Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System files possibly patched by malware


  • This topic is locked This topic is locked
20 replies to this topic

#1 jamjamnewbie

jamjamnewbie

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 19 April 2015 - 04:29 PM

Broni said I should post here, http://www.bleepingcomputer.com/forums/t/573617/various-problems-appearing-since-i-plugged-usb/

 

He said that it's POSSIBLE that a malware may have patched my system files

 

Symptoms (so far):

  • Chromium Browsers not opening correctly
  • Some applications not opening correctly
  • ALL USB's except one (8 gb) won't read because of some driver problem(?)

 

Well I haven't done anything yet, I'm not knowledgeable about malware-dealing stuff

-----------------------------------

FRST LOG:

-----------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-04-2015 01
Ran by admin (administrator) on 079AF83A2B1B4CC on 20-04-2015 05:13:18
Running from E:\BleepingComputer Files
Loaded Profiles: admin (Available profiles: admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser path: "C:\Program Files\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
() C:\Program Files\RocketDock\RocketDock.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATII2E.EXE
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Skillbrains) C:\Documents and Settings\admin\Local Settings\Application Data\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
(TorchMedia Inc.) C:\Documents and Settings\admin\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [450560 2014-10-02] (Apple Inc.)
HKLM\...\Run: [mca64Launcher 2.0.0.114] => C:\Program Files\mca64Launcher\mca64Launcher 2.0.0.114\mca64Launcher.exe [6460928 2015-02-17] (mca64)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [811792 2014-01-20] (BlueStack Systems, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2012-06-02] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2004-08-04] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2004-08-04] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll [2010-01-13] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2004-08-04] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2004-08-04] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2004-08-04] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2004-08-04] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll [2004-08-04] (Microsoft Corporation)
Winlogon\Notify\WB: C:\Program Files\AlienGUIse\fastload.dll [2001-12-20] (Stardock)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\Run: [Facebook Update] => C:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-11-17] (Facebook Inc.)
HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [524288 2007-09-02] ()
HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\Run: [LightShot] => C:\Documents and Settings\admin\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] ()
HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3825232 2014-03-21] (Tonec Inc.)
HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATII2E.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [632328 2014-10-15] (Sandboxie Holdings, LLC)
IFEO: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\cyberghost.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\gameranger.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\hsscp.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\idman.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\mca64launcher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\pictureviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\presentationhost.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\quicktimeplayer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\softwareupdate.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\teamviewer.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\wampmanager.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
Startup: C:\Documents and Settings\admin\Start Menu\Programs\Startup\GameRanger.lnk [2014-08-16]
ShortcutTarget: GameRanger.lnk -> C:\Documents and Settings\admin\Application Data\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-01-15] (Google)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2012-11-16] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1606980848-1123561945-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1606980848-1123561945-725345543-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
URLSearchHook: HKU\S-1-5-21-1606980848-1123561945-725345543-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1606980848-1123561945-725345543-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606980848-1123561945-725345543-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606980848-1123561945-725345543-1003 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2014-02-03] (Internet Download Manager, Tonec Inc.)
BHO: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} ->  No File
BHO: Blog This in Windows Live v2 -> {3adefb8e-b923-35e6-86e2-2b7841f5d2a7} -> C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-31] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-31] (Oracle Corporation)
Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02] (StyleFantasist)
Toolbar: HKLM - QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350739088462
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{01AF3B2B-FCD3-4B63-AA23-5370163D93BE}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1srccfym.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=86D1FDEA-F924-4FC1-86B5-58C98C50D070&n=781ac834&p2=^ZO^xdm017^YYA^ph&si=produtools
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=86D1FDEA-F924-4FC1-86B5-58C98C50D070&n=781ac834&ind=2015021108&p2=^ZO^xdm017^YYA^ph&si=produtools&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll [2013-12-29] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: TorchVLC -> C:\Documents and Settings\admin\Local Settings\Application Data\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-1606980848-1123561945-725345543-1003: @nsroblox.roblox.com/launcher -> C:\Documents and Settings\admin\Local Settings\Application Data\RobloxVersions\version-0aae98b55b324621\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1606980848-1123561945-725345543-1003: @nsroblox.roblox.com/launcher64 -> C:\Documents and Settings\admin\Local Settings\Application Data\RobloxVersions\version-0aae98b55b324621\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1606980848-1123561945-725345543-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\admin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2012-10-12] (Skype Limited)
FF Plugin HKU\S-1-5-21-1606980848-1123561945-725345543-1003: @tools.coowon.com/Coowon Update;version=3 -> C:\Documents and Settings\admin\Local Settings\Application Data\Coowon\Update\1.3.33.0\npCoowonUpdate3.dll [2015-03-22] (Coowon.)
FF Plugin HKU\S-1-5-21-1606980848-1123561945-725345543-1003: @tools.coowon.com/Coowon Update;version=9 -> C:\Documents and Settings\admin\Local Settings\Application Data\Coowon\Update\1.3.33.0\npCoowonUpdate3.dll [2015-03-22] (Coowon.)
FF Plugin HKU\S-1-5-21-1606980848-1123561945-725345543-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\admin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-18] (Unity Technologies ApS)
FF user.js: detected! => C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1srccfym.default\user.js [2014-05-11]
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1srccfym.default\searchplugins\Ask.xml [2015-04-02]
FF SearchPlugin: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1srccfym.default\searchplugins\bingp.xml [2008-01-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2015-04-02]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-04-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-09]
FF HKLM\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix
FF Extension: Mozilla hotfix - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2012-12-28]
FF HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix
FF HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\admin\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\admin\Application Data\IDM\idmmzcc5 [2014-03-21]
FF HKU\S-1-5-21-1606980848-1123561945-725345543-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\admin\Application Data\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-02-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2004-08-04] (Microsoft Corporation) [File not signed]
S3 ALG; C:\WINDOWS\System32\alg.exe [72192 2004-08-04] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2004-08-04] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2004-08-04] (Microsoft Corporation) [File not signed]
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 BITS; C:\WINDOWS\system32\qmgr.dll [382464 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S2 CiSvc; C:\WINDOWS\system32\cisvc.exe [33280 2004-08-04] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [60928 2004-08-04] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [60416 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [111104 2004-08-04] (Microsoft Corporation) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2004-08-04] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-21] (Microsoft Corporation) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2004-08-04] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
S4 Futuremark SystemInfo Service; C:\Program Files\Futuremark\SystemInfo\FMSISvc.exe [166112 2013-09-05] (Futuremark)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848168 2015-03-30] (LogMeIn Inc.)
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2004-08-04] (Microsoft Corporation) [File not signed]
S4 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [946688 2014-05-17] (AnchorFree Inc.) [File not signed]
S4 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
S4 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
R3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2004-08-04] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [177664 2004-08-04] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2004-08-04] (Microsoft Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-03-30] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2004-08-04] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [61440 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [123392 2008-05-19] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [138752 2004-08-04] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [138752 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-21] (Microsoft Corporation) [File not signed]
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [4533336 2010-10-22] (INCA Internet Co., Ltd.) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2004-08-04] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [89088 2004-08-04] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [174080 2004-08-04] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [168448 2004-08-04] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [49152 2001-08-23] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2004-08-04] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [102912 2004-08-04] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [160256 2001-08-23] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134664 2014-10-15] (Sandboxie Holdings, LLC)
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [123392 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [190976 2004-08-04] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [38912 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2004-08-04] (Microsoft Corporation) [File not signed]
S4 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [86528 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [170496 2004-08-04] (Microsoft Corporation) [File not signed]
S4 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2004-08-04] (Microsoft Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333312 2004-08-04] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [117248 2004-08-04] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [246272 2004-08-04] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2004-08-04] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [100864 2004-08-04] (Microsoft Corporation) [File not signed]
R2 TorchCrashHandler; C:\Documents and Settings\admin\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1217032 2015-04-02] (TorchMedia Inc.) <==== ATTENTION
S3 TrkWks; C:\WINDOWS\system32\trkwks.dll [90624 2004-08-04] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-31] (TuneUp Software)
S4 UnsignedThemes; C:\WINDOWS\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
S4 upnphost; C:\WINDOWS\System32\upnphost.dll [185344 2004-08-04] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [46080 2004-08-04] (Microsoft Corporation) [File not signed]
S4 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [357016 2012-11-01] (VMware, Inc.)
S4 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [435864 2012-11-01] (VMware, Inc.)
S3 VSS; C:\WINDOWS\System32\vssvc.exe [317440 2004-08-04] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [174592 2004-08-04] (Microsoft Corporation) [File not signed]
S4 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10987008 2014-05-01] () [File not signed]
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [67584 2004-08-04] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [154112 2004-08-04] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [81408 2004-08-04] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2004-08-04] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [359936 2004-08-04] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129536 2004-08-04] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2004-08-03] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2001-08-23] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142464 2004-08-04] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2004-08-03] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [95360 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2004-08-03] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [106768 2014-01-20] (BlueStack Systems)
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2001-08-23] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2001-08-23] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [49536 2004-08-03] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2004-08-03] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2004-08-03] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2004-08-03] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2001-08-23] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2004-08-04] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [34944 2001-08-23] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2004-08-03] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\DRIVERS\fltMgr.sys [124800 2004-08-03] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2001-08-23] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2001-08-23] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2004-08-03] (Microsoft Corporation) [File not signed]
R3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-01-08] (Windows ® Server 2003 DDK provider) [File not signed]
R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [9600 2001-08-17] (Microsoft Corporation) [File not signed]
R3 HssDrv; C:\WINDOWS\System32\DRIVERS\HssDrv.sys [43720 2014-05-17] (AnchorFree Inc.)
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52736 2004-08-03] (Microsoft Corporation) [File not signed]
R3 ICAM3NT5; C:\WINDOWS\System32\Drivers\Icam3.sys [141056 2001-08-17] (Microsoft Corporation) [File not signed]
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [121184 2013-11-28] (Tonec Inc.)
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [41856 2004-08-03] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36096 2004-08-03] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys [29056 2004-08-03] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-23] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20992 2004-08-03] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [134912 2004-08-03] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [74752 2004-08-03] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2004-08-03] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [35840 2001-08-18] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2004-08-03] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [171776 2004-08-04] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-04-19] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2001-08-23] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2004-08-03] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42240 2004-08-03] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [181248 2004-08-03] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2004-08-04] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2004-08-04] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2004-08-03] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85376 2004-08-03] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182912 2004-08-03] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [12928 2004-08-04] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91776 2004-08-03] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34560 2004-08-03] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2004-08-03] (Microsoft Corporation) [File not signed]
S3 NPPTNT2; C:\WINDOWS\system32\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574592 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2001-08-23] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2001-08-23] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2001-08-23] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [18688 2001-08-23] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2001-08-23] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-18] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [119936 2004-08-03] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2004-08-03] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Parallel Technologies, Inc.) [File not signed]
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-03-07] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-03-07] ()
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2001-08-23] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2004-08-03] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2001-08-23] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [176512 2004-08-03] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2001-08-23] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196864 2004-08-04] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57472 2004-08-03] (Microsoft Corporation) [File not signed]
S3 rtl8029; C:\WINDOWS\System32\DRIVERS\RTL8029.SYS [19017 2001-08-18] (Realtek Semiconductor Corporation) [File not signed]
S3 RTLTEAMING; C:\WINDOWS\System32\DRIVERS\RTLTEAMING.SYS [36384 2011-06-15] (Realtek Semiconductor Corporation)
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [17664 2011-06-15] (Realtek Semiconductor Corporation                           ) [File not signed]
S3 RTLVLANMP; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [17664 2011-06-15] (Realtek Semiconductor Corporation                           ) [File not signed]
R2 RtNdPt5x; C:\WINDOWS\System32\DRIVERS\RtNdPt5x.sys [22016 2011-06-15] (Realtek Semiconductor Corporation                           ) [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161288 2014-10-15] (Sandboxie Holdings, LLC)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [12400 2015-02-25] (Macrovision Europe Ltd) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15488 2004-08-03] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64896 2004-08-03] (Microsoft Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2004-08-03] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6400 2004-08-04] (Microsoft Corporation) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-08-25] (Duplex Secure Ltd.)
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15360 2004-08-03] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2004-08-04] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [54272 2001-08-18] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2004-08-04] (Microsoft Corporation) [File not signed]
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2014-05-17] (AnchorFree Inc)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2004-08-04] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2004-08-04] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2004-08-04] (Microsoft Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66176 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [209408 2004-08-03] (Microsoft Corporation) [File not signed]
S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [31616 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [26624 2004-08-04] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [57600 2004-08-04] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2004-08-03] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [15104 2004-08-03] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26496 2004-08-03] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20480 2004-08-04] (Microsoft Corporation) [File not signed]
R2 uxpatch; C:\WINDOWS\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2004-08-03] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2004-08-03] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2004-08-03] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [82944 2004-08-04] (Microsoft Corporation) [File not signed]
S4 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2001-08-23] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19328 2004-08-03] (Microsoft Corporation) [File not signed]
U3 ahd5ih6z; C:\WINDOWS\system32\Drivers\ahd5ih6z.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [X]
S3 dump_wmimmc; \??\C:\Program Files\e-Games\Ran Online\GameGuard\dump_wmimmc.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 FairplayKD; \??\C:\Documents and Settings\All Users.WINDOWS\Application Data\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S4 IntelIde; No ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X]
S2 VMnetuserif; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys [X]
U3 wampapache; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 05:12 - 2015-04-20 05:13 - 00000000 ____D () C:\FRST
2015-04-19 14:03 - 2015-04-19 14:05 - 00125238 _____ () C:\Documents and Settings\admin\Desktop\Rkill.txt
2015-04-19 14:03 - 2015-04-19 14:03 - 00000000 ____D () C:\Documents and Settings\admin\Desktop\rkill
2015-04-19 13:03 - 2015-04-19 14:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2015-04-19 13:03 - 2015-04-19 14:00 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes' Anti-Malware (portable)
2015-04-19 12:44 - 2015-04-19 12:45 - 00000000 ____D () C:\Avenger
2015-04-18 16:43 - 2015-04-18 16:43 - 00000000 _____ () C:\WINDOWS\EEventManager.INI
2015-04-16 09:18 - 2015-04-16 09:18 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Epson
2015-04-15 22:29 - 2015-04-15 22:29 - 00001931 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Epson User's Guide L210 Series.lnk
2015-04-15 22:29 - 2015-04-15 22:29 - 00000000 ____D () C:\Program Files\Epson Software
2015-04-15 22:29 - 2015-04-15 22:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Epson Software
2015-04-15 22:29 - 2015-04-15 22:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Epson Software
2015-04-15 22:28 - 2015-04-15 22:29 - 00000000 ____D () C:\Program Files\epson
2015-04-15 22:28 - 2015-04-15 22:28 - 00000665 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\EPSON Scan.lnk
2015-04-15 22:28 - 2011-12-12 00:00 - 00122000 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
2015-04-15 22:26 - 2015-04-15 22:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EPSON
2015-04-15 22:26 - 2015-04-15 22:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\EPSON
2015-04-15 22:26 - 2015-04-15 22:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
2015-04-15 22:26 - 2015-04-15 22:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
2015-04-15 22:26 - 2015-04-15 22:26 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-04-15 22:26 - 2011-04-19 02:03 - 00095232 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_TLBI2E.DLL
2015-04-15 22:26 - 2011-03-14 02:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_TD4BI2E.DLL
2015-04-15 22:26 - 2007-04-10 00:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_DCINST.DLL
2015-04-15 22:23 - 2011-12-12 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\eswiaud.dll
2015-04-15 22:23 - 2004-08-03 22:58 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2015-04-15 20:48 - 2015-04-15 20:48 - 00001871 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Barbarian Invasion.lnk
2015-04-15 20:48 - 2015-04-15 20:48 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Rome - Total War
2015-04-15 20:48 - 2015-04-15 20:48 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Rome - Total War
2015-04-15 20:24 - 2015-04-15 20:24 - 00000000 ____D () C:\WINDOWS\RegisteredPackages
2015-04-15 20:24 - 2004-07-09 04:26 - 00354816 ____C () C:\WINDOWS\system32\dllcache\psisdecd.dll
2015-04-15 20:24 - 2004-07-09 04:26 - 00354816 _____ () C:\WINDOWS\system32\psisdecd.dll
2015-04-15 20:24 - 2004-07-09 04:26 - 00052224 ____C () C:\WINDOWS\system32\dllcache\msdvbnp.ax
2015-04-15 20:24 - 2004-07-09 04:26 - 00052224 _____ () C:\WINDOWS\system32\msdvbnp.ax
2015-04-15 20:24 - 2004-07-09 04:26 - 00052096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msdv.sys
2015-04-15 20:24 - 2004-07-09 04:26 - 00052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msdv.sys
2015-04-15 20:24 - 2004-07-09 04:26 - 00030208 ____C () C:\WINDOWS\system32\dllcache\psisrndr.ax
2015-04-15 20:24 - 2004-07-09 04:26 - 00030208 _____ () C:\WINDOWS\system32\psisrndr.ax
2015-04-15 20:24 - 2004-07-09 04:26 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2015-04-15 20:24 - 2004-07-09 04:26 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdaplgin.ax
2015-04-15 20:24 - 2004-07-09 04:26 - 00015104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2015-04-15 20:24 - 2004-07-09 04:26 - 00015104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpe.sys
2015-04-15 20:24 - 2004-07-09 04:26 - 00011392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2015-04-15 20:24 - 2004-07-09 04:26 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bdasup.sys
2015-04-15 20:24 - 2002-12-12 00:14 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdllreg.exe
2015-04-15 20:24 - 2002-12-12 00:14 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksolay.ax
2015-04-15 20:24 - 2002-08-29 03:41 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pid.dll
2015-04-15 20:16 - 2015-04-15 20:16 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total War
2015-04-15 20:16 - 2015-04-15 20:16 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Total War
2015-04-10 15:41 - 2015-04-10 15:41 - 00001554 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Start BlueStacks.lnk
2015-04-10 15:40 - 2015-04-10 15:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\BlueStacks
2015-04-10 15:40 - 2015-04-10 15:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\BlueStacks
2015-04-10 15:40 - 2015-04-10 15:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\BlueStacks
2015-04-10 15:40 - 2015-04-10 15:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\BlueStacks
2015-04-08 10:36 - 2015-04-08 10:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-03 10:40 - 2015-04-03 10:40 - 00001635 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SHAREit.lnk
2015-04-03 10:40 - 2015-04-03 10:40 - 00000000 ____D () C:\Program Files\Lenovo
2015-04-03 10:40 - 2015-04-03 10:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Lenovo
2015-04-03 10:40 - 2015-04-03 10:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Lenovo
2015-04-02 12:27 - 2015-04-02 12:27 - 00000114 _____ () C:\Documents and Settings\admin\My Documents\rocketdockkill.bat
2015-04-02 12:26 - 2015-04-02 12:27 - 00000114 _____ () C:\Documents and Settings\admin\My Documents\rocketdockkill.txt
2015-03-31 22:09 - 2015-03-31 22:09 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-31 22:09 - 2015-03-31 22:08 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-03-31 22:09 - 2015-03-31 22:08 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-03-31 22:08 - 2015-03-31 22:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-03-31 22:08 - 2015-03-31 22:08 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java
2015-03-31 22:06 - 2015-03-31 22:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java Development Kit
2015-03-31 22:06 - 2015-03-31 22:06 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Java Development Kit
2015-03-31 21:21 - 2015-03-31 21:21 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2015-03-31 21:21 - 2015-03-31 21:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\LogMeIn Hamachi
2015-03-31 21:21 - 2015-03-31 21:21 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\LogMeIn Hamachi
2015-03-27 12:07 - 2015-04-10 15:40 - 00000000 ____D () C:\Program Files\BlueStacks
2015-03-22 15:45 - 2015-03-22 15:45 - 00002284 _____ () C:\Documents and Settings\admin\Desktop\Coowon.lnk
2015-03-22 15:45 - 2015-03-22 15:45 - 00000000 ____D () C:\Documents and Settings\admin\Start Menu\Programs\Coowon
2015-03-22 15:45 - 2015-03-22 15:45 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Coowon
2015-03-22 15:25 - 2015-03-22 15:25 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Maxthon Cloud Browser
2015-03-22 15:25 - 2015-03-22 15:25 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Maxthon Cloud Browser
2015-03-22 15:25 - 2015-03-22 15:25 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Maxthon3
2015-03-22 15:24 - 2015-03-22 15:25 - 00000000 ____D () C:\Program Files\Maxthon

