4336 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:13:34.0406 4336 dmload ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0421 4336 dmload - detected UnsignedFile.Multi.Generic (1)
19:13:34.0437 4336 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:13:34.0437 4336 dmserver ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0437 4336 dmserver - detected UnsignedFile.Multi.Generic (1)
19:13:34.0468 4336 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:13:34.0484 4336 DMusic ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0484 4336 DMusic - detected UnsignedFile.Multi.Generic (1)
19:13:34.0562 4336 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:13:34.0562 4336 Dnscache ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0562 4336 Dnscache - detected UnsignedFile.Multi.Generic (1)
19:13:34.0609 4336 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:13:34.0609 4336 Dot3svc ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0609 4336 Dot3svc - detected UnsignedFile.Multi.Generic (1)
19:13:34.0625 4336 dpti2o - ok
19:13:34.0640 4336 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:13:34.0640 4336 drmkaud ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0640 4336 drmkaud - detected UnsignedFile.Multi.Generic (1)
19:13:34.0703 4336 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:13:34.0718 4336 EapHost ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0718 4336 EapHost - detected UnsignedFile.Multi.Generic (1)
19:13:34.0781 4336 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:13:34.0796 4336 eeCtrl - ok
19:13:34.0843 4336 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:13:34.0859 4336 EraserUtilRebootDrv - ok
19:13:34.0921 4336 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:13:34.0921 4336 ERSvc ( UnsignedFile.Multi.Generic ) - warning
19:13:34.0921 4336 ERSvc - detected UnsignedFile.Multi.Generic (1)
19:13:34.0968 4336 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
19:13:34.0984 4336 ES lite Service - ok
19:13:35.0015 4336 [ 3AF0AE042AFE486B22644CD3FBEBF2E2 ] etdrv C:\WINDOWS\etdrv.sys
19:13:35.0046 4336 etdrv - ok
19:13:35.0093 4336 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:13:35.0109 4336 Eventlog ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0109 4336 Eventlog - detected UnsignedFile.Multi.Generic (1)
19:13:35.0156 4336 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:13:35.0156 4336 EventSystem ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0156 4336 EventSystem - detected UnsignedFile.Multi.Generic (1)
19:13:35.0203 4336 [ 76984D46B2ABAA46F8B3FCEF82C9217D ] EverestDriver C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
19:13:35.0203 4336 EverestDriver ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0203 4336 EverestDriver - detected UnsignedFile.Multi.Generic (1)
19:13:35.0250 4336 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:13:35.0265 4336 Fastfat ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0265 4336 Fastfat - detected UnsignedFile.Multi.Generic (1)
19:13:35.0296 4336 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:13:35.0312 4336 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0312 4336 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
19:13:35.0343 4336 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:13:35.0343 4336 Fdc ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0343 4336 Fdc - detected UnsignedFile.Multi.Generic (1)
19:13:35.0390 4336 [ ECA6DDD07F0AEC7FCE08F8ABBE4D9204 ] filter C:\WINDOWS\system32\drivers\filter.sys
19:13:35.0406 4336 filter ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0406 4336 filter - detected UnsignedFile.Multi.Generic (1)
19:13:35.0406 4336 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:13:35.0421 4336 Fips ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0421 4336 Fips - detected UnsignedFile.Multi.Generic (1)
19:13:35.0437 4336 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:13:35.0437 4336 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0437 4336 Flpydisk - detected UnsignedFile.Multi.Generic (1)
19:13:35.0468 4336 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:13:35.0468 4336 FltMgr ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0468 4336 FltMgr - detected UnsignedFile.Multi.Generic (1)
19:13:35.0515 4336 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:13:35.0531 4336 FontCache3.0.0.0 - ok
19:13:35.0531 4336 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:13:35.0531 4336 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0531 4336 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
19:13:35.0546 4336 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:13:35.0562 4336 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0562 4336 Ftdisk - detected UnsignedFile.Multi.Generic (1)
19:13:35.0578 4336 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
19:13:35.0593 4336 gdrv - ok
19:13:35.0640 4336 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:13:35.0656 4336 GEARAspiWDM - ok
19:13:35.0671 4336 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:13:35.0671 4336 Gpc ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0671 4336 Gpc - detected UnsignedFile.Multi.Generic (1)
19:13:35.0718 4336 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
19:13:35.0718 4336 grmnusb ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0718 4336 grmnusb - detected UnsignedFile.Multi.Generic (1)
19:13:35.0812 4336 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:13:35.0828 4336 gupdate - ok
19:13:35.0828 4336 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:13:35.0843 4336 gupdatem - ok
19:13:35.0906 4336 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:13:35.0921 4336 gusvc - ok
19:13:35.0953 4336 [ 689A8EEF2A2D62B28A0A578A6196531C ] GVTDrv C:\WINDOWS\system32\Drivers\GVTDrv.sys
19:13:35.0968 4336 GVTDrv - ok
19:13:36.0015 4336 [ 4236E014632F4163F53EBB717F41594C ] HCF_MSFT C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
19:13:36.0078 4336 HCF_MSFT ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0078 4336 HCF_MSFT - detected UnsignedFile.Multi.Generic (1)
19:13:36.0140 4336 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:13:36.0156 4336 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0156 4336 HDAudBus - detected UnsignedFile.Multi.Generic (1)
19:13:36.0234 4336 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:13:36.0250 4336 helpsvc ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0250 4336 helpsvc - detected UnsignedFile.Multi.Generic (1)
19:13:36.0296 4336 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:13:36.0296 4336 HidServ ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0296 4336 HidServ - detected UnsignedFile.Multi.Generic (1)
19:13:36.0343 4336 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:13:36.0343 4336 HidUsb ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0343 4336 HidUsb - detected UnsignedFile.Multi.Generic (1)
19:13:36.0375 4336 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:13:36.0390 4336 hkmsvc ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0390 4336 hkmsvc - detected UnsignedFile.Multi.Generic (1)
19:13:36.0390 4336 hpn - ok
19:13:36.0437 4336 [ 287A63BD8509BD78E7978823B38AFA81 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:13:36.0437 4336 HPZid412 ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0437 4336 HPZid412 - detected UnsignedFile.Multi.Generic (1)
