Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.zeroaccess reported by combofix but it isn't cleaned


  • This topic is locked This topic is locked
10 replies to this topic

#1 josephmmiller

josephmmiller

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 27 August 2013 - 08:19 PM

Running combofix it reports that I have rootkit.zeroaccess attached to my IP stack. It never gets to its first phase and I have to power off the PC.

 

The PC appears to work ok otherwise.

 

Malwarebytes doesn't detect anything

TDSSKiller doesn't detect anything.

 

I have cleaned many rootkits but this one has me stumped.

 

Attached are the DDS reports.

 

Please let me know what can be done.

 

Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 01 September 2013 - 10:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please run ComboFix one more time and post a log for my review.

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 josephmmiller

josephmmiller
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 02 September 2013 - 02:59 PM

Here are the reports from:

Roguekiller, Adwcleaner and Junkware Removal Tool

 

RogueKiller V8.6.8 [Sep  2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : JJMAdmin [Admin rights]
Mode : Scan -- Date : 09/02/2013 14:39:11
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 3 ¤¤¤
[FF][PROXY] lu9ul3ar.default : user_pref("network.proxy.hxxp", "127.0.0.1"); -> FOUND
[FF][PROXY] lu9ul3ar.default : user_pref("network.proxy.hxxp_port", 50370); -> FOUND
[FF][PROXY] lu9ul3ar.default : user_pref("network.proxy.type", 1); -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x8A3B2DC0)
[Address] SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x89D9C938)
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x8A3A9250)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x89D77F48)
[Address] SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x8A74D158)
[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x8A3B2B10)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x89D77D68)
[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x89D66FB0)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x89C51C20)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x8A3CA0B0)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x8A69D3E0)
[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9362 -> HOOKED (Unknown @ 0x8A3B2C00)
[Address] SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x8A3B2CE0)
[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A5280E0)
[Address] SSDT[108] : unknown @ 0x805B206E -> HOOKED (Unknown @ 0x8A3819C8)
[Address] SSDT[114] : NtOpenEvent @ 0x8060F1E0 -> HOOKED (Unknown @ 0x8A3B2A30)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x8A031878)
[Address] SSDT[123] : NtOpenProcessToken @ 0x805EE030 -> HOOKED (Unknown @ 0x89D66E38)
[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x89C51E48)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x8A3429E0)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x89D77E58)
[Address] SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x89D9CA18)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x8A381838)
[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x8A7C1C48)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x89C51D00)
[Address] SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x89C51F28)
[Address] SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x89D9CAF8)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x89CF80D8)
[Address] SSDT[258] : unknown @ 0x805D2502 -> HOOKED (Unknown @ 0x89D9CBD8)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x8A381930)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x8A7C5930)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x89CAF4A8)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A3267D0)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x89C91958)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A3268B0)
[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A326930)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89C743F0)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x89C91868)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x89C744E0)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89CB62F0)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x89CB6380)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD2500AAKS-00VSA0 +++++
--- User ---
[MBR] 7baa4efd0b297ac141e0026fc31415ca
[BSP] 889ac87e10df270bc4fdc3a067384778 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09022013_143911.txt >>
 
 
 
 
# AdwCleaner v3.002 - Report created 02/09/2013 at 14:41:55
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : JJMAdmin - JJMILLER-PC
# Running from : C:\Documents and Settings\JJMAdmin\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\JJM\Desktop\iLivid.lnk
File Found : C:\Documents and Settings\JJM\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Documents and Settings\JJM\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Documents and Settings\JJM\Start Menu\Programs\iLivid.lnk
File Found : C:\Documents and Settings\JJMAdmin\Application Data\Mozilla\Firefox\Profiles\lu9ul3ar.default\searchplugins\Askcom.xml
File Found : C:\WINDOWS\system32\roboot.exe
Folder Found : C:\Documents and Settings\JJM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Folder Found : C:\Documents and Settings\JJM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfnglnjhhbjjkfggljifgnmdgpecgjmp
Folder Found : C:\Documents and Settings\JJM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nlndmljfcnlkbcbbneenigbpikmdfcdh
Folder Found : C:\Documents and Settings\JJMAdmin\Application Data\Mozilla\Firefox\Profiles\lu9ul3ar.default\Extensions\wecarereminder@bryan
Folder Found : C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
Folder Found : C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Folder Found : C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hllhlhdmmmpbclddmhffaghecjaklneo
Folder Found : C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
Folder Found C:\Documents and Settings\Administrator\Application Data\registry mechanic
Folder Found C:\Documents and Settings\Administrator\IECompatCache
Folder Found C:\Documents and Settings\All Users\Application Data\apn
Folder Found C:\Documents and Settings\All Users\Application Data\Ask
Folder Found C:\Documents and Settings\All Users\Application Data\DriverCure
Folder Found C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
Folder Found C:\Documents and Settings\All Users\Application Data\StarApp
Folder Found C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Found C:\Documents and Settings\JJM\Application Data\DefaultTab
Folder Found C:\Documents and Settings\JJM\Application Data\eIntaller
Folder Found C:\Documents and Settings\JJM\Application Data\PCFixSpeed
Folder Found C:\Documents and Settings\JJM\Application Data\SearchProtect
Folder Found C:\Documents and Settings\JJM\Application Data\Systweak
Folder Found C:\Documents and Settings\JJM\IECompatCache
Folder Found C:\Documents and Settings\JJM\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\JJM\Local Settings\Application Data\cre
Folder Found C:\Documents and Settings\JJM\Local Settings\Application Data\DownloadTerms
Folder Found C:\Documents and Settings\JJM\Local Settings\Application Data\Ilivid
Folder Found C:\Documents and Settings\JJM\Local Settings\Application Data\internethelper3.1
Folder Found C:\Documents and Settings\JJM\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\JJM\Local Settings\Application Data\SanctionedMedia
Folder Found C:\Documents and Settings\JJM\Local Settings\Application Data\Zoom_Downloader
Folder Found C:\Documents and Settings\JJM\Start Menu\Programs\Wajam
Folder Found C:\Documents and Settings\JJMAdmin\Application Data\DriverCure
Folder Found C:\Documents and Settings\JJMAdmin\Application Data\DSite
Folder Found C:\Documents and Settings\JJMAdmin\Application Data\Systweak
Folder Found C:\Documents and Settings\JJMAdmin\IECompatCache
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\cre
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\DefineExt
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\DownloadTerms
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\MixiDJ_V30
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\MixiDJ_V30
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\SanctionedMedia
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\VisualBee_V.4
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\visualbeeexe
Folder Found C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\Zoom_Downloader
Folder Found C:\Documents and Settings\JJMAdmin\My Documents\DealRunner
Folder Found C:\Documents and Settings\LocalService\Application Data\24x7 help
Folder Found C:\Documents and Settings\NetworkService\IECompatCache
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\internethelper3.1
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\VisualBee_V.4
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Alexa Internet
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\distromatic
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Found : HKCU\Software\Google\Chrome\Extensions\hllhlhdmmmpbclddmhffaghecjaklneo
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77F5FE49-12E3-4CF5-ABB4-D993A0164D9E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77F5FE49-12E3-4CF5-ABB4-D993A0164D9E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F720198B-B2C4-4F30-BBC2-B7D9A300CAC3}
Key Found : HKCU\Software\MixiDJ_V30
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\VisualBee_V.4
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\
Key Found : HKLM\SOFTWARE\Classes\AppID\
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\
Key Found : HKLM\SOFTWARE\Classes\CLSID\
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{77F5FE49-12E3-4CF5-ABB4-D993A0164D9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0033332.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0033332.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0033332.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\Interface\
Key Found : HKLM\SOFTWARE\Classes\Interface\
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\
Key Found : HKLM\SOFTWARE\Classes\TypeLib\
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Fast Free Converter
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hllhlhdmmmpbclddmhffaghecjaklneo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CA57BAF-5C74-4B6B-B648-6CE21DAB9138}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D563A587-F145-4933-8D4F-8285A16CC71E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fast Free Converter
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast Free Converter
Key Found : HKLM\Software\MixiDJ_V30
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\VisualBee_V.4
Product Found : Google Update Helper
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{77F5FE49-12E3-4CF5-ABB4-D993A0164D9E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{77F5FE49-12E3-4CF5-ABB4-D993A0164D9E}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Documents and Settings\JJMAdmin\Application Data\Mozilla\Firefox\Profiles\lu9ul3ar.default\prefs.js ]
 
 
-\\ Google Chrome v28.0.1500.72
 
[ File : C:\Documents and Settings\JJM\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
 
[ File : C:\Documents and Settings\JJMAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18229 octets] - [02/09/2013 14:41:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18290 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Microsoft Windows XP x86
Ran by JJMAdmin on Mon 09/02/2013 at 14:53:06.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\JJMAdmin\Application Data\w3i"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/02/2013 at 14:57:01.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

I ran Combofix again and got the following messags:

 

You are infected with Rootkit.ZeroAccess" It has inserted itself onto the

tcp/ip stack. This is a particularly difficult infection.

 

If for any reason that you've anable to connect to the internet after

running Combofix, reboot once and see if that fixes it.

 

If it's not fixed, run Combofix one more time.

 

 

Then the message:

 

Rootkit is detected

 

Be patient as this may take some moments.

 

Combofix ran for over 30 minutes, never reported anything else and never generated a report.

 

 

 

Notably after AdwareCleaner was run, iexplorer would no longer function so I am now using Chrome.