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 05:13 - 2012-10-21 10:35 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Temp
2015-04-20 05:00 - 2013-12-29 20:25 - 00000376 _____ () C:\WINDOWS\Tasks\update-sys.job
2015-04-20 04:53 - 2012-10-21 10:28 - 01759764 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-20 04:41 - 2012-11-13 09:56 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 04:30 - 2012-10-21 18:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-20 04:06 - 2013-12-29 20:25 - 00000376 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-1606980848-1123561945-725345543-1003.job
2015-04-20 02:00 - 2014-12-12 11:20 - 00000342 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-079AF83A2B1B4CC-admin.job
2015-04-20 02:00 - 2012-10-21 18:11 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Adobe
2015-04-20 01:00 - 2012-10-21 10:34 - 00032406 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-19 18:00 - 2012-10-26 08:34 - 00000444 _____ () C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2015-04-19 16:58 - 2014-01-23 07:31 - 00000000 ____D () C:\Program Files\osu!
2015-04-19 14:00 - 2012-11-13 09:56 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 13:03 - 2014-09-25 05:50 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 12:57 - 2014-09-25 05:50 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-19 12:49 - 2014-08-30 17:44 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TorchCrashHandler
2015-04-19 12:49 - 2014-08-30 17:44 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\TorchCrashHandler
2015-04-19 12:49 - 2014-04-30 14:02 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\LogMeIn Hamachi
2015-04-19 12:49 - 2013-07-28 00:09 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\LogMeIn Hamachi
2015-04-19 12:49 - 2012-10-21 03:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-19 12:48 - 2012-10-21 19:01 - 00000316 _____ () C:\WINDOWS\Tasks\YourFile Update.job
2015-04-19 12:48 - 2012-10-21 10:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-19 12:48 - 2012-10-21 03:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-19 12:44 - 2012-08-06 17:04 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2718704$
2015-04-19 12:44 - 2008-01-01 00:05 - 00000000 ____D () C:\Program Files\Movies App
2015-04-19 12:40 - 2012-10-21 10:35 - 00000178 ___SH () C:\Documents and Settings\admin\ntuser.ini
2015-04-19 12:40 - 2012-10-20 21:28 - 00524288 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2015-04-19 12:33 - 2014-07-01 07:25 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Movies Toolbar
2015-04-19 12:33 - 2014-05-11 08:03 - 00000000 ____D () C:\Program Files\Movies Toolbar
2015-04-19 12:33 - 2013-10-16 17:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\BitGuard
2015-04-19 12:33 - 2013-10-16 17:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\BitGuard
2015-04-19 12:33 - 2013-07-27 18:59 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\BabSolution
2015-04-19 12:33 - 2011-06-09 10:08 - 00000000 ____D () C:\Documents and Settings\alex\Local Settings\Temp
2015-04-19 12:33 - 2011-06-09 10:08 - 00000000 ____D () C:\Documents and Settings\alex
2015-04-19 11:39 - 2014-09-25 05:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-19 11:39 - 2014-09-25 05:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-19 11:39 - 2014-09-25 05:50 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-18 17:43 - 2013-03-09 18:33 - 00981793 _____ () C:\WINDOWS\setupapi.log
2015-04-18 16:46 - 2001-08-23 20:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-18 16:44 - 2012-10-21 10:35 - 00000000 ____D () C:\Documents and Settings\admin
2015-04-17 09:27 - 2014-11-01 22:44 - 00001576 _____ () C:\WINDOWS\Sandboxie.ini
2015-04-17 08:45 - 2013-02-11 12:02 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Skype
2015-04-17 07:17 - 2013-02-11 12:01 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2015-04-17 07:17 - 2013-02-11 12:01 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2015-04-16 07:05 - 2013-02-11 12:01 - 00000000 ___RD () C:\Program Files\Skype
2015-04-15 22:29 - 2012-04-08 10:12 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-04-15 22:23 - 2011-06-09 02:45 - 00000000 ____D () C:\WINDOWS\twain_32
2015-04-15 20:50 - 2014-11-01 14:21 - 00000000 ____D () C:\Documents and Settings\admin\My Documents\Games
2015-04-15 20:34 - 2013-05-08 12:49 - 00202333 _____ () C:\WINDOWS\DirectX.log
2015-04-15 20:23 - 2011-06-09 09:57 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2015-04-15 20:16 - 2013-05-25 07:53 - 00043930 _____ () C:\WINDOWS\wmsetup.log
2015-04-10 15:49 - 2012-03-07 12:09 - 00000000 ____D () C:\WINDOWS\system32\Logfiles
2015-04-10 15:30 - 2014-08-30 17:44 - 00001091 _____ () C:\Documents and Settings\admin\Start Menu\Programs\Torch.lnk
2015-04-10 15:29 - 2014-08-30 17:36 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Torch
2015-04-08 16:24 - 2014-03-07 17:27 - 00000000 ____D () C:\Documents and Settings\admin\.jmc
2015-04-02 23:18 - 2012-11-17 03:44 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Temp
2015-04-01 23:39 - 2015-01-21 14:32 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\VT_Software
2015-04-01 11:59 - 2015-02-25 13:34 - 00000000 ____D () C:\Documents and Settings\admin\My Documents\SimCity 4
2015-03-31 22:08 - 2013-03-14 20:52 - 00000000 ____D () C:\Program Files\Java
2015-03-30 15:25 - 2013-10-03 07:33 - 00026176 ____H (LogMeIn, Inc.) C:\WINDOWS\system32\hamachi.sys
2015-03-25 08:00 - 2012-10-20 20:55 - 00073288 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2014-10-24 08:45 - 2014-11-16 09:11 - 0000600 _____ () C:\Documents and Settings\admin\Application Data\winscp.rnd
2012-10-21 18:11 - 2015-03-02 17:00 - 0109056 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-23 10:02 - 2013-06-23 10:02 - 0000128 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\fusioncache.dat
2014-11-22 16:00 - 2014-11-22 16:24 - 0000096 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\rbxcsettings.rbx
2013-03-19 17:02 - 2009-07-29 11:50 - 0319488 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\SbarDB.mdb
2013-12-29 20:25 - 2013-12-29 20:25 - 0000003 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\updater.log
2013-12-29 20:25 - 2013-12-29 20:25 - 0000511 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\UserProducts.xml

Files to move or delete:
====================
C:\Documents and Settings\admin\msvcr110.dll
C:\Documents and Settings\alex\3mxt.exe


Some content of TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\admin\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\admin\Local Settings\Temp\bdcam_0.dll
C:\Documents and Settings\admin\Local Settings\Temp\bdfilters.dll
C:\Documents and Settings\admin\Local Settings\Temp\Foxit Updater.exe
C:\Documents and Settings\admin\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\alex\Local Settings\Temp\316.exe
C:\Documents and Settings\alex\Local Settings\Temp\785.exe
C:\Documents and Settings\alex\Local Settings\Temp\849.exe
C:\Documents and Settings\alex\Local Settings\Temp\945.exe
C:\Documents and Settings\alex\Local Settings\Temp\AcDeltree.exe
C:\Documents and Settings\alex\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Documents and Settings\alex\Local Settings\Temp\hssinst.dll
C:\Documents and Settings\alex\Local Settings\Temp\hssinst32.dll
C:\Documents and Settings\alex\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\alex\Local Settings\Temp\installhelper.dll
C:\Documents and Settings\alex\Local Settings\Temp\Nokia_PC_Suite_eng.exe
C:\Documents and Settings\alex\Local Settings\Temp\nsisdt.dll
C:\Documents and Settings\alex\Local Settings\Temp\SRAssetsHelper.dll
C:\Documents and Settings\alex\Local Settings\Temp\_HangARoo.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 1059840 ____A (Microsoft Corporation) 41373f06eaa72172f88cf50099dbfa57

 

C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe
[2004-08-04 00:56] - [2004-08-04 00:56] - 0052224 ____A (Microsoft Corporation) 25c4b90abd8f5aa114354ea8be7bc851

 

C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Attached Files


Edited by jamjamnewbie, 19 April 2015 - 08:15 PM.


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 23 April 2015 - 06:36 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
windows_xp_logo.jpg Windows XP notes

I've noticed that you're a Windows XP user. I need to tell you that my canned speeches (texts I use to present instructions) are designed for newer systems in first place. Therefore, whenever you will see a request to Run as Administrator, please ignore it and instead run the tool just by a double-click on the aforementioned icon.

warning.gif Windows XP end of support warning!

As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft.
Any patches, updates or security releases are ceased for this System.This is just an information for you if not aware.


Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    BitGuard
    FlashOffliner Packages
    Free Games V1.5
    Media Player
    RegCure Pro
    Torch
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 jamjamnewbie

jamjamnewbie
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 23 April 2015 - 07:03 AM

Ok pls wait because firefox can't download and I have to download from my phone and transfer them to my pc


Edited by jamjamnewbie, 23 April 2015 - 07:14 AM.


#4 jamjamnewbie

jamjamnewbie
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 23 April 2015 - 07:14 AM

When I try to uninstall flashoffliner packages there is this uninstallmanager that appeared and has a box that I should check/uncheck and continue, the checkbox says "Remove this manager from Add/Remove Programs"...Should I check it and continue?



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 23 April 2015 - 07:17 AM

Yes, please continue...
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 jamjamnewbie

jamjamnewbie
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 23 April 2015 - 07:38 AM

Uninstallation completed :)

 