19:13:36.0437 4336 [ 0B4FDA2657C3E0315EAA57F9C6D4FD1F ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:13:36.0453 4336 HPZipr12 ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0453 4336 HPZipr12 - detected UnsignedFile.Multi.Generic (1)
19:13:36.0468 4336 [ 29559DB25258B60510A60C4E470FCE32 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:13:36.0484 4336 HPZius12 ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0484 4336 HPZius12 - detected UnsignedFile.Multi.Generic (1)
19:13:36.0515 4336 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:13:36.0531 4336 HTTP ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0531 4336 HTTP - detected UnsignedFile.Multi.Generic (1)
19:13:36.0578 4336 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:13:36.0578 4336 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0578 4336 HTTPFilter - detected UnsignedFile.Multi.Generic (1)
19:13:36.0578 4336 i2omgmt - ok
19:13:36.0593 4336 i2omp - ok
19:13:36.0625 4336 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:13:36.0625 4336 i8042prt ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0625 4336 i8042prt - detected UnsignedFile.Multi.Generic (1)
19:13:36.0859 4336 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:13:36.0890 4336 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:13:36.0890 4336 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:13:37.0015 4336 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:13:37.0062 4336 idsvc - ok
19:13:37.0156 4336 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121119.002\IDSxpx86.sys
19:13:37.0171 4336 IDSxpx86 - ok
19:13:37.0218 4336 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:13:37.0234 4336 Imapi ( UnsignedFile.Multi.Generic ) - warning
19:13:37.0234 4336 Imapi - detected UnsignedFile.Multi.Generic (1)
19:13:37.0281 4336 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:13:37.0281 4336 ImapiService ( UnsignedFile.Multi.Generic ) - warning
19:13:37.0281 4336 ImapiService - detected UnsignedFile.Multi.Generic (1)
19:13:37.0281 4336 ini910u - ok
19:13:37.0578 4336 [ E8656858D8B2DA7C9CF59FB4E5CE32ED ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:13:37.0796 4336 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
19:13:37.0796 4336 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
19:13:37.0812 4336 IntelIde - ok
19:13:37.0843 4336 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:13:37.0859 4336 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
19:13:37.0859 4336 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
19:13:37.0890 4336 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:13:37.0890 4336 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
19:13:37.0890 4336 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
19:13:37.0906 4336 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:13:37.0906 4336 IpInIp ( UnsignedFile.Multi.Generic ) - warning
19:13:37.0906 4336 IpInIp - detected UnsignedFile.Multi.Generic (1)
19:13:37.0921 4336 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:13:37.0921 4336 IpNat ( UnsignedFile.Multi.Generic ) - warning
19:13:37.0921 4336 IpNat - detected UnsignedFile.Multi.Generic (1)
19:13:37.0984 4336 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:13:38.0015 4336 iPod Service - ok
19:13:38.0015 4336 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:13:38.0031 4336 IPSec ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0031 4336 IPSec - detected UnsignedFile.Multi.Generic (1)
19:13:38.0062 4336 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:13:38.0062 4336 IRENUM ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0062 4336 IRENUM - detected UnsignedFile.Multi.Generic (1)
19:13:38.0093 4336 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:13:38.0109 4336 isapnp ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0109 4336 isapnp - detected UnsignedFile.Multi.Generic (1)
19:13:38.0187 4336 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:13:38.0203 4336 JavaQuickStarterService - ok
19:13:38.0234 4336 [ 7D5053A827FF5BE3A7D0AE5DD5DBA308 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
19:13:38.0250 4336 JRAID - ok
19:13:38.0265 4336 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:13:38.0281 4336 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0281 4336 Kbdclass - detected UnsignedFile.Multi.Generic (1)
19:13:38.0312 4336 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:13:38.0312 4336 kbdhid ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0312 4336 kbdhid - detected UnsignedFile.Multi.Generic (1)
19:13:38.0343 4336 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:13:38.0359 4336 kmixer ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0359 4336 kmixer - detected UnsignedFile.Multi.Generic (1)
19:13:38.0375 4336 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:13:38.0390 4336 KSecDD ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0390 4336 KSecDD - detected UnsignedFile.Multi.Generic (1)
19:13:38.0421 4336 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:13:38.0421 4336 lanmanserver ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0421 4336 lanmanserver - detected UnsignedFile.Multi.Generic (1)
19:13:38.0484 4336 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:13:38.0484 4336 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0484 4336 lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
19:13:38.0484 4336 lbrtfdc - ok
19:13:38.0546 4336 [ 5CFFDA921FE0C9E9EBDE3150D3C81594 ] Leapfrog-USBLAN C:\WINDOWS\system32\DRIVERS\btblan.sys
19:13:38.0546 4336 Leapfrog-USBLAN ( UnsignedFile.Multi.Generic ) - warning
19:13:38.0546 4336 Leapfrog-USBLAN - detected UnsignedFile.Multi.Generic (1)
19:13:38.0703 4336 [ 36375738DC0B3CD1F764268008E74FDF ] LiveUpdate C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
19:13:38.0921 4336 LiveUpdate - ok
19:13:38.0984 4336 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:13:39.0000 4336 LmHosts ( UnsignedFile.Multi.Generic ) - warning
19:13:39.0000 4336 LmHosts - detected UnsignedFile.Multi.Generic (1)
19:13:39.0265 4336 [ 269C14D512B74CC28D2812FF7D1EB066 ] MarvinBus C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
19:13:39.0281 4336 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
19:13:39.0281 4336 MarvinBus - detected UnsignedFile.Multi.Generic (1)
19:13:39.0343 4336 [ 34F2249A8EEE91AD85FBDB7440C0DF96 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
19:13:39.0359 4336 mbamchameleon - ok
19:13:39.0375 4336 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:13:39.0406 4336 Messenger ( UnsignedFile.Multi.Generic ) - warning
19:13:39.0406 4336 Messenger - detected UnsignedFile.Multi.Generic (1)
19:13:39.0468 4336 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:13:39.0500 4336 mnmdd ( UnsignedFile.Multi.Generic ) - warning
19:13:39.0500 4336 mnmdd - detected UnsignedFile.Multi.Generic (1)
19:13:39.0531 4336 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:13:39.0546 4336 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
19:13:39.0546 4336 mnmsrvc - detected UnsignedFile.Multi.Generic (1)
19:13:39.0625 4336 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:13:39.0625 4336 Modem ( UnsignedFile.Multi.Generic ) - warning
19:13:39.0625 4336 Modem - detected UnsignedFile.Multi.Generic (1)
19:13:39.0812 4336 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
19:13:40.0156 4336 Monfilt ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0156 4336 Monfilt - detected UnsignedFile.Multi.Generic (1)