The desktop seems very strange also.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 03 September 2013 - 07:58 AM


Open Internet Explorer Tools Menu > Internet Options > Advanced tab.

In the bottom pane, Click the Reset buttom to reset the IE default settings.

Keep me posted on this issue.
===


Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please run ComboFix and let me know if the ZeroAccess is still found.

#5 josephmmiller

josephmmiller
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 03 September 2013 - 07:30 PM

Let me clarify iexplorer, it doesn't start. When I click on it a window opens and then immediately closes so I cannot use it. I have to use Chrome. I did click on the start button, and on the iexplore option I was able to right click and select tools_options->advanced->reset.
This did not change the behavior, it shuts down immediately so I have to ability to use it.
 
TDSSKiller report:
 
18:37:56.0093 3092  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:37:58.0093 3092  ============================================================
18:37:58.0093 3092  Current date / time: 2013/09/03 18:37:58.0093
18:37:58.0093 3092  SystemInfo:
18:37:58.0093 3092  
18:37:58.0093 3092  OS Version: 5.1.2600 ServicePack: 3.0
18:37:58.0093 3092  Product type: Workstation
18:37:58.0093 3092  ComputerName: JJMILLER-PC
18:37:58.0093 3092  UserName: JJMAdmin
18:37:58.0093 3092  Windows directory: C:\WINDOWS
18:37:58.0093 3092  System windows directory: C:\WINDOWS
18:37:58.0093 3092  Processor architecture: Intel x86
18:37:58.0093 3092  Number of processors: 4
18:37:58.0093 3092  Page size: 0x1000
18:37:58.0093 3092  Boot type: Normal boot
18:37:58.0093 3092  ============================================================
18:38:02.0062 3092  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:38:02.0062 3092  ============================================================
18:38:02.0062 3092  \Device\Harddisk0\DR0:
18:38:02.0062 3092  MBR partitions:
18:38:02.0062 3092  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
18:38:02.0062 3092  ============================================================
18:38:02.0093 3092  C: <-> \Device\Harddisk0\DR0\Partition1
18:38:02.0093 3092  ============================================================
18:38:02.0093 3092  Initialize success
18:38:02.0093 3092  ============================================================
18:38:28.0359 2168  ============================================================
18:38:28.0359 2168  Scan started
18:38:28.0359 2168  Mode: Manual; SigCheck; TDLFS; 
18:38:28.0359 2168  ============================================================
18:38:28.0687 2168  ================ Scan system memory ========================
18:38:28.0687 2168  System memory - ok
18:38:28.0687 2168  ================ Scan services =============================
18:38:28.0890 2168  78617348 - ok
18:38:28.0890 2168  Abiosdsk - ok
18:38:28.0890 2168  abp480n5 - ok
18:38:28.0953 2168  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:38:30.0156 2168  ACPI ( UnsignedFile.Multi.Generic ) - warning
18:38:30.0156 2168  ACPI - detected UnsignedFile.Multi.Generic (1)
18:38:30.0187 2168  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
18:38:30.0265 2168  ACPIEC ( UnsignedFile.Multi.Generic ) - warning
18:38:30.0265 2168  ACPIEC - detected UnsignedFile.Multi.Generic (1)
18:38:30.0359 2168  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:38:30.0515 2168  AdobeFlashPlayerUpdateSvc - ok
18:38:30.0515 2168  adpu160m - ok
18:38:30.0625 2168  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
18:38:30.0671 2168  aec ( UnsignedFile.Multi.Generic ) - warning
18:38:30.0671 2168  aec - detected UnsignedFile.Multi.Generic (1)
18:38:30.0765 2168  [ A7B8A3A79D35215D798A300DF49ED23F ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
18:38:30.0796 2168  Afc ( UnsignedFile.Multi.Generic ) - warning
18:38:30.0796 2168  Afc - detected UnsignedFile.Multi.Generic (1)
18:38:30.0843 2168  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
18:38:30.0906 2168  AFD ( UnsignedFile.Multi.Generic ) - warning
18:38:30.0906 2168  AFD - detected UnsignedFile.Multi.Generic (1)
18:38:30.0906 2168  Aha154x - ok
18:38:30.0906 2168  ahlwtlhq - ok
18:38:30.0921 2168  aic78u2 - ok
18:38:30.0921 2168  aic78xx - ok
18:38:30.0953 2168  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
18:38:30.0984 2168  Alerter ( UnsignedFile.Multi.Generic ) - warning
18:38:30.0984 2168  Alerter - detected UnsignedFile.Multi.Generic (1)
18:38:31.0046 2168  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
18:38:31.0062 2168  ALG ( UnsignedFile.Multi.Generic ) - warning
18:38:31.0062 2168  ALG - detected UnsignedFile.Multi.Generic (1)
18:38:31.0062 2168  AliIde - ok
18:38:31.0062 2168  amsint - ok
18:38:31.0312 2168  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:38:31.0328 2168  Apple Mobile Device - ok
18:38:31.0328 2168  AppMgmt - ok
18:38:31.0328 2168  asc - ok
18:38:31.0343 2168  asc3350p - ok
18:38:31.0343 2168  asc3550 - ok
18:38:31.0437 2168  [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO            C:\WINDOWS\system32\drivers\AsIO.sys
18:38:31.0468 2168  AsIO - ok
18:38:31.0687 2168  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:38:31.0734 2168  aspnet_state - ok
18:38:31.0781 2168  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:38:31.0843 2168  AsyncMac ( UnsignedFile.Multi.Generic ) - warning
18:38:31.0843 2168  AsyncMac - detected UnsignedFile.Multi.Generic (1)
18:38:31.0875 2168  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
18:38:31.0921 2168  atapi ( UnsignedFile.Multi.Generic ) - warning
18:38:31.0921 2168  atapi - detected UnsignedFile.Multi.Generic (1)
18:38:31.0921 2168  Atdisk - ok
18:38:31.0968 2168  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:38:32.0015 2168  Atmarpc ( UnsignedFile.Multi.Generic ) - warning
18:38:32.0015 2168  Atmarpc - detected UnsignedFile.Multi.Generic (1)
18:38:32.0046 2168  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
18:38:32.0046 2168  AudioSrv ( UnsignedFile.Multi.Generic ) - warning
18:38:32.0046 2168  AudioSrv - detected UnsignedFile.Multi.Generic (1)
18:38:32.0140 2168  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
18:38:32.0187 2168  audstub ( UnsignedFile.Multi.Generic ) - warning
18:38:32.0187 2168  audstub - detected UnsignedFile.Multi.Generic (1)
18:38:32.0296 2168  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:38:32.0343 2168  Beep ( UnsignedFile.Multi.Generic ) - warning
18:38:32.0343 2168  Beep - detected UnsignedFile.Multi.Generic (1)
18:38:32.0875 2168  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys
18:38:33.0000 2168  BHDrvx86 - ok
18:38:33.0109 2168  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
18:38:33.0171 2168  BITS ( UnsignedFile.Multi.Generic ) - warning
18:38:33.0171 2168  BITS - detected UnsignedFile.Multi.Generic (1)
18:38:33.0234 2168  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
18:38:33.0281 2168  Browser ( UnsignedFile.Multi.Generic ) - warning
18:38:33.0281 2168  Browser - detected UnsignedFile.Multi.Generic (1)
18:38:33.0359 2168  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
18:38:33.0484 2168  BrScnUsb - ok
18:38:33.0578 2168  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
18:38:33.0640 2168  BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
18:38:33.0640 2168  BrYNSvc - detected UnsignedFile.Multi.Generic (1)
18:38:33.0812 2168  catchme - ok
18:38:33.0843 2168  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
18:38:33.0921 2168  cbidf2k ( UnsignedFile.Multi.Generic ) - warning
18:38:33.0921 2168  cbidf2k - detected UnsignedFile.Multi.Generic (1)
18:38:34.0125 2168  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1404000.028\ccSetx86.sys
18:38:34.0140 2168  ccSet_N360 - ok
18:38:34.0140 2168  cd20xrnt - ok
18:38:34.0218 2168  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
18:38:34.0265 2168  Cdaudio ( UnsignedFile.Multi.Generic ) - warning
18:38:34.0265 2168  Cdaudio - detected UnsignedFile.Multi.Generic (1)
18:38:34.0296 2168  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
18:38:34.0375 2168  Cdfs ( UnsignedFile.Multi.Generic ) - warning
18:38:34.0375 2168  Cdfs - detected UnsignedFile.Multi.Generic (1)
18:38:34.0437 2168  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:38:34.0437 2168  Cdrom ( UnsignedFile.Multi.Generic ) - warning
18:38:34.0437 2168  Cdrom - detected UnsignedFile.Multi.Generic (1)
18:38:34.0453 2168  Changer - ok
18:38:34.0500 2168  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
18:38:34.0531 2168  CiSvc ( UnsignedFile.Multi.Generic ) - warning
18:38:34.0531 2168  CiSvc - detected UnsignedFile.Multi.Generic (1)
18:38:34.0609 2168  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
18:38:34.0625 2168  ClipSrv ( UnsignedFile.Multi.Generic ) - warning
18:38:34.0625 2168  ClipSrv - detected UnsignedFile.Multi.Generic (1)
18:38:34.0671 2168  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:38:34.0750 2168  clr_optimization_v2.0.50727_32 - ok
18:38:34.0750 2168  CmdIde - ok
18:38:34.0765 2168  COMSysApp - ok
18:38:34.0765 2168  Cpqarray - ok
18:38:34.0828 2168  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
18:38:34.0875 2168  CryptSvc ( UnsignedFile.Multi.Generic ) - warning
18:38:34.0875 2168  CryptSvc - detected UnsignedFile.Multi.Generic (1)
18:38:34.0875 2168  dac2w2k - ok
18:38:34.0890 2168  dac960nt - ok
18:38:35.0031 2168  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:38:35.0171 2168  DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
18:38:35.0171 2168  DcomLaunch - detected UnsignedFile.Multi.Generic (1)
18:38:35.0234 2168  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
18:38:35.0281 2168  Dhcp ( UnsignedFile.Multi.Generic ) - warning
18:38:35.0281 2168  Dhcp - detected UnsignedFile.Multi.Generic (1)
18:38:35.0343 2168  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
18:38:35.0390 2168  Disk ( UnsignedFile.Multi.Generic ) - warning
18:38:35.0390 2168  Disk - detected UnsignedFile.Multi.Generic (1)
18:38:35.0390 2168  dmadmin - ok
18:38:35.0484 2168  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
18:38:35.0875 2168  dmboot ( UnsignedFile.Multi.Generic ) - warning
18:38:35.0875 2168  dmboot - detected UnsignedFile.Multi.Generic (1)
18:38:36.0843 2168  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
18:38:36.0906 2168  dmio ( UnsignedFile.Multi.Generic ) - warning
18:38:36.0906 2168  dmio - detected UnsignedFile.Multi.Generic (1)
18:38:36.0937 2168  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
18:38:36.0953 2168  dmload ( UnsignedFile.Multi.Generic ) - warning
18:38:36.0953 2168  dmload - detected UnsignedFile.Multi.Generic (1)
18:38:37.0000 2168  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
18:38:37.0015 2168  dmserver ( UnsignedFile.Multi.Generic ) - warning
18:38:37.0015 2168  dmserver - detected UnsignedFile.Multi.Generic (1)
18:38:37.0046 2168  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
18:38:37.0046 2168  DMusic ( UnsignedFile.Multi.Generic ) - warning
18:38:37.0046 2168  DMusic - detected UnsignedFile.Multi.Generic (1)
18:38:37.0312 2168  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:38:37.0375 2168  Dnscache ( UnsignedFile.Multi.Generic ) - warning
18:38:37.0375 2168  Dnscache - detected UnsignedFile.Multi.Generic (1)
18:38:37.0671 2168  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:38:37.0703 2168  Dot3svc ( UnsignedFile.Multi.Generic ) - warning
18:38:37.0703 2168  Dot3svc - detected UnsignedFile.Multi.Generic (1)
18:38:37.0718 2168  dpti2o - ok
18:38:37.0765 2168  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:38:37.0781 2168  drmkaud ( UnsignedFile.Multi.Generic ) - warning
18:38:37.0781 2168  drmkaud - detected UnsignedFile.Multi.Generic (1)
18:38:37.0859 2168  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
18:38:37.0859 2168  EapHost ( UnsignedFile.Multi.Generic ) - warning
18:38:37.0859 2168  EapHost - detected UnsignedFile.Multi.Generic (1)
18:38:38.0093 2168  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:38:38.0109 2168  eeCtrl - ok
18:38:38.0109 2168  EraserUtilDrv11113 - ok
18:38:38.0156 2168  [ 6D84DFC3B5C5052881BF50470D0C03D1 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:38:38.0171 2168  EraserUtilRebootDrv - ok
18:38:38.0218 2168  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
18:38:38.0218 2168  ERSvc ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0218 2168  ERSvc - detected UnsignedFile.Multi.Generic (1)
18:38:38.0281 2168  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
18:38:38.0312 2168  Eventlog ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0312 2168  Eventlog - detected UnsignedFile.Multi.Generic (1)
18:38:38.0343 2168  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
18:38:38.0359 2168  EventSystem ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0359 2168  EventSystem - detected UnsignedFile.Multi.Generic (1)
18:38:38.0375 2168  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
18:38:38.0375 2168  Fastfat ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0375 2168  Fastfat - detected UnsignedFile.Multi.Generic (1)
18:38:38.0421 2168  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:38:38.0453 2168  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0453 2168  FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1)
18:38:38.0484 2168  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
18:38:38.0484 2168  Fdc ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0484 2168  Fdc - detected UnsignedFile.Multi.Generic (1)
18:38:38.0500 2168  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
18:38:38.0500 2168  Fips ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0500 2168  Fips - detected UnsignedFile.Multi.Generic (1)
18:38:38.0515 2168  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:38:38.0515 2168  Flpydisk ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0515 2168  Flpydisk - detected UnsignedFile.Multi.Generic (1)
18:38:38.0531 2168  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:38:38.0546 2168  FltMgr ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0546 2168  FltMgr - detected UnsignedFile.Multi.Generic (1)
18:38:38.0609 2168  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:38:38.0625 2168  FontCache3.0.0.0 - ok
18:38:38.0687 2168  [ 455F778EE14368468560BD7CB8C854D0 ] FsVga           C:\WINDOWS\system32\DRIVERS\fsvga.sys
18:38:38.0687 2168  FsVga ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0687 2168  FsVga - detected UnsignedFile.Multi.Generic (1)
18:38:38.0687 2168  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:38:38.0703 2168  Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0703 2168  Fs_Rec - detected UnsignedFile.Multi.Generic (1)
18:38:38.0703 2168  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:38:38.0703 2168  Ftdisk ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0703 2168  Ftdisk - detected UnsignedFile.Multi.Generic (1)
18:38:38.0765 2168  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:38:38.0765 2168  Gpc ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0765 2168  Gpc - detected UnsignedFile.Multi.Generic (1)
18:38:38.0875 2168  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:38:38.0875 2168  gupdate - ok
18:38:38.0937 2168  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:38:38.0953 2168  gupdatem - ok
18:38:39.0000 2168  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:38:39.0000 2168  HDAudBus ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0000 2168  HDAudBus - detected UnsignedFile.Multi.Generic (1)
18:38:39.0109 2168  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:38:39.0125 2168  helpsvc ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0125 2168  helpsvc - detected UnsignedFile.Multi.Generic (1)
18:38:39.0140 2168  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
18:38:39.0156 2168  HidServ ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0156 2168  HidServ - detected UnsignedFile.Multi.Generic (1)
18:38:39.0187 2168  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:38:39.0203 2168  hidusb ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0203 2168  hidusb - detected UnsignedFile.Multi.Generic (1)
18:38:39.0234 2168  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
18:38:39.0250 2168  hkmsvc ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0250 2168  hkmsvc - detected UnsignedFile.Multi.Generic (1)
18:38:39.0250 2168  hpn - ok
18:38:39.0281 2168  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:38:39.0281 2168  HPZid412 ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0281 2168  HPZid412 - detected UnsignedFile.Multi.Generic (1)
18:38:39.0328 2168  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:38:39.0343 2168  HPZipr12 ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0343 2168  HPZipr12 - detected UnsignedFile.Multi.Generic (1)
