Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Olmarik tdl4 virus [Closed]


  • This topic is locked This topic is locked

#16
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/08/16 19:04:58 | 000,000,064 | ---- | C] () -- C:\ProgramData\-zdmX2eccuHK487r
    [2012/08/16 19:04:58 | 000,000,064 | ---- | C] () -- C:\ProgramData\-zdmX2eccuHK487
    
    :Files
    ipconfig /flushdns /c
    ipconfig /release /c
    ipconfig /renew /c
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces


Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

Advertisements


#17
Rigeldog

Rigeldog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
A Mazda commercial just played randomly. :(


OTL LOG

OTL logfile created on: 8/17/2012 1:39:02 PM - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\ballm\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.89% Memory free
3.72 Gb Paging File | 2.45 Gb Available in Paging File | 65.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.98 Gb Total Space | 98.60 Gb Free Space | 33.09% Space Free | Partition Type: NTFS

Computer Name: HILLTOPBALL | User Name: ballm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 01:24:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ballm\Desktop\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\ballm\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/25 09:00:06 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/17 05:48:42 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/03/17 05:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe
PRC - [2010/01/28 14:02:40 | 001,867,464 | ---- | M] (Blockbuster) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
PRC - [2010/01/22 15:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010/01/12 10:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/04 13:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 13:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/03/27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe
PRC - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe


========== Modules (No Company Name) ==========

MOD - [2008/05/16 07:18:58 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/05/16 07:18:58 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/16 23:09:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/11/09 21:42:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/17 05:48:42 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe -- (STacSV)
SRV - [2010/02/18 15:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/28 14:02:40 | 001,867,464 | ---- | M] (Blockbuster) [Auto | Running] -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe -- (Movielink Core Service)
SRV - [2010/01/22 15:28:48 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/12 10:25:26 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/11/16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/11/04 13:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 13:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/21 18:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\efavdrv.sys -- (efavdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ballm\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/17 00:46:04 | 000,023,528 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OlmarikFixer.sys -- (OlmarikFixer)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/16 16:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 16:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/03/17 05:48:42 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/10 17:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 07:36:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/12/18 16:02:26 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/11/16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/11/11 15:11:00 | 000,181,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/22 03:45:12 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/13 11:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/04/21 23:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/05/16 07:10:32 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 07:10:30 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 8C 17 48 55 80 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {D6E72E2D-DA94-44CE-B07D-C2E3EE673DCB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D6E72E2D-DA94-44CE-B07D-C2E3EE673DCB}: "URL" = http://www.google.co...1I7GGLS_enUS405
IE - HKCU\..\SearchScopes\{F4A15AE2-0389-4A65-A198-EB34A621FA09}: "URL" = http://websearch.ask...7-87FC3BE65071
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/11/09 16:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/08/16 22:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/08/16 22:56:57 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/17 10:47:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\ballm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ballm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: esped.com ([cambridge] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ARGYLEISD.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C722DFA-092E-423C-A27C-940E15B9E9FE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 13:29:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/17 11:08:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/17 11:07:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/17 11:07:57 | 000,000,000 | ---D | C] -- C:\Users\ballm\AppData\Local\temp
[2012/08/17 09:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/17 09:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/17 09:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/17 09:55:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/17 09:14:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/17 09:12:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/17 09:08:59 | 004,733,000 | R--- | C] (Swearware) -- C:\Users\ballm\Desktop\ComboFix.exe
[2012/08/17 09:00:15 | 000,000,000 | ---D | C] -- C:\Users\ballm\AppData\Roaming\Malwarebytes
[2012/08/17 08:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/17 08:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/17 08:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/17 08:15:36 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ballm\Desktop\tdsskiller.exe
[2012/08/17 01:24:32 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\ballm\Desktop\OTL.exe
[2012/08/17 00:46:04 | 000,023,528 | ---- | C] (ESET) -- C:\Windows\System32\drivers\OlmarikFixer.sys
[2012/08/16 19:04:57 | 000,000,000 | ---D | C] -- C:\Users\ballm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery

========== Files - Modified Within 30 Days ==========

[2012/08/17 13:39:30 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 13:39:30 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 13:33:15 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 13:32:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 13:32:04 | 1496,915,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/17 13:20:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 13:09:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 10:47:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/17 09:15:01 | 004,733,000 | R--- | M] (Swearware) -- C:\Users\ballm\Desktop\ComboFix.exe
[2012/08/17 08:59:59 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/17 08:15:36 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ballm\Desktop\tdsskiller.exe
[2012/08/17 01:24:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ballm\Desktop\OTL.exe
[2012/08/17 00:46:04 | 000,023,528 | ---- | M] (ESET) -- C:\Windows\System32\drivers\OlmarikFixer.sys
[2012/08/17 00:10:21 | 000,460,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/06 20:39:06 | 000,639,534 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/06 20:39:06 | 000,111,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/08/17 09:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/17 09:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/17 09:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/17 09:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/17 09:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/17 08:59:59 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 14:05:07 | 000,213,928 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/14 23:07:32 | 000,001,065 | ---- | C] () -- C:\Program Files\Documents - Shortcut.lnk
[2011/06/08 15:51:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/22 22:26:06 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/22 22:26:06 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/22 17:37:15 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2011/01/14 13:31:11 | 000,013,777 | ---- | C] () -- C:\Windows\Swiss8.ini
[2010/12/29 23:33:28 | 000,000,013 | ---- | C] () -- C:\Users\ballm\cvdm.err
[2010/09/01 20:41:11 | 000,018,964 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== LOP Check ==========

[2012/08/16 22:57:36 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\Audacity
[2011/07/10 13:32:55 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\Avery
[2012/08/16 22:48:56 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\DigitalPersona
[2012/08/17 13:36:32 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\Dropbox
[2012/06/14 17:41:04 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\EAC
[2011/07/06 15:22:12 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\Food for Thought Software
[2012/08/16 22:48:57 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\GARMIN
[2012/08/16 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\Spotify
[2012/01/23 17:10:19 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\Template
[2012/08/16 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\ballm\AppData\Roaming\XNote Stopwatch
[2012/01/20 13:56:00 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




MBAM LOG

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
ballm :: HILLTOPBALL [administrator]

Protection: Disabled

8/17/2012 1:51:18 PM
mbam-log-2012-08-17 (13-51-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253341
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#18
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
please perform a full scan with Eset and let me know of the results
  • 0