19:13:40.0203 4336 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:13:40.0203 4336 Mouclass ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0203 4336 Mouclass - detected UnsignedFile.Multi.Generic (1)
19:13:40.0234 4336 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:13:40.0250 4336 mouhid ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0250 4336 mouhid - detected UnsignedFile.Multi.Generic (1)
19:13:40.0265 4336 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:13:40.0281 4336 MountMgr ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0281 4336 MountMgr - detected UnsignedFile.Multi.Generic (1)
19:13:40.0296 4336 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
19:13:40.0312 4336 MPE ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0312 4336 MPE - detected UnsignedFile.Multi.Generic (1)
19:13:40.0312 4336 mraid35x - ok
19:13:40.0375 4336 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:13:40.0406 4336 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0406 4336 MRxDAV - detected UnsignedFile.Multi.Generic (1)
19:13:40.0453 4336 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:13:40.0500 4336 MRxSmb ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0500 4336 MRxSmb - detected UnsignedFile.Multi.Generic (1)
19:13:40.0515 4336 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:13:40.0531 4336 MSDTC ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0531 4336 MSDTC - detected UnsignedFile.Multi.Generic (1)
19:13:40.0562 4336 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
19:13:40.0562 4336 MSDV ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0562 4336 MSDV - detected UnsignedFile.Multi.Generic (1)
19:13:40.0593 4336 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:13:40.0625 4336 Msfs ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0625 4336 Msfs - detected UnsignedFile.Multi.Generic (1)
19:13:40.0625 4336 MSIServer - ok
19:13:40.0656 4336 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:13:40.0671 4336 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0671 4336 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
19:13:40.0687 4336 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:13:40.0687 4336 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0687 4336 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
19:13:40.0718 4336 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:13:40.0718 4336 MSPQM ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0718 4336 MSPQM - detected UnsignedFile.Multi.Generic (1)
19:13:40.0765 4336 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:13:40.0781 4336 mssmbios ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0781 4336 mssmbios - detected UnsignedFile.Multi.Generic (1)
19:13:40.0812 4336 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:13:40.0828 4336 MSTEE ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0828 4336 MSTEE - detected UnsignedFile.Multi.Generic (1)
19:13:40.0890 4336 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:13:40.0906 4336 Mup ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0906 4336 Mup - detected UnsignedFile.Multi.Generic (1)
19:13:41.0000 4336 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:13:41.0031 4336 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
19:13:41.0031 4336 NABTSFEC - detected UnsignedFile.Multi.Generic (1)
19:13:41.0171 4336 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:13:41.0312 4336 napagent ( UnsignedFile.Multi.Generic ) - warning
19:13:41.0312 4336 napagent - detected UnsignedFile.Multi.Generic (1)
19:13:41.0406 4336 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
19:13:41.0437 4336 NAUpdate - ok
19:13:41.0593 4336 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121120.003\NAVENG.SYS
19:13:41.0609 4336 NAVENG - ok
19:13:42.0031 4336 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121120.003\NAVEX15.SYS
19:13:42.0156 4336 NAVEX15 - ok
19:13:42.0187 4336 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:13:42.0203 4336 NDIS ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0203 4336 NDIS - detected UnsignedFile.Multi.Generic (1)
19:13:42.0234 4336 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:13:42.0234 4336 NdisIP ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0234 4336 NdisIP - detected UnsignedFile.Multi.Generic (1)
19:13:42.0265 4336 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:13:42.0281 4336 NdisTapi ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0281 4336 NdisTapi - detected UnsignedFile.Multi.Generic (1)
19:13:42.0328 4336 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:13:42.0328 4336 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0328 4336 Ndisuio - detected UnsignedFile.Multi.Generic (1)
19:13:42.0328 4336 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:13:42.0343 4336 NdisWan ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0343 4336 NdisWan - detected UnsignedFile.Multi.Generic (1)
19:13:42.0390 4336 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:13:42.0390 4336 NDProxy ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0390 4336 NDProxy - detected UnsignedFile.Multi.Generic (1)
19:13:42.0406 4336 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:13:42.0406 4336 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0406 4336 NetBIOS - detected UnsignedFile.Multi.Generic (1)
19:13:42.0453 4336 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:13:42.0468 4336 NetBT ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0468 4336 NetBT - detected UnsignedFile.Multi.Generic (1)
19:13:42.0500 4336 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:13:42.0515 4336 NetDDE ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0515 4336 NetDDE - detected UnsignedFile.Multi.Generic (1)
19:13:42.0515 4336 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:13:42.0531 4336 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0531 4336 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
19:13:42.0562 4336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:13:42.0562 4336 Netlogon ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0562 4336 Netlogon - detected UnsignedFile.Multi.Generic (1)
19:13:42.0578 4336 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:13:42.0578 4336 Netman ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0578 4336 Netman - detected UnsignedFile.Multi.Generic (1)
19:13:42.0640 4336 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:13:42.0687 4336 NetTcpPortSharing - ok
19:13:42.0703 4336 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:13:42.0718 4336 NIC1394 ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0718 4336 NIC1394 - detected UnsignedFile.Multi.Generic (1)
19:13:42.0812 4336 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
19:13:42.0812 4336 NIS - ok
19:13:42.0875 4336 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:13:42.0875 4336 Nla ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0875 4336 Nla - detected UnsignedFile.Multi.Generic (1)
19:13:42.0937 4336 [ 65194F525AEF541EAA5056EB3D53A25B ] NPDriver C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
19:13:42.0953 4336 NPDriver - ok
19:13:42.0953 4336 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:13:42.0968 4336 Npfs ( UnsignedFile.Multi.Generic ) - warning
19:13:42.0968 4336 Npfs - detected UnsignedFile.Multi.Generic (1)
19:13:43.0046 4336 [ CFF46776A6886231CE782A3D63495F20 ] NProtectService C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
19:13:43.0062 4336 NProtectService - ok