20:32:19.0390 0x0894  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:32:27.0171 0x0894  ============================================================
20:32:27.0171 0x0894  Current date / time: 2015/04/23 20:32:27.0171
20:32:27.0171 0x0894  SystemInfo:
20:32:27.0171 0x0894  
20:32:27.0171 0x0894  OS Version: 5.1.2600 ServicePack: 3.0
20:32:27.0171 0x0894  Product type: Workstation
20:32:27.0171 0x0894  ComputerName: 079AF83A2B1B4CC
20:32:27.0171 0x0894  UserName: admin
20:32:27.0171 0x0894  Windows directory: C:\WINDOWS
20:32:27.0171 0x0894  System windows directory: C:\WINDOWS
20:32:27.0171 0x0894  Processor architecture: Intel x86
20:32:27.0171 0x0894  Number of processors: 2
20:32:27.0171 0x0894  Page size: 0x1000
20:32:27.0171 0x0894  Boot type: Normal boot
20:32:27.0171 0x0894  ============================================================
20:32:29.0156 0x0894  KLMD registered as C:\WINDOWS\system32\drivers\44392934.sys
20:32:29.0218 0x0894  System UUID: {13CAB419-9589-A7DE-319F-A042B795107C}
20:32:29.0671 0x0894  Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 ( 232.88 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:32:29.0671 0x0894  ============================================================
20:32:29.0671 0x0894  \Device\Harddisk0\DR0:
20:32:29.0671 0x0894  MBR partitions:
20:32:29.0671 0x0894  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
20:32:29.0687 0x0894  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0xC34F28D
20:32:29.0718 0x0894  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x4B220E9
20:32:29.0718 0x0894  ============================================================
20:32:29.0734 0x0894  C: <-> \Device\Harddisk0\DR0\Partition1
20:32:29.0765 0x0894  D: <-> \Device\Harddisk0\DR0\Partition2
20:32:29.0812 0x0894  E: <-> \Device\Harddisk0\DR0\Partition3
20:32:29.0812 0x0894  ============================================================
20:32:29.0812 0x0894  Initialize success
20:32:29.0812 0x0894  ============================================================
20:32:49.0343 0x0b28  ============================================================
20:32:49.0343 0x0b28  Scan started
20:32:49.0343 0x0b28  Mode: Manual; SigCheck; TDLFS;
20:32:49.0343 0x0b28  ============================================================
20:32:49.0343 0x0b28  KSN ping started
20:33:38.0812 0x0b28  KSN ping finished: false
20:33:40.0968 0x0b28  ================ Scan system memory ========================
20:33:40.0968 0x0b28  System memory - ok
20:33:40.0968 0x0b28  ================ Scan services =============================
20:33:41.0703 0x0b28  Abiosdsk - ok
20:33:41.0703 0x0b28  abp480n5 - ok
20:33:41.0750 0x0b28  [ A10C7534F7223F4A73A948967D00E69B, EBF46FBB4C7C04433E91D95A079354E51A40CC05EAA00A86DEE261AFA81162FC ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:33:42.0312 0x0b28  ACPI - detected UnsignedFile.Multi.Generic ( 1 )
20:33:52.0437 0x0b28  Object is SCO, delete is not allowed
20:33:52.0437 0x0b28  ACPI ( UnsignedFile.Multi.Generic ) - warning
20:34:12.0453 0x0b28  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:34:12.0468 0x0b28  ACPIEC - detected UnsignedFile.Multi.Generic ( 1 )
20:34:22.0468 0x0b28  ACPIEC ( UnsignedFile.Multi.Generic ) - warning
20:34:42.0531 0x0b28  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:34:42.0562 0x0b28  AdobeFlashPlayerUpdateSvc - ok
20:34:42.0578 0x0b28  adpu160m - ok
20:34:42.0609 0x0b28  [ 841F385C6CFAF66B58FBD898722BB4F0, 0DA17CCA27DF5C7245959249162A5393B2E36B7C9A3A3525AE1371DE6AE698A3 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:34:42.0625 0x0b28  aec - detected UnsignedFile.Multi.Generic ( 1 )
20:34:42.0625 0x0b28  aec ( UnsignedFile.Multi.Generic ) - warning
20:34:42.0671 0x0b28  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:34:42.0671 0x0b28  AFD - detected UnsignedFile.Multi.Generic ( 1 )
20:34:42.0687 0x0b28  Object is SCO, delete is not allowed
20:34:42.0687 0x0b28  AFD ( UnsignedFile.Multi.Generic ) - warning
20:34:42.0687 0x0b28  Aha154x - ok
20:34:42.0687 0x0b28  aic78u2 - ok
20:34:42.0703 0x0b28  aic78xx - ok
20:34:42.0718 0x0b28  [ C7AE0FD3867DB0D42B03B73C18F3D671, 13AE5D3DD13BC4C0EAB234FC3F87DA918793CE317A07EE37F107C8C6104E0BA9 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:34:42.0734 0x0b28  Alerter - detected UnsignedFile.Multi.Generic ( 1 )
20:34:42.0734 0x0b28  Alerter ( UnsignedFile.Multi.Generic ) - warning
20:34:42.0750 0x0b28  [ 02056BC9235AB56BCD250F7C9468E298, 9DB7F2F2FB51A8DBF4BA2E0F44B006FD21B852453DDE146765634E562689E1EE ] ALG             C:\WINDOWS\System32\alg.exe
20:34:42.0765 0x0b28  ALG - detected UnsignedFile.Multi.Generic ( 1 )
20:34:42.0765 0x0b28  ALG ( UnsignedFile.Multi.Generic ) - warning
20:34:42.0765 0x0b28  AliIde - ok
20:34:42.0859 0x0b28  [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
20:34:43.0015 0x0b28  Ambfilt - ok
20:34:43.0015 0x0b28  amsint - ok
20:34:43.0062 0x0b28  [ 9C3C12975C97119412802B181FBEEFFE, A20B1557702B2178354710823659E1E89E5C641C018CF964D95D481716B920B3 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:34:43.0093 0x0b28  AppMgmt - detected UnsignedFile.Multi.Generic ( 1 )
20:34:43.0093 0x0b28  AppMgmt ( UnsignedFile.Multi.Generic ) - warning
20:34:43.0093 0x0b28  Force sending object to P2P due to detect: AppMgmt
20:34:43.0109 0x0b28  Object send P2P result: false
20:34:43.0109 0x0b28  asc - ok
20:34:43.0109 0x0b28  asc3350p - ok
20:34:43.0109 0x0b28  asc3550 - ok
20:34:43.0234 0x0b28  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:34:43.0265 0x0b28  aspnet_state - ok
20:34:43.0296 0x0b28  [ 02000ABF34AF4C218C35D257024807D6, FDE21F7FCB198A44A6F2BCAF5EB11C9D90A094B4A2F8C307244A7655848954DA ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:34:43.0312 0x0b28  AsyncMac - detected UnsignedFile.Multi.Generic ( 1 )
20:34:43.0312 0x0b28  Object is SCO, delete is not allowed
20:34:43.0312 0x0b28  AsyncMac ( UnsignedFile.Multi.Generic ) - warning
20:34:43.0343 0x0b28  [ CDFE4411A69C224BD1D11B2DA92DAC51, 0E6B23A80F171550575BEBC56F7500CD87A5CF03B2B9FDC49BC3DE96282CD69D ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:34:43.0343 0x0b28  atapi - detected UnsignedFile.Multi.Generic ( 1 )
20:34:43.0343 0x0b28  Object is SCO, delete is not allowed
20:34:43.0343 0x0b28  atapi ( UnsignedFile.Multi.Generic ) - warning
20:34:43.0359 0x0b28  Atdisk - ok
20:34:43.0375 0x0b28  [ EC88DA854AB7D7752EC8BE11A741BB7F, 91FAF224CB4B44608C85CC25C3A82A3EC83F379D14A119A60A75505A30043255 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:34:43.0375 0x0b28  Atmarpc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:43.0375 0x0b28  Atmarpc ( UnsignedFile.Multi.Generic ) - warning
20:34:43.0375 0x0b28  Force sending object to P2P due to detect: Atmarpc
20:34:43.0375 0x0b28  Object send P2P result: false
20:34:43.0421 0x0b28  [ DB66DB626E4882EBEF55F136F12C1829, E4FA63031E8FCF456D45160C29ADD0989355D5C5C8E17C949C278421D41DAB62 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:34:43.0421 0x0b28  AudioSrv - detected UnsignedFile.Multi.Generic ( 1 )
20:34:43.0421 0x0b28  Object is SCO, delete is not allowed
20:34:43.0421 0x0b28  AudioSrv ( UnsignedFile.Multi.Generic ) - warning
20:34:43.0468 0x0b28  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:34:43.0468 0x0b28  audstub - detected UnsignedFile.Multi.Generic ( 1 )
20:34:43.0468 0x0b28  audstub ( UnsignedFile.Multi.Generic ) - warning
20:34:43.0515 0x0b28  [ 8F50F98686C9A397A19FCBAE284DB1C5, 8B05A3D50569394B316BAE5D7A165A60539EA77AE0D86D69A8C8C1E1784E51FA ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:34:43.0531 0x0b28  AVGIDSHX - ok
20:34:43.0546 0x0b28  [ 95889A9D23F3133250FA8AD13C982D58, 0DCCBBC048FC8ED05CEFBDB1161886CC774731574B7A29783A191C1405B5EF76 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
20:34:43.0578 0x0b28  Avglogx - ok
20:34:43.0593 0x0b28  [ BA73B38E9033FC6018DB736B635706AE, D36E0ED07C6DF480A4D2B40C671AA53BF06006A3E1A2C03ECD57805FD1B279D4 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:34:43.0609 0x0b28  Avgtdix - ok
20:34:43.0703 0x0b28  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3, CE726A3D0BE6B287AB32488D377EB10D5C3EB612263D577BD695A9AA5C45E594 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
20:34:43.0750 0x0b28  avgwd - ok
20:34:43.0781 0x0b28  [ 5D7BE7B19E827125E016325334E58FF1, 76AE80C91BF53DF4EE18C92D47EDC6541C2013E3669278166079D1A4A24F9FB6 ] BANTExt         C:\WINDOWS\System32\Drivers\BANTExt.sys
20:34:43.0796 0x0b28  BANTExt - detected UnsignedFile.Multi.Generic ( 1 )
20:34:43.0796 0x0b28  BANTExt ( UnsignedFile.Multi.Generic ) - warning
20:34:43.0828 0x0b28  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:34:43.0843 0x0b28  Beep - detected UnsignedFile.Multi.Generic ( 1 )
20:34:43.0843 0x0b28  Beep ( UnsignedFile.Multi.Generic ) - warning
20:34:43.0906 0x0b28  [ 2C69EC7E5A311334D10DD95F338FCCEA, 3A4335B8D723311F66FA2A30972C65EEED63161D6A2B4ABD6FCF1C374083BC0F ] BITS            C:\WINDOWS\system32\qmgr.dll
20:34:43.0968 0x0b28  BITS - detected UnsignedFile.Multi.Generic ( 1 )
20:34:43.0968 0x0b28  BITS ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0000 0x0b28  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
20:34:44.0015 0x0b28  Browser - detected UnsignedFile.Multi.Generic ( 1 )
20:34:44.0015 0x0b28  Browser ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0093 0x0b28  [ 61B335353CA68295F6CF0471E2F33E12, 12716ED923EEF7D48FF488AAC2620FB620DB6517D6F6E4F1D09ECD64CCBC2612 ] BstHdAndroidSvc C:\Program Files\BlueStacks\HD-Service.exe
20:34:44.0109 0x0b28  BstHdAndroidSvc - ok
20:34:44.0125 0x0b28  [ DE17C7F25CB209931311C7E628810F4F, A077926B4E41AD8DDCC8C6ADE85BF1A5C165796A9D7D2018E0D2BCAF3C7A110A ] BstHdDrv        C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys
20:34:44.0140 0x0b28  BstHdDrv - ok
20:34:44.0187 0x0b28  [ A4C49FB1C20742D262858D0534525366, D210BD2F158A038EF47396F5068BE8E4B8F987B34B718EB46CA5E3BF0A6DF587 ] BstHdLogRotatorSvc C:\Program Files\BlueStacks\HD-LogRotatorService.exe
20:34:44.0218 0x0b28  BstHdLogRotatorSvc - ok
20:34:44.0265 0x0b28  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:34:44.0296 0x0b28  cbidf2k - detected UnsignedFile.Multi.Generic ( 1 )
20:34:44.0296 0x0b28  cbidf2k ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0328 0x0b28  [ 6163ED60B684BAB19D3352AB22FC48B2, 5A7ED636D8B2178EA21FA986CC9168DEF258AA4FFB9DCD792A81A1D615AC5D5E ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:34:44.0328 0x0b28  CCDECODE - detected UnsignedFile.Multi.Generic ( 1 )
20:34:44.0328 0x0b28  CCDECODE ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0328 0x0b28  cd20xrnt - ok
20:34:44.0359 0x0b28  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:34:44.0359 0x0b28  Cdaudio - detected UnsignedFile.Multi.Generic ( 1 )
20:34:44.0359 0x0b28  Cdaudio ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0390 0x0b28  [ CD7D5152DF32B47F4E36F710B35AAE02, 7382890CC1B27FC66C3E94E064562BBD87B3C75577CB0FD10860B8E2CE07D12E ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:34:44.0406 0x0b28  Cdfs - detected UnsignedFile.Multi.Generic ( 1 )
20:34:44.0406 0x0b28  Object is SCO, delete is not allowed
20:34:44.0406 0x0b28  Cdfs ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0406 0x0b28  Force sending object to P2P due to detect: Cdfs
20:34:44.0406 0x0b28  Object send P2P result: false
20:34:44.0437 0x0b28  [ AF9C19B3100FE010496B1A27181FBF72, 64E9E4461F631EED2B2A1FC80DCC9C31DCECB5738289D322E6A6428C840DC621 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:34:44.0437 0x0b28  Cdrom - detected UnsignedFile.Multi.Generic ( 1 )
20:34:44.0437 0x0b28  Object is SCO, delete is not allowed
20:34:44.0437 0x0b28  Cdrom ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0500 0x0b28  [ 08D4BD3F12DFF3A11E4F2C09745DA0FA, 99A19D3B43F5B21A3E23B9A91D9443ED2710C14B954C769B837626181FC4F630 ] CGVPNCliService C:\Program Files\CyberGhost 5\Service.exe
20:34:44.0515 0x0b28  CGVPNCliService - ok
20:34:44.0531 0x0b28  Changer - ok
20:34:44.0546 0x0b28  [ 8AABD8DC0E450B025FDFC612A4557A2C, C7481586A6E27307C0BEA9383BEE4EBBFA2A18DF03842D05C03FDB4E77CA7A84 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:34:44.0546 0x0b28  CiSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:44.0546 0x0b28  CiSvc ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0578 0x0b28  [ C65EFB8BA01554BCA80FDC5F673BB365, 9BBC2848AC989271F744E7AF00E8DE2EC2971DE5B225C8895B735609E6ED9275 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:34:44.0578 0x0b28  ClipSrv - detected UnsignedFile.Multi.Generic ( 1 )
20:34:44.0578 0x0b28  ClipSrv ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0625 0x0b28  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:34:44.0640 0x0b28  clr_optimization_v2.0.50727_32 - ok
20:34:44.0671 0x0b28  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:34:44.0703 0x0b28  clr_optimization_v4.0.30319_32 - ok
20:34:44.0703 0x0b28  CmdIde - ok
20:34:44.0703 0x0b28  COMSysApp - ok
20:34:44.0718 0x0b28  Cpqarray - ok
20:34:44.0734 0x0b28  cpuz134 - ok
20:34:44.0765 0x0b28  [ 10654F9DDCEA9C46CFB77554231BE73B, 4EEAF6523941228FC440E9EA758545E2F2A2DD98565F90B5351EF2C9B82139ED ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:34:44.0781 0x0b28  CryptSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:44.0781 0x0b28  CryptSvc ( UnsignedFile.Multi.Generic ) - warning
20:34:44.0781 0x0b28  Force sending object to P2P due to detect: CryptSvc
20:34:44.0781 0x0b28  Object send P2P result: false
20:34:44.0781 0x0b28  dac2w2k - ok
20:34:44.0781 0x0b28  dac960nt - ok
20:34:44.0828 0x0b28  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:34:44.0921 0x0b28  DcomLaunch - ok
20:34:44.0953 0x0b28  [ 2B7E31520F3BCF584B99366A6D192FB5, 9B55D54E946DC3FCC74B9AFA0A21F4131E644C8D1BAAE433D71D33984C1A1C40 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
20:34:44.0968 0x0b28  dg_ssudbus - ok
20:34:45.0000 0x0b28  [ CB6CA3E5261D65F6F809EED23BF167AA, 48A3CED0556420445329D5910B1411A8E9B2725979C859F89DF5DB23DD100078 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:34:45.0015 0x0b28  Dhcp - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0015 0x0b28  Object is SCO, delete is not allowed
20:34:45.0015 0x0b28  Dhcp ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0015 0x0b28  Force sending object to P2P due to detect: Dhcp
20:34:45.0015 0x0b28  Object send P2P result: false
20:34:45.0046 0x0b28  [ 00CA44E4534865F8A3B64F7C0984BFF0, 3FD73CCD9892F6CFEE776CB384C2E35FA15F4101D308A67E1358F85299501E3D ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:34:45.0062 0x0b28  Disk - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0062 0x0b28  Object is SCO, delete is not allowed
20:34:45.0062 0x0b28  Disk ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0062 0x0b28  Force sending object to P2P due to detect: Disk
20:34:45.0062 0x0b28  Object send P2P result: false
20:34:45.0125 0x0b28  [ C0FBB516E06E243F0CF31F597E7EBF7D, 1FC205AC5D8D6BDA176438CEBFAC92CD4DEF50A6C1EBDCBCE2B149FF08D40032 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:34:45.0203 0x0b28  dmboot - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0203 0x0b28  dmboot ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0203 0x0b28  Force sending object to P2P due to detect: dmboot
20:34:45.0203 0x0b28  Object send P2P result: false
20:34:45.0250 0x0b28  [ F5E7B358A732D09F4BCF2824B88B9E28, 97B8317354659EFBA076E20AF20741C9FBC0961723483514E43D7EC6D66186C3 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:34:45.0265 0x0b28  dmio - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0265 0x0b28  Object is SCO, delete is not allowed
20:34:45.0265 0x0b28  dmio ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0296 0x0b28  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:34:45.0296 0x0b28  dmload - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0296 0x0b28  dmload ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0296 0x0b28  Force sending object to P2P due to detect: dmload
20:34:45.0296 0x0b28  Object send P2P result: false
20:34:45.0328 0x0b28  [ 1639D9964C9E1B2ECCA95C8217D3E70D, A42E985697E673B89F5BD314BA9FE93A1CD8DDEBC6312AD52E196BFDFFA9E513 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:34:45.0328 0x0b28  dmserver - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0328 0x0b28  dmserver ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0359 0x0b28  [ A6F881284AC1150E37D9AE47FF601267, 6C07654CF21637E527FC727EB50F4138BF0EFF0680000AC94001063B436389DB ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:34:45.0375 0x0b28  DMusic - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0375 0x0b28  DMusic ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0406 0x0b28  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:34:45.0421 0x0b28  Dnscache - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0421 0x0b28  Object is SCO, delete is not allowed
20:34:45.0421 0x0b28  Dnscache ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0437 0x0b28  dpti2o - ok
20:34:45.0437 0x0b28  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E, B941AB5D9D504486083E0D1539B1A96E27721C9EFD7A67CA1DB7258B0D33AB78 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:34:45.0453 0x0b28  drmkaud - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0453 0x0b28  drmkaud ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0453 0x0b28  dump_wmimmc - ok
20:34:45.0453 0x0b28  EagleXNt - ok
20:34:45.0484 0x0b28  [ E9EFCB47B90FD5498695BB7FEFD36CAE, 453B956C99C4D3626B0B0BDB449E9F0283D01AD50C331E298D219B4710BD6870 ] EpsonScanSvc    C:\WINDOWS\system32\EscSvc.exe
20:34:45.0500 0x0b28  EpsonScanSvc - ok
20:34:45.0531 0x0b28  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A, 305F39E4D18DC079E48578C31AE87BA1D0D781A2613BD5DA4689AC6F2794D326 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:34:45.0546 0x0b28  ERSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0546 0x0b28  ERSvc ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0562 0x0b28  esgiguard - ok
20:34:45.0609 0x0b28  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
20:34:45.0640 0x0b28  Eventlog - ok
20:34:45.0687 0x0b28  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
20:34:45.0734 0x0b28  EventSystem - ok
20:34:45.0859 0x0b28  FairplayKD - ok
20:34:45.0906 0x0b28  [ 3117F595E9615E04F05A54FC15A03B20, 4708E8F1CDE6E9663B5DBEBAB8C684B16E45D41AEF20E4071D0A2931B305BD76 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:34:45.0906 0x0b28  Fastfat - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0906 0x0b28  Object is SCO, delete is not allowed
20:34:45.0906 0x0b28  Fastfat ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0906 0x0b28  Force sending object to P2P due to detect: Fastfat
20:34:45.0906 0x0b28  Object send P2P result: false
20:34:45.0937 0x0b28  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:34:45.0953 0x0b28  FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0953 0x0b28  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning
20:34:45.0953 0x0b28  [ CED2E8396A8838E59D8FD529C680E02C, 8542AE6A2D65D3F843EA70F5FFBC150B773C5CFA3FE6388FA68A95416FAD0F6E ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:34:45.0968 0x0b28  Fdc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:45.0968 0x0b28  Object is SCO, delete is not allowed
20:34:45.0968 0x0b28  Fdc ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0000 0x0b28  [ E153AB8A11DE5452BCF5AC7652DBF3ED, AEB48687C604B0CDE5F1A13C2EC854CFFBE1CE0837C3898D6D4C6B71265D0ED0 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:34:46.0015 0x0b28  Fips - detected UnsignedFile.Multi.Generic ( 1 )
20:34:46.0015 0x0b28  Fips ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0031 0x0b28  [ 0DD1DE43115B93F4D85E889D7A86F548, D50F7AAE5416C6D41845960BDDA24E97226F609AA726E4F88601ADC9ED50E872 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:34:46.0031 0x0b28  Flpydisk - detected UnsignedFile.Multi.Generic ( 1 )
20:34:46.0031 0x0b28  Object is SCO, delete is not allowed
20:34:46.0031 0x0b28  Flpydisk ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0031 0x0b28  Force sending object to P2P due to detect: Flpydisk
20:34:46.0031 0x0b28  Object send P2P result: false
20:34:46.0062 0x0b28  [ 157754F0DF355A9E0A6F54721914F9C6, 1EB1424D98000FE80901287F9D51DDD18132B7C2CFEC4C7767F32F71DC2F64F9 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:34:46.0078 0x0b28  FltMgr - detected UnsignedFile.Multi.Generic ( 1 )
20:34:46.0078 0x0b28  Object is SCO, delete is not allowed
20:34:46.0078 0x0b28  FltMgr ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0078 0x0b28  Force sending object to P2P due to detect: FltMgr
20:34:46.0078 0x0b28  Object send P2P result: false
20:34:46.0125 0x0b28  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:34:46.0140 0x0b28  FontCache3.0.0.0 - ok
20:34:46.0156 0x0b28  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:34:46.0156 0x0b28  Fs_Rec - detected UnsignedFile.Multi.Generic ( 1 )
20:34:46.0156 0x0b28  Object is SCO, delete is not allowed
20:34:46.0156 0x0b28  Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0156 0x0b28  Force sending object to P2P due to detect: Fs_Rec
20:34:46.0156 0x0b28  Object send P2P result: false
20:34:46.0171 0x0b28  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:34:46.0171 0x0b28  Ftdisk - detected UnsignedFile.Multi.Generic ( 1 )
20:34:46.0171 0x0b28  Object is SCO, delete is not allowed
20:34:46.0171 0x0b28  Ftdisk ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0218 0x0b28  [ A532181954A5CF2BA60353EE8E14A70A, 0894C56421F70E6053D6F0738554AC6780E5DDF732ADFC19DB500F0DF4462A01 ] Futuremark SystemInfo Service C:\Program Files\Futuremark\SystemInfo\FMSISvc.exe
20:34:46.0234 0x0b28  Futuremark SystemInfo Service - ok
20:34:46.0265 0x0b28  [ C0F1D4A21DE5A415DF8170616703DEBF, 3E21AAD06CF6EB95662B568671B1DBD129CED481761BCDB67088E965E5C0BC5B ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:34:46.0281 0x0b28  Gpc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:46.0281 0x0b28  Gpc ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0375 0x0b28  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:34:46.0390 0x0b28  gupdate - ok
20:34:46.0406 0x0b28  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:34:46.0406 0x0b28  gupdatem - ok
20:34:46.0437 0x0b28  [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:34:46.0453 0x0b28  hamachi - ok
20:34:46.0562 0x0b28  [ CC38F0E652A0C4C67FC9B1DF47984242, 321A077FE15C5BB71335120197823716265AE11D3C7BA47B144199B0478ECE8F ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
20:34:46.0656 0x0b28  Hamachi2Svc - ok
20:34:46.0687 0x0b28  [ 3FCC124B6E08EE0E9351F717DD136939, EBFE0FB51E14570A1A1D64C8E5383F3FF28509361D13945B79A9C551EB522012 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:34:46.0734 0x0b28  HDAudBus - detected UnsignedFile.Multi.Generic ( 1 )
20:34:46.0734 0x0b28  HDAudBus ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0812 0x0b28  [ 8827911A8C37E40C027CBFC88E69D967, ED381F089E6143896B890BD5450FFFB271FC68983412376F54869A93F9D7DA9D ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:34:46.0828 0x0b28  helpsvc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:46.0828 0x0b28  helpsvc ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0828 0x0b28  HidServ - ok