#19
Rigeldog

Rigeldog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ESET Log

Scan Log
Version of virus signature database: 7162 (20120523)
Date: 8/17/2012 Time: 2:08:53 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Personal Documents\Chess\Software\SetupAnyDVD6484.exe » NSIS - archive damaged
C:\Personal Documents\Church\Godly Play\Children's Chapel.eml » MIME - is OK (internal scanning not performed)
C:\Personal Documents\Church\Men's Retreat Committee\2007\Jesse Truvillion - Preston Hollow.mht » MIME - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Chess\Software\SetupAnyDVD6484.exe » NSIS - archive damaged
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Amy.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\At-Risk.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Calendar.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Church.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Confirmation.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Fantasy Hockey.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Golden Kennels.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Jason.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Journal.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Monkey.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\NHL 2001.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Save.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\School.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Mike's Mail\Sent Items.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Amy.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\At-Risk.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Calendar.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Charter Account.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Church.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Confirmation.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Deleted Items.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Fantasy Hockey.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Golden Kennels.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Jason.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Journal.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\[email protected] » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Monkey.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\NHL 2001.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Save.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\School.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\Sent Items.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Outlook Express\SPAM.dbx » DBX - is OK (internal scanning not performed)
C:\Personal Documents\OFFICE\Personal Documents\Recipes\Grandma's Salsa.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Hewlett-Packard\Face Recognition for HP ProtectTools\Open Source Code\openssl-0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/des/times/aix.cc » MIME - is OK (internal scanning not performed)
C:\Program Files\Hewlett-Packard\Face Recognition for HP ProtectTools\Open Source Code\openssl-0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/dh/example » MBOX - is OK (internal scanning not performed)
C:\Program Files\Hewlett-Packard\Face Recognition for HP ProtectTools\Open Source Code\openssl-0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/dh/generate » MIME - is OK (internal scanning not performed)
C:\Program Files\Hewlett-Packard\Face Recognition for HP ProtectTools\Open Source Code\openssl-0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/pkcs7/t/nav-smime » MBOX - is OK (internal scanning not performed)
C:\Program Files\Spotify\spotify.exe » ZIP » - archive damaged
C:\ProgramData\Pure Networks\Platform\1033\News\nm\nmpwspacemap350be.mht » MIME - is OK (internal scanning not performed)
C:\ProgramData\Pure Networks\Platform\1033\News\nm\nmpwspacenews34587.mht » MIME - is OK (internal scanning not performed)
C:\ProgramData\Pure Networks\Platform\1033\News\nm\nmpwspacerepairfailed4d9da.mht » MIME - is OK (internal scanning not performed)
C:\ProgramData\Pure Networks\Platform\1033\News\nm\nmpwspacetrial2fc6d8.mht » MIME - is OK (internal scanning not performed)
C:\System Volume Information\{368b53c7-d4f5-11e1-8e65-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{368b54f6-d4f5-11e1-8e65-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{368b553a-d4f5-11e1-8e65-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{76b238b1-e818-11e1-8783-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b84edda4-e830-11e1-8623-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b84eddea-e830-11e1-8623-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b84ede28-e830-11e1-8623-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{b84ede2d-e830-11e1-8623-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{bcb25d7d-e827-11e1-92d0-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{e8314a1a-e81f-11e1-a328-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f2f2db8b-e82d-11e1-a9f5-d48564eb64a0}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Users\All Users\Pure Networks\Platform\1033\News\nm\nmpwspacemap350be.mht » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Pure Networks\Platform\1033\News\nm\nmpwspacenews34587.mht » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Pure Networks\Platform\1033\News\nm\nmpwspacerepairfailed4d9da.mht » MIME - is OK (internal scanning not performed)
C:\Users\All Users\Pure Networks\Platform\1033\News\nm\nmpwspacetrial2fc6d8.mht » MIME - is OK (internal scanning not performed)
C:\Users\ballm\AppData\Local\Downloaded Installations\{B2DA3E11-4F87-4A79-876F-DA3059EB52DD}\Face Recognition for HP ProtectTools.msi » MSI » Data1.cab » CAB » openssl_0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/des/times/aix.cc » MIME - is OK (internal scanning not performed)
C:\Users\ballm\AppData\Local\Downloaded Installations\{B2DA3E11-4F87-4A79-876F-DA3059EB52DD}\Face Recognition for HP ProtectTools.msi » MSI » Data1.cab » CAB » openssl_0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/dh/example » MBOX - is OK (internal scanning not performed)
C:\Users\ballm\AppData\Local\Downloaded Installations\{B2DA3E11-4F87-4A79-876F-DA3059EB52DD}\Face Recognition for HP ProtectTools.msi » MSI » Data1.cab » CAB » openssl_0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/dh/generate » MIME - is OK (internal scanning not performed)
C:\Users\ballm\AppData\Local\Downloaded Installations\{B2DA3E11-4F87-4A79-876F-DA3059EB52DD}\Face Recognition for HP ProtectTools.msi » MSI » Data1.cab » CAB » openssl_0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/pkcs7/t/nav-smime » MBOX - is OK (internal scanning not performed)
C:\Users\ballm\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\6DA62FFF-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Users\ballm\AppData\LocalLow\Google\GoogleEarth\webdata\f_000256 » ZIP » zh-CN.kml - archive damaged
C:\Users\ballm\AppData\LocalLow\Google\GoogleEarth\webdata\f_00045b » ZIP » - archive damaged
C:\Users\ballm\AppData\LocalLow\Google\GoogleEarth\webdata\f_0004a2 » ZIP » sk.kml - archive damaged
C:\Users\ballm\AppData\Roaming\Avery\Avery Assistant\4.0\0welcome.mht » MIME - is OK (internal scanning not performed)
C:\Users\ballm\AppData\Roaming\Avery\Avery Assistant\4.0\1welcome.mht » MIME - is OK (internal scanning not performed)
C:\Users\ballm\Dropbox\Chess\Software\SetupAnyDVD6484.exe » NSIS - archive damaged
C:\Users\ballm\Dropbox\Church\Godly Play\Children's Chapel.eml » MIME - is OK (internal scanning not performed)
C:\Users\ballm\Dropbox\Church\Men's Retreat Committee\2007\Jesse Truvillion - Preston Hollow.mht » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\9d16c.msi » MSI » Data1.cab » CAB » openssl_0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/des/times/aix.cc » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\9d16c.msi » MSI » Data1.cab » CAB » openssl_0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/dh/example » MBOX - is OK (internal scanning not performed)
C:\Windows\Installer\9d16c.msi » MSI » Data1.cab » CAB » openssl_0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/dh/generate » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\9d16c.msi » MSI » Data1.cab » CAB » openssl_0.9.8g.zip » ZIP » openssl-0.9.8g/crypto/pkcs7/t/nav-smime » MBOX - is OK (internal scanning not performed)
Number of scanned objects: 673474
Number of threats found: 1
Number of cleaned objects: 0
Time of completion: 3:35:41 PM Total scanning time: 5208 sec (01:26:48)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
  • 0

#20
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

delete your current copy of TDSSKiller and download a new one, do the following instructions in safe mode after downloading a new copy

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#21
Rigeldog

Rigeldog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Unfortunately, it still won't launch.
  • 0

#22
Rigeldog

Rigeldog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I did a little searching, and I am pleased to report that I found a "undetectable" version of tdsskiller that was able to run. It detected the problem, but it was not able to cure it. It did generate a log which can be found below. I hope that this helps.