19:13:43.0125 4336 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:13:43.0156 4336 Ntfs ( UnsignedFile.Multi.Generic ) - warning
19:13:43.0156 4336 Ntfs - detected UnsignedFile.Multi.Generic (1)
19:13:43.0203 4336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:13:43.0203 4336 NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
19:13:43.0203 4336 NtLmSsp - detected UnsignedFile.Multi.Generic (1)
19:13:43.0265 4336 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:13:43.0281 4336 NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
19:13:43.0281 4336 NtmsSvc - detected UnsignedFile.Multi.Generic (1)
19:13:43.0296 4336 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:13:43.0312 4336 Null ( UnsignedFile.Multi.Generic ) - warning
19:13:43.0312 4336 Null - detected UnsignedFile.Multi.Generic (1)
19:13:43.0656 4336 [ A05D99CBF55EB493C9E82B4BCA848EF5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:13:44.0265 4336 nv ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0265 4336 nv - detected UnsignedFile.Multi.Generic (1)
19:13:44.0312 4336 [ A86A2F2B2BF5D5EED075B6417DE5CF1C ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
19:13:44.0328 4336 nvsvc - ok
19:13:44.0359 4336 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:13:44.0375 4336 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0375 4336 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
19:13:44.0375 4336 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:13:44.0390 4336 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0390 4336 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
19:13:44.0406 4336 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:13:44.0421 4336 ohci1394 ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0421 4336 ohci1394 - detected UnsignedFile.Multi.Generic (1)
19:13:44.0468 4336 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:13:44.0484 4336 Parport ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0484 4336 Parport - detected UnsignedFile.Multi.Generic (1)
19:13:44.0484 4336 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:13:44.0484 4336 PartMgr ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0484 4336 PartMgr - detected UnsignedFile.Multi.Generic (1)
19:13:44.0531 4336 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:13:44.0531 4336 ParVdm ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0531 4336 ParVdm - detected UnsignedFile.Multi.Generic (1)
19:13:44.0593 4336 [ 9C049ACD0CB71931AF89E055427DFAC9 ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
19:13:44.0593 4336 pcCMService ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0593 4336 pcCMService - detected UnsignedFile.Multi.Generic (1)
19:13:44.0609 4336 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:13:44.0609 4336 PCI ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0609 4336 PCI - detected UnsignedFile.Multi.Generic (1)
19:13:44.0609 4336 PCIDump - ok
19:13:44.0625 4336 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:13:44.0625 4336 PCIIde ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0625 4336 PCIIde - detected UnsignedFile.Multi.Generic (1)
19:13:44.0671 4336 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\WINDOWS\system32\drivers\pclepci.sys
19:13:44.0671 4336 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0671 4336 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
19:13:44.0703 4336 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:13:44.0718 4336 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0718 4336 Pcmcia - detected UnsignedFile.Multi.Generic (1)
19:13:44.0718 4336 PDCOMP - ok
19:13:44.0718 4336 PDFRAME - ok
19:13:44.0718 4336 PDRELI - ok
19:13:44.0734 4336 PDRFRAME - ok
19:13:44.0734 4336 perc2 - ok
19:13:44.0734 4336 perc2hib - ok
19:13:44.0796 4336 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:13:44.0796 4336 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0796 4336 PlugPlay - detected UnsignedFile.Multi.Generic (1)
19:13:44.0843 4336 [ 5C1CADD1CB67C0B9D8A84EC6E4D6B5CC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
19:13:44.0843 4336 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0843 4336 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:13:44.0843 4336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:13:44.0859 4336 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0859 4336 PolicyAgent - detected UnsignedFile.Multi.Generic (1)
19:13:44.0875 4336 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:13:44.0875 4336 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0875 4336 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
19:13:44.0890 4336 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:13:44.0890 4336 Processor ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0890 4336 Processor - detected UnsignedFile.Multi.Generic (1)
19:13:44.0890 4336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:13:44.0906 4336 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0906 4336 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
19:13:44.0906 4336 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:13:44.0906 4336 PSched ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0906 4336 PSched - detected UnsignedFile.Multi.Generic (1)
19:13:44.0937 4336 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:13:44.0937 4336 Ptilink ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0937 4336 Ptilink - detected UnsignedFile.Multi.Generic (1)
19:13:44.0937 4336 ql1080 - ok
19:13:44.0953 4336 Ql10wnt - ok
19:13:44.0953 4336 ql12160 - ok
19:13:44.0953 4336 ql1240 - ok
19:13:44.0968 4336 ql1280 - ok
19:13:44.0984 4336 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:13:44.0984 4336 RasAcd ( UnsignedFile.Multi.Generic ) - warning
19:13:44.0984 4336 RasAcd - detected UnsignedFile.Multi.Generic (1)
19:13:45.0031 4336 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:13:45.0031 4336 RasAuto ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0031 4336 RasAuto - detected UnsignedFile.Multi.Generic (1)
19:13:45.0062 4336 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:13:45.0062 4336 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0062 4336 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
19:13:45.0109 4336 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:13:45.0125 4336 RasMan ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0125 4336 RasMan - detected UnsignedFile.Multi.Generic (1)
19:13:45.0125 4336 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:13:45.0140 4336 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0140 4336 RasPppoe - detected UnsignedFile.Multi.Generic (1)
19:13:45.0140 4336 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:13:45.0140 4336 Raspti ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0140 4336 Raspti - detected UnsignedFile.Multi.Generic (1)
19:13:45.0156 4336 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:13:45.0171 4336 Rdbss ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0171 4336 Rdbss - detected UnsignedFile.Multi.Generic (1)
19:13:45.0171 4336 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:13:45.0187 4336 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0187 4336 RDPCDD - detected UnsignedFile.Multi.Generic (1)
19:13:45.0234 4336 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:13:45.0234 4336 RDPWD ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0234 4336 RDPWD - detected UnsignedFile.Multi.Generic (1)