18:38:39.0343 2168  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:38:39.0359 2168  HPZius12 ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0359 2168  HPZius12 - detected UnsignedFile.Multi.Generic (1)
18:38:39.0390 2168  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
18:38:39.0406 2168  HTTP ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0406 2168  HTTP - detected UnsignedFile.Multi.Generic (1)
18:38:39.0453 2168  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
18:38:39.0453 2168  HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0453 2168  HTTPFilter - detected UnsignedFile.Multi.Generic (1)
18:38:39.0453 2168  i2omgmt - ok
18:38:39.0468 2168  i2omp - ok
18:38:39.0531 2168  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:38:39.0546 2168  i8042prt ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0546 2168  i8042prt - detected UnsignedFile.Multi.Generic (1)
18:38:39.0640 2168  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:38:39.0671 2168  idsvc - ok
18:38:39.0781 2168  [ E66112BA8090C121681A0D6A067ED73D ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130830.001\IDSxpx86.sys
18:38:39.0796 2168  IDSxpx86 - ok
18:38:39.0890 2168  [ F82BC30BB2B608AF8B5540CDBAEA93A6 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
18:38:39.0890 2168  IJPLMSVC - ok
18:38:39.0953 2168  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
18:38:39.0953 2168  Imapi ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0953 2168  Imapi - detected UnsignedFile.Multi.Generic (1)
18:38:40.0015 2168  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
18:38:40.0015 2168  ImapiService ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0015 2168  ImapiService - detected UnsignedFile.Multi.Generic (1)
18:38:40.0015 2168  ini910u - ok
18:38:40.0171 2168  [ 47C79F7E330CBB829934D00F64D55FC9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:38:40.0281 2168  IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0281 2168  IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
18:38:40.0296 2168  IntelIde - ok
18:38:40.0359 2168  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:38:40.0359 2168  intelppm ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0359 2168  intelppm - detected UnsignedFile.Multi.Generic (1)
18:38:40.0390 2168  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
18:38:40.0390 2168  ip6fw ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0390 2168  ip6fw - detected UnsignedFile.Multi.Generic (1)
18:38:40.0421 2168  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:38:40.0421 2168  IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0421 2168  IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
18:38:40.0437 2168  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:38:40.0437 2168  IpInIp ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0437 2168  IpInIp - detected UnsignedFile.Multi.Generic (1)
18:38:40.0484 2168  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:38:40.0500 2168  IpNat ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0500 2168  IpNat - detected UnsignedFile.Multi.Generic (1)
18:38:40.0531 2168  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:38:40.0546 2168  IPSec ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0546 2168  IPSec - detected UnsignedFile.Multi.Generic (1)
18:38:40.0562 2168  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
18:38:40.0562 2168  IRENUM ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0562 2168  IRENUM - detected UnsignedFile.Multi.Generic (1)
18:38:40.0593 2168  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:38:40.0593 2168  isapnp ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0593 2168  isapnp - detected UnsignedFile.Multi.Generic (1)
18:38:40.0625 2168  JavaQuickStarterService - ok
18:38:40.0656 2168  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:38:40.0671 2168  Kbdclass ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0671 2168  Kbdclass - detected UnsignedFile.Multi.Generic (1)
18:38:40.0671 2168  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:38:40.0687 2168  kbdhid ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0687 2168  kbdhid - detected UnsignedFile.Multi.Generic (1)
18:38:40.0734 2168  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
18:38:40.0750 2168  kmixer ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0750 2168  kmixer - detected UnsignedFile.Multi.Generic (1)
18:38:40.0765 2168  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
18:38:40.0781 2168  KSecDD ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0781 2168  KSecDD - detected UnsignedFile.Multi.Generic (1)
18:38:40.0781 2168  [ E384521A6715D708EFAFFE26FFF8A3E3 ] L1e             C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
18:38:40.0796 2168  L1e - ok
18:38:40.0843 2168  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
18:38:40.0843 2168  LanmanServer ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0843 2168  LanmanServer - detected UnsignedFile.Multi.Generic (1)
18:38:40.0890 2168  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:38:40.0906 2168  lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning
18:38:40.0906 2168  lanmanworkstation - detected UnsignedFile.Multi.Generic (1)
18:38:40.0906 2168  Lavasoft Kernexplorer - ok
18:38:40.0921 2168  lbrtfdc - ok
18:38:41.0015 2168  [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:38:41.0031 2168  LightScribeService - ok
18:38:41.0109 2168  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
18:38:41.0109 2168  LmHosts ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0109 2168  LmHosts - detected UnsignedFile.Multi.Generic (1)
18:38:41.0156 2168  [ B749B05D5A7AD704E47D4565B4894D99 ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
18:38:41.0156 2168  mbamchameleon - ok
18:38:41.0156 2168  MBAMSwissArmy - ok
18:38:41.0187 2168  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
18:38:41.0203 2168  Messenger ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0203 2168  Messenger - detected UnsignedFile.Multi.Generic (1)
18:38:41.0234 2168  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
18:38:41.0234 2168  mnmdd ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0234 2168  mnmdd - detected UnsignedFile.Multi.Generic (1)
18:38:41.0281 2168  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
18:38:41.0281 2168  mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0281 2168  mnmsrvc - detected UnsignedFile.Multi.Generic (1)
18:38:41.0312 2168  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
18:38:41.0312 2168  Modem ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0312 2168  Modem - detected UnsignedFile.Multi.Generic (1)
18:38:41.0359 2168  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:38:41.0359 2168  Mouclass ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0359 2168  Mouclass - detected UnsignedFile.Multi.Generic (1)
18:38:41.0375 2168  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:38:41.0375 2168  mouhid ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0375 2168  mouhid - detected UnsignedFile.Multi.Generic (1)
18:38:41.0390 2168  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
18:38:41.0390 2168  MountMgr ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0390 2168  MountMgr - detected UnsignedFile.Multi.Generic (1)
18:38:41.0437 2168  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:38:41.0453 2168  MpFilter - ok
18:38:41.0468 2168  mraid35x - ok
18:38:41.0468 2168  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:38:41.0468 2168  MRxDAV ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0468 2168  MRxDAV - detected UnsignedFile.Multi.Generic (1)
18:38:41.0531 2168  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:38:41.0531 2168  MRxSmb ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0531 2168  MRxSmb - detected UnsignedFile.Multi.Generic (1)
18:38:41.0593 2168  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
18:38:41.0593 2168  MSDTC ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0593 2168  MSDTC - detected UnsignedFile.Multi.Generic (1)
18:38:41.0609 2168  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:38:41.0609 2168  Msfs ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0609 2168  Msfs - detected UnsignedFile.Multi.Generic (1)
18:38:41.0609 2168  MSIServer - ok
18:38:41.0625 2168  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:38:41.0640 2168  MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0640 2168  MSKSSRV - detected UnsignedFile.Multi.Generic (1)
18:38:41.0640 2168  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:38:41.0640 2168  MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0640 2168  MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
18:38:41.0671 2168  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:38:41.0671 2168  MSPQM ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0671 2168  MSPQM - detected UnsignedFile.Multi.Generic (1)
18:38:41.0687 2168  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:38:41.0687 2168  mssmbios ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0687 2168  mssmbios - detected UnsignedFile.Multi.Generic (1)
18:38:41.0734 2168  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:38:41.0734 2168  MTsensor ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0734 2168  MTsensor - detected UnsignedFile.Multi.Generic (1)
18:38:41.0750 2168  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
18:38:41.0765 2168  Mup ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0765 2168  Mup - detected UnsignedFile.Multi.Generic (1)
18:38:41.0859 2168  [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360            C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
18:38:41.0859 2168  N360 - ok
18:38:41.0921 2168  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:38:41.0937 2168  napagent ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0937 2168  napagent - detected UnsignedFile.Multi.Generic (1)
18:38:42.0031 2168  [ 81E928EE3751FAF725C87CC17726C05D ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVENG.SYS
18:38:42.0031 2168  NAVENG - ok
18:38:42.0109 2168  [ E0C39FA6C76AE8ED53ABF043F35ECDFF ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130901.019\NAVEX15.SYS
18:38:42.0140 2168  NAVEX15 - ok
18:38:42.0218 2168  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:38:42.0218 2168  NDIS ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0218 2168  NDIS - detected UnsignedFile.Multi.Generic (1)
18:38:42.0265 2168  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:38:42.0265 2168  NdisTapi ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0265 2168  NdisTapi - detected UnsignedFile.Multi.Generic (1)
18:38:42.0312 2168  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:38:42.0312 2168  Ndisuio ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0312 2168  Ndisuio - detected UnsignedFile.Multi.Generic (1)
18:38:42.0343 2168  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:38:42.0343 2168  NdisWan ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0343 2168  NdisWan - detected UnsignedFile.Multi.Generic (1)
18:38:42.0390 2168  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:38:42.0390 2168  NDProxy ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0390 2168  NDProxy - detected UnsignedFile.Multi.Generic (1)
18:38:42.0437 2168  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:38:42.0453 2168  NetBIOS ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0453 2168  NetBIOS - detected UnsignedFile.Multi.Generic (1)
18:38:42.0500 2168  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:38:42.0515 2168  NetBT ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0515 2168  NetBT - detected UnsignedFile.Multi.Generic (1)
18:38:42.0546 2168  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:38:42.0546 2168  NetDDE ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0546 2168  NetDDE - detected UnsignedFile.Multi.Generic (1)
18:38:42.0546 2168  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:38:42.0562 2168  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0562 2168  NetDDEdsdm - detected UnsignedFile.Multi.Generic (1)
18:38:42.0593 2168  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:38:42.0593 2168  Netlogon ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0593 2168  Netlogon - detected UnsignedFile.Multi.Generic (1)
18:38:42.0640 2168  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
18:38:42.0656 2168  Netman ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0656 2168  Netman - detected UnsignedFile.Multi.Generic (1)
18:38:42.0687 2168  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:38:42.0703 2168  NetTcpPortSharing - ok
18:38:42.0750 2168  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
18:38:42.0750 2168  Nla ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0750 2168  Nla - detected UnsignedFile.Multi.Generic (1)
18:38:42.0781 2168  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:38:42.0781 2168  Npfs ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0781 2168  Npfs - detected UnsignedFile.Multi.Generic (1)
18:38:42.0828 2168  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:38:42.0843 2168  Ntfs ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0843 2168  Ntfs - detected UnsignedFile.Multi.Generic (1)
18:38:42.0843 2168  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
18:38:42.0859 2168  NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0859 2168  NtLmSsp - detected UnsignedFile.Multi.Generic (1)
18:38:42.0890 2168  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
18:38:42.0906 2168  NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0906 2168  NtmsSvc - detected UnsignedFile.Multi.Generic (1)
18:38:42.0937 2168  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:38:42.0937 2168  Null ( UnsignedFile.Multi.Generic ) - warning
18:38:42.0937 2168  Null - detected UnsignedFile.Multi.Generic (1)
18:38:43.0609 2168  [ CF49346FAEFFBD046B4DCAF29673E02A ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:38:43.0921 2168  nv ( UnsignedFile.Multi.Generic ) - warning
18:38:43.0921 2168  nv - detected UnsignedFile.Multi.Generic (1)
18:38:43.0953 2168  [ 2E661D73B21619818787FD5059294751 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda32.sys
18:38:43.0968 2168  NVHDA - ok
18:38:43.0984 2168  [ 896B929603FE45993853DF9A3E5E19B1 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
18:38:44.0000 2168  nvsvc ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0000 2168  nvsvc - detected UnsignedFile.Multi.Generic (1)
18:38:44.0031 2168  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:38:44.0031 2168  NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0031 2168  NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
18:38:44.0046 2168  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:38:44.0062 2168  NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0062 2168  NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
18:38:44.0093 2168  [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
18:38:44.0093 2168  NwlnkIpx ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0093 2168  NwlnkIpx - detected UnsignedFile.Multi.Generic (1)
18:38:44.0093 2168  [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
18:38:44.0093 2168  NwlnkNb ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0093 2168  NwlnkNb - detected UnsignedFile.Multi.Generic (1)
18:38:44.0140 2168  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
18:38:44.0156 2168  NwlnkSpx ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0156 2168  NwlnkSpx - detected UnsignedFile.Multi.Generic (1)
18:38:44.0203 2168  [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent      C:\WINDOWS\System32\ipxsap.dll
18:38:44.0203 2168  NwSapAgent ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0203 2168  NwSapAgent - detected UnsignedFile.Multi.Generic (1)
18:38:44.0218 2168  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
18:38:44.0218 2168  Parport ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0218 2168  Parport - detected UnsignedFile.Multi.Generic (1)
18:38:44.0234 2168  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
18:38:44.0234 2168  PartMgr ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0234 2168  PartMgr - detected UnsignedFile.Multi.Generic (1)
18:38:44.0281 2168  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:38:44.0296 2168  ParVdm ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0296 2168  ParVdm - detected UnsignedFile.Multi.Generic (1)
18:38:44.0296 2168  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
18:38:44.0296 2168  PCI ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0296 2168  PCI - detected UnsignedFile.Multi.Generic (1)
18:38:44.0296 2168  PCIDump - ok
18:38:44.0328 2168  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:38:44.0328 2168  PCIIde ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0328 2168  PCIIde - detected UnsignedFile.Multi.Generic (1)