02:56:22.0224 0876 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
02:56:28.0573 0876 ============================================================
02:56:28.0573 0876 Current date / time: 2012/08/18 02:56:28.0573
02:56:28.0573 0876 SystemInfo:
02:56:28.0573 0876
02:56:28.0573 0876 OS Version: 6.1.7601 ServicePack: 1.0
02:56:28.0573 0876 Product type: Workstation
02:56:28.0573 0876 ComputerName: HILLTOPBALL
02:56:28.0573 0876 UserName: ballm
02:56:28.0573 0876 Windows directory: C:\Windows
02:56:28.0573 0876 System windows directory: C:\Windows
02:56:28.0573 0876 Processor architecture: Intel x86
02:56:28.0573 0876 Number of processors: 2
02:56:28.0573 0876 Page size: 0x1000
02:56:28.0573 0876 Boot type: Normal boot
02:56:28.0573 0876 ============================================================
02:56:30.0539 0876 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:56:30.0539 0876 ============================================================
02:56:30.0539 0876 \Device\Harddisk0\DR0:
02:56:30.0539 0876 MBR partitions:
02:56:30.0539 0876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:56:30.0539 0876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253F4AB0
02:56:30.0539 0876 ============================================================
02:56:30.0570 0876 C: <-> \Device\Harddisk0\DR0\Partition1
02:56:30.0570 0876 ============================================================
02:56:30.0570 0876 Initialize success
02:56:30.0570 0876 ============================================================
02:57:05.0998 2816 ============================================================
02:57:05.0998 2816 Scan started
02:57:05.0998 2816 Mode: Manual; SigCheck; TDLFS;
02:57:05.0998 2816 ============================================================
02:57:07.0901 2816 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
02:57:08.0135 2816 1394ohci - ok
02:57:08.0244 2816 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
02:57:08.0307 2816 Accelerometer - ok
02:57:08.0385 2816 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
02:57:08.0416 2816 ACPI - ok
02:57:08.0432 2816 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
02:57:08.0541 2816 AcpiPmi - ok
02:57:08.0697 2816 AdobeARMservice (d19c4ee2ac7c47b8f5f84fff1a789d8a) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:57:08.0697 2816 AdobeARMservice - ok
02:57:09.0290 2816 AdobeFlashPlayerUpdateSvc (a9d3b95e8466bd58eeb8a1154654e162) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:57:09.0399 2816 AdobeFlashPlayerUpdateSvc - ok
02:57:09.0914 2816 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
02:57:10.0132 2816 adp94xx - ok
02:57:10.0304 2816 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
02:57:10.0350 2816 adpahci - ok
02:57:10.0444 2816 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
02:57:10.0491 2816 adpu320 - ok
02:57:10.0522 2816 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
02:57:10.0584 2816 AeLookupSvc - ok
02:57:10.0631 2816 AESTAud (822d53766d57c90c437536232ece9023) C:\Windows\system32\drivers\AESTAud.sys
02:57:10.0709 2816 AESTAud - ok
02:57:10.0850 2816 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe
02:57:10.0928 2816 AESTFilters - ok
02:57:11.0006 2816 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
02:57:11.0084 2816 AFD - ok
02:57:11.0208 2816 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
02:57:11.0271 2816 AgereModemAudio - ok
02:57:11.0598 2816 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
02:57:11.0692 2816 AgereSoftModem - ok
02:57:11.0832 2816 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
02:57:11.0879 2816 agp440 - ok
02:57:11.0926 2816 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
02:57:11.0957 2816 aic78xx - ok
02:57:12.0098 2816 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
02:57:12.0191 2816 ALG - ok
02:57:12.0347 2816 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
02:57:12.0410 2816 aliide - ok
02:57:12.0472 2816 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
02:57:12.0519 2816 amdagp - ok
02:57:12.0550 2816 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
02:57:12.0581 2816 amdide - ok
02:57:12.0628 2816 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
02:57:12.0675 2816 AmdK8 - ok
02:57:12.0722 2816 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
02:57:12.0862 2816 AmdPPM - ok
02:57:12.0956 2816 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
02:57:12.0987 2816 amdsata - ok
02:57:13.0002 2816 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
02:57:13.0049 2816 amdsbs - ok
02:57:13.0127 2816 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
02:57:13.0190 2816 amdxata - ok
02:57:13.0314 2816 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
02:57:13.0486 2816 AppID - ok
02:57:13.0533 2816 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
02:57:13.0595 2816 AppIDSvc - ok
02:57:13.0642 2816 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
02:57:13.0720 2816 Appinfo - ok
02:57:13.0860 2816 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:57:13.0876 2816 Apple Mobile Device - ok
02:57:13.0985 2816 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
02:57:14.0063 2816 AppMgmt - ok
02:57:14.0110 2816 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
02:57:14.0141 2816 arc - ok
02:57:14.0235 2816 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
02:57:14.0282 2816 arcsas - ok
02:57:14.0313 2816 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
02:57:14.0406 2816 AsyncMac - ok
02:57:14.0469 2816 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
02:57:14.0500 2816 atapi - ok
02:57:14.0578 2816 athr (8a6f60baa4660bcfa1919e29e89acf89) C:\Windows\system32\DRIVERS\athr.sys
02:57:14.0734 2816 athr - ok
02:57:15.0311 2816 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:57:15.0389 2816 AudioEndpointBuilder - ok
02:57:15.0389 2816 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
02:57:15.0436 2816 Audiosrv - ok
02:57:15.0639 2816 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
02:57:16.0029 2816 AxInstSV - ok
02:57:16.0325 2816 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
02:57:16.0419 2816 b06bdrv - ok
02:57:16.0544 2816 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
02:57:16.0700 2816 b57nd60x - ok
02:57:17.0339 2816 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
02:57:17.0355 2816 BBSvc - ok
02:57:17.0714 2816 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
02:57:17.0776 2816 BBUpdate - ok
02:57:17.0885 2816 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
02:57:17.0963 2816 BDESVC - ok
02:57:17.0994 2816 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
02:57:18.0072 2816 Beep - ok
02:57:18.0244 2816 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
02:57:18.0353 2816 BFE - ok
02:57:18.0540 2816 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
02:57:18.0603 2816 BITS - ok
02:57:18.0728 2816 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
02:57:18.0852 2816 blbdrive - ok
02:57:19.0118 2816 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:57:19.0133 2816 Bonjour Service - ok
02:57:19.0320 2816 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
02:57:19.0367 2816 bowser - ok
02:57:19.0398 2816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:57:19.0461 2816 BrFiltLo - ok
02:57:19.0476 2816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:57:19.0539 2816 BrFiltUp - ok
02:57:19.0773 2816 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
02:57:19.0851 2816 Browser - ok
02:57:20.0241 2816 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
02:57:20.0366 2816 Brserid - ok
02:57:20.0506 2816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
02:57:20.0553 2816 BrSerWdm - ok
02:57:20.0568 2816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:57:20.0615 2816 BrUsbMdm - ok
02:57:20.0678 2816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
02:57:20.0818 2816 BrUsbSer - ok
02:57:20.0865 2816 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
02:57:20.0943 2816 BTHMODEM - ok
02:57:21.0005 2816 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
02:57:21.0068 2816 bthserv - ok
02:57:21.0177 2816 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
02:57:21.0348 2816 cdfs - ok
02:57:21.0489 2816 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
02:57:21.0598 2816 cdrom - ok
02:57:21.0738 2816 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:57:21.0816 2816 CertPropSvc - ok
02:57:21.0910 2816 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
02:57:21.0941 2816 circlass - ok