19:13:45.0250 4336 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:13:45.0265 4336 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0265 4336 RDSessMgr - detected UnsignedFile.Multi.Generic (1)
19:13:45.0296 4336 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:13:45.0296 4336 redbook ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0296 4336 redbook - detected UnsignedFile.Multi.Generic (1)
19:13:45.0328 4336 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:13:45.0343 4336 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0343 4336 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
19:13:45.0453 4336 [ 41DDCF1ADD1FB7DE23DCF671740DDBE6 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
19:13:45.0468 4336 RichVideo - ok
19:13:45.0500 4336 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:13:45.0515 4336 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0515 4336 RpcLocator - detected UnsignedFile.Multi.Generic (1)
19:13:45.0546 4336 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:13:45.0562 4336 RpcSs ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0562 4336 RpcSs - detected UnsignedFile.Multi.Generic (1)
19:13:45.0609 4336 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:13:45.0625 4336 RSVP ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0625 4336 RSVP - detected UnsignedFile.Multi.Generic (1)
19:13:45.0671 4336 [ 79B4FE884C18DD82D5449F6B6026D092 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:13:45.0687 4336 RTLE8023xp ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0687 4336 RTLE8023xp - detected UnsignedFile.Multi.Generic (1)
19:13:45.0687 4336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:13:45.0703 4336 SamSs ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0703 4336 SamSs - detected UnsignedFile.Multi.Generic (1)
19:13:45.0734 4336 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:13:45.0734 4336 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0734 4336 SCardSvr - detected UnsignedFile.Multi.Generic (1)
19:13:45.0781 4336 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:13:45.0796 4336 Schedule ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0796 4336 Schedule - detected UnsignedFile.Multi.Generic (1)
19:13:45.0828 4336 [ 11B5E1DA4566A68A881A7D73222F4C78 ] SDdriver C:\WINDOWS\system32\Drivers\sddriver.sys
19:13:45.0843 4336 SDdriver - ok
19:13:45.0859 4336 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:13:45.0859 4336 Secdrv ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0859 4336 Secdrv - detected UnsignedFile.Multi.Generic (1)
19:13:45.0890 4336 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:13:45.0906 4336 seclogon ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0906 4336 seclogon - detected UnsignedFile.Multi.Generic (1)
19:13:45.0953 4336 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:13:45.0953 4336 SENS ( UnsignedFile.Multi.Generic ) - warning
19:13:45.0953 4336 SENS - detected UnsignedFile.Multi.Generic (1)
19:13:45.0984 4336 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:13:46.0000 4336 serenum ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0000 4336 serenum - detected UnsignedFile.Multi.Generic (1)
19:13:46.0000 4336 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:13:46.0015 4336 Serial ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0015 4336 Serial - detected UnsignedFile.Multi.Generic (1)
19:13:46.0046 4336 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:13:46.0062 4336 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0062 4336 Sfloppy - detected UnsignedFile.Multi.Generic (1)
19:13:46.0078 4336 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:13:46.0093 4336 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0093 4336 SharedAccess - detected UnsignedFile.Multi.Generic (1)
19:13:46.0140 4336 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:13:46.0156 4336 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0156 4336 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
19:13:46.0156 4336 Simbad - ok
19:13:46.0187 4336 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:13:46.0187 4336 SLIP ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0187 4336 SLIP - detected UnsignedFile.Multi.Generic (1)
19:13:46.0203 4336 Sparrow - ok
19:13:46.0234 4336 [ CAA0DED075B7F499CB788E7646016857 ] Speed Disk service C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
19:13:46.0250 4336 Speed Disk service - ok
19:13:46.0281 4336 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:13:46.0296 4336 splitter ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0296 4336 splitter - detected UnsignedFile.Multi.Generic (1)
19:13:46.0328 4336 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:13:46.0343 4336 Spooler ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0343 4336 Spooler - detected UnsignedFile.Multi.Generic (1)
19:13:46.0359 4336 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:13:46.0359 4336 sr ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0359 4336 sr - detected UnsignedFile.Multi.Generic (1)
19:13:46.0406 4336 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:13:46.0406 4336 srservice ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0406 4336 srservice - detected UnsignedFile.Multi.Generic (1)
19:13:46.0484 4336 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS
19:13:46.0515 4336 SRTSP - ok
19:13:46.0546 4336 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS
19:13:46.0562 4336 SRTSPX - ok
19:13:46.0578 4336 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:13:46.0593 4336 Srv ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0593 4336 Srv - detected UnsignedFile.Multi.Generic (1)
19:13:46.0640 4336 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:13:46.0656 4336 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0656 4336 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
19:13:46.0750 4336 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:13:46.0765 4336 stisvc ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0765 4336 stisvc - detected UnsignedFile.Multi.Generic (1)
19:13:46.0812 4336 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:13:46.0828 4336 streamip ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0828 4336 streamip - detected UnsignedFile.Multi.Generic (1)
19:13:46.0859 4336 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:13:46.0859 4336 swenum ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0859 4336 swenum - detected UnsignedFile.Multi.Generic (1)
19:13:46.0875 4336 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:13:46.0875 4336 swmidi ( UnsignedFile.Multi.Generic ) - warning
19:13:46.0875 4336 swmidi - detected UnsignedFile.Multi.Generic (1)
19:13:46.0890 4336 SwPrv - ok
19:13:46.0937 4336 [ C8A43978DADCF12B7E40A0577227DFBC ] sxuptp C:\WINDOWS\system32\DRIVERS\sxuptp.sys
19:13:46.0953 4336 sxuptp - ok
19:13:46.0968 4336 symc810 - ok
19:13:46.0968 4336 symc8xx - ok
19:13:47.0015 4336 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMDS.SYS
19:13:47.0046 4336 SymDS - ok
19:13:47.0093 4336 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMEFA.SYS
19:13:47.0171 4336 SymEFA - ok
19:13:47.0234 4336 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:13:47.0250 4336 SymEvent - ok
19:13:47.0296 4336 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS
19:13:47.0312 4336 SymIRON - ok
19:13:47.0359 4336 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS
19:13:47.0375 4336 SYMTDI - ok
19:13:47.0390 4336 sym_hi - ok
19:13:47.0390 4336 sym_u3 - ok