20:34:46.0859 0x0b28  [ 1DE6783B918F540149AA69943BDFEBA8, 6ED28109CA0A7738857D840E369EAB91C1605F2643950762D327CCE241C135A1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:34:46.0859 0x0b28  hidusb - detected UnsignedFile.Multi.Generic ( 1 )
20:34:46.0859 0x0b28  hidusb ( UnsignedFile.Multi.Generic ) - warning
20:34:46.0859 0x0b28  Force sending object to P2P due to detect: hidusb
20:34:46.0875 0x0b28  Object send P2P result: false
20:34:46.0875 0x0b28  hpn - ok
20:34:46.0953 0x0b28  [ 428B987511195717AF191DFEEB6BBFBC, 084E7DE317D6F59978A2FC4B454006ED0F3F4DBAB381A7ADCFE44309C7C2C1C5 ] hshld           C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
20:34:47.0046 0x0b28  hshld - detected UnsignedFile.Multi.Generic ( 1 )
20:34:47.0046 0x0b28  hshld ( UnsignedFile.Multi.Generic ) - warning
20:34:47.0078 0x0b28  [ 6E4F57B7A290498E838FA39E25284598, 8E2C0A78BB5F9720F57B05F9C38CD5891EB36B109D6DCFDFE9ECD65667C6BEBF ] HssDrv          C:\WINDOWS\system32\DRIVERS\HssDrv.sys
20:34:47.0078 0x0b28  HssDrv - ok
20:34:47.0093 0x0b28  [ 7A97848FE7C47F9390427EBDDD92F9F1, 2C053D1433585B3FA0ED839CDFC80CAB3A2D670F5B1F6E3D80BC31EB5CE0E948 ] HssTrayService  C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
20:34:47.0109 0x0b28  HssTrayService - ok
20:34:47.0156 0x0b28  [ 5CB01FD5AA4885BC4811433B54393AF2, 018AC4FDE8099731C3D9F77EE66B6EB902DC246D4E68DD20962CD2D7C48C2123 ] HssWd           C:\Program Files\Hotspot Shield\bin\hsswd.exe
20:34:47.0171 0x0b28  HssWd - ok
20:34:47.0218 0x0b28  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:34:47.0281 0x0b28  HTTP - ok
20:34:47.0328 0x0b28  [ 064D8581ADF77C25133E7D751D917D83, E8623C32E48D3E7A0179C8333C14D8A051C9F7300D0F465E94184F1C75E13A0F ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:34:47.0343 0x0b28  HTTPFilter - detected UnsignedFile.Multi.Generic ( 1 )
20:34:47.0343 0x0b28  HTTPFilter ( UnsignedFile.Multi.Generic ) - warning
20:34:47.0343 0x0b28  i2omgmt - ok
20:34:47.0343 0x0b28  i2omp - ok
20:34:47.0359 0x0b28  [ 5502B58EEF7486EE6F93F3F164DCB808, 7E56E49D6444F2F48037B859B491DF95E1C90EC7ED4EF9C477CD2C49783E62E0 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:34:47.0375 0x0b28  i8042prt - detected UnsignedFile.Multi.Generic ( 1 )
20:34:47.0375 0x0b28  Object is SCO, delete is not allowed
20:34:47.0375 0x0b28  i8042prt ( UnsignedFile.Multi.Generic ) - warning
20:34:47.0375 0x0b28  Force sending object to P2P due to detect: i8042prt
20:34:47.0375 0x0b28  Object send P2P result: false
20:34:47.0468 0x0b28  [ C5DB546F9028CD00E64335091860D8F3, 0325476A744AA6AC48B0149B809DFCA58F4FA5177DD9047B5636AFE058B8F443 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:34:47.0609 0x0b28  ialm - ok
20:34:47.0640 0x0b28  [ 7E9DCE459BE666AB54F67E77CB7D1297, 3FF02D3D54523DB443B2CEAEF8BF295656D302A7384688A81457482FCEAC69ED ] ICAM3NT5        C:\WINDOWS\system32\Drivers\Icam3.sys
20:34:47.0656 0x0b28  ICAM3NT5 - detected UnsignedFile.Multi.Generic ( 1 )
20:34:47.0656 0x0b28  ICAM3NT5 ( UnsignedFile.Multi.Generic ) - warning
20:34:47.0656 0x0b28  Force sending object to P2P due to detect: ICAM3NT5
20:34:47.0671 0x0b28  Object send P2P result: false
20:34:47.0703 0x0b28  [ AACD48039C4BB5930EC145B456CB791E, B35705EB0FD81A730C3DFADAB07E123339B0A62D16C8EF8B8266C4547D730BB7 ] IDMTDI          C:\WINDOWS\system32\DRIVERS\idmtdi.sys
20:34:47.0718 0x0b28  IDMTDI - ok
20:34:47.0796 0x0b28  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:34:47.0875 0x0b28  idsvc - ok
20:34:47.0906 0x0b28  [ F8AA320C6A0409C0380E5D8A99D76EC6, A848B9C489DDFBD48BDA140CB9DD43097686115042745F6444F803739168D391 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:34:47.0906 0x0b28  Imapi - detected UnsignedFile.Multi.Generic ( 1 )
20:34:47.0906 0x0b28  Imapi ( UnsignedFile.Multi.Generic ) - warning
20:34:47.0968 0x0b28  [ 8F0B5F86AE237711424602699844BB5D, 3280324EA5712A694FF8BD96B2910BE41E83BB987938585BE0BD9245CCC77B10 ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:34:48.0000 0x0b28  ImapiService - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0000 0x0b28  ImapiService ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0015 0x0b28  ini910u - ok
20:34:48.0234 0x0b28  [ A916995CB503172020DA3C35E1227AC7, 27DA968C2DE28F81046678D3A516EA7693DB1CBD8802C63C7E36BF2A3264BFF9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:34:48.0500 0x0b28  IntcAzAudAddService - ok
20:34:48.0515 0x0b28  IntelIde - ok
20:34:48.0546 0x0b28  [ 279FB78702454DFF2BB445F238C048D2, 51A559AD7C9CAA8BD60D4E167E850B978083FAE9C5632E47D13B1092B56FD0BA ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:34:48.0562 0x0b28  intelppm - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0562 0x0b28  Object is SCO, delete is not allowed
20:34:48.0562 0x0b28  intelppm ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0578 0x0b28  [ 4448006B6BC60E6C027932CFC38D6855, C377235EBE475C281ACB6A3267F12D8FE623433F05134A6CE50562414F94D7B1 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:34:48.0578 0x0b28  Ip6Fw - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0578 0x0b28  Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0609 0x0b28  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:34:48.0625 0x0b28  IpFilterDriver - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0625 0x0b28  Object is SCO, delete is not allowed
20:34:48.0625 0x0b28  IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0640 0x0b28  [ E1EC7F5DA720B640CD8FB8424F1B14BB, E5CF9F43D8C8028E8F29CAF8AD1E2179E5B02DCAA430900672FCB4C4EE288EF0 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:34:48.0640 0x0b28  IpInIp - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0640 0x0b28  IpInIp ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0656 0x0b28  [ B5A8E215AC29D24D60B4D1250EF05ACE, D1D47DCF9F35325549833710BD9B1C431698819914212FF6A328DD338FBA0E1D ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:34:48.0671 0x0b28  IpNat - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0671 0x0b28  Object is SCO, delete is not allowed
20:34:48.0671 0x0b28  IpNat ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0687 0x0b28  [ 64537AA5C003A6AFEEE1DF819062D0D1, 5A6C11317DEF14B8C34A8C669EB75F7A8D46F05090C43D3DFF602CFA13CC504E ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:34:48.0687 0x0b28  IPSec - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0687 0x0b28  IPSec ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0734 0x0b28  [ 50708DAA1B1CBB7D6AC1CF8F56A24410, A5657038A66B83472B456246E58884D5DF2E5B63BD176AE3DFFB6D5B6998E8B7 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:34:48.0734 0x0b28  IRENUM - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0734 0x0b28  Object is SCO, delete is not allowed
20:34:48.0734 0x0b28  IRENUM ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0765 0x0b28  [ E504F706CCB699C2596E9A3DA1596E87, 80675B90DEFA75A58CB83FB88ED9CB849FE5CE2522A90F4AF08D54DC5B412541 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:34:48.0781 0x0b28  isapnp - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0781 0x0b28  Object is SCO, delete is not allowed
20:34:48.0781 0x0b28  isapnp ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0828 0x0b28  [ EBDEE8A2EE5393890A1ACEE971C4C246, ACC57A7BACAB100FB2903451D2A48BFE936E3B8F9B13882C1D2DFF9D19BD1D34 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:34:48.0828 0x0b28  Kbdclass - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0828 0x0b28  Object is SCO, delete is not allowed
20:34:48.0828 0x0b28  Kbdclass ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0859 0x0b28  [ D93CAD07C5683DB066B0B2D2D3790EAD, 4C96F68F9914DCCDAFB5D6FC1A765ADFF37C6E4675AF0EF20AA1EDFF04CE27AD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:34:48.0859 0x0b28  kmixer - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0859 0x0b28  kmixer ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0875 0x0b28  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:34:48.0875 0x0b28  KSecDD - detected UnsignedFile.Multi.Generic ( 1 )
20:34:48.0875 0x0b28  Object is SCO, delete is not allowed
20:34:48.0875 0x0b28  KSecDD ( UnsignedFile.Multi.Generic ) - warning
20:34:48.0921 0x0b28  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:34:48.0953 0x0b28  lanmanserver - ok
20:34:48.0984 0x0b28  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:34:49.0046 0x0b28  lanmanworkstation - ok
20:34:49.0046 0x0b28  lbrtfdc - ok
20:34:49.0109 0x0b28  [ B3EFF6D938C572E90A07B3D87A3C7657, 8C02DEFD2F1A15740CD5421D20B3808BD27583019AF1B79D087880A71807EEE1 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:34:49.0109 0x0b28  LmHosts - detected UnsignedFile.Multi.Generic ( 1 )
20:34:49.0109 0x0b28  Object is SCO, delete is not allowed
20:34:49.0109 0x0b28  LmHosts ( UnsignedFile.Multi.Generic ) - warning
20:34:49.0156 0x0b28  [ 77CB836CFD03A033B075E85B649D910F, 0FC7FE8A619D445D9E99330B5A41D76E2FC72F0371BB7555629B037779EB546C ] LMIGuardianSvc  C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
20:34:49.0171 0x0b28  LMIGuardianSvc - ok
20:34:49.0203 0x0b28  [ AB73A39A5E45F465B02C11C500BB0278, 6863B27DA7A0808F232B93CB74ACA09751B6F63FD9FB26EB3FA0282636CE9807 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:34:49.0218 0x0b28  MBAMProtector - ok
20:34:49.0281 0x0b28  [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
20:34:49.0359 0x0b28  MBAMService - ok
20:34:49.0390 0x0b28  [ 95FD808E4AC22ABA025A7B3EAC0375D2, 4A067A8B7C539A0C2BFAC55A1869EF56FED835C28F5F7DD7D7BA65A5B273CF5F ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:34:49.0406 0x0b28  Messenger - detected UnsignedFile.Multi.Generic ( 1 )
20:34:49.0406 0x0b28  Messenger ( UnsignedFile.Multi.Generic ) - warning
20:34:49.0406 0x0b28  Force sending object to P2P due to detect: Messenger
20:34:49.0406 0x0b28  Object send P2P result: false
20:34:49.0437 0x0b28  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:34:49.0453 0x0b28  mnmdd - detected UnsignedFile.Multi.Generic ( 1 )
20:34:49.0453 0x0b28  mnmdd ( UnsignedFile.Multi.Generic ) - warning
20:34:49.0468 0x0b28  [ 415AB921CA2C9D1950213256C93032A0, 17E4F69A9E188902697D565440B02B0DBA466305EC2C55C7EB995B6DE5BAB433 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:34:49.0484 0x0b28  mnmsrvc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:49.0484 0x0b28  mnmsrvc ( UnsignedFile.Multi.Generic ) - warning
20:34:49.0484 0x0b28  Force sending object to P2P due to detect: mnmsrvc
20:34:49.0484 0x0b28  Object send P2P result: false
20:34:49.0500 0x0b28  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05, BF2C49E4D4C2D2E865B1C59FFE76BF29146ADD971D845FBD659A96AA26D72A11 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:34:49.0515 0x0b28  Modem - detected UnsignedFile.Multi.Generic ( 1 )
20:34:49.0515 0x0b28  Object is SCO, delete is not allowed
20:34:49.0515 0x0b28  Modem ( UnsignedFile.Multi.Generic ) - warning
20:34:49.0515 0x0b28  Force sending object to P2P due to detect: Modem
20:34:49.0515 0x0b28  Object send P2P result: false
20:34:49.0578 0x0b28  [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
20:34:49.0656 0x0b28  Monfilt - ok
20:34:49.0703 0x0b28  [ 34E1F0031153E491910E12551400192C, D608F77DB7035FD676773A3DF8DBC5DD52CC5198D0681A73D7EAA6C161047A90 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:34:49.0703 0x0b28  Mouclass - detected UnsignedFile.Multi.Generic ( 1 )
20:34:49.0703 0x0b28  Object is SCO, delete is not allowed
20:34:49.0703 0x0b28  Mouclass ( UnsignedFile.Multi.Generic ) - warning
20:34:49.0703 0x0b28  Force sending object to P2P due to detect: Mouclass
20:34:49.0703 0x0b28  Object send P2P result: false
20:34:49.0718 0x0b28  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:34:49.0734 0x0b28  mouhid - detected UnsignedFile.Multi.Generic ( 1 )
20:34:49.0734 0x0b28  mouhid ( UnsignedFile.Multi.Generic ) - warning
20:34:49.0765 0x0b28  [ 65653F3B4477F3C63E68A9659F85EE2E, 32A34B22A4C1F50A966F321FD228C6B85F0F0315ABF3D40FC416618E786A4024 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:34:49.0765 0x0b28  MountMgr - detected UnsignedFile.Multi.Generic ( 1 )
20:34:49.0765 0x0b28  Object is SCO, delete is not allowed
20:34:49.0765 0x0b28  MountMgr ( UnsignedFile.Multi.Generic ) - warning
20:34:49.0812 0x0b28  [ 269BDB3CB77EB77BABE2862BEAB1F208, EC693365C73D59244CB77E181042128A9901BA5C1109CD4F1B9A2008DF1F9582 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:34:49.0828 0x0b28  MozillaMaintenance - ok
20:34:49.0843 0x0b28  mraid35x - ok
20:34:49.0875 0x0b28  [ 46EDCC8F2DB2F322C24F48785CB46366, 0300EC19CAAEEC52001EBB7F3BE6DE314B42FE7F8BA072905070FEA75CC06E3B ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:34:49.0890 0x0b28  MRxDAV - detected UnsignedFile.Multi.Generic ( 1 )
20:34:49.0890 0x0b28  Object is SCO, delete is not allowed
20:34:49.0890 0x0b28  MRxDAV ( UnsignedFile.Multi.Generic ) - warning
20:34:49.0890 0x0b28  Force sending object to P2P due to detect: MRxDAV
20:34:49.0890 0x0b28  Object send P2P result: false
20:34:49.0906 0x0b28  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:34:49.0984 0x0b28  MRxSmb - ok
20:34:50.0015 0x0b28  [ 561B3A4333CA2DBDBA28B5B956822519, 5B53906A29B9AA55A399F880CA989F9878BD943D3E97FB10A25BFD723654AF49 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:34:50.0031 0x0b28  Msfs - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0031 0x0b28  Object is SCO, delete is not allowed
20:34:50.0031 0x0b28  Msfs ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0031 0x0b28  MSIServer - ok
20:34:50.0062 0x0b28  [ AE431A8DD3C1D0D0610CDBAC16057AD0, 8B3BCAC3DA71778DC8B863E6DEF10F02F65D1BDD3381802DDC0B2980F4F1FBB9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:34:50.0078 0x0b28  MSKSSRV - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0078 0x0b28  Object is SCO, delete is not allowed
20:34:50.0078 0x0b28  MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0078 0x0b28  [ 13E75FEF9DFEB08EEDED9D0246E1F448, 69D4CF483753FF253431656E1CB680F6702375696F94E259729BD11C25004031 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:34:50.0093 0x0b28  MSPCLOCK - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0093 0x0b28  Object is SCO, delete is not allowed
20:34:50.0093 0x0b28  MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0093 0x0b28  [ 1988A33FF19242576C3D0EF9CE785DA7, 9E1C07F364DA7EF0D859BB7A3A06F849A153722E27E872640120CC6855D9FC51 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:34:50.0109 0x0b28  MSPQM - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0109 0x0b28  Object is SCO, delete is not allowed
20:34:50.0109 0x0b28  MSPQM ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0140 0x0b28  [ 469541F8BFD2B32659D5D463A6714BCE, 46AA7D2442DCC4C51C08BA0C00136F058F9160E6D6EDE78B2FD82545AE4FD10B ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:34:50.0140 0x0b28  mssmbios - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0140 0x0b28  Object is SCO, delete is not allowed
20:34:50.0140 0x0b28  mssmbios ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0171 0x0b28  [ BF13612142995096AB084F2DB7F40F77, E23FA89B54772A33A0A92A0701F02CB9683823FCA5CC192235378E1433FB21CF ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
20:34:50.0171 0x0b28  MSTEE - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0171 0x0b28  MSTEE ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0203 0x0b28  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:34:50.0218 0x0b28  Mup - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0218 0x0b28  Object is SCO, delete is not allowed
20:34:50.0218 0x0b28  Mup ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0218 0x0b28  Force sending object to P2P due to detect: Mup
20:34:50.0218 0x0b28  Object send P2P result: false
20:34:50.0234 0x0b28  [ 5C8DC6429C43DC6177C1FA5B76290D1A, BBD145E87D4CF25A873CAE89DF29DF297187B604D42CD36AD8D3F62A033D906E ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:34:50.0250 0x0b28  NABTSFEC - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0250 0x0b28  NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0250 0x0b28  Force sending object to P2P due to detect: NABTSFEC
20:34:50.0250 0x0b28  Object send P2P result: false
20:34:50.0265 0x0b28  [ 558635D3AF1C7546D26067D5D9B6959E, 8C1802908DF35E442575969D29F4B22019A2B3E4C309B8E193F98F75AE81F013 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:34:50.0281 0x0b28  NDIS - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0281 0x0b28  Object is SCO, delete is not allowed
20:34:50.0281 0x0b28  NDIS ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0296 0x0b28  [ 520CE427A8B298F54112857BCF6BDE15, 521BFFC460D64CD69D12F8C9D61CEBE409A63F1F1FB928450E4564DA29C0FFEA ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:34:50.0312 0x0b28  NdisIP - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0312 0x0b28  NdisIP ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0343 0x0b28  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:34:50.0359 0x0b28  NdisTapi - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0359 0x0b28  Object is SCO, delete is not allowed
20:34:50.0359 0x0b28  NdisTapi ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0390 0x0b28  [ 34D6CD56409DA9A7ED573E1C90A308BF, DE2060F57C913272524AFB0D472714ABF6F7E49A01534F23D95EE67F207CC6CF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:34:50.0390 0x0b28  Ndisuio - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0390 0x0b28  Object is SCO, delete is not allowed
20:34:50.0390 0x0b28  Ndisuio ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0421 0x0b28  [ 0B90E255A9490166AB368CD55A529893, 90EB17422BF52FE6D0CC6ADA4262D605806C5B583DE04EDEC95FD47EE9697865 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:34:50.0437 0x0b28  NdisWan - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0437 0x0b28  Object is SCO, delete is not allowed
20:34:50.0437 0x0b28  NdisWan ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0453 0x0b28  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:34:50.0484 0x0b28  NDProxy - ok
20:34:50.0484 0x0b28  [ 3A2ACA8FC1D7786902CA434998D7CEB4, ECE218DCDCB4D0A5CA8CBD14E931BAA3B5F381B70BBACB65B0EBBB46D2D31683 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:34:50.0500 0x0b28  NetBIOS - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0500 0x0b28  Object is SCO, delete is not allowed
20:34:50.0500 0x0b28  NetBIOS ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0500 0x0b28  Force sending object to P2P due to detect: NetBIOS
20:34:50.0500 0x0b28  Object send P2P result: false
20:34:50.0515 0x0b28  [ 0C80E410CD2F47134407EE7DD19CC86B, 2A1D0CE9797F4AB7A24873947A26DD6413B8DBB5A82C24CF28D1FC243AEFC5C8 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:34:50.0531 0x0b28  NetBT - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0531 0x0b28  Object is SCO, delete is not allowed
20:34:50.0531 0x0b28  NetBT ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0531 0x0b28  Force sending object to P2P due to detect: NetBT
20:34:50.0531 0x0b28  Object send P2P result: false
20:34:50.0578 0x0b28  [ 8E0768F026CD5C63B5277587A0590BF0, F41CDF2BB60CD3936FF1EC67062C0E53E3626C84469614D004220373BEC4B053 ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:34:50.0578 0x0b28  NetDDE - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0578 0x0b28  NetDDE ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0593 0x0b28  [ 8E0768F026CD5C63B5277587A0590BF0, F41CDF2BB60CD3936FF1EC67062C0E53E3626C84469614D004220373BEC4B053 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:34:50.0609 0x0b28  NetDDEdsdm - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0609 0x0b28  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0609 0x0b28  Force sending object to P2P due to detect: NetDDEdsdm
20:34:50.0609 0x0b28  Object send P2P result: false
20:34:50.0640 0x0b28  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:34:50.0656 0x0b28  Netlogon - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0656 0x0b28  Object is SCO, delete is not allowed
20:34:50.0656 0x0b28  Netlogon ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0703 0x0b28  [ DAB9E6C7105D2EF49876FE92C524F565, 22786AF94EA2737A5D9B34B99D2D6F3F41FD46843D6A01E2230723747988E401 ] Netman          C:\WINDOWS\System32\netman.dll
20:34:50.0718 0x0b28  Netman - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0718 0x0b28  Netman ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0765 0x0b28  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:34:50.0781 0x0b28  NetTcpPortSharing - ok
20:34:50.0812 0x0b28  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:34:50.0828 0x0b28  Nla - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0828 0x0b28  Object is SCO, delete is not allowed
20:34:50.0828 0x0b28  Nla ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0828 0x0b28  Force sending object to P2P due to detect: Nla
20:34:50.0828 0x0b28  Object send P2P result: false
20:34:50.0859 0x0b28  [ 4F601BCB8F64EA3AC0994F98FED03F8E, D9D6783B970CB871DE0C6EDD8BE42F30CD1DCD55D4DF006922D9CFC0CF020D27 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:34:50.0875 0x0b28  Npfs - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0875 0x0b28  Object is SCO, delete is not allowed
20:34:50.0875 0x0b28  Npfs ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0875 0x0b28  Force sending object to P2P due to detect: Npfs
20:34:50.0875 0x0b28  Object send P2P result: false
20:34:50.0875 0x0b28  npggsvc - ok
20:34:50.0906 0x0b28  [ 9131FE60ADFAB595C8DA53AD6A06AA31, 25284CAE27071FA4391765862A81F9BDFC5398ABF4CCF4E2DF5B0972CFE66E72 ] NPPTNT2         C:\WINDOWS\system32\npptNT2.sys
20:34:50.0921 0x0b28  NPPTNT2 - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0921 0x0b28  NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
20:34:50.0953 0x0b28  [ B78BE402C3F63DD55521F73876951CDD, 020D75527B4814C544820D29CA064E94F2FCB7B1BA011D63E9D2BFD4CF91BA61 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:34:50.0984 0x0b28  Ntfs - detected UnsignedFile.Multi.Generic ( 1 )
20:34:50.0984 0x0b28  Object is SCO, delete is not allowed
20:34:50.0984 0x0b28  Ntfs ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0000 0x0b28  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:34:51.0000 0x0b28  NtLmSsp - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0000 0x0b28  Object is SCO, delete is not allowed
20:34:51.0000 0x0b28  NtLmSsp ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0046 0x0b28  [ B62F29C00AC55A761B2E45877D85EA0F, 8B4B96BDBE26D73F89CC51876929515C1AEA18A8E9CA4E76FAEF538D9E5BDA90 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:34:51.0078 0x0b28  NtmsSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0078 0x0b28  NtmsSvc ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0078 0x0b28  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:34:51.0093 0x0b28  Null - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0093 0x0b28  Object is SCO, delete is not allowed
20:34:51.0093 0x0b28  Null ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0140 0x0b28  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:34:51.0140 0x0b28  NwlnkFlt - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0140 0x0b28  NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0156 0x0b28  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:34:51.0156 0x0b28  NwlnkFwd - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0156 0x0b28  NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0156 0x0b28  Force sending object to P2P due to detect: NwlnkFwd