02:57:22.0082 2816 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
02:57:22.0113 2816 CLFS - ok
02:57:22.0271 2816 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:57:22.0286 2816 clr_optimization_v2.0.50727_32 - ok
02:57:22.0442 2816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:57:22.0458 2816 clr_optimization_v4.0.30319_32 - ok
02:57:22.0505 2816 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
02:57:22.0630 2816 CmBatt - ok
02:57:22.0708 2816 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
02:57:22.0739 2816 cmdide - ok
02:57:22.0973 2816 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
02:57:23.0004 2816 CNG - ok
02:57:23.0051 2816 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
02:57:23.0082 2816 Compbatt - ok
02:57:23.0129 2816 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
02:57:23.0191 2816 CompositeBus - ok
02:57:23.0238 2816 COMSysApp - ok
02:57:23.0269 2816 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
02:57:23.0316 2816 crcdisk - ok
02:57:23.0394 2816 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
02:57:23.0472 2816 CryptSvc - ok
02:57:23.0550 2816 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
02:57:23.0644 2816 CSC - ok
02:57:23.0706 2816 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
02:57:23.0831 2816 CscService - ok
02:57:23.0862 2816 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:57:23.0940 2816 DcomLaunch - ok
02:57:23.0987 2816 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
02:57:24.0065 2816 defragsvc - ok
02:57:24.0190 2816 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
02:57:24.0236 2816 DfsC - ok
02:57:24.0314 2816 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
02:57:24.0377 2816 Dhcp - ok
02:57:24.0408 2816 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
02:57:24.0470 2816 discache - ok
02:57:24.0502 2816 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
02:57:24.0533 2816 Disk - ok
02:57:24.0626 2816 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
02:57:24.0704 2816 Dnscache - ok
02:57:24.0814 2816 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
02:57:24.0892 2816 dot3svc - ok
02:57:25.0250 2816 DpHost (5544d66f9a0cff5429f7a750929407e9) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
02:57:25.0266 2816 DpHost - ok
02:57:25.0328 2816 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
02:57:25.0406 2816 DPS - ok
02:57:25.0453 2816 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
02:57:25.0516 2816 drmkaud - ok
02:57:25.0594 2816 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
02:57:25.0750 2816 DXGKrnl - ok
02:57:25.0812 2816 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\Windows\system32\DRIVERS\eamon.sys
02:57:25.0843 2816 eamon - ok
02:57:25.0906 2816 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
02:57:25.0968 2816 EapHost - ok
02:57:26.0389 2816 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
02:57:26.0639 2816 ebdrv - ok
02:57:26.0873 2816 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
02:57:26.0935 2816 EFS - ok
02:57:27.0029 2816 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\Windows\system32\DRIVERS\ehdrv.sys
02:57:27.0060 2816 ehdrv - ok
02:57:27.0247 2816 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
02:57:27.0294 2816 ehRecvr - ok
02:57:27.0325 2816 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
02:57:27.0419 2816 ehSched - ok
02:57:27.0606 2816 EhttpSrv (9329ba45c8b97485926a171e34c2abb8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
02:57:27.0622 2816 EhttpSrv - ok
02:57:27.0762 2816 ekrn (3543c6195d5ed4eda0316d3e1ba0e6ee) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
02:57:27.0778 2816 ekrn - ok
02:57:28.0027 2816 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
02:57:28.0105 2816 elxstor - ok
02:57:28.0199 2816 epfwwfpr (8700eadc8bdfa27d948fcc43ee0ae434) C:\Windows\system32\DRIVERS\epfwwfpr.sys
02:57:28.0230 2816 epfwwfpr - ok
02:57:28.0277 2816 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
02:57:28.0339 2816 ErrDev - ok
02:57:28.0402 2816 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
02:57:28.0464 2816 EventSystem - ok
02:57:28.0511 2816 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
02:57:28.0558 2816 exfat - ok
02:57:28.0589 2816 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
02:57:28.0682 2816 fastfat - ok
02:57:28.0948 2816 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
02:57:29.0010 2816 Fax - ok
02:57:29.0026 2816 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
02:57:29.0150 2816 fdc - ok
02:57:29.0197 2816 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
02:57:29.0260 2816 fdPHost - ok
02:57:29.0447 2816 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
02:57:29.0525 2816 FDResPub - ok
02:57:29.0556 2816 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
02:57:29.0587 2816 FileInfo - ok
02:57:29.0603 2816 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
02:57:29.0650 2816 Filetrace - ok
02:57:29.0665 2816 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
02:57:29.0790 2816 flpydisk - ok
02:57:29.0852 2816 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
02:57:29.0884 2816 FltMgr - ok
02:57:30.0024 2816 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
02:57:30.0102 2816 FontCache - ok
02:57:30.0196 2816 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:57:30.0211 2816 FontCache3.0.0.0 - ok
02:57:30.0227 2816 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
02:57:30.0258 2816 FsDepends - ok
02:57:30.0305 2816 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
02:57:30.0336 2816 Fs_Rec - ok
02:57:30.0430 2816 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
02:57:30.0445 2816 fvevol - ok
02:57:30.0492 2816 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:57:30.0523 2816 gagp30kx - ok
02:57:30.0601 2816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:57:30.0632 2816 GEARAspiWDM - ok
02:57:30.0695 2816 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
02:57:30.0773 2816 gpsvc - ok
02:57:30.0820 2816 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
02:57:30.0898 2816 grmnusb - ok
02:57:31.0163 2816 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:57:31.0163 2816 gupdate - ok
02:57:31.0194 2816 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
02:57:31.0210 2816 gupdatem - ok
02:57:31.0366 2816 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
02:57:31.0381 2816 gusvc - ok
02:57:31.0397 2816 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
02:57:31.0490 2816 hcw85cir - ok
02:57:31.0584 2816 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
02:57:31.0678 2816 HdAudAddService - ok
02:57:31.0756 2816 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
02:57:31.0771 2816 HDAudBus - ok
02:57:31.0818 2816 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
02:57:31.0943 2816 HECI - ok
02:57:32.0005 2816 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
02:57:32.0114 2816 HidBatt - ok
02:57:32.0146 2816 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
02:57:32.0208 2816 HidBth - ok
02:57:32.0240 2816 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
02:57:32.0303 2816 HidIr - ok
02:57:32.0412 2816 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
02:57:32.0474 2816 hidserv - ok
02:57:32.0552 2816 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
02:57:32.0630 2816 HidUsb - ok
02:57:32.0708 2816 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
02:57:32.0802 2816 hkmsvc - ok
02:57:32.0973 2816 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
02:57:33.0036 2816 HomeGroupListener - ok
02:57:33.0176 2816 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
02:57:33.0223 2816 HomeGroupProvider - ok
02:57:33.0488 2816 HP ProtectTools Service (2666cfc4a063d75fe3d87bc334d7ecf5) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
02:57:33.0519 2816 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
02:57:33.0519 2816 HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
02:57:33.0597 2816 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
02:57:33.0613 2816 hpdskflt - ok
02:57:33.0738 2816 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
02:57:33.0753 2816 hpqwmiex - ok
02:57:33.0878 2816 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
02:57:33.0941 2816 HpSAMD - ok
02:57:34.0003 2816 hpsrv (00dc55481fad2841284ed09e7d69cd11) C:\Windows\system32\Hpservice.exe
02:57:34.0019 2816 hpsrv - ok
02:57:34.0190 2816 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
02:57:34.0299 2816 HTTP - ok
02:57:34.0362 2816 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