19:13:47.0406 4336 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:13:47.0421 4336 sysaudio ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0421 4336 sysaudio - detected UnsignedFile.Multi.Generic (1)
19:13:47.0468 4336 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:13:47.0468 4336 SysmonLog ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0468 4336 SysmonLog - detected UnsignedFile.Multi.Generic (1)
19:13:47.0515 4336 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:13:47.0515 4336 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0515 4336 TapiSrv - detected UnsignedFile.Multi.Generic (1)
19:13:47.0578 4336 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:13:47.0593 4336 Tcpip ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0593 4336 Tcpip - detected UnsignedFile.Multi.Generic (1)
19:13:47.0640 4336 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:13:47.0656 4336 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0656 4336 TDPIPE - detected UnsignedFile.Multi.Generic (1)
19:13:47.0656 4336 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:13:47.0671 4336 TDTCP ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0671 4336 TDTCP - detected UnsignedFile.Multi.Generic (1)
19:13:47.0687 4336 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:13:47.0703 4336 TermDD ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0703 4336 TermDD - detected UnsignedFile.Multi.Generic (1)
19:13:47.0718 4336 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:13:47.0734 4336 TermService ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0734 4336 TermService - detected UnsignedFile.Multi.Generic (1)
19:13:47.0781 4336 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:13:47.0796 4336 Themes ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0796 4336 Themes - detected UnsignedFile.Multi.Generic (1)
19:13:47.0796 4336 TosIde - ok
19:13:47.0812 4336 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:13:47.0828 4336 TrkWks ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0828 4336 TrkWks - detected UnsignedFile.Multi.Generic (1)
19:13:47.0843 4336 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:13:47.0843 4336 Udfs ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0843 4336 Udfs - detected UnsignedFile.Multi.Generic (1)
19:13:47.0843 4336 ultra - ok
19:13:47.0890 4336 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:13:47.0921 4336 Update ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0921 4336 Update - detected UnsignedFile.Multi.Generic (1)
19:13:47.0953 4336 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:13:47.0968 4336 upnphost ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0968 4336 upnphost - detected UnsignedFile.Multi.Generic (1)
19:13:47.0984 4336 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:13:47.0984 4336 UPS ( UnsignedFile.Multi.Generic ) - warning
19:13:47.0984 4336 UPS - detected UnsignedFile.Multi.Generic (1)
19:13:48.0015 4336 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
19:13:48.0015 4336 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0015 4336 USBAAPL - detected UnsignedFile.Multi.Generic (1)
19:13:48.0046 4336 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:13:48.0062 4336 usbaudio ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0062 4336 usbaudio - detected UnsignedFile.Multi.Generic (1)
19:13:48.0062 4336 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:13:48.0078 4336 usbccgp ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0078 4336 usbccgp - detected UnsignedFile.Multi.Generic (1)
19:13:48.0125 4336 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:13:48.0125 4336 usbehci ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0125 4336 usbehci - detected UnsignedFile.Multi.Generic (1)
19:13:48.0171 4336 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:13:48.0187 4336 usbhub ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0187 4336 usbhub - detected UnsignedFile.Multi.Generic (1)
19:13:48.0203 4336 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:13:48.0203 4336 usbohci ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0203 4336 usbohci - detected UnsignedFile.Multi.Generic (1)
19:13:48.0218 4336 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:13:48.0218 4336 usbprint ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0218 4336 usbprint - detected UnsignedFile.Multi.Generic (1)
19:13:48.0218 4336 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:13:48.0234 4336 usbscan ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0234 4336 usbscan - detected UnsignedFile.Multi.Generic (1)
19:13:48.0234 4336 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:13:48.0234 4336 usbstor ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0234 4336 usbstor - detected UnsignedFile.Multi.Generic (1)
19:13:48.0265 4336 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:13:48.0281 4336 VgaSave ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0281 4336 VgaSave - detected UnsignedFile.Multi.Generic (1)
19:13:48.0281 4336 ViaIde - ok
19:13:48.0312 4336 [ 705C36BC6E13FDB304486898D6D8512B ] vobcom C:\WINDOWS\system32\drivers\vobcom.sys
19:13:48.0328 4336 vobcom ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0328 4336 vobcom - detected UnsignedFile.Multi.Generic (1)
19:13:48.0359 4336 [ 1DD1D1E3C3FAE2BF7CE5ED2F71A356A1 ] vobiw C:\WINDOWS\system32\drivers\vobiw.sys
19:13:48.0359 4336 vobiw ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0359 4336 vobiw - detected UnsignedFile.Multi.Generic (1)
19:13:48.0359 4336 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:13:48.0375 4336 VolSnap ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0375 4336 VolSnap - detected UnsignedFile.Multi.Generic (1)
19:13:48.0421 4336 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:13:48.0421 4336 VSS ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0421 4336 VSS - detected UnsignedFile.Multi.Generic (1)
19:13:48.0515 4336 [ 42870675B4D84ACD81A9DA69B83F14C5 ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys
19:13:48.0656 4336 VX3000 ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0656 4336 VX3000 - detected UnsignedFile.Multi.Generic (1)
19:13:48.0703 4336 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:13:48.0718 4336 W32Time ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0718 4336 W32Time - detected UnsignedFile.Multi.Generic (1)
19:13:48.0734 4336 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:13:48.0750 4336 Wanarp ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0750 4336 Wanarp - detected UnsignedFile.Multi.Generic (1)
19:13:48.0765 4336 WDICA - ok
19:13:48.0828 4336 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:13:48.0828 4336 wdmaud ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0828 4336 wdmaud - detected UnsignedFile.Multi.Generic (1)
19:13:48.0875 4336 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:13:48.0890 4336 WebClient ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0890 4336 WebClient - detected UnsignedFile.Multi.Generic (1)
19:13:48.0984 4336 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:13:48.0984 4336 winmgmt ( UnsignedFile.Multi.Generic ) - warning
19:13:48.0984 4336 winmgmt - detected UnsignedFile.Multi.Generic (1)
19:13:49.0031 4336 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:13:49.0031 4336 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0031 4336 WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