20:34:51.0156 0x0b28  Object send P2P result: false
20:34:51.0281 0x0b28  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:34:51.0312 0x0b28  odserv - ok
20:34:51.0359 0x0b28  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:34:51.0375 0x0b28  ose - ok
20:34:51.0406 0x0b28  [ 29744EB4CE659DFE3B4122DEB45BC478, 5F7B63152CDAA031ACB77E793BB7E8210472D6D1EED911F3A0BD70455FC282FC ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:34:51.0421 0x0b28  Parport - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0421 0x0b28  Object is SCO, delete is not allowed
20:34:51.0421 0x0b28  Parport ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0437 0x0b28  [ 3334430C29DC338092F79C38EF7B4CD0, B54989B46D77F124D66741A939FF2033F73854FC39AF13C8165D01203A94A94E ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:34:51.0437 0x0b28  PartMgr - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0437 0x0b28  Object is SCO, delete is not allowed
20:34:51.0437 0x0b28  PartMgr ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0468 0x0b28  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:34:51.0484 0x0b28  ParVdm - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0484 0x0b28  Object is SCO, delete is not allowed
20:34:51.0484 0x0b28  ParVdm ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0531 0x0b28  [ 8086D9979234B603AD5BC2F5D890B234, 4FCB98D3B6F95B6979B255287480943C1F87A12ECB30D446294C1E84B6DFE620 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:34:51.0546 0x0b28  PCI - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0546 0x0b28  Object is SCO, delete is not allowed
20:34:51.0546 0x0b28  PCI ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0546 0x0b28  PCIDump - ok
20:34:51.0562 0x0b28  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:34:51.0562 0x0b28  PCIIde - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0562 0x0b28  PCIIde ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0593 0x0b28  [ 82A087207DECEC8456FBE8537947D579, 92305DC8BC1CA3BD93A8D996AAA7433E816931B17D5BDFAC06C7251F2759D023 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:34:51.0609 0x0b28  Pcmcia - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0609 0x0b28  Object is SCO, delete is not allowed
20:34:51.0609 0x0b28  Pcmcia ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0609 0x0b28  PDCOMP - ok
20:34:51.0625 0x0b28  PDFRAME - ok
20:34:51.0625 0x0b28  PDRELI - ok
20:34:51.0625 0x0b28  PDRFRAME - ok
20:34:51.0640 0x0b28  perc2 - ok
20:34:51.0640 0x0b28  perc2hib - ok
20:34:51.0656 0x0b28  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:34:51.0671 0x0b28  PlugPlay - ok
20:34:51.0687 0x0b28  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:34:51.0687 0x0b28  PolicyAgent - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0687 0x0b28  Object is SCO, delete is not allowed
20:34:51.0687 0x0b28  PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0703 0x0b28  [ 1C5CC65AAC0783C344F16353E60B72AC, 7786CFE970A79B327DB57AEBADA8B0B94B4DE07CE8AF285E9835B2AADD597296 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:34:51.0718 0x0b28  PptpMiniport - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0718 0x0b28  Object is SCO, delete is not allowed
20:34:51.0718 0x0b28  PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0734 0x0b28  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:34:51.0734 0x0b28  ProtectedStorage - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0734 0x0b28  Object is SCO, delete is not allowed
20:34:51.0734 0x0b28  ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0734 0x0b28  Force sending object to P2P due to detect: ProtectedStorage
20:34:51.0734 0x0b28  Object send P2P result: false
20:34:51.0734 0x0b28  [ 48671F327553DCF1D27F6197F622A668, CB34A17BC36E8F8BB5F87F9EE21311C50DE9AE156513D682581DE47C93EC155D ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:34:51.0750 0x0b28  PSched - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0750 0x0b28  PSched ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0828 0x0b28  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:34:51.0828 0x0b28  Ptilink - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0828 0x0b28  Ptilink ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0875 0x0b28  [ 2F4FADDCDBC6DC301F3CB9FFFB4B4A09, FD4AD89AC70600B8EC019C513CDD08765B1A0831FB50045062EE0835B2F3EDB2 ] pwdrvio         C:\WINDOWS\system32\pwdrvio.sys
20:34:51.0890 0x0b28  pwdrvio - ok
20:34:51.0906 0x0b28  [ B75CF7AAE69964EBBE5B875AC81231CD, 09CF1A2E97360116FF22F9AB6EC0BE1BE1554FA970734C51BD5FFD31A4F72F88 ] pwdspio         C:\WINDOWS\system32\pwdspio.sys
20:34:51.0921 0x0b28  pwdspio - ok
20:34:51.0921 0x0b28  ql1080 - ok
20:34:51.0937 0x0b28  Ql10wnt - ok
20:34:51.0937 0x0b28  ql12160 - ok
20:34:51.0937 0x0b28  ql1240 - ok
20:34:51.0953 0x0b28  ql1280 - ok
20:34:51.0953 0x0b28  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:34:51.0953 0x0b28  RasAcd - detected UnsignedFile.Multi.Generic ( 1 )
20:34:51.0953 0x0b28  Object is SCO, delete is not allowed
20:34:51.0953 0x0b28  RasAcd ( UnsignedFile.Multi.Generic ) - warning
20:34:51.0953 0x0b28  Force sending object to P2P due to detect: RasAcd
20:34:51.0953 0x0b28  Object send P2P result: false
20:34:51.0984 0x0b28  [ 44DB7A9BDD2FB58747D123FBF1D35ADB, 1546B32AE19015213236031E82BF5C44ACF4C1B5F9E379908A1B413C6CA65755 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:34:52.0000 0x0b28  RasAuto - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0000 0x0b28  Object is SCO, delete is not allowed
20:34:52.0000 0x0b28  RasAuto ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0015 0x0b28  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C, F59974A2A3C21071BC72CA4DAF5D2DDF93471EC16FD1A34DE9DC1A50027F6835 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:34:52.0015 0x0b28  Rasl2tp - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0015 0x0b28  Object is SCO, delete is not allowed
20:34:52.0015 0x0b28  Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0046 0x0b28  [ 41A3C11E3517C962C9B44893BCEC3B34, 0D0CA7F91D0A29E7C9F6D89B52A793F82676927DDCEE9EFCF1DD14AB7078481E ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:34:52.0062 0x0b28  RasMan - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0062 0x0b28  Object is SCO, delete is not allowed
20:34:52.0062 0x0b28  RasMan ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0062 0x0b28  [ 7306EEED8895454CBED4669BE9F79FAA, DC6874ECAD9105BC9EAB007291958911D7D4D3649124472070B3496B36C45200 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:34:52.0062 0x0b28  RasPppoe - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0062 0x0b28  Object is SCO, delete is not allowed
20:34:52.0062 0x0b28  RasPppoe ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0062 0x0b28  Force sending object to P2P due to detect: RasPppoe
20:34:52.0062 0x0b28  Object send P2P result: false
20:34:52.0078 0x0b28  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:34:52.0078 0x0b28  Raspti - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0078 0x0b28  Raspti ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0093 0x0b28  [ 29D66245ADBA878FFF574CD66ABD2884, E85710229E61DB37BAB291E2E13ABD99FA8DFF7C8245853253BE540D8741990E ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:34:52.0109 0x0b28  Rdbss - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0109 0x0b28  Object is SCO, delete is not allowed
20:34:52.0109 0x0b28  Rdbss ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0109 0x0b28  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:34:52.0125 0x0b28  RDPCDD - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0125 0x0b28  Object is SCO, delete is not allowed
20:34:52.0125 0x0b28  RDPCDD ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0171 0x0b28  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD, 586900D30F44E132AC75520EFF4FF615AA46283F1F050AC93FF9C235AC0F1D75 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:34:52.0171 0x0b28  rdpdr - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0171 0x0b28  Object is SCO, delete is not allowed
20:34:52.0171 0x0b28  rdpdr ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0218 0x0b28  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:34:52.0234 0x0b28  RDPWD - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0234 0x0b28  Object is SCO, delete is not allowed
20:34:52.0234 0x0b28  RDPWD ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0234 0x0b28  Force sending object to P2P due to detect: RDPWD
20:34:52.0234 0x0b28  Object send P2P result: false
20:34:52.0265 0x0b28  [ 4C24371596E2CB750AF8FA1034B91C46, 1573D8482726BCE9C6A3AA396C01C6C12A2E9B62ACE16137D3A66892C8994451 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:34:52.0265 0x0b28  RDSessMgr - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0265 0x0b28  RDSessMgr ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0296 0x0b28  [ B31B4588E4086D8D84ADBF9845C2402B, 0B45979623B0AC774A9426C428954E7FB604FAE0DB187C402AF6052906F4099A ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:34:52.0312 0x0b28  redbook - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0312 0x0b28  redbook ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0359 0x0b28  [ 3046DB917E3CFA040632799DD9B14865, 90FE0C8C887A718BAEA77B1CFE1F6EEB2595F520A0B3DE0A50B4DE2E1D99CCF4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:34:52.0359 0x0b28  RemoteAccess - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0359 0x0b28  Object is SCO, delete is not allowed
20:34:52.0359 0x0b28  RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0406 0x0b28  [ 3151427DB7D87107D1C5BE58FAC53960, 11988626648B2E416A07A8FF7D96BD8F20B150CC24CE9AB139F45A1DDE1D2225 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:34:52.0406 0x0b28  RemoteRegistry - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0406 0x0b28  RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0453 0x0b28  [ 726A23FCF7772F069DC65052F1ED7F87, 23C620D583D43DBB20BD0AFFC062D9CE05858D330B076C51B10A30200054C164 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:34:52.0468 0x0b28  RpcLocator - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0468 0x0b28  RpcLocator ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0500 0x0b28  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:34:52.0515 0x0b28  RpcSs - ok
20:34:52.0562 0x0b28  [ A6FE38D2BEA7FBE44D9C3D4FAA6469EF, 7FA8F900A759EB9DD6B8855FB62E0491945057DD62B48811FD4A64077FF46B75 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:34:52.0578 0x0b28  RSVP - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0578 0x0b28  RSVP ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0609 0x0b28  [ 493B54A894A6E70DD02961A68DB8863F, 49E0C3A1AA8F23BED6650DA0FADD9C9F234132C1D1772BA15D59ACE9E42F66EF ] rtl8029         C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
20:34:52.0625 0x0b28  rtl8029 - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0625 0x0b28  rtl8029 ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0671 0x0b28  [ 71439E5BF872A91DB450641BE445F51C, 7157CBC9D45CAB0070CEA5F67489E4F9B7360761A8BBA15E5F1E4489E75AFEAE ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:34:52.0687 0x0b28  RTLE8023xp - ok
20:34:52.0734 0x0b28  [ 5D464B2F2DDE3883BB9770798114D065, 276F56AA2BAD12AD636FB41DE84B3915BD493C93A0804BDFD7CE2B76F3CE885B ] RTLTEAMING      C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
20:34:52.0734 0x0b28  RTLTEAMING - ok
20:34:52.0765 0x0b28  [ 2B15CAE2CE4F5A8A4D575B53A30CDF4C, 9F6E7D436E342924853C355509EC619DBA55699713EE73757F2E9F84CBCB3807 ] RTLVLAN         C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
20:34:52.0781 0x0b28  RTLVLAN - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0781 0x0b28  RTLVLAN ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0781 0x0b28  [ 2B15CAE2CE4F5A8A4D575B53A30CDF4C, 9F6E7D436E342924853C355509EC619DBA55699713EE73757F2E9F84CBCB3807 ] RTLVLANMP       C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
20:34:52.0781 0x0b28  RTLVLANMP - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0781 0x0b28  RTLVLANMP ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0828 0x0b28  [ 5FFD2AAF467B80FAB34929AFB7702060, FCBC04F23D522E959DE388AF2261EEDF28870E7ECA391E4940F14BFBC78AC0EF ] RtNdPt5x        C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
20:34:52.0828 0x0b28  RtNdPt5x - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0828 0x0b28  RtNdPt5x ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0828 0x0b28  Force sending object to P2P due to detect: RtNdPt5x
20:34:52.0828 0x0b28  Object send P2P result: false
20:34:52.0859 0x0b28  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] SamSs           C:\WINDOWS\system32\lsass.exe
20:34:52.0859 0x0b28  SamSs - detected UnsignedFile.Multi.Generic ( 1 )
20:34:52.0859 0x0b28  Object is SCO, delete is not allowed
20:34:52.0859 0x0b28  SamSs ( UnsignedFile.Multi.Generic ) - warning
20:34:52.0906 0x0b28  [ 9C63C644F00EB6D1A629E1720D705361, 07324AB6CE98537B9B7C86CC1671B641DEC5A91CD58DFFA13F4650CAAB7A4172 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
20:34:52.0921 0x0b28  SbieDrv - ok
20:34:52.0921 0x0b28  [ EDA7AC47B1E10649624B9567C219B962, 99FD6A36E135A7B372D26BAC17493C81AF433BBAD39881CC245E222DD6B141B0 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
20:34:52.0968 0x0b28  SbieSvc - ok
20:34:53.0000 0x0b28  [ CDFB5554C687AD2A5B4120F7228E5EB1, 3BB305B2F5C029720790DD0E65A0A916993969D36DE262207358D60670C6AD0B ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:34:53.0046 0x0b28  SCardSvr - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0046 0x0b28  SCardSvr ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0046 0x0b28  Force sending object to P2P due to detect: SCardSvr
20:34:53.0046 0x0b28  Object send P2P result: false
20:34:53.0078 0x0b28  [ 8FD232296FA71EF605DE50B41CE537DF, 8D64B2A4CCA63A4530DE89B064DD85498B7A830265E0AD88D770A6248FEED611 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
20:34:53.0093 0x0b28  SCDEmu - ok
20:34:53.0125 0x0b28  [ 92360854316611F6CC471612213C3D92, A45DC437FA0DEC1DB540DC889A2469E8C3C4360F2F41FE60BFA3F78462507959 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:34:53.0140 0x0b28  Schedule - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0140 0x0b28  Schedule ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0156 0x0b28  [ BA0D892D2F786BCEBDF03B0A252B47F3, 4ED103BD45ECE4D2B6029C36D0E209C8A6F1C34E0F72B01553742773CB1F43A1 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:34:53.0171 0x0b28  Secdrv - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0171 0x0b28  Secdrv ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0171 0x0b28  Force sending object to P2P due to detect: Secdrv
20:34:53.0171 0x0b28  Object send P2P result: false
20:34:53.0203 0x0b28  [ B1E0CE09895376871746F36DC5773B4F, 686458ED5D4C72AAF2F45B4FCBB44BFA0D84DFE93B5E01ECCBEAD33CBAC52BD5 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:34:53.0218 0x0b28  seclogon - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0218 0x0b28  Object is SCO, delete is not allowed
20:34:53.0218 0x0b28  seclogon ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0218 0x0b28  Force sending object to P2P due to detect: seclogon
20:34:53.0218 0x0b28  Object send P2P result: false
20:34:53.0218 0x0b28  [ DFD9870CF39C791D86C4C209DA9FA919, 336A0525630149EF160AE8346AF6BEE2FAA0289629FA052ADAF887B5B84A918D ] SENS            C:\WINDOWS\system32\sens.dll
20:34:53.0234 0x0b28  SENS - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0234 0x0b28  Object is SCO, delete is not allowed
20:34:53.0234 0x0b28  SENS ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0234 0x0b28  Force sending object to P2P due to detect: SENS
20:34:53.0234 0x0b28  Object send P2P result: false
20:34:53.0234 0x0b28  [ A2D868AEEFF612E70E213C451A70CAFB, 25CBB9E26CDCBD8E221ACF4364E82E8F811C3144E0EEF9DF9DAEC8534243BD3B ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:34:53.0250 0x0b28  serenum - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0250 0x0b28  Object is SCO, delete is not allowed
20:34:53.0250 0x0b28  serenum ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0265 0x0b28  [ CD9404D115A00D249F70A371B46D5A26, D9FC869FA9A6B9574A1FCE70E7B919D8F79E02B28967E49F6DEF83A84520ECDF ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:34:53.0281 0x0b28  Serial - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0281 0x0b28  Object is SCO, delete is not allowed
20:34:53.0281 0x0b28  Serial ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0296 0x0b28  [ 0D13B6DF6E9E101013A7AFB0CE629FE0, 2214EA0F16BB33970E299CE457EB50AEE0BEF7959BC1EBD3C06C78A46B42B808 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:34:53.0296 0x0b28  Sfloppy - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0296 0x0b28  Object is SCO, delete is not allowed
20:34:53.0296 0x0b28  Sfloppy ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0312 0x0b28  [ 36CC8C01B5E50163037BEF56CB96DEFF, F8D3CC92E97E8C97A0F88850D6D96CFA02A69940208834F413A8FCB71241F552 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:34:53.0343 0x0b28  SharedAccess - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0343 0x0b28  Object is SCO, delete is not allowed
20:34:53.0343 0x0b28  SharedAccess ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0375 0x0b28  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:34:53.0375 0x0b28  ShellHWDetection - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0375 0x0b28  ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0375 0x0b28  Simbad - ok
20:34:53.0453 0x0b28  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
20:34:53.0484 0x0b28  SkypeUpdate - ok
20:34:53.0515 0x0b28  [ 5CAEED86821FA2C6139E32E9E05CCDC9, 63F91C95FD2914DAEC648A6EAF75EE5E18EAA7754F5A03A57D693AC49C66479E ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:34:53.0531 0x0b28  SLIP - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0531 0x0b28  SLIP ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0546 0x0b28  Sparrow - ok
20:34:53.0562 0x0b28  [ 8E186B8F23295D1E42C573B82B80D548, C418568C2071E2761CD26F736443BD7BF9C6914D47D171A5AC990278E855A74F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:34:53.0578 0x0b28  splitter - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0578 0x0b28  splitter ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0609 0x0b28  [ A25954123BAA853F5B385F8EE7F33BD6, CB7D70328C5337AC59A04F91DABA8CF44E655ACBFA2183DEBC2D635CD650B9E8 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:34:53.0625 0x0b28  Spooler - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0625 0x0b28  Spooler ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0625 0x0b28  Force sending object to P2P due to detect: Spooler
20:34:53.0625 0x0b28  Object send P2P result: false
20:34:53.0671 0x0b28  [ CBEAEA2729985BFB260641AB424E0166, 2FCED2951D5A1ACF93150BB0CA2293CCBE4227EBAAEA8438A78B5AFC6591F375 ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
20:34:53.0687 0x0b28  sptd - ok
20:34:53.0718 0x0b28  [ E41B6D037D6CD08461470AF04500DC24, 9556C669E69B1B290865FCAABD5D793B310C071B64FD3DF9FCFADC3716BDC926 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:34:53.0734 0x0b28  sr - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0734 0x0b28  sr ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0750 0x0b28  [ 92BDF74F12D6CBEC43C94D4B7F804838, C1BFE7F498F4A9992FEA459CE7EEF7525AE51A7E04C76D676819A61615A4A92E ] srservice       C:\WINDOWS\system32\srsvc.dll
20:34:53.0765 0x0b28  srservice - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0765 0x0b28  srservice ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0765 0x0b28  Force sending object to P2P due to detect: srservice
20:34:53.0765 0x0b28  Object send P2P result: false
20:34:53.0812 0x0b28  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:34:53.0843 0x0b28  Srv - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0843 0x0b28  Object is SCO, delete is not allowed
20:34:53.0843 0x0b28  Srv ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0875 0x0b28  [ 4B8D61792F7175BED48859CC18CE4E38, 13C50FACC85828F56FF5B29D13B004933352CB581B62B218038B503561531981 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:34:53.0875 0x0b28  SSDPSRV - detected UnsignedFile.Multi.Generic ( 1 )
20:34:53.0875 0x0b28  SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
20:34:53.0921 0x0b28  [ 9C8F881A270E8E3BCC1B6E5F620234BA, 32AA279A22C741018E2742823B7C99A33E1459EDBF2B1AD64A6C75CBCF3A6EF9 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
20:34:53.0937 0x0b28  ssudmdm - ok
20:34:54.0015 0x0b28  [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
20:34:54.0093 0x0b28  ss_conn_service - ok
20:34:54.0140 0x0b28  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6, D2F90880B5E8CFD205FE2302FFFF4668989300249811F97F73DE56B42FCD3E85 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:34:54.0156 0x0b28  stisvc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0156 0x0b28  Object is SCO, delete is not allowed
20:34:54.0156 0x0b28  stisvc ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0156 0x0b28  Force sending object to P2P due to detect: stisvc
20:34:54.0156 0x0b28  Object send P2P result: false
20:34:54.0187 0x0b28  [ 284C57DF5DC7ABCA656BC2B96A667AFB, 7E3CAE1911E710B1CC37571AE1B92DC981FCD46E67A3AD3C258672D17781C709 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:34:54.0203 0x0b28  streamip - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0203 0x0b28  streamip ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0203 0x0b28  Force sending object to P2P due to detect: streamip
20:34:54.0203 0x0b28  Object send P2P result: false
20:34:54.0218 0x0b28  [ 03C1BAE4766E2450219D20B993D6E046, 0D8E5B141EAA9E2C8D1F8BFD522F57EE8074216A336CBE37FE77B8ADDB791DBE ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:34:54.0218 0x0b28  swenum - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0218 0x0b28  Object is SCO, delete is not allowed
20:34:54.0218 0x0b28  swenum ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0296 0x0b28  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:34:54.0359 0x0b28  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0359 0x0b28  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0390 0x0b28  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D, EEF6DB9EDD8C273A6595675A7A12B9D440FA4E178BA7C69FB1942D97E291F989 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:34:54.0390 0x0b28  swmidi - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0390 0x0b28  swmidi ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0390 0x0b28  SwPrv - ok
20:34:54.0390 0x0b28  symc810 - ok
20:34:54.0406 0x0b28  symc8xx - ok
20:34:54.0406 0x0b28  sym_hi - ok
20:34:54.0406 0x0b28  sym_u3 - ok
20:34:54.0421 0x0b28  [ 650AD082D46BAC0E64C9C0E0928492FD, 6A587A55418A3A7867602D92B99FE393152DED191F27992C4BA909BD268AC43C ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:34:54.0437 0x0b28  sysaudio - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0437 0x0b28  sysaudio ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0468 0x0b28  [ 915CE4C6D4695C559955EAB105014E88, E66EC32E08ECC0D1EA0404605A58DC491A2D477D3588D89672C0237624808C87 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:34:54.0468 0x0b28  SysmonLog - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0468 0x0b28  SysmonLog ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0500 0x0b28  [ 432D9D823C4C26B6070C41BAD4404CE4, 741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