02:57:34.0362 2816 hwpolicy - ok
02:57:34.0455 2816 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
02:57:34.0549 2816 i8042prt - ok
02:57:34.0596 2816 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
02:57:34.0643 2816 iaStorV - ok
02:57:34.0986 2816 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:57:35.0048 2816 idsvc - ok
02:57:36.0015 2816 igfx (b3a313080b0f73f4c8292290606fc15d) C:\Windows\system32\DRIVERS\igdkmd32.sys
02:57:36.0421 2816 igfx - ok
02:57:36.0577 2816 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
02:57:36.0624 2816 iirsp - ok
02:57:36.0780 2816 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
02:57:36.0842 2816 IKEEXT - ok
02:57:36.0905 2816 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys
02:57:36.0983 2816 Impcd - ok
02:57:37.0029 2816 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
02:57:37.0139 2816 IntcDAud - ok
02:57:37.0185 2816 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
02:57:37.0232 2816 intelide - ok
02:57:37.0295 2816 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
02:57:37.0357 2816 intelppm - ok
02:57:37.0653 2816 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
02:57:37.0685 2816 IntuitUpdateService - ok
02:57:37.0794 2816 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
02:57:37.0872 2816 IPBusEnum - ok
02:57:37.0903 2816 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:57:37.0981 2816 IpFilterDriver - ok
02:57:38.0246 2816 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
02:57:38.0324 2816 iphlpsvc - ok
02:57:38.0387 2816 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
02:57:38.0465 2816 IPMIDRV - ok
02:57:38.0543 2816 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
02:57:38.0652 2816 IPNAT - ok
02:57:38.0886 2816 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
02:57:38.0933 2816 iPod Service - ok
02:57:39.0042 2816 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
02:57:39.0120 2816 IRENUM - ok
02:57:39.0182 2816 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
02:57:39.0245 2816 isapnp - ok
02:57:39.0338 2816 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
02:57:39.0385 2816 iScsiPrt - ok
02:57:39.0432 2816 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
02:57:39.0510 2816 kbdclass - ok
02:57:39.0572 2816 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
02:57:39.0650 2816 kbdhid - ok
02:57:39.0697 2816 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:57:39.0713 2816 KeyIso - ok
02:57:39.0806 2816 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
02:57:39.0837 2816 KSecDD - ok
02:57:39.0869 2816 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
02:57:39.0915 2816 KSecPkg - ok
02:57:40.0305 2816 KSS (e47ffca0909871ac1bff0d446ff63ca9) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
02:57:40.0321 2816 KSS - ok
02:57:40.0383 2816 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
02:57:40.0446 2816 KtmRm - ok
02:57:40.0586 2816 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
02:57:40.0664 2816 LanmanServer - ok
02:57:40.0758 2816 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
02:57:40.0836 2816 LanmanWorkstation - ok
02:57:40.0867 2816 Lbd - ok
02:57:40.0945 2816 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
02:57:41.0054 2816 lltdio - ok
02:57:41.0179 2816 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
02:57:41.0288 2816 lltdsvc - ok
02:57:41.0319 2816 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
02:57:41.0382 2816 lmhosts - ok
02:57:41.0725 2816 LMS (bb4e55778d8de3885e1cdac795de7bce) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
02:57:41.0756 2816 LMS - ok
02:57:41.0834 2816 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:57:41.0881 2816 LSI_FC - ok
02:57:41.0897 2816 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:57:41.0928 2816 LSI_SAS - ok
02:57:41.0943 2816 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:57:41.0990 2816 LSI_SAS2 - ok
02:57:42.0021 2816 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:57:42.0068 2816 LSI_SCSI - ok
02:57:42.0099 2816 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
02:57:42.0209 2816 luafv - ok
02:57:42.0349 2816 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
02:57:42.0396 2816 McComponentHostService - ok
02:57:42.0505 2816 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
02:57:42.0536 2816 Mcx2Svc - ok
02:57:42.0599 2816 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
02:57:42.0692 2816 megasas - ok
02:57:42.0739 2816 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
02:57:42.0801 2816 MegaSR - ok
02:57:42.0957 2816 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:57:43.0051 2816 MMCSS - ok
02:57:43.0129 2816 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
02:57:43.0207 2816 Modem - ok
02:57:43.0269 2816 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
02:57:43.0332 2816 monitor - ok
02:57:43.0410 2816 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
02:57:43.0488 2816 mouclass - ok
02:57:43.0519 2816 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
02:57:43.0550 2816 mouhid - ok
02:57:43.0644 2816 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
02:57:43.0659 2816 mountmgr - ok
02:57:44.0065 2816 Movielink Core Service (19e4baa7be36144c41af844de1cfb50d) C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
02:57:44.0112 2816 Movielink Core Service - ok
02:57:44.0393 2816 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
02:57:44.0439 2816 mpio - ok
02:57:44.0533 2816 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
02:57:44.0689 2816 mpsdrv - ok
02:57:44.0814 2816 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
02:57:44.0892 2816 MpsSvc - ok
02:57:44.0939 2816 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
02:57:45.0001 2816 MRxDAV - ok
02:57:45.0079 2816 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:57:45.0188 2816 mrxsmb - ok
02:57:45.0266 2816 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:57:45.0313 2816 mrxsmb10 - ok
02:57:45.0516 2816 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:57:45.0578 2816 mrxsmb20 - ok
02:57:45.0656 2816 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
02:57:45.0703 2816 msahci - ok
02:57:45.0781 2816 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
02:57:45.0828 2816 msdsm - ok
02:57:45.0921 2816 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
02:57:45.0984 2816 MSDTC - ok
02:57:46.0046 2816 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
02:57:46.0093 2816 Msfs - ok
02:57:46.0109 2816 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
02:57:46.0187 2816 mshidkmdf - ok
02:57:46.0280 2816 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
02:57:46.0343 2816 msisadrv - ok
02:57:46.0405 2816 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
02:57:46.0483 2816 MSiSCSI - ok
02:57:46.0483 2816 msiserver - ok
02:57:46.0514 2816 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
02:57:46.0623 2816 MSKSSRV - ok
02:57:46.0655 2816 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
02:57:46.0733 2816 MSPCLOCK - ok
02:57:46.0764 2816 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
02:57:46.0842 2816 MSPQM - ok
02:57:46.0904 2816 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
02:57:46.0935 2816 MsRPC - ok
02:57:46.0998 2816 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
02:57:47.0029 2816 mssmbios - ok
02:57:47.0045 2816 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
02:57:47.0107 2816 MSTEE - ok
02:57:47.0123 2816 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
02:57:47.0169 2816 MTConfig - ok
02:57:47.0201 2816 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
02:57:47.0263 2816 Mup - ok
02:57:47.0325 2816 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
02:57:47.0419 2816 napagent - ok
02:57:47.0497 2816 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
02:57:47.0559 2816 NativeWifiP - ok
02:57:47.0606 2816 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
02:57:47.0653 2816 NDIS - ok
02:57:47.0669 2816 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
02:57:47.0715 2816 NdisCap - ok
02:57:47.0762 2816 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
02:57:47.0825 2816 NdisTapi - ok
02:57:47.0918 2816 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
02:57:48.0012 2816 Ndisuio - ok
02:57:48.0059 2816 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
02:57:48.0137 2816 NdisWan - ok
02:57:48.0183 2816 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
02:57:48.0324 2816 NDProxy - ok