18:38:44.0343 2168  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
18:38:44.0359 2168  Pcmcia ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0359 2168  Pcmcia - detected UnsignedFile.Multi.Generic (1)
18:38:44.0359 2168  PDCOMP - ok
18:38:44.0468 2168  [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
18:38:44.0515 2168  PDFProFiltSrvPP - ok
18:38:44.0515 2168  PDFRAME - ok
18:38:44.0515 2168  PDRELI - ok
18:38:44.0531 2168  PDRFRAME - ok
18:38:44.0531 2168  perc2 - ok
18:38:44.0531 2168  perc2hib - ok
18:38:44.0593 2168  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
18:38:44.0593 2168  PlugPlay ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0593 2168  PlugPlay - detected UnsignedFile.Multi.Generic (1)
18:38:44.0656 2168  [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
18:38:44.0656 2168  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0656 2168  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:38:44.0687 2168  [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
18:38:44.0703 2168  Point32 - ok
18:38:44.0734 2168  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
18:38:44.0734 2168  PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0734 2168  PolicyAgent - detected UnsignedFile.Multi.Generic (1)
18:38:44.0734 2168  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:38:44.0750 2168  PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0750 2168  PptpMiniport - detected UnsignedFile.Multi.Generic (1)
18:38:44.0750 2168  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
18:38:44.0750 2168  Processor ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0750 2168  Processor - detected UnsignedFile.Multi.Generic (1)
18:38:44.0765 2168  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:38:44.0765 2168  ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0765 2168  ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
18:38:44.0765 2168  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:38:44.0765 2168  PSched ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0765 2168  PSched - detected UnsignedFile.Multi.Generic (1)
18:38:44.0796 2168  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:38:44.0796 2168  Ptilink ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0796 2168  Ptilink - detected UnsignedFile.Multi.Generic (1)
18:38:44.0812 2168  [ 0457E25BB122B854E267CF552DCDC370 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:38:44.0812 2168  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0812 2168  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:38:44.0812 2168  ql1080 - ok
18:38:44.0828 2168  Ql10wnt - ok
18:38:44.0828 2168  ql12160 - ok
18:38:44.0828 2168  ql1240 - ok
18:38:44.0843 2168  ql1280 - ok
18:38:44.0859 2168  qztgydbs - ok
18:38:44.0875 2168  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:38:44.0875 2168  RasAcd ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0875 2168  RasAcd - detected UnsignedFile.Multi.Generic (1)
18:38:44.0921 2168  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:38:44.0921 2168  RasAuto ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0921 2168  RasAuto - detected UnsignedFile.Multi.Generic (1)
18:38:44.0953 2168  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:38:44.0953 2168  Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
18:38:44.0953 2168  Rasl2tp - detected UnsignedFile.Multi.Generic (1)
18:38:45.0015 2168  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:38:45.0015 2168  RasMan ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0015 2168  RasMan - detected UnsignedFile.Multi.Generic (1)
18:38:45.0015 2168  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:38:45.0031 2168  RasPppoe ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0031 2168  RasPppoe - detected UnsignedFile.Multi.Generic (1)
18:38:45.0031 2168  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:38:45.0031 2168  Raspti ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0031 2168  Raspti - detected UnsignedFile.Multi.Generic (1)
18:38:45.0031 2168  rbecvvno - ok
18:38:45.0062 2168  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:38:45.0078 2168  Rdbss ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0078 2168  Rdbss - detected UnsignedFile.Multi.Generic (1)
18:38:45.0078 2168  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:38:45.0078 2168  RDPCDD ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0078 2168  RDPCDD - detected UnsignedFile.Multi.Generic (1)
18:38:45.0109 2168  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:38:45.0125 2168  RDPWD ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0125 2168  RDPWD - detected UnsignedFile.Multi.Generic (1)
18:38:45.0156 2168  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
18:38:45.0156 2168  RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0156 2168  RDSessMgr - detected UnsignedFile.Multi.Generic (1)
18:38:45.0203 2168  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
18:38:45.0218 2168  RealNetworks Downloader Resolver Service - ok
18:38:45.0296 2168  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
18:38:45.0312 2168  redbook ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0312 2168  redbook - detected UnsignedFile.Multi.Generic (1)
18:38:45.0359 2168  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:38:45.0359 2168  RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0359 2168  RemoteAccess - detected UnsignedFile.Multi.Generic (1)
18:38:45.0375 2168  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
18:38:45.0375 2168  RpcLocator ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0375 2168  RpcLocator - detected UnsignedFile.Multi.Generic (1)
18:38:45.0406 2168  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
18:38:45.0453 2168  RpcSs ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0453 2168  RpcSs - detected UnsignedFile.Multi.Generic (1)
18:38:45.0484 2168  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
18:38:45.0500 2168  RSVP ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0500 2168  RSVP - detected UnsignedFile.Multi.Generic (1)
18:38:45.0531 2168  [ 6164F7CFF5BD381FDA94BADC417832C6 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
18:38:45.0531 2168  RTL8023xp ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0531 2168  RTL8023xp - detected UnsignedFile.Multi.Generic (1)
18:38:45.0562 2168  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:38:45.0562 2168  rtl8139 ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0562 2168  rtl8139 - detected UnsignedFile.Multi.Generic (1)
18:38:45.0593 2168  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:38:45.0593 2168  SamSs ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0593 2168  SamSs - detected UnsignedFile.Multi.Generic (1)
18:38:45.0640 2168  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:38:45.0656 2168  SCardSvr ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0656 2168  SCardSvr - detected UnsignedFile.Multi.Generic (1)
18:38:45.0671 2168  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:38:45.0671 2168  Schedule ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0671 2168  Schedule - detected UnsignedFile.Multi.Generic (1)
18:38:45.0734 2168  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:38:45.0734 2168  Secdrv ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0734 2168  Secdrv - detected UnsignedFile.Multi.Generic (1)
18:38:45.0750 2168  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:38:45.0750 2168  seclogon ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0750 2168  seclogon - detected UnsignedFile.Multi.Generic (1)
18:38:45.0765 2168  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
18:38:45.0765 2168  SENS ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0765 2168  SENS - detected UnsignedFile.Multi.Generic (1)
18:38:45.0796 2168  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
18:38:45.0796 2168  serenum ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0796 2168  serenum - detected UnsignedFile.Multi.Generic (1)
18:38:45.0828 2168  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
18:38:45.0828 2168  Serial ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0828 2168  Serial - detected UnsignedFile.Multi.Generic (1)
18:38:45.0890 2168  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:38:45.0890 2168  Sfloppy ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0890 2168  Sfloppy - detected UnsignedFile.Multi.Generic (1)
18:38:45.0953 2168  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:38:45.0953 2168  SharedAccess ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0953 2168  SharedAccess - detected UnsignedFile.Multi.Generic (1)
18:38:45.0968 2168  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:38:45.0968 2168  ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0984 2168  ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
18:38:45.0984 2168  Simbad - ok
18:38:46.0031 2168  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:38:46.0031 2168  SONYPVU1 ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0031 2168  SONYPVU1 - detected UnsignedFile.Multi.Generic (1)
18:38:46.0031 2168  Sparrow - ok
18:38:46.0046 2168  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:38:46.0062 2168  splitter ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0062 2168  splitter - detected UnsignedFile.Multi.Generic (1)
18:38:46.0093 2168  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
18:38:46.0093 2168  Spooler ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0093 2168  Spooler - detected UnsignedFile.Multi.Generic (1)
18:38:46.0125 2168  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:38:46.0125 2168  sr ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0125 2168  sr - detected UnsignedFile.Multi.Generic (1)
18:38:46.0125 2168  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
18:38:46.0140 2168  srservice ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0140 2168  srservice - detected UnsignedFile.Multi.Generic (1)
18:38:46.0218 2168  [ C743E384E9EFCA10B41C60D406DE39C0 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1404000.028\SRTSP.SYS
18:38:46.0234 2168  SRTSP - ok
18:38:46.0234 2168  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1404000.028\SRTSPX.SYS
18:38:46.0250 2168  SRTSPX - ok
18:38:46.0281 2168  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:38:46.0281 2168  Srv ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0281 2168  Srv - detected UnsignedFile.Multi.Generic (1)
18:38:46.0328 2168  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:38:46.0328 2168  SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0328 2168  SSDPSRV - detected UnsignedFile.Multi.Generic (1)
18:38:46.0359 2168  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
18:38:46.0359 2168  StillCam ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0359 2168  StillCam - detected UnsignedFile.Multi.Generic (1)
18:38:46.0390 2168  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:38:46.0406 2168  stisvc ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0406 2168  stisvc - detected UnsignedFile.Multi.Generic (1)
18:38:46.0453 2168  [ 8AB969DC84AAC57F412DB042F3137C04 ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
18:38:46.0468 2168  SWDUMon - ok
18:38:46.0515 2168  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:38:46.0515 2168  swenum ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0515 2168  swenum - detected UnsignedFile.Multi.Generic (1)
18:38:46.0546 2168  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:38:46.0546 2168  swmidi ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0546 2168  swmidi - detected UnsignedFile.Multi.Generic (1)
18:38:46.0546 2168  SwPrv - ok
18:38:46.0546 2168  symc810 - ok
18:38:46.0562 2168  symc8xx - ok
18:38:46.0625 2168  [ 5A193E5E0F0A776430E5D62A051C1E16 ] SymDS           C:\WINDOWS\system32\drivers\N360\1404000.028\SYMDS.SYS
18:38:46.0640 2168  SymDS - ok
18:38:46.0687 2168  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1404000.028\SYMEFA.SYS
18:38:46.0734 2168  SymEFA - ok
18:38:46.0781 2168  [ F50D81D3E0C7A353F205562B89CD06D6 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:38:46.0796 2168  SymEvent - ok
18:38:46.0828 2168  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1404000.028\Ironx86.SYS
18:38:46.0843 2168  SymIRON - ok
18:38:46.0875 2168  [ E9C316262C48BF299E02FC8B1CE2B925 ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1404000.028\SYMTDI.SYS
18:38:46.0890 2168  SYMTDI - ok
18:38:46.0906 2168  sym_hi - ok
18:38:46.0906 2168  sym_u3 - ok
18:38:46.0953 2168  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:38:46.0953 2168  sysaudio ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0953 2168  sysaudio - detected UnsignedFile.Multi.Generic (1)
18:38:46.0984 2168  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
18:38:46.0984 2168  SysmonLog ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0984 2168  SysmonLog - detected UnsignedFile.Multi.Generic (1)
18:38:47.0015 2168  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:38:47.0031 2168  TapiSrv ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0031 2168  TapiSrv - detected UnsignedFile.Multi.Generic (1)
18:38:47.0046 2168  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:38:47.0062 2168  Tcpip ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0062 2168  Tcpip - detected UnsignedFile.Multi.Generic (1)
18:38:47.0078 2168  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:38:47.0078 2168  TDPIPE ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0078 2168  TDPIPE - detected UnsignedFile.Multi.Generic (1)
18:38:47.0093 2168  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
18:38:47.0093 2168  TDTCP ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0093 2168  TDTCP - detected UnsignedFile.Multi.Generic (1)
18:38:47.0125 2168  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:38:47.0125 2168  TermDD ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0125 2168  TermDD - detected UnsignedFile.Multi.Generic (1)
18:38:47.0187 2168  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
18:38:47.0203 2168  TermService ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0203 2168  TermService - detected UnsignedFile.Multi.Generic (1)
18:38:47.0218 2168  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:38:47.0234 2168  Themes ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0234 2168  Themes - detected UnsignedFile.Multi.Generic (1)
18:38:47.0234 2168  TosIde - ok
18:38:47.0250 2168  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:38:47.0250 2168  TrkWks ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0250 2168  TrkWks - detected UnsignedFile.Multi.Generic (1)
18:38:47.0312 2168  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:38:47.0312 2168  Udfs ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0312 2168  Udfs - detected UnsignedFile.Multi.Generic (1)
18:38:47.0328 2168  ultra - ok
18:38:47.0328 2168  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:38:47.0343 2168  Update ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0343 2168  Update - detected UnsignedFile.Multi.Generic (1)
18:38:47.0421 2168  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:38:47.0421 2168  upnphost ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0421 2168  upnphost - detected UnsignedFile.Multi.Generic (1)
18:38:47.0484 2168  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
18:38:47.0484 2168  UPS ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0484 2168  UPS - detected UnsignedFile.Multi.Generic (1)
18:38:47.0515 2168  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
18:38:47.0515 2168  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0515 2168  USBAAPL - detected UnsignedFile.Multi.Generic (1)
18:38:47.0546 2168  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:38:47.0546 2168  usbccgp ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0546 2168  usbccgp - detected UnsignedFile.Multi.Generic (1)
18:38:47.0562 2168  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:38:47.0562 2168  usbehci ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0562 2168  usbehci - detected UnsignedFile.Multi.Generic (1)
18:38:47.0578 2168  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:38:47.0578 2168  usbhub ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0578 2168  usbhub - detected UnsignedFile.Multi.Generic (1)
18:38:47.0609 2168  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:38:47.0625 2168  usbprint ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0625 2168  usbprint - detected UnsignedFile.Multi.Generic (1)
18:38:47.0625 2168  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:38:47.0640 2168  usbscan ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0640 2168  usbscan - detected UnsignedFile.Multi.Generic (1)