19:13:49.0078 4336 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:13:49.0078 4336 WmiAcpi ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0078 4336 WmiAcpi - detected UnsignedFile.Multi.Generic (1)
19:13:49.0125 4336 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:13:49.0125 4336 WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0125 4336 WmiApSrv - detected UnsignedFile.Multi.Generic (1)
19:13:49.0218 4336 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:13:49.0281 4336 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0281 4336 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
19:13:49.0328 4336 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:13:49.0328 4336 WpdUsb ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0328 4336 WpdUsb - detected UnsignedFile.Multi.Generic (1)
19:13:49.0421 4336 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:13:49.0468 4336 WPFFontCache_v0400 - ok
19:13:49.0515 4336 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:13:49.0531 4336 WS2IFSL ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0531 4336 WS2IFSL - detected UnsignedFile.Multi.Generic (1)
19:13:49.0562 4336 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:13:49.0578 4336 wscsvc ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0578 4336 wscsvc - detected UnsignedFile.Multi.Generic (1)
19:13:49.0609 4336 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:13:49.0609 4336 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0609 4336 WSTCODEC - detected UnsignedFile.Multi.Generic (1)
19:13:49.0640 4336 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:13:49.0640 4336 wuauserv ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0640 4336 wuauserv - detected UnsignedFile.Multi.Generic (1)
19:13:49.0656 4336 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:13:49.0671 4336 WudfPf ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0671 4336 WudfPf - detected UnsignedFile.Multi.Generic (1)
19:13:49.0687 4336 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:13:49.0687 4336 WudfRd ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0687 4336 WudfRd - detected UnsignedFile.Multi.Generic (1)
19:13:49.0703 4336 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:13:49.0718 4336 WudfSvc ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0718 4336 WudfSvc - detected UnsignedFile.Multi.Generic (1)
19:13:49.0781 4336 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:13:49.0859 4336 WZCSVC ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0859 4336 WZCSVC - detected UnsignedFile.Multi.Generic (1)
19:13:49.0890 4336 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:13:49.0890 4336 xmlprov ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0890 4336 xmlprov - detected UnsignedFile.Multi.Generic (1)
19:13:49.0921 4336 [ 41CF36A3CC7786575247ED456918E112 ] XUIF C:\WINDOWS\system32\Drivers\x10ufx2.sys
19:13:49.0921 4336 XUIF ( UnsignedFile.Multi.Generic ) - warning
19:13:49.0921 4336 XUIF - detected UnsignedFile.Multi.Generic (1)
19:13:49.0937 4336 ================ Scan global ===============================
19:13:49.0968 4336 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:13:50.0031 4336 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:13:50.0031 4336 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:13:50.0046 4336 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:13:50.0046 4336 [Global] - ok
19:13:50.0046 4336 ================ Scan MBR ==================================
19:13:50.0078 4336 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:13:50.0328 4336 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:13:50.0328 4336 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:13:50.0359 4336 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:13:50.0437 4336 \Device\Harddisk1\DR1 - ok
19:13:50.0437 4336 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
19:13:50.0500 4336 \Device\Harddisk2\DR2 - ok
19:13:50.0500 4336 ================ Scan VBR ==================================
19:13:50.0500 4336 [ FF8A16B0D1C22AE5BA865ACE331DFC86 ] \Device\Harddisk0\DR0\Partition1
19:13:50.0500 4336 \Device\Harddisk0\DR0\Partition1 - ok
19:13:50.0515 4336 [ 1C7879D19F1ED05269C836002C2782B0 ] \Device\Harddisk1\DR1\Partition1
19:13:50.0515 4336 \Device\Harddisk1\DR1\Partition1 - ok
19:13:50.0515 4336 [ A5BC8EB83640748495977027EFD4C2DD ] \Device\Harddisk2\DR2\Partition1
19:13:50.0515 4336 \Device\Harddisk2\DR2\Partition1 - ok
19:13:50.0515 4336 ============================================================
19:13:50.0515 4336 Scan finished
19:13:50.0515 4336 ============================================================
19:13:50.0625 4328 Detected object count: 240
19:13:50.0625 4328 Actual detected object count: 240
19:16:14.0531 4328 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0531 4328 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0531 4328 aec ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0531 4328 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0531 4328 Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0531 4328 ALG ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0531 4328 Ambfilt ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 Ambfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0531 4328 AmdPPM ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 AmdPPM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0531 4328 AODDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 AODDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0531 4328 Arp1394 ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0531 4328 Arp1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 audstub ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 Avc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 Avc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 Belkin Local Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0546 4328 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0546 4328 Belkin Network USB Helper ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 BITS ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 Browser ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 cdrdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 cdrdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0562 4328 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0562 4328 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 dmio ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 dmload ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0609 4328 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0609 4328 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 EverestDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 EverestDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 filter ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 filter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 Fips ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0625 4328 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0625 4328 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 HCF_MSFT ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 HCF_MSFT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 HidServ ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 HidServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 HidUsb ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 HidUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0640 4328 HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0640 4328 HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0656 