02:57:48.0386 2816 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
02:57:48.0527 2816 NetBIOS - ok
02:57:48.0651 2816 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
02:57:48.0729 2816 NetBT - ok
02:57:48.0807 2816 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:57:48.0839 2816 Netlogon - ok
02:57:48.0917 2816 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
02:57:48.0963 2816 Netman - ok
02:57:49.0057 2816 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
02:57:49.0104 2816 netprofm - ok
02:57:49.0213 2816 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:57:49.0244 2816 NetTcpPortSharing - ok
02:57:49.0291 2816 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
02:57:49.0353 2816 nfrd960 - ok
02:57:49.0416 2816 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
02:57:49.0494 2816 NlaSvc - ok
02:57:49.0759 2816 nmraapache (13350ddd0976ceb5f125396c7bfb05b4) C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
02:57:49.0806 2816 nmraapache ( UnsignedFile.Multi.Generic ) - warning
02:57:49.0806 2816 nmraapache - detected UnsignedFile.Multi.Generic (1)
02:57:50.0102 2816 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
02:57:50.0133 2816 nmservice - ok
02:57:50.0165 2816 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
02:57:50.0258 2816 Npfs - ok
02:57:50.0289 2816 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
02:57:50.0321 2816 nsi - ok
02:57:50.0352 2816 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
02:57:50.0430 2816 nsiproxy - ok
02:57:50.0555 2816 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
02:57:50.0648 2816 Ntfs - ok
02:57:50.0882 2816 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
02:57:50.0991 2816 Null - ok
02:57:51.0116 2816 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
02:57:51.0147 2816 nvraid - ok
02:57:51.0179 2816 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
02:57:51.0225 2816 nvstor - ok
02:57:51.0241 2816 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
02:57:51.0272 2816 nv_agp - ok
02:57:51.0475 2816 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:57:51.0522 2816 odserv - ok
02:57:51.0537 2816 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
02:57:51.0584 2816 ohci1394 - ok
02:57:51.0647 2816 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:57:51.0678 2816 ose - ok
02:57:51.0756 2816 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:57:51.0834 2816 p2pimsvc - ok
02:57:51.0865 2816 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
02:57:51.0927 2816 p2psvc - ok
02:57:52.0052 2816 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
02:57:52.0099 2816 Parport - ok
02:57:52.0161 2816 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
02:57:52.0208 2816 partmgr - ok
02:57:52.0239 2816 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
02:57:52.0286 2816 Parvdm - ok
02:57:52.0317 2816 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
02:57:52.0349 2816 PcaSvc - ok
02:57:52.0411 2816 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
02:57:52.0442 2816 pci - ok
02:57:52.0458 2816 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
02:57:52.0489 2816 pciide - ok
02:57:52.0551 2816 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
02:57:52.0614 2816 pcmcia - ok
02:57:52.0629 2816 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
02:57:52.0661 2816 pcw - ok
02:57:52.0801 2816 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
02:57:52.0863 2816 PEAUTH - ok
02:57:53.0004 2816 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
02:57:53.0097 2816 PeerDistSvc - ok
02:57:53.0300 2816 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
02:57:53.0425 2816 pla - ok
02:57:53.0581 2816 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
02:57:53.0659 2816 PlugPlay - ok
02:57:53.0784 2816 pnarp (b63a3ae87ed0ac525b3aa88b39608bfc) C:\Windows\system32\DRIVERS\pnarp.sys
02:57:53.0831 2816 pnarp - ok
02:57:53.0846 2816 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
02:57:53.0893 2816 PNRPAutoReg - ok
02:57:53.0940 2816 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
02:57:53.0955 2816 PNRPsvc - ok
02:57:54.0033 2816 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
02:57:54.0111 2816 PolicyAgent - ok
02:57:54.0143 2816 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
02:57:54.0189 2816 Power - ok
02:57:54.0236 2816 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
02:57:54.0314 2816 PptpMiniport - ok
02:57:54.0345 2816 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
02:57:54.0377 2816 Processor - ok
02:57:54.0455 2816 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
02:57:54.0517 2816 ProfSvc - ok
02:57:54.0564 2816 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:57:54.0595 2816 ProtectedStorage - ok
02:57:54.0657 2816 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
02:57:54.0720 2816 Psched - ok
02:57:54.0813 2816 purendis (633cc728d6493c4263368a86928b0bfd) C:\Windows\system32\DRIVERS\purendis.sys
02:57:54.0907 2816 purendis - ok
02:57:55.0079 2816 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
02:57:55.0188 2816 ql2300 - ok
02:57:55.0297 2816 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
02:57:55.0344 2816 ql40xx - ok
02:57:55.0375 2816 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
02:57:55.0406 2816 QWAVE - ok
02:57:55.0422 2816 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
02:57:55.0453 2816 QWAVEdrv - ok
02:57:55.0469 2816 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
02:57:55.0531 2816 RasAcd - ok
02:57:55.0562 2816 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:57:55.0640 2816 RasAgileVpn - ok
02:57:55.0671 2816 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
02:57:55.0765 2816 RasAuto - ok
02:57:55.0796 2816 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:57:55.0890 2816 Rasl2tp - ok
02:57:55.0983 2816 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
02:57:56.0061 2816 RasMan - ok
02:57:56.0108 2816 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
02:57:56.0171 2816 RasPppoe - ok
02:57:56.0186 2816 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
02:57:56.0264 2816 RasSstp - ok
02:57:56.0311 2816 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
02:57:56.0436 2816 rdbss - ok
02:57:56.0467 2816 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
02:57:56.0498 2816 rdpbus - ok
02:57:56.0545 2816 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:57:56.0623 2816 RDPCDD - ok
02:57:56.0670 2816 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
02:57:56.0779 2816 RDPDR - ok
02:57:56.0795 2816 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
02:57:56.0888 2816 RDPENCDD - ok
02:57:56.0919 2816 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
02:57:56.0951 2816 RDPREFMP - ok
02:57:57.0029 2816 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
02:57:57.0138 2816 RDPWD - ok
02:57:57.0263 2816 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
02:57:57.0325 2816 rdyboost - ok
02:57:57.0450 2816 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
02:57:57.0543 2816 RemoteAccess - ok
02:57:57.0590 2816 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
02:57:57.0653 2816 RemoteRegistry - ok
02:57:57.0699 2816 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
02:57:57.0793 2816 RpcEptMapper - ok
02:57:57.0824 2816 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
02:57:57.0887 2816 RpcLocator - ok
02:57:57.0949 2816 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
02:57:57.0996 2816 RpcSs - ok
02:57:58.0027 2816 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
02:57:58.0121 2816 rspndr - ok
02:57:58.0199 2816 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\Windows\system32\Drivers\RtsUStor.sys
02:57:58.0277 2816 RSUSBSTOR - ok
02:57:58.0323 2816 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
02:57:58.0401 2816 RTL8167 - ok
02:57:58.0479 2816 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
02:57:58.0589 2816 s3cap - ok
02:57:58.0651 2816 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:57:58.0667 2816 SamSs - ok
02:57:58.0713 2816 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
02:57:58.0760 2816 sbp2port - ok
02:57:58.0791 2816 SBRE - ok
02:57:58.0823 2816 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
02:57:58.0869 2816 SCardSvr - ok
02:57:58.0916 2816 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
02:57:58.0947 2816 scfilter - ok
02:57:59.0088 2816 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
02:57:59.0166 2816 Schedule - ok
02:57:59.0213 2816 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