18:38:47.0671 2168  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:38:47.0671 2168  usbstor ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0671 2168  usbstor - detected UnsignedFile.Multi.Generic (1)
18:38:47.0718 2168  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:38:47.0734 2168  usbuhci ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0734 2168  usbuhci - detected UnsignedFile.Multi.Generic (1)
18:38:47.0765 2168  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
18:38:47.0765 2168  VgaSave ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0765 2168  VgaSave - detected UnsignedFile.Multi.Generic (1)
18:38:47.0765 2168  ViaIde - ok
18:38:47.0796 2168  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
18:38:47.0796 2168  VolSnap ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0796 2168  VolSnap - detected UnsignedFile.Multi.Generic (1)
18:38:47.0843 2168  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
18:38:47.0843 2168  VSS ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0843 2168  VSS - detected UnsignedFile.Multi.Generic (1)
18:38:47.0859 2168  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
18:38:47.0875 2168  W32Time ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0875 2168  W32Time - detected UnsignedFile.Multi.Generic (1)
18:38:47.0906 2168  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:38:47.0906 2168  Wanarp ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0906 2168  Wanarp - detected UnsignedFile.Multi.Generic (1)
18:38:47.0906 2168  WDICA - ok
18:38:47.0953 2168  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:38:47.0968 2168  wdmaud ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0968 2168  wdmaud - detected UnsignedFile.Multi.Generic (1)
18:38:47.0984 2168  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:38:47.0984 2168  WebClient ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0984 2168  WebClient - detected UnsignedFile.Multi.Generic (1)
18:38:48.0062 2168  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:38:48.0062 2168  winmgmt ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0062 2168  winmgmt - detected UnsignedFile.Multi.Generic (1)
18:38:48.0093 2168  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
18:38:48.0093 2168  WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0093 2168  WmdmPmSN - detected UnsignedFile.Multi.Generic (1)
18:38:48.0109 2168  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:38:48.0125 2168  WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0125 2168  WmiApSrv - detected UnsignedFile.Multi.Generic (1)
18:38:48.0203 2168  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
18:38:48.0234 2168  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0234 2168  WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
18:38:48.0265 2168  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:38:48.0265 2168  WS2IFSL ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0265 2168  WS2IFSL - detected UnsignedFile.Multi.Generic (1)
18:38:48.0296 2168  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
18:38:48.0296 2168  wscsvc ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0296 2168  wscsvc - detected UnsignedFile.Multi.Generic (1)
18:38:48.0296 2168  WSearch - ok
18:38:48.0343 2168  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:38:48.0343 2168  wuauserv ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0343 2168  wuauserv - detected UnsignedFile.Multi.Generic (1)
18:38:48.0375 2168  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:38:48.0390 2168  WudfPf ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0390 2168  WudfPf - detected UnsignedFile.Multi.Generic (1)
18:38:48.0390 2168  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
18:38:48.0406 2168  WudfSvc ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0406 2168  WudfSvc - detected UnsignedFile.Multi.Generic (1)
18:38:48.0437 2168  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:38:48.0453 2168  WZCSVC ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0453 2168  WZCSVC - detected UnsignedFile.Multi.Generic (1)
18:38:48.0484 2168  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
18:38:48.0484 2168  xmlprov ( UnsignedFile.Multi.Generic ) - warning
18:38:48.0484 2168  xmlprov - detected UnsignedFile.Multi.Generic (1)
18:38:48.0484 2168  ================ Scan global ===============================
18:38:48.0515 2168  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:38:48.0578 2168  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
18:38:48.0593 2168  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
18:38:48.0640 2168  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:38:48.0640 2168  [Global] - ok
18:38:48.0640 2168  ================ Scan MBR ==================================
18:38:48.0671 2168  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:38:48.0906 2168  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:38:48.0906 2168  \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:38:48.0906 2168  ================ Scan VBR ==================================
18:38:48.0906 2168  [ 0FAF82416E3207896B8C969C4319E2A2 ] \Device\Harddisk0\DR0\Partition1
18:38:48.0906 2168  \Device\Harddisk0\DR0\Partition1 - ok
18:38:48.0906 2168  ============================================================
18:38:48.0906 2168  Scan finished
18:38:48.0906 2168  ============================================================
18:38:49.0031 2224  Detected object count: 215
18:38:49.0031 2224  Actual detected object count: 215
18:39:49.0875 2224  ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0875 2224  ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0875 2224  ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0875 2224  ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0875 2224  aec ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0875 2224  aec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0890 2224  Afc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0890 2224  Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0890 2224  AFD ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0890 2224  AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0890 2224  Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0890 2224  Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0890 2224  ALG ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0890 2224  ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0890 2224  AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0890 2224  AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0906 2224  atapi ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0906 2224  atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0906 2224  Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0906 2224  Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0906 2224  AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0906 2224  AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0906 2224  audstub ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0906 2224  audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0906 2224  Beep ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0906 2224  Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0921 2224  BITS ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0921 2224  BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0921 2224  Browser ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0921 2224  Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0921 2224  BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0921 2224  BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0921 2224  cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0921 2224  cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0921 2224  Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0921 2224  Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0937 2224  Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0937 2224  Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0937 2224  Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0937 2224  Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0937 2224  CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0937 2224  CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0937 2224  ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0937 2224  ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0937 2224  CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0937 2224  CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0953 2224  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0953 2224  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0953 2224  Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0953 2224  Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0953 2224  Disk ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0953 2224  Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0953 2224  dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0953 2224  dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0953 2224  dmio ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0953 2224  dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0968 2224  dmload ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0968 2224  dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0968 2224  dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0968 2224  dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0968 2224  DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0968 2224  DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0968 2224  Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0968 2224  Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0968 2224  Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0968 2224  Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0984 2224  drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0984 2224  drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0984 2224  EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0984 2224  EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0984 2224  ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0984 2224  ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0984 2224  Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0984 2224  Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:49.0984 2224  EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:49.0984 2224  EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0000 2224  Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0000 2224  Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0000 2224  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0000 2224  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0000 2224  Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0000 2224  Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0000 2224  Fips ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0000 2224  Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0000 2224  Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0000 2224  Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0015 2224  FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0015 2224  FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0015 2224  FsVga ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0015 2224  FsVga ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0015 2224  Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0015 2224  Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0015 2224  Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0015 2224  Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0015 2224  Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0015 2224  Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0031 2224  HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0031 2224  HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0031 2224  helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0031 2224  helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0031 2224  HidServ ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0031 2224  HidServ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0031 2224  hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0031 2224  hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0031 2224  hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0031 2224  hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0046 2224  HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0046 2224  HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0046 2224  HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0046 2224  HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0046 2224  HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0046 2224  HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0046 2224  HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0046 2224  HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0046 2224  HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0046 2224  HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0062 2224  i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0062 2224  i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0062 2224  Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0062 2224  Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0062 2224  ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0062 2224  ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0062 2224  IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0062 2224  IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0062 2224  intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0062 2224  intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0078 2224  ip6fw ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0078 2224  ip6fw ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0078 2224  IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0078 2224  IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0078 2224  IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0078 2224  IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0078 2224  IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0078 2224  IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0078 2224  IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0078 2224  IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0078 2224  IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0078 2224  IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0093 2224  isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0093 2224  isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0093 2224  Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0093 2224  Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0093 2224  kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0093 2224  kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0093 2224  kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0093 2224  kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0093 2224  KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0093 2224  KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0109 2224  LanmanServer ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0109 2224  LanmanServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0109 2224  lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0109 2224  lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0109 2224  LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0109 2224  LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0109 2224  Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0109 2224  Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0109 2224  mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0109 2224  mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0125 2224  mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0125 2224  mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0125 2224  Modem ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0125 2224  Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0125 2224  Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0125 2224  Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0125 2224  mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0125 2224  mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0125 2224  MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0125 2224  MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0125 2224  MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0125 2224  MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0140 2224  MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0140 2224  MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0140 2224  MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0140 2224  MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0140 2224  Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0140 2224  Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0140 2224  MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0140 2224  MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0140 2224  MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0140 2224  MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0156 2224  MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0156 2224  MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0156 2224  mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0156 2224  mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0156 2224  MTsensor ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0156 2224  MTsensor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0156 2224  Mup ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0156 2224  Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0156 2224  napagent ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0156 2224  napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0171 2224  NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0171 2224  NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0171 2224  NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0171 2224  NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0171 2224  Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0171 2224  Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0171 2224  NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0171 2224  NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0171 2224  NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0171 2224  NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0187 2224  NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0187 2224  NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0187 2224  NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0187 2224  NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0187 2224  NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0187 2224  NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0187 2224  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0187 2224  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0187 2224  Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0187 2224  Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0203 2224  Netman ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0203 2224  Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0203 2224  Nla ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0203 2224  Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0203 2224  Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0203 2224  Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0203 2224  Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0203 2224  Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0203 2224  NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0203 2224  NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0218 2224  NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0218 2224  NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0218 2224  Null ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0218 2224  Null ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0218 2224  nv ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0218 2224  nv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0218 2224  nvsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0218 2224  nvsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0218 2224  NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0218 2224  NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0234 2224  NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0234 2224  NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0234 2224  NwlnkIpx ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0234 2224  NwlnkIpx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0234 2224  NwlnkNb ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0234 2224  NwlnkNb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0234 2224  NwlnkSpx ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0234 2224  NwlnkSpx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0234 2224  NwSapAgent ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0234 2224  NwSapAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0250 2224  Parport ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0250 2224  Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0250 2224  PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0250 2224  PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0250 2224  ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0250 2224  ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0250 2224  PCI ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0250 2224  PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0250 2224  PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0250 2224  PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0265 2224  Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0265 2224  Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0265 2224  PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0265 2224  PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0265 2224  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0265 2224  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0265 2224  PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0265 2224  PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0265 2224  PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0265 2224  PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0281 2224  Processor ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0281 2224  Processor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0281 2224  ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0281 2224  ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0281 2224  PSched ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0281 2224  PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0281 2224  Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0281 2224  Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0281 2224  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0281 2224  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0281 2224  RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0296 2224  RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0296 2224  RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0296 2224  RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0296 2224  Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0296 2224  Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0296 2224  RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0296 2224  RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0296 2224  RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0296 2224  RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0296 2224  Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0296 2224  Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0312 2224  Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0312 2224  Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0312 2224  RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0312 2224  RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0312 2224  RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0312 2224  RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0312 2224  RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0312 2224  RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0312 2224  redbook ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0312 2224  redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0328 2224  RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0328 2224  RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0328 2224  RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0328 2224  RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0328 2224  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0328 2224  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0328 2224  RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0328 2224  RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0328 2224  RTL8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0328 2224  RTL8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0343 2224  rtl8139 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0343 2224  rtl8139 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0343 2224  SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0343 2224  SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0343 2224  SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0343 2224  SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0343 2224  Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0343 2224  Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0343 2224  Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0343 2224  Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0359 2224  seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0359 2224  seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0359 2224  SENS ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0359 2224  SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0359 2224  serenum ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0359 2224  serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0359 2224  Serial ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0359 2224  Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0359 2224  Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0359 2224  Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0375 2224  SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0375 2224  SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0375 2224  ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0375 2224  ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0375 2224  SONYPVU1 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0375 2224  SONYPVU1 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0375 2224  splitter ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0375 2224  splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0375 2224  Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0375 2224  Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0375 2224  sr ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0375 2224  sr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0390 2224  srservice ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0390 2224  srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0390 2224  Srv ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0390 2224  Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0390 2224  SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0390 2224  SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0390 2224  StillCam ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0390 2224  StillCam ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0390 2224  stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0390 2224  stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0406 2224  swenum ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0406 2224  swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0406 2224  swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0406 2224  swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0406 2224  sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0406 2224  sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0406 2224  SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0406 2224  SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0406 2224  TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0406 2224  TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0421 2224  Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0421 2224  Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0421 2224  TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0421 2224  TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0421 2224  TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0421 2224  TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0421 2224  TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0421 2224  TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0421 2224  TermService ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0421 2224  TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0437 2224  Themes ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0437 2224  Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0437 2224  TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0437 2224  TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0437 2224  Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0437 2224  Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0437 2224  Update ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0437 2224  Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0437 2224  upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0437 2224  upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0453 2224  UPS ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0453 2224  UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0453 2224  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0453 2224  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0453 2224  usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0453 2224  usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0453 2224  usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0453 2224  usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0453 2224  usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0453 2224  usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0468 2224  usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0468 2224  usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0468 2224  usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0468 2224  usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0468 2224  usbstor ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0468 2224  usbstor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0468 2224  usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0468 2224  usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0468 2224  VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0468 2224  VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0484 2224  VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0484 2224  VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0484 2224  VSS ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0484 2224  VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0484 2224  W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0484 2224  W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0484 2224  Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0484 2224  Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0484 2224  wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0484 2224  wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0500 2224  WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0500 2224  WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0500 2224  winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0500 2224  winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0500 2224  WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0500 2224  WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0500 2224  WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0500 2224  WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0500 2224  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0500 2224  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0500 2224  WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0500 2224  WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0515 2224  wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0515 2224  wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0515 2224  wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0515 2224  wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0515 2224  WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0515 2224  WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0515 2224  WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0515 2224  WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0515 2224  WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0515 2224  WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0531 2224  xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:50.0531 2224  xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:50.0531 2224  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:39:50.0531 2224  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
18:40:10.0015 2896  Deinitialize success
 