20:34:54.0515 0x0b28  tap0901 - ok
20:34:54.0546 0x0b28  [ FD90A16CEB10D4FDAA00AAF39B8FF58F, A0471D1AE2704BCFE70C61A83B24B45ED92D71706BEC7D599BB7418BF8B854F1 ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
20:34:54.0562 0x0b28  taphss - ok
20:34:54.0609 0x0b28  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD, 6B40DBFB6A055D5B748383EF51B206CC4F978405BCC7F9A25FAC90668FD818C4 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:34:54.0625 0x0b28  TapiSrv - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0625 0x0b28  TapiSrv ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0656 0x0b28  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:34:54.0671 0x0b28  Tcpip - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0671 0x0b28  Object is SCO, delete is not allowed
20:34:54.0671 0x0b28  Tcpip ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0703 0x0b28  [ 38D437CF2D98965F239B0ABCD66DCB0F, CC497A25C7AC1FF1E07CEE25FB0C5A5E6C4005C1CB244601FE620884A5C26506 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:34:54.0734 0x0b28  TDPIPE - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0734 0x0b28  Object is SCO, delete is not allowed
20:34:54.0734 0x0b28  TDPIPE ( UnsignedFile.Multi.Generic ) - warning
20:34:54.0750 0x0b28  [ ED0580AF02502D00AD8C4C066B156BE9, 41AA6C88CF48CAF0DA8E374F37E74206E4F558332075304A28983D04E08B3154 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:34:54.0750 0x0b28  TDTCP - detected UnsignedFile.Multi.Generic ( 1 )
20:34:54.0750 0x0b28  Object is SCO, delete is not allowed
20:34:54.0750 0x0b28  TDTCP ( UnsignedFile.Multi.Generic ) - warning
20:34:55.0031 0x0b28  [ DF4A7E1E2BA788E28747F1EF49692ED6, 3417C0C713AB086E31CA20D6DCE923FF224093CFF2BAA6F29DCCBD2BEE5EEED6 ] TeamViewer9     C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
20:34:55.0312 0x0b28  TeamViewer9 - ok
20:34:55.0359 0x0b28  [ A540A99C281D933F3D69D55E48727F47, CC430FA0E0F1745E167877003FDCC35FE940AF8CAD05387ECBA880CC3A3F6709 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:34:55.0359 0x0b28  TermDD - detected UnsignedFile.Multi.Generic ( 1 )
20:34:55.0359 0x0b28  Object is SCO, delete is not allowed
20:34:55.0359 0x0b28  TermDD ( UnsignedFile.Multi.Generic ) - warning
20:34:55.0375 0x0b28  [ B60C877D16D9C880B952FDA04ADF16E6, 244D59A555349259D81D4643500E714A053D4A06DF892A8EDCAA0DC5EADFF050 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:34:55.0421 0x0b28  TermService - detected UnsignedFile.Multi.Generic ( 1 )
20:34:55.0421 0x0b28  Object is SCO, delete is not allowed
20:34:55.0421 0x0b28  TermService ( UnsignedFile.Multi.Generic ) - warning
20:34:55.0421 0x0b28  Force sending object to P2P due to detect: TermService
20:34:55.0421 0x0b28  Object send P2P result: false
20:34:55.0437 0x0b28  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:34:55.0453 0x0b28  Themes - detected UnsignedFile.Multi.Generic ( 1 )
20:34:55.0453 0x0b28  Themes ( UnsignedFile.Multi.Generic ) - warning
20:34:55.0484 0x0b28  [ 6FAE7C1FBA08421971F94660E1BDC958, 8EEE8577F231C05FFDB367C7A78AC3476A017E8FB169193774CF827DCCD9B245 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:34:55.0500 0x0b28  TlntSvr - detected UnsignedFile.Multi.Generic ( 1 )
20:34:55.0500 0x0b28  TlntSvr ( UnsignedFile.Multi.Generic ) - warning
20:34:55.0500 0x0b28  TosIde - ok
20:34:55.0546 0x0b28  [ 6D9AC544B30F96C57F8206566C1FB6A1, C39D35D169A3BCA5E458815A1B60CE92D19BC04579D62DAB9396B42760C5E47B ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:34:55.0546 0x0b28  TrkWks - detected UnsignedFile.Multi.Generic ( 1 )
20:34:55.0546 0x0b28  Object is SCO, delete is not allowed
20:34:55.0546 0x0b28  TrkWks ( UnsignedFile.Multi.Generic ) - warning
20:34:55.0671 0x0b28  [ B31917E6697B396571C524D056E623A8, C3B58EDEB8C114A3AB401D0083D96238F76F117367D54D86F061DC436F504888 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
20:34:55.0781 0x0b28  TuneUp.UtilitiesSvc - ok
20:34:55.0812 0x0b28  [ 94C4CD2D19B8C4137A46261F229FEC24, 8D04198DF5E080DC28C137D6FAAD47EC7386DA0CA968EEA2D9D3A5BD7690DA88 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
20:34:55.0812 0x0b28  TuneUpUtilitiesDrv - ok
20:34:55.0859 0x0b28  [ 12F70256F140CD7D52C58C7048FDE657, F2E3E645AA713A520452F5E17513D258D3900E93F65013551FC2B542BFA15BB3 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:34:55.0890 0x0b28  Udfs - detected UnsignedFile.Multi.Generic ( 1 )
20:34:55.0890 0x0b28  Object is SCO, delete is not allowed
20:34:55.0890 0x0b28  Udfs ( UnsignedFile.Multi.Generic ) - warning
20:34:55.0890 0x0b28  ultra - ok
20:34:55.0921 0x0b28  [ 3D571A3CBF127E9555EAD2F8598F425F, 2B31974019DC0C455A3B30F6A6766DAA9081F3C2FF3CE42A211304A2CF3C1B0A ] UnsignedThemes  C:\WINDOWS\UnsignedThemesSvc.exe
20:34:55.0937 0x0b28  UnsignedThemes - ok
20:34:55.0968 0x0b28  [ AFF2E5045961BBC0A602BB6F95EB1345, FEEF47B9683B0F26355AC0947019DE9AE27002A7019C1C4A2D22FA0046E9F07B ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:34:55.0984 0x0b28  Update - detected UnsignedFile.Multi.Generic ( 1 )
20:34:55.0984 0x0b28  Update ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0015 0x0b28  [ 0546477BDE979E33294FE97F6B3DE84A, 9DE7E3F4FDF0A94307C0517DBDD4DB057C187E3AFDC473BBFEB3AA339E31716B ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:34:56.0015 0x0b28  upnphost - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0015 0x0b28  upnphost ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0046 0x0b28  [ C42910F4B88F60A05308B8CB7A9631C3, FEC8CA8FB918B9257563457AAE67C35F4D3303ED7D5E0462D9C90F2866FA5423 ] UPS             C:\WINDOWS\System32\ups.exe
20:34:56.0046 0x0b28  UPS - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0046 0x0b28  UPS ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0093 0x0b28  [ BFFD9F120CC63BCBAA3D840F3EEF9F79, 0183D82E341473200FB1A05F6ABBBA3F2BD635654F49599E4CEB3E6394A33D36 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:34:56.0093 0x0b28  usbccgp - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0093 0x0b28  usbccgp ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0093 0x0b28  Force sending object to P2P due to detect: usbccgp
20:34:56.0093 0x0b28  Object send P2P result: false
20:34:56.0125 0x0b28  [ 15E993BA2F6946B2BFBBFCD30398621E, 10AD5B133C9C68B8E11DF702C50BDE5162693C5A9F132DFE1823D03D70D4EB89 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:34:56.0140 0x0b28  usbehci - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0140 0x0b28  usbehci ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0156 0x0b28  [ C72F40947F92CEA56A8FB532EDF025F1, EBB9E235C973574B835B1FD22D813E9215029B3FC5030591D6F7971C9A23AEF7 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:34:56.0156 0x0b28  usbhub - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0156 0x0b28  usbhub ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0156 0x0b28  Force sending object to P2P due to detect: usbhub
20:34:56.0156 0x0b28  Object send P2P result: false
20:34:56.0203 0x0b28  [ A42369B7CD8886CD7C70F33DA6FCBCF5, EEDAA16F906A2F8FF40009ED10243F66A5CCE878111F1001DA6060A42DD79047 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:34:56.0203 0x0b28  usbprint - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0203 0x0b28  usbprint ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0203 0x0b28  Force sending object to P2P due to detect: usbprint
20:34:56.0203 0x0b28  Object send P2P result: false
20:34:56.0234 0x0b28  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85, E40B73D4E2417F4874D155885C86E4FB44557324616AABD84EFE6C4751DCC46B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:34:56.0250 0x0b28  usbscan - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0250 0x0b28  usbscan ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0296 0x0b28  [ 6CD7B22193718F1D17A47A1CD6D37E75, CFD74FE06819DA488654F88BFCCBF29994FE7F04EC6CD5CD41552B0C95A8130F ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:34:56.0296 0x0b28  USBSTOR - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0296 0x0b28  USBSTOR ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0328 0x0b28  [ F8FD1400092E23C8F2F31406EF06167B, AE93C83BA1966535AFA3E72D6F69156B7E56F021A6808EC8DA44C7E7D506D7E5 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:34:56.0328 0x0b28  usbuhci - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0328 0x0b28  usbuhci ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0328 0x0b28  Force sending object to P2P due to detect: usbuhci
20:34:56.0328 0x0b28  Object send P2P result: false
20:34:56.0343 0x0b28  [ 628C632710AB55747CB5BCC68716BE21, 715788AD295A3788B33E81351035DE4FCDE8A0578C07E71AF36C5DC614430E75 ] uxpatch         C:\WINDOWS\system32\drivers\uxpatch.sys
20:34:56.0359 0x0b28  uxpatch - ok
20:34:56.0390 0x0b28  [ 09AAE0A4BD22E3DF1F993D459E08AC23, 7092E6E69597487505638B240346995D4E3E5FA0D7A459A2DE031499B7752A06 ] UxTuneUp        C:\WINDOWS\System32\uxtuneup.dll
20:34:56.0406 0x0b28  UxTuneUp - ok
20:34:56.0437 0x0b28  [ AFEA10F9659B5923689858B5164B22CF, 95BC83222210BCEA728B21F32BD4EAA26D05EC563EDE2EECA0333CB2F34E4EE1 ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
20:34:56.0453 0x0b28  VBoxNetAdp - ok
20:34:56.0468 0x0b28  VBoxNetFlt - ok
20:34:56.0484 0x0b28  [ 8A60EDD72B4EA5AEA8202DAF0E427925, ED0624B285E4F64E07E30C12490873A2090F9DFD6A91A2EDA7A1082B88A8199E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:34:56.0484 0x0b28  VgaSave - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0484 0x0b28  Object is SCO, delete is not allowed
20:34:56.0484 0x0b28  VgaSave ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0484 0x0b28  Force sending object to P2P due to detect: VgaSave
20:34:56.0484 0x0b28  Object send P2P result: false
20:34:56.0500 0x0b28  ViaIde - ok
20:34:56.0500 0x0b28  vmci - ok
20:34:56.0500 0x0b28  VMnetAdapter - ok
20:34:56.0515 0x0b28  VMnetBridge - ok
20:34:56.0562 0x0b28  [ 24521D99BF36F190BA10BB2BFDB17682, 76BEF489893FBA4F0A0330FC7F54EBA88D9ACC328B183B06014AA8584AD79CBA ] VMnetDHCP       C:\WINDOWS\system32\vmnetdhcp.exe
20:34:56.0578 0x0b28  VMnetDHCP - ok
20:34:56.0593 0x0b28  VMnetuserif - ok
20:34:56.0640 0x0b28  [ 709B9008BCC9E0375D0A45B08F4C48ED, E1DCF66F52BDEE2B5BB84A6E01F6442B8CF7DA3F31F33619A065A957F787B864 ] VMware NAT Service C:\WINDOWS\system32\vmnat.exe
20:34:56.0703 0x0b28  VMware NAT Service - ok
20:34:56.0718 0x0b28  [ EE4660083DEBA849FF6C485D944B379B, 4DA3CA0DEA0698D387EA370D9BBFF06FEF1C0A5B3D7F772164441B63B8A3927A ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:34:56.0718 0x0b28  VolSnap - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0734 0x0b28  Object is SCO, delete is not allowed
20:34:56.0734 0x0b28  VolSnap ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0843 0x0b28  [ 1472A9D5843356796FE91E43DA46E71A, E1B3A8E6DADE49CCBB663C50BBC749A24C6528759E27B6FEC2EDC06F938938A1 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:34:56.0875 0x0b28  VSS - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0875 0x0b28  Object is SCO, delete is not allowed
20:34:56.0875 0x0b28  VSS ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0921 0x0b28  [ 2B281958F5D0CF99ED626E3EF39D5C8D, FB46398AE01CDD9CB6E1E647E4DDA86B670F93F787D69B885C7E930D4FF8F3FC ] W32Time         C:\WINDOWS\system32\w32time.dll
20:34:56.0937 0x0b28  W32Time - detected UnsignedFile.Multi.Generic ( 1 )
20:34:56.0937 0x0b28  Object is SCO, delete is not allowed
20:34:56.0937 0x0b28  W32Time ( UnsignedFile.Multi.Generic ) - warning
20:34:56.0937 0x0b28  Force sending object to P2P due to detect: W32Time
20:34:56.0937 0x0b28  Object send P2P result: false
20:34:57.0015 0x0b28  wampmysqld - ok
20:34:57.0031 0x0b28  [ 984EF0B9788ABF89974CFED4BFBAACBC, 8178888E3A1AA3BD3BE34456118BB76AF2DD04EC575E4880F97A8EFB182C9E92 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:34:57.0031 0x0b28  Wanarp - detected UnsignedFile.Multi.Generic ( 1 )
20:34:57.0031 0x0b28  Object is SCO, delete is not allowed
20:34:57.0031 0x0b28  Wanarp ( UnsignedFile.Multi.Generic ) - warning
20:34:57.0078 0x0b28  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
20:34:57.0109 0x0b28  Wdf01000 - ok
20:34:57.0109 0x0b28  WDICA - ok
20:34:57.0140 0x0b28  [ 2797F33EBF50466020C430EE4F037933, F134F8C091D944880714E4D193D2753BE4F1C18757D5274A892195C4EC9C4D08 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:34:57.0156 0x0b28  wdmaud - detected UnsignedFile.Multi.Generic ( 1 )
20:34:57.0156 0x0b28  wdmaud ( UnsignedFile.Multi.Generic ) - warning
20:34:57.0171 0x0b28  [ 5D0A442864BFBF3B19DCCA4CD29F6E99, 856346DBE80450BFCB3E7A5D9C7AEB3DF41D4CEBC35FE550E0CD86161BC43A31 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:34:57.0171 0x0b28  WebClient - detected UnsignedFile.Multi.Generic ( 1 )
20:34:57.0187 0x0b28  Object is SCO, delete is not allowed
20:34:57.0187 0x0b28  WebClient ( UnsignedFile.Multi.Generic ) - warning
20:34:57.0250 0x0b28  [ F399242A80C4066FD155EFA4CF96658E, DC40735D288193170DAF5571A829702EDC07DDAEA87ECF59490DFB516A690F9B ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:34:57.0265 0x0b28  winmgmt - detected UnsignedFile.Multi.Generic ( 1 )
20:34:57.0265 0x0b28  Object is SCO, delete is not allowed
20:34:57.0265 0x0b28  winmgmt ( UnsignedFile.Multi.Generic ) - warning
20:34:57.0265 0x0b28  Force sending object to P2P due to detect: winmgmt
20:34:57.0265 0x0b28  Object send P2P result: false
20:34:57.0312 0x0b28  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:34:57.0375 0x0b28  WinUSB - ok
20:34:57.0406 0x0b28  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:34:57.0421 0x0b28  WmdmPmSN - ok
20:34:57.0453 0x0b28  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:34:57.0515 0x0b28  Wmi - ok
20:34:57.0562 0x0b28  [ 763CA8414DC386D2BD93DCD780819FFB, 7C11E80D6D74020A54E86BC795CD330411946AA3D655C1ECEDA97D2472D5297F ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:34:57.0578 0x0b28  WmiApSrv - detected UnsignedFile.Multi.Generic ( 1 )
20:34:57.0578 0x0b28  Object is SCO, delete is not allowed
20:34:57.0578 0x0b28  WmiApSrv ( UnsignedFile.Multi.Generic ) - warning
20:34:57.0609 0x0b28  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:34:57.0625 0x0b28  WpdUsb - ok
20:34:57.0718 0x0b28  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:34:57.0796 0x0b28  WPFFontCache_v0400 - ok
20:34:57.0843 0x0b28  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:34:57.0859 0x0b28  WS2IFSL - detected UnsignedFile.Multi.Generic ( 1 )
20:34:57.0859 0x0b28  Object is SCO, delete is not allowed
20:34:57.0859 0x0b28  WS2IFSL ( UnsignedFile.Multi.Generic ) - warning
20:34:57.0859 0x0b28  Force sending object to P2P due to detect: WS2IFSL
20:34:57.0859 0x0b28  Object send P2P result: false
20:34:57.0890 0x0b28  [ 4D59DAA66C60858CDF4F67A900F42D4A, 312DC7D712F0807EBE5B3984E1BC19E7327D6357818D51AEB33058B052AEAA83 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:34:57.0906 0x0b28  wscsvc - detected UnsignedFile.Multi.Generic ( 1 )
20:34:57.0906 0x0b28  Object is SCO, delete is not allowed
20:34:57.0906 0x0b28  wscsvc ( UnsignedFile.Multi.Generic ) - warning
20:34:57.0937 0x0b28  [ D5842484F05E12121C511AA93F6439EC, 531888E914578172534BBC3220A86C99D1FCE423E89834B533E0A79F583436F3 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:34:57.0968 0x0b28  WSTCODEC - detected UnsignedFile.Multi.Generic ( 1 )
20:34:57.0968 0x0b28  WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
20:34:58.0015 0x0b28  [ 13D72740963CBA12D9FF76A7F218BCD8, 3E4D0369F85E64FB6E4088753D7654D58900B480BEBF42F3CB6969355CEAC5A8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:34:58.0031 0x0b28  wuauserv - detected UnsignedFile.Multi.Generic ( 1 )
20:34:58.0031 0x0b28  wuauserv ( UnsignedFile.Multi.Generic ) - warning
20:34:58.0062 0x0b28  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:34:58.0078 0x0b28  WudfPf - ok
20:34:58.0109 0x0b28  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:34:58.0140 0x0b28  WudfRd - ok
20:34:58.0156 0x0b28  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:34:58.0171 0x0b28  WudfSvc - ok
20:34:58.0203 0x0b28  [ 5A91E6FEAB9F901302FA7FF768C0120F, 83A1A719508CB4E504D9A75BBB6FCEA1E15C1EC574B8BD18BA40B2A18EF9918E ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:34:58.0234 0x0b28  WZCSVC - detected UnsignedFile.Multi.Generic ( 1 )
20:34:58.0234 0x0b28  WZCSVC ( UnsignedFile.Multi.Generic ) - warning
20:34:58.0265 0x0b28  [ EEF46DAB68229A14DA3D8E73C99E2959, C9D7083BC69E1A4672D06CBD9E4E6FD93C3CA67E28EC040D1CC6AAFBFC825813 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:34:58.0265 0x0b28  xmlprov - detected UnsignedFile.Multi.Generic ( 1 )
20:34:58.0265 0x0b28  xmlprov ( UnsignedFile.Multi.Generic ) - warning
20:34:58.0312 0x0b28  ================ Scan global ===============================
20:34:58.0343 0x0b28  [ 00EF9C3AF83EDBAF18CA7A2837750117, 87DB68DC66EADA719411C2B3DB02768C52D61BAA94216FCE9C4EE5C710EE7171 ] C:\WINDOWS\system32\basesrv.dll
20:34:58.0375 0x0b28  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:34:58.0390 0x0b28  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:34:58.0421 0x0b28  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
20:34:58.0421 0x0b28  [ Global ] - ok
20:34:58.0421 0x0b28  ================ Scan MBR ==================================
20:34:58.0437 0x0b28  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:34:58.0656 0x0b28  \Device\Harddisk0\DR0 - ok
20:34:58.0656 0x0b28  ================ Scan VBR ==================================
20:34:58.0656 0x0b28  [ 87E455D58665896704370B32631F2423 ] \Device\Harddisk0\DR0\Partition1
20:34:58.0687 0x0b28  \Device\Harddisk0\DR0\Partition1 - ok
20:34:58.0687 0x0b28  [ 3EFAEDF241C3AEC3901F8193038BCBBF ] \Device\Harddisk0\DR0\Partition2
20:34:58.0718 0x0b28  \Device\Harddisk0\DR0\Partition2 - ok
20:34:58.0734 0x0b28  [ 584B23E15B1CDDCD1088D7310968B45E ] \Device\Harddisk0\DR0\Partition3
20:34:58.0734 0x0b28  \Device\Harddisk0\DR0\Partition3 - ok
20:34:58.0734 0x0b28  ================ Scan generic autorun ======================
20:34:58.0906 0x0b28  [ 9DADF1A809ECEC86F04BDE35190D59FE, 40F73651E4A8C166C7B782CC62C940329C7D5D75014C50D8097E55303E1527F3 ] C:\Program Files\AVG\AVG2013\avgui.exe
20:34:59.0078 0x0b28  AVG_UI - ok
20:34:59.0750 0x0b28  [ 529ABF7BC07F5688EF22B8F7FE2C76BF, 7EEBCFE1F77F80600073D7812AEB7AB9C66C0E2A042C4F5F3812C91704F7A12E ] C:\WINDOWS\RTHDCPL.EXE
20:35:00.0718 0x0b28  RTHDCPL - ok
20:35:00.0812 0x0b28  [ D6BF37038F111B879051529146045816, 044D404BC54DAE03052B55E5DB314E25B8770FE8A37BA8494AB07AC377EBA975 ] C:\WINDOWS\system32\igfxtray.exe
20:35:00.0828 0x0b28  IgfxTray - detected UnsignedFile.Multi.Generic ( 1 )
20:35:00.0828 0x0b28  IgfxTray ( UnsignedFile.Multi.Generic ) - warning
20:35:00.0875 0x0b28  [ B7D6EA9AE61C32A90EC49D97F4B81CB4, 27EABD83B882A9F7C935A8A9987D3266056E41FE21A48B7575656A8F4EDE99E2 ] C:\WINDOWS\system32\hkcmd.exe
20:35:00.0875 0x0b28  HotKeysCmds - detected UnsignedFile.Multi.Generic ( 1 )
20:35:00.0875 0x0b28  HotKeysCmds ( UnsignedFile.Multi.Generic ) - warning
20:35:00.0875 0x0b28  Force sending object to P2P due to detect: C:\WINDOWS\system32\hkcmd.exe
20:35:00.0890 0x0b28  Object send P2P result: false
20:35:00.0906 0x0b28  [ A11B776230D5AD3650D4A7CCCB59D185, F0595B46F9C7ADA08FB19855B930E21E326C4C4839351B47A5404C778778403D ] C:\WINDOWS\system32\igfxpers.exe
20:35:00.0921 0x0b28  Persistence - detected UnsignedFile.Multi.Generic ( 1 )
20:35:00.0921 0x0b28  Persistence ( UnsignedFile.Multi.Generic ) - warning
20:35:01.0031 0x0b28  AV detected via SS1: AVG AntiVirus Free Edition 2013, 2013.0, enabled, outofdate
20:35:01.0046 0x0b28  Win FW state via NFM: disabled
20:35:01.0046 0x0b28  ============================================================
20:35:01.0046 0x0b28  Scan finished
20:35:01.0046 0x0b28  ============================================================
20:35:01.0046 0x0278  Detected object count: 194
20:35:01.0046 0x0278  Actual detected object count: 194