02:57:59.0244 2816 SCPolicySvc - ok
02:57:59.0259 2816 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
02:57:59.0337 2816 SDRSVC - ok
02:57:59.0384 2816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:57:59.0447 2816 secdrv - ok
02:57:59.0462 2816 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
02:57:59.0540 2816 seclogon - ok
02:57:59.0603 2816 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
02:57:59.0649 2816 SENS - ok
02:57:59.0727 2816 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
02:57:59.0821 2816 SensrSvc - ok
02:57:59.0837 2816 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
02:57:59.0868 2816 Serenum - ok
02:57:59.0883 2816 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
02:57:59.0915 2816 Serial - ok
02:57:59.0993 2816 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
02:58:00.0039 2816 sermouse - ok
02:58:00.0102 2816 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
02:58:00.0164 2816 SessionEnv - ok
02:58:00.0195 2816 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
02:58:00.0242 2816 sffdisk - ok
02:58:00.0273 2816 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
02:58:00.0320 2816 sffp_mmc - ok
02:58:00.0351 2816 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
02:58:00.0414 2816 sffp_sd - ok
02:58:00.0461 2816 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
02:58:00.0507 2816 sfloppy - ok
02:58:00.0570 2816 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
02:58:00.0632 2816 SharedAccess - ok
02:58:00.0726 2816 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
02:58:00.0788 2816 ShellHWDetection - ok
02:58:00.0851 2816 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
02:58:00.0897 2816 sisagp - ok
02:58:00.0929 2816 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:58:00.0975 2816 SiSRaid2 - ok
02:58:01.0022 2816 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
02:58:01.0069 2816 SiSRaid4 - ok
02:58:01.0116 2816 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
02:58:01.0178 2816 Smb - ok
02:58:01.0225 2816 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
02:58:01.0256 2816 SNMPTRAP - ok
02:58:01.0256 2816 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
02:58:01.0287 2816 spldr - ok
02:58:01.0365 2816 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
02:58:01.0428 2816 Spooler - ok
02:58:01.0693 2816 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
02:58:01.0802 2816 sppsvc - ok
02:58:01.0943 2816 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
02:58:02.0005 2816 sppuinotify - ok
02:58:02.0083 2816 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
02:58:02.0239 2816 srv - ok
02:58:02.0286 2816 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
02:58:02.0364 2816 srv2 - ok
02:58:02.0411 2816 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
02:58:02.0473 2816 srvnet - ok
02:58:02.0520 2816 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
02:58:02.0567 2816 SSDPSRV - ok
02:58:02.0660 2816 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
02:58:02.0769 2816 SstpSvc - ok
02:58:02.0879 2816 STacSV (43dc7ada838f6a24b93b7c7ff2fcd08d) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe
02:58:02.0941 2816 STacSV - ok
02:58:02.0988 2816 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
02:58:03.0019 2816 stexstor - ok
02:58:03.0081 2816 STHDA (356cc453b79c35b8ce1a14873dd6322d) C:\Windows\system32\DRIVERS\stwrt.sys
02:58:03.0191 2816 STHDA - ok
02:58:03.0284 2816 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
02:58:03.0347 2816 StiSvc - ok
02:58:03.0393 2816 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
02:58:03.0440 2816 storflt - ok
02:58:03.0471 2816 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
02:58:03.0503 2816 StorSvc - ok
02:58:03.0518 2816 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
02:58:03.0549 2816 storvsc - ok
02:58:03.0565 2816 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
02:58:03.0581 2816 swenum - ok
02:58:03.0612 2816 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
02:58:03.0690 2816 swprv - ok
02:58:03.0861 2816 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
02:58:03.0939 2816 SynTP - ok
02:58:04.0127 2816 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
02:58:04.0173 2816 SysMain - ok
02:58:04.0298 2816 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
02:58:04.0376 2816 TabletInputService - ok
02:58:04.0439 2816 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
02:58:04.0517 2816 TapiSrv - ok
02:58:04.0595 2816 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
02:58:04.0641 2816 TBS - ok
02:58:04.0829 2816 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
02:58:04.0907 2816 Tcpip - ok
02:58:05.0078 2816 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
02:58:05.0125 2816 TCPIP6 - ok
02:58:05.0234 2816 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
02:58:05.0343 2816 tcpipreg - ok
02:58:05.0390 2816 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
02:58:05.0468 2816 TDPIPE - ok
02:58:05.0531 2816 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
02:58:05.0593 2816 TDTCP - ok
02:58:05.0655 2816 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
02:58:05.0749 2816 tdx - ok
02:58:05.0780 2816 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
02:58:05.0827 2816 TermDD - ok
02:58:05.0905 2816 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
02:58:05.0952 2816 TermService - ok
02:58:05.0983 2816 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
02:58:06.0030 2816 Themes - ok
02:58:06.0092 2816 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
02:58:06.0139 2816 THREADORDER - ok
02:58:06.0170 2816 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
02:58:06.0233 2816 TrkWks - ok
02:58:06.0342 2816 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
02:58:06.0404 2816 TrustedInstaller - ok
02:58:06.0451 2816 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:58:06.0498 2816 tssecsrv - ok
02:58:06.0576 2816 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
02:58:06.0654 2816 TsUsbFlt - ok
02:58:06.0732 2816 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
02:58:06.0857 2816 tunnel - ok
02:58:06.0888 2816 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
02:58:06.0919 2816 uagp35 - ok
02:58:06.0981 2816 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
02:58:07.0091 2816 udfs - ok
02:58:07.0215 2816 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
02:58:07.0293 2816 UI0Detect - ok
02:58:07.0465 2816 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
02:58:07.0527 2816 uliagpkx - ok
02:58:07.0559 2816 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
02:58:07.0590 2816 umbus - ok
02:58:07.0590 2816 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
02:58:07.0699 2816 UmPass - ok
02:58:07.0761 2816 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
02:58:07.0793 2816 UmRdpService - ok
02:58:08.0058 2816 UNS (44aa8d5d3b3b5610fef46ca8a9c52d8c) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
02:58:08.0120 2816 UNS - ok
02:58:08.0245 2816 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
02:58:08.0324 2816 upnphost - ok
02:58:08.0418 2816 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
02:58:08.0527 2816 USBAAPL - ok
02:58:08.0636 2816 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
02:58:08.0745 2816 usbccgp - ok
02:58:08.0808 2816 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
02:58:08.0854 2816 usbcir - ok
02:58:08.0886 2816 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
02:58:08.0948 2816 usbehci - ok
02:58:08.0995 2816 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
02:58:09.0042 2816 usbhub - ok
02:58:09.0057 2816 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
02:58:09.0088 2816 usbohci - ok
02:58:09.0151 2816 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
02:58:09.0198 2816 usbprint - ok
02:58:09.0213 2816 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:58:09.0276 2816 USBSTOR - ok
02:58:09.0307 2816 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
02:58:09.0354 2816 usbuhci - ok
02:58:09.0447 2816 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
02:58:09.0510 2816 usbvideo - ok
02:58:09.0556 2816 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
02:58:09.0619 2816 UxSms - ok
02:58:09.0666 2816 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
02:58:09.0697 2816 VaultSvc - ok
02:58:09.0884 2816 vcsFPService (8c72e0e88e5a1a70691135864f2f7f1b) C:\Windows\system32\vcsFPService.exe
02:58:09.0946 2816 vcsFPService - ok