 
awsMBR.txt:
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-03 19:57:50
-----------------------------
19:57:50.750    OS Version: Windows 5.1.2600 Service Pack 3
19:57:50.750    Number of processors: 4 586 0x1707
19:57:50.750    ComputerName: JJMILLER-PC  UserName: JJMAdmin
19:57:52.593    Initialize success
19:59:39.093    AVAST engine defs: 13090301
20:00:03.000    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-11
20:00:03.000    Disk 0 Vendor: WDC_WD2500AAKS-00VSA0 01.01B01 Size: 238475MB BusType: 3
20:00:03.187    Disk 0 MBR read successfully
20:00:03.187    Disk 0 MBR scan
20:00:03.203    Disk 0 Windows XP default MBR code
20:00:03.203    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238472 MB offset 63
20:00:03.218    Disk 0 scanning sectors +488392065
20:00:03.296    Disk 0 scanning C:\WINDOWS\system32\drivers
20:00:12.953    Service scanning
20:00:27.015    Modules scanning
20:00:30.218    Module: C:\WINDOWS\System32\drivers\dxgthk.sys  **SUSPICIOUS**
20:00:31.296    Module: C:\WINDOWS\system32\ntdll.dll  **SUSPICIOUS**
20:00:31.296    Disk 0 trace - called modules:
20:00:31.343    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
20:00:31.343    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a72cab8]
20:00:31.343    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a7571b8]
20:00:31.343    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-11[0x8a751d98]
20:00:31.859    AVAST engine scan C:\WINDOWS
20:00:37.500    AVAST engine scan C:\WINDOWS\system32
20:03:01.593    AVAST engine scan C:\WINDOWS\system32\drivers
20:03:19.593    AVAST engine scan C:\Documents and Settings\JJMAdmin
20:04:25.046    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JJMAdmin\Desktop\MBR.dat"
20:04:25.062    The log file has been saved successfully to "C:\Documents and Settings\JJMAdmin\Desktop\aswMBR.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-03 19:57:50
-----------------------------
19:57:50.750    OS Version: Windows 5.1.2600 Service Pack 3
19:57:50.750    Number of processors: 4 586 0x1707
19:57:50.750    ComputerName: JJMILLER-PC  UserName: JJMAdmin
19:57:52.593    Initialize success
19:59:39.093    AVAST engine defs: 13090301
20:00:03.000    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-11
20:00:03.000    Disk 0 Vendor: WDC_WD2500AAKS-00VSA0 01.01B01 Size: 238475MB BusType: 3
20:00:03.187    Disk 0 MBR read successfully
20:00:03.187    Disk 0 MBR scan
20:00:03.203    Disk 0 Windows XP default MBR code
20:00:03.203    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238472 MB offset 63
20:00:03.218    Disk 0 scanning sectors +488392065
20:00:03.296    Disk 0 scanning C:\WINDOWS\system32\drivers
20:00:12.953    Service scanning
20:00:27.015    Modules scanning
20:00:30.218    Module: C:\WINDOWS\System32\drivers\dxgthk.sys  **SUSPICIOUS**
20:00:31.296    Module: C:\WINDOWS\system32\ntdll.dll  **SUSPICIOUS**
20:00:31.296    Disk 0 trace - called modules:
20:00:31.343    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
20:00:31.343    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a72cab8]
20:00:31.343    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a7571b8]
20:00:31.343    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-11[0x8a751d98]
20:00:31.859    AVAST engine scan C:\WINDOWS
20:00:37.500    AVAST engine scan C:\WINDOWS\system32
20:03:01.593    AVAST engine scan C:\WINDOWS\system32\drivers
20:03:19.593    AVAST engine scan C:\Documents and Settings\JJMAdmin
20:04:25.046    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JJMAdmin\Desktop\MBR.dat"
20:04:25.062    The log file has been saved successfully to "C:\Documents and Settings\JJMAdmin\Desktop\aswMBR.txt"
20:05:25.250    AVAST engine scan C:\Documents and Settings\All Users
20:07:34.546    Scan finished successfully
20:07:39.625    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JJMAdmin\Desktop\MBR.dat"
20:07:39.625    The log file has been saved successfully to "C:\Documents and Settings\JJMAdmin\Desktop\aswMBR.txt"
 