4328 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0656 4328 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0671 4328 lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0671 4328 lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 Leapfrog-USBLAN ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 Leapfrog-USBLAN ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 Modem ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 Monfilt ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 Monfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0687 4328 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0687 4328 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 MPE ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 MPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 MSDV ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 MSDV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0703 4328 Mup ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0703 4328 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 napagent ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0718 4328 NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0718 4328 NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 Netman ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 NIC1394 ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 NIC1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 Nla ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 Null ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0734 4328 nv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0734 4328 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 ohci1394 ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 ohci1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 Parport ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 PCI ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0750 4328 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0750 4328 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 Processor ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 Processor ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 PSched ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0765 4328 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0765 4328 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 redbook ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0781 4328 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0781 4328 RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 RTLE8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 RTLE8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 SENS ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 serenum ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 Serial ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0796 4328 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0796 4328 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 splitter ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 sr ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 srservice ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 Srv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 streamip ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0812 4328 swenum ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0812 4328 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0828 4328 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0828 4328 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 Update ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 UPS ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 usbaudio ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 usbaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 usbohci ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0843 4328 usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0843 4328 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 usbstor ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 usbstor ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 vobcom ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 vobcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 vobiw ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 vobiw ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 VSS ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 VX3000 ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 VX3000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0859 4328 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0859 4328 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 WmiAcpi ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 WmiAcpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0875 4328 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0875 4328 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0890 4328 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0890 4328 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0890 4328 WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0890 4328 WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0890 4328 WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0890 4328 WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0890 4328 xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0890 4328 xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0890 4328 XUIF ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:14.0890 4328 XUIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:14.0937 4328 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:16:14.0937 4328 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:16:14.0953 4328 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:16:15.0062 4328 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:16:15.0062 4328 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:16:15.0078 4328 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:16:15.0078 4328 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:16:15.0078 4328 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:16:15.0078 4328 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:16:15.0093 4328 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:16:15.0093 4328 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:16:15.0093 4328 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:16:15.0093 4328 \Device\Harddisk0\DR0\TDLFS - deleted
19:16:15.0093 4328 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
19:16:28.0968 2684 Deinitialize success

#30
godawgs

Posted 21 November 2012 - 09:03 AM

Teacher

Retired Staff
8,228 posts

That's great.

I want a new aswMBR scan. Please use the directions in Step 1 of post #14

I also want to see new MalwareBytes and ESET scans. Use the instructions in Steps 1 and 2 of post #8

And finally I want a new OTL scan.

Posted Image

OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

%SYSTEMDRIVE%\*.exe
/md5start
hal.dll
/md5stop
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:

Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console
DO NOT click the box beside Include 64bit Scans
Make sure the Output box at the top is set to Standard Output.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of this file and paste it into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new aswMBR log
2. The new MalwareBytes log
3. The new ESET online scan log (IF any threats were found)
4. The new OTL.txt log
5. Tell me how the computer is running now and if any issues remain.