20:36:02.0015 0x0278  ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0015 0x0278  ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0015 0x0278  ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0015 0x0278  ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0015 0x0278  aec ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0015 0x0278  aec ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0015 0x0278  AFD ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0015 0x0278  AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0015 0x0278  Alerter ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0015 0x0278  Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0015 0x0278  ALG ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0015 0x0278  ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0031 0x0278  AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0031 0x0278  AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0031 0x0278  AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0031 0x0278  AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0031 0x0278  atapi ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0031 0x0278  atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0031 0x0278  Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0031 0x0278  Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0031 0x0278  AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0031 0x0278  AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0031 0x0278  audstub ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0031 0x0278  audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0031 0x0278  BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0031 0x0278  BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0031 0x0278  Beep ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0031 0x0278  Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0031 0x0278  BITS ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0031 0x0278  BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0046 0x0278  Browser ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0046 0x0278  Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0046 0x0278  cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0046 0x0278  cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0046 0x0278  CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0046 0x0278  CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0046 0x0278  Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0046 0x0278  Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0046 0x0278  Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0046 0x0278  Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0046 0x0278  Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0046 0x0278  Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0046 0x0278  CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0046 0x0278  CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0046 0x0278  ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0046 0x0278  ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0062 0x0278  CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0062 0x0278  CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0062 0x0278  Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0062 0x0278  Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0062 0x0278  Disk ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0062 0x0278  Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0062 0x0278  dmboot ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0062 0x0278  dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0062 0x0278  dmio ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0062 0x0278  dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0062 0x0278  dmload ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0062 0x0278  dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0062 0x0278  dmserver ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0062 0x0278  dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0062 0x0278  DMusic ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0062 0x0278  DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0062 0x0278  Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0062 0x0278  Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0078 0x0278  drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0078 0x0278  drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0078 0x0278  ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0078 0x0278  ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0078 0x0278  Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0078 0x0278  Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0078 0x0278  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0078 0x0278  FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0078 0x0278  Fdc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0078 0x0278  Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0078 0x0278  Fips ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0078 0x0278  Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0078 0x0278  Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0078 0x0278  Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0078 0x0278  FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0078 0x0278  FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0093 0x0278  Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0093 0x0278  Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0093 0x0278  Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0093 0x0278  Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0093 0x0278  Gpc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0093 0x0278  Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0093 0x0278  HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0093 0x0278  HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0093 0x0278  helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0093 0x0278  helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0093 0x0278  hidusb ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0093 0x0278  hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0093 0x0278  hshld ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0093 0x0278  hshld ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0093 0x0278  HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0093 0x0278  HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0093 0x0278  i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0093 0x0278  i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0109 0x0278  ICAM3NT5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0109 0x0278  ICAM3NT5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0109 0x0278  Imapi ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0109 0x0278  Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0109 0x0278  ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0109 0x0278  ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0109 0x0278  intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0109 0x0278  intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0109 0x0278  Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0109 0x0278  Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0109 0x0278  IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0109 0x0278  IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0109 0x0278  IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0109 0x0278  IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0109 0x0278  IpNat ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0109 0x0278  IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0109 0x0278  IPSec ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0109 0x0278  IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0125 0x0278  IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0125 0x0278  IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0125 0x0278  isapnp ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0125 0x0278  isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0125 0x0278  Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0125 0x0278  Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0125 0x0278  kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0125 0x0278  kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0125 0x0278  KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0125 0x0278  KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0125 0x0278  LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0125 0x0278  LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0125 0x0278  Messenger ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0125 0x0278  Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0125 0x0278  mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0125 0x0278  mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0140 0x0278  mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0140 0x0278  mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0140 0x0278  Modem ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0140 0x0278  Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0140 0x0278  Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0140 0x0278  Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0140 0x0278  mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0140 0x0278  mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0140 0x0278  MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0140 0x0278  MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0140 0x0278  MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0140 0x0278  MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0140 0x0278  Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0140 0x0278  Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0140 0x0278  MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0140 0x0278  MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0140 0x0278  MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0140 0x0278  MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0156 0x0278  MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0156 0x0278  MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0156 0x0278  mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0156 0x0278  mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0156 0x0278  MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0156 0x0278  MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0156 0x0278  Mup ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0156 0x0278  Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0156 0x0278  NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0156 0x0278  NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0156 0x0278  NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0156 0x0278  NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0156 0x0278  NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0156 0x0278  NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0156 0x0278  NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0156 0x0278  NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0171 0x0278  Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0171 0x0278  Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0171 0x0278  NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0171 0x0278  NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0171 0x0278  NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0171 0x0278  NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0171 0x0278  NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0171 0x0278  NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0171 0x0278  NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0171 0x0278  NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0171 0x0278  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0171 0x0278  NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0171 0x0278  Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0171 0x0278  Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0171 0x0278  Netman ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0171 0x0278  Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0171 0x0278  Nla ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0171 0x0278  Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0187 0x0278  Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0187 0x0278  Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0187 0x0278  NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0187 0x0278  NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0187 0x0278  Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0187 0x0278  Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0187 0x0278  NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0187 0x0278  NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0187 0x0278  NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0187 0x0278  NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0187 0x0278  Null ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0187 0x0278  Null ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0187 0x0278  NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0187 0x0278  NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0187 0x0278  NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0187 0x0278  NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0203 0x0278  Parport ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0203 0x0278  Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0203 0x0278  PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0203 0x0278  PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0203 0x0278  ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0203 0x0278  ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0203 0x0278  PCI ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0203 0x0278  PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0203 0x0278  PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0203 0x0278  PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0203 0x0278  Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0203 0x0278  Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0203 0x0278  PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0203 0x0278  PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0203 0x0278  PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0203 0x0278  PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0203 0x0278  ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0203 0x0278  ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0218 0x0278  PSched ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0218 0x0278  PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0218 0x0278  Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0218 0x0278  Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0218 0x0278  RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0218 0x0278  RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0218 0x0278  RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0218 0x0278  RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0218 0x0278  Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0218 0x0278  Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0218 0x0278  RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0218 0x0278  RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0218 0x0278  RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0218 0x0278  RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0218 0x0278  Raspti ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0218 0x0278  Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0218 0x0278  Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0218 0x0278  Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0234 0x0278  RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0234 0x0278  RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0234 0x0278  rdpdr ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0234 0x0278  rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0234 0x0278  RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0234 0x0278  RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0234 0x0278  RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0234 0x0278  RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0234 0x0278  redbook ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0234 0x0278  redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0234 0x0278  RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0234 0x0278  RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0234 0x0278  RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0234 0x0278  RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0234 0x0278  RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0234 0x0278  RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0250 0x0278  RSVP ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0250 0x0278  RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0250 0x0278  rtl8029 ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0250 0x0278  rtl8029 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0250 0x0278  RTLVLAN ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0250 0x0278  RTLVLAN ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0250 0x0278  RTLVLANMP ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0250 0x0278  RTLVLANMP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0250 0x0278  RtNdPt5x ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0250 0x0278  RtNdPt5x ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0250 0x0278  SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0250 0x0278  SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0250 0x0278  SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0250 0x0278  SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0250 0x0278  Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0250 0x0278  Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0265 0x0278  Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0265 0x0278  Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0265 0x0278  seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0265 0x0278  seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0265 0x0278  SENS ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0265 0x0278  SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0265 0x0278  serenum ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0265 0x0278  serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0265 0x0278  Serial ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0265 0x0278  Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0265 0x0278  Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0265 0x0278  Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0265 0x0278  SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0265 0x0278  SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0265 0x0278  ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0265 0x0278  ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0265 0x0278  SLIP ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0265 0x0278  SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0281 0x0278  splitter ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0281 0x0278  splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0281 0x0278  Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0281 0x0278  Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0281 0x0278  sr ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0281 0x0278  sr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0281 0x0278  srservice ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0281 0x0278  srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0281 0x0278  Srv ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0281 0x0278  Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0281 0x0278  SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0281 0x0278  SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0281 0x0278  stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0281 0x0278  stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0281 0x0278  streamip ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0281 0x0278  streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0281 0x0278  swenum ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0281 0x0278  swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0296 0x0278  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0296 0x0278  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0296 0x0278  swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0296 0x0278  swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0296 0x0278  sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0296 0x0278  sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0296 0x0278  SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0296 0x0278  SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0296 0x0278  TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0296 0x0278  TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0296 0x0278  Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0296 0x0278  Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0296 0x0278  TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0296 0x0278  TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0296 0x0278  TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0296 0x0278  TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0312 0x0278  TermDD ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0312 0x0278  TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0312 0x0278  TermService ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0312 0x0278  TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0312 0x0278  Themes ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0312 0x0278  Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0312 0x0278  TlntSvr ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0312 0x0278  TlntSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0312 0x0278  TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0312 0x0278  TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0312 0x0278  Udfs ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0312 0x0278  Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0312 0x0278  Update ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0312 0x0278  Update ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0312 0x0278  upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0312 0x0278  upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0312 0x0278  UPS ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0312 0x0278  UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0328 0x0278  usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0328 0x0278  usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0328 0x0278  usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0328 0x0278  usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0328 0x0278  usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0328 0x0278  usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0328 0x0278  usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0328 0x0278  usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0328 0x0278  usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0328 0x0278  usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0328 0x0278  USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0328 0x0278  USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0328 0x0278  usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0328 0x0278  usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0328 0x0278  VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0328 0x0278  VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0343 0x0278  VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0343 0x0278  VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0343 0x0278  VSS ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0343 0x0278  VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0343 0x0278  W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0343 0x0278  W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0343 0x0278  Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0343 0x0278  Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0343 0x0278  wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0343 0x0278  wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0343 0x0278  WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0343 0x0278  WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0343 0x0278  winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0343 0x0278  winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0343 0x0278  WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0343 0x0278  WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0343 0x0278  WS2IFSL ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0343 0x0278  WS2IFSL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0359 0x0278  wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0359 0x0278  wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0359 0x0278  WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0359 0x0278  WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0359 0x0278  wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0359 0x0278  wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0359 0x0278  WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0359 0x0278  WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0359 0x0278  xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0359 0x0278  xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0359 0x0278  IgfxTray ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0359 0x0278  IgfxTray ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0359 0x0278  HotKeysCmds ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0359 0x0278  HotKeysCmds ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:36:02.0359 0x0278  Persistence ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:02.0359 0x0278  Persistence ( UnsignedFile.Multi.Generic ) - User select action: Skip