 
I have MBR.zip but I can't see how to attach it :-(
 
Combofix still reported rootkit.zeroaccess was still on the tcp/ip stack just as before.
It never got to phase one and seemed to be a hard loop in rmbr.3XE.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 04 September 2013 - 09:37 AM

I find it very strange that most of your files listed in the TDSS log are UnsignedFile.Multi.Generic

They could have been corrupted by the infection. Normally the files are signed by Microsoft.

Let me check these tree files.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :filefind
    Beep.sys
    Cdaudio.sys
    iexplore.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt
  • [/list]
    ===

    Reset Internet Protocol (TCP/IP)

    Go to this Microsoft page and select the Fix It button.
    http://support.microsoft.com/kb/299357

    When completed restart the computer normally.

    Is ComboFix still reporting the ZeroAccess message?


#7 josephmmiller

josephmmiller
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 04 September 2013 - 08:07 PM

SystemLook report:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:51 on 04/09/2013 by JJMAdmin
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "Beep.sys"
C:\WINDOWS\ERDNT\cache\beep.sys --a--c- 4224 bytes [16:59 06/11/2010] [12:00 31/03/2003] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\dllcache\beep.sys --a--c- 4224 bytes [12:00 31/03/2003] [12:00 31/03/2003] DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\drivers\beep.sys --a---- 4224 bytes [12:00 31/03/2003] [12:00 31/03/2003] DA1F27D85E0D1525F6621372E7B685E9
 
Searching for "Cdaudio.sys"
C:\WINDOWS\system32\drivers\cdaudio.sys --a---- 18688 bytes [13:52 17/08/2001] [12:00 31/03/2003] C1B486A7658353D33A10CC15211A873B
 
Searching for "iexplore.exe"
C:\ComboFix\iexplore.exe --a---- 60416 bytes [04:56 20/04/2009] [04:56 20/04/2009] 753BC16326FEE4A421ACB636CCD602F4
C:\Program Files\Internet Explorer\iexplore.exe --a---- 638816 bytes [22:18 18/01/2010] [22:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe --a---- 218184 bytes [19:38 22/09/2012] [18:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC
C:\WINDOWS\ERDNT\cache\iexplore.exe --a--c- 638816 bytes [16:59 06/11/2010] [22:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E
C:\WINDOWS\ie8\iexplore.exe --a--c- 93184 bytes [20:10 18/01/2010] [00:12 14/04/2008] 55794B97A7FAABD2910873C85274F409
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe -----c- 93184 bytes [07:56 04/08/2004] [00:12 14/04/2008] 55794B97A7FAABD2910873C85274F409
C:\WINDOWS\system32\dllcache\iexplore.exe -----c- 638816 bytes [22:09 08/03/2009] [22:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E
 
-= EOF =-

 

 

I did the TCP/IP reset and the log is below:

 

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC03922A-2D84-49B6-8FF9-2E37CC8058CC}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC03922A-2D84-49B6-8FF9-2E37CC8058CC}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC03922A-2D84-49B6-8FF9-2E37CC8058CC}\IpAutoconfigurationSeed
<completed>
 
This message came out in the CMD window I ran the netsh command in:
 
WARNING: Could not obtain host information from machine: [JJMILLER-PC]. Some com
mands may not be available.

 

 

Combofix had the same messages about rootkit.zeroaccess on the TCP/IP stack and it ran for almost an hour without getting to phase 1. Hard looping in rmbr.3XE

 

I had to power off to get out of Combofix and back to this URL.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 05 September 2013 - 07:28 AM

  • Restart your computer in Safe Mode, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu.
  • When the Windows Advanced Options menu appears, select an option, and then press ENTER.
  • When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
Run ComboFix and post the log if you can.

#9 josephmmiller

josephmmiller
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 05 September 2013 - 08:24 PM

I restarted in safe mode and ran Combofix. I got the same messages about rootkit.zeroaccess attached to the IP stack.

However I got an additional message as follows:

 

A readily available replacement was not found.

Combofix needs to do an intensive search.

 

This may take some time.

 

 

I let it run three hours and nothing, no phase 1, no reports. Its apparently looping in rmbr.3XE again.

 

Since this is Windows XP Home would it be a good idea to do a recovery install of Windows from the CD? That would put original modules back down. I could then install all the fixes and get it up to snuff, then run MalwareBytes etc to see if anything bad were still around.

 

I ask because this isn't my PC. I am trying to fix it for someone else and they are wondering why its taking so long.

 

Thank you so far though, this bug seems like its real nasty.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 06 September 2013 - 07:12 AM

I let it run three hours and nothing, no phase 1, no reports. Its apparently looping in rmbr.3XE again.

Since this is Windows XP Home would it be a good idea to do a recovery install of Windows from the CD? That would put original modules back down. I could then install all the fixes and get it up to snuff, then run MalwareBytes etc to see if anything bad were still around.


Yes!

The ZeroAcces message is a false positive. The malware has been removed but the stack is broken.

Best to start over since we already tried to reset the Winsock.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 AM

Posted 12 September 2013 - 09:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users