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 23 April 2015 - 07:42 AM

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 jamjamnewbie

jamjamnewbie
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 23 April 2015 - 08:14 AM

I can't open ComboFix

!! ALERT !! It is NOT SAFE to continue!

 

The contents of the ComboFix package has been compromised.

Please download a fresh copy from:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Note: You may be infected with a file patching virus "Virut"

 

I tried downloading 2 times from the link you give me and 1 time from the link the error mentioned. No luck


# AdwCleaner v4.201 - Logfile created 23/04/2015 at 20:53:17
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : admin - 079AF83A2B1B4CC
# Running from : C:\Documents and Settings\admin\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : hshld

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\BitGuard
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\SoftSafe
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\StarApp
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Start Menu\YourFileDownloader
Folder Deleted : C:\Program Files\Movies App
Folder Deleted : C:\Program Files\Movies Toolbar
Folder Deleted : C:\WINDOWS\system32\BitGuard
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\admin\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\admin\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\admin\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\admin\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\admin\Application Data\goforfiles
Folder Deleted : C:\Documents and Settings\admin\Application Data\Movies Toolbar
Folder Deleted : C:\Documents and Settings\admin\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\admin\Application Data\SeeSimilar02
Folder Deleted : C:\Documents and Settings\admin\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\admin\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\admin\Application Data\YourFileDownloader
Folder Deleted : C:\Documents and Settings\admin\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Documents and Settings\admin\Start Menu\Programs\OnlineHD.TV
Folder Deleted : C:\Documents and Settings\admin\My Documents\Mobogenie
Folder Deleted : C:\Documents and Settings\alex\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\alex\Local Settings\Application Data\iLivid
Folder Deleted : C:\Documents and Settings\alex\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\alex\Application Data\ExpressFiles
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\admin\daemonprocess.txt
File Deleted : C:\Documents and Settings\admin\My Documents\Facebook.lnk
File Deleted : C:\Documents and Settings\admin\My Documents\Youtube.lnk
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1srccfym.default\invalidprefs.js
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1srccfym.default\searchplugins\Ask.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1srccfym.default\searchplugins\bingp.xml
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1srccfym.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : update-sys
Task Deleted : update-S-1-5-21-1606980848-1123561945-725345543-1003

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKCU\Software\582dadeb26ee813
Key Deleted : HKLM\SOFTWARE\582dadeb26ee813
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\UpToDown
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Cheat Engine\OpenCandy
Key Deleted : HKLM\SOFTWARE\dlQUE
Key Deleted : HKLM\SOFTWARE\ExpressFiles
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKU\.DEFAULT\Software\ExpressFiles
Key Deleted : HKU\.DEFAULT\Software\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe

***** [ Web browsers ] *****

-\\ Internet Explorer v6.0.2900.2180


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[1srccfym.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=86D1FDEA-F924-4FC1-86B5-58C98C50D070&n=781ac834&p2=^ZO^xdm017^YYA^ph&si=produtools");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=362&systemid=406&v=a14976-344&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5585999717984525&o=APN10645&q=");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.BUTTON_STRUCTURE", "[{\"b\":221352991,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221352992,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.search.defaultenginename.prev", "Ask.com");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.search.defaultenginename.savedPrev", "true");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.search.defaultenginename.tb", "Ask Web Search");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.search.selectedEngine.prev", "Ask.com");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.search.selectedEngine.savedPrev", "true");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.search.selectedEngine.tb", "Ask Web Search");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.homepage.prev", "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-362&v=a14976-344&t=4");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.homepage.savedPrev", "true");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=86D1FDEA-F924-4FC1-86B5-58C98C50D070&n=781ac834&p2=^ZO^xdm017^YYA^ph&si=produt[...]
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.page.savedPrev", 1);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.page.tb", 1);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.browser.version.last", "37.0");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.firstKnownVersion", "6.85.5.65368");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=86D1FDEA-F924-4FC1-86B5-58C98C50D070&n=781ac834&p2=^ZO^xdm017^YYA^ph&si=produtools");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.hp.enabled", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.hp.guardType", "HPR");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.hp.user.defined", false);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installKeysSource", "LocalStorage");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installType", "XPI");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2015021108");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm017^YYA^ph");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "produtools");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.pixelUrl", "hxxp://www.utilitychest.com/install_pixels.jhtml?partner=^ZO^xdm017^YYA^ph&sub_id=produtools&coId=cc47ce3132ab4a499ed4bd00b[...]
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "86D1FDEA-F924-4FC1-86B5-58C98C50D070");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.isCompliantUninstallImplementation", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1429411798033");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastKnownVersion", "6.85.5.65368");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.partnerPixelFired", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.searchHistory", "photoshop for freepinay sex scandal philippinescandy crush level 29translate spanish to english");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.successUrl", "hxxp://produtools.com/thankyou_utility.php");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.toolbar.versionChanged", false);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.toolbarCollapsed", false);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "10001");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "utilitychest@mindspark.com");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
[1srccfym.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=86D1FDEA-F924-4FC1-86B5-58C98C50D070&n=781ac834&ind=2015021108&p2=^ZO^xdm017^YYA^ph&si=produtools&searchfor=");

-\\ Google Chrome v42.0.2311.90

[C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [16673 bytes] - [23/04/2015 20:50:42]
AdwCleaner[S0].txt - [17378 bytes] - [23/04/2015 20:53:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17438  bytes] ##########
 



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 23 April 2015 - 10:16 AM

Hi there,

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 jamjamnewbie

jamjamnewbie
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 23 April 2015 - 06:29 PM

Hmm... weird..

I open FRST, it says "New update found. Please wait" and sometime later "Update completed. FRST is ready to use." Then FRST closes and opens again and it says "New update found. Please wait" and the cycle begins over and over again.

 

It worked well last time, something happened in my PC?



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 24 April 2015 - 02:12 AM

Delete the FRST.exe and download a new one please. Then try again.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 jamjamnewbie

jamjamnewbie
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 24 April 2015 - 03:59 AM

No luck,

I tried

Delete->Reboot->Rkill->Open Firefox->Download FRST->Open FRST

Same thing happens



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 24 April 2015 - 04:06 AM

Ok. Could you please upload FRST.exe or even the combofix.exe to www.virustotal.com and post the link with the results here?
Online only with my mobile phone...
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 jamjamnewbie

jamjamnewbie
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 PM

Posted 24 April 2015 - 04:20 AM

I've downloaded fresh copies and uploaded to virustotal.com

--------

FRST

https://www.virustotal.com/en/file/6b829accc8cabe9be83c9b03f6393c2b023de5bc8c1a5b757758d119f080dcda/analysis/1429866808/

--------

ComboFix

https://www.virustotal.com/en/file/0c7a90c508d177182f470054c92365b4775578bb3c19cb34908eba468aa0e79a/analysis/1429867098/

--------



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:02 AM

Posted 24 April 2015 - 10:28 AM

Hi, bad news. Your Computer is infected with Virut.

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).
 
 
Please read this:
http://www.bleepingcomputer.com/forums/t/321764/error-installing-combofix/?p=1788899


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users