02:58:10.0056 2816 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
02:58:10.0102 2816 vdrvroot - ok
02:58:10.0180 2816 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
02:58:10.0227 2816 vds - ok
02:58:10.0290 2816 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
02:58:10.0368 2816 vga - ok
02:58:10.0399 2816 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
02:58:10.0477 2816 VgaSave - ok
02:58:10.0508 2816 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
02:58:10.0539 2816 vhdmp - ok
02:58:10.0570 2816 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
02:58:10.0602 2816 viaagp - ok
02:58:10.0617 2816 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
02:58:10.0680 2816 ViaC7 - ok
02:58:10.0711 2816 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
02:58:10.0742 2816 viaide - ok
02:58:10.0804 2816 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
02:58:10.0836 2816 vmbus - ok
02:58:10.0851 2816 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
02:58:10.0882 2816 VMBusHID - ok
02:58:10.0914 2816 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
02:58:10.0960 2816 volmgr - ok
02:58:11.0007 2816 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
02:58:11.0023 2816 volmgrx - ok
02:58:11.0070 2816 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
02:58:11.0132 2816 volsnap - ok
02:58:11.0179 2816 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
02:58:11.0226 2816 vsmraid - ok
02:58:11.0382 2816 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
02:58:11.0444 2816 VSS - ok
02:58:11.0444 2816 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
02:58:11.0506 2816 vwifibus - ok
02:58:11.0569 2816 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
02:58:11.0631 2816 vwififlt - ok
02:58:11.0678 2816 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
02:58:11.0725 2816 vwifimp - ok
02:58:11.0772 2816 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
02:58:11.0850 2816 W32Time - ok
02:58:11.0896 2816 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
02:58:11.0959 2816 WacomPen - ok
02:58:12.0037 2816 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:58:12.0130 2816 WANARP - ok
02:58:12.0146 2816 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
02:58:12.0177 2816 Wanarpv6 - ok
02:58:12.0334 2816 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
02:58:12.0397 2816 WatAdminSvc - ok
02:58:12.0615 2816 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
02:58:12.0677 2816 wbengine - ok
02:58:12.0709 2816 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
02:58:12.0771 2816 WbioSrvc - ok
02:58:12.0818 2816 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
02:58:12.0896 2816 wcncsvc - ok
02:58:12.0896 2816 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
02:58:12.0974 2816 WcsPlugInService - ok
02:58:13.0005 2816 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
02:58:13.0052 2816 Wd - ok
02:58:13.0161 2816 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
02:58:13.0239 2816 Wdf01000 - ok
02:58:13.0348 2816 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:58:13.0426 2816 WdiServiceHost - ok
02:58:13.0442 2816 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
02:58:13.0457 2816 WdiSystemHost - ok
02:58:13.0520 2816 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
02:58:13.0598 2816 WebClient - ok
02:58:13.0629 2816 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
02:58:13.0676 2816 Wecsvc - ok
02:58:13.0691 2816 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
02:58:13.0738 2816 wercplsupport - ok
02:58:13.0754 2816 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
02:58:13.0801 2816 WerSvc - ok
02:58:13.0832 2816 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
02:58:13.0879 2816 WfpLwf - ok
02:58:13.0894 2816 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
02:58:13.0957 2816 WIMMount - ok
02:58:14.0066 2816 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
02:58:14.0128 2816 WinDefend - ok
02:58:14.0144 2816 WinHttpAutoProxySvc - ok
02:58:14.0206 2816 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
02:58:14.0253 2816 Winmgmt - ok
02:58:14.0378 2816 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
02:58:14.0471 2816 WinRM - ok
02:58:14.0596 2816 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
02:58:14.0659 2816 WinUsb - ok
02:58:14.0737 2816 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
02:58:14.0783 2816 Wlansvc - ok
02:58:15.0017 2816 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:58:15.0064 2816 wlidsvc - ok
02:58:15.0236 2816 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
02:58:15.0267 2816 WmiAcpi - ok
02:58:15.0314 2816 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
02:58:15.0376 2816 wmiApSrv - ok
02:58:15.0548 2816 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:58:15.0657 2816 WMPNetworkSvc - ok
02:58:15.0766 2816 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
02:58:15.0844 2816 WPCSvc - ok
02:58:15.0922 2816 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
02:58:16.0016 2816 WPDBusEnum - ok
02:58:16.0078 2816 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
02:58:16.0172 2816 ws2ifsl - ok
02:58:16.0203 2816 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
02:58:16.0265 2816 wscsvc - ok
02:58:16.0281 2816 WSearch - ok
02:58:16.0437 2816 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
02:58:16.0499 2816 wuauserv - ok
02:58:16.0640 2816 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
02:58:16.0749 2816 WudfPf - ok
02:58:16.0827 2816 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:58:16.0905 2816 WUDFRd - ok
02:58:16.0967 2816 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
02:58:17.0014 2816 wudfsvc - ok
02:58:17.0045 2816 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
02:58:17.0077 2816 WwanSvc - ok
02:58:17.0123 2816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:58:17.0170 2816 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
02:58:17.0170 2816 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
02:58:17.0248 2816 Boot (0x1200) (5a9874c78d6dea5186d651008ceab805) \Device\Harddisk0\DR0\Partition0
02:58:17.0248 2816 \Device\Harddisk0\DR0\Partition0 - ok
02:58:17.0264 2816 Boot (0x1200) (153d98929eb2a480f8d0d608b9b0d72b) \Device\Harddisk0\DR0\Partition1
02:58:17.0264 2816 \Device\Harddisk0\DR0\Partition1 - ok
02:58:17.0264 2816 ============================================================
02:58:17.0264 2816 Scan finished
02:58:17.0264 2816 ============================================================
02:58:17.0279 4228 Detected object count: 3
02:58:17.0279 4228 Actual detected object count: 3
02:58:59.0557 4228 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:58:59.0557 4228 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:58:59.0557 4228 nmraapache ( UnsignedFile.Multi.Generic ) - skipped by user
02:58:59.0557 4228 nmraapache ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:59:01.0148 4228 \Device\Harddisk0\DR0\# - copied to quarantine
02:59:01.0163 4228 \Device\Harddisk0\DR0 - copied to quarantine
02:59:01.0226 4228 \Device\Harddisk0\DR0 - processing error
02:59:30.0616 4228 \Device\Harddisk0\DR0 - will be restored on reboot
02:59:30.0710 4228 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure Restore
  • 0

#23
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
reboot your pc and let me know if eset is still reporting the infection
  • 0

#24
Rigeldog

Rigeldog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Yes... It is.
  • 0

#25
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

re-run TDSSKiller and when you reach this :

\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b )

select the action delete
  • 0

Advertisements


#26
Rigeldog

Rigeldog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The only choices in the drop down menu are skip, copy to quarantine, cure, and restore.
  • 0

#27
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
chose the copy to quarantine option.

in case its fails and the infection is still there do the following:

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#28
Rigeldog

Rigeldog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User: ballm [Admin rights]
Mode: Scan -- Date: 08/19/2012 09:50:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : (C:\Users\ballm\AppData\Local\temp\mmwjkgyumdrjikeqhd.exe) -> FOUND
[Rans.Gendarm] HKLM\[...]\Run : SonyAgent (C:\Windows\temp\temp52.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-746137067-1078145449-1060284298-1645[...]\Run : (C:\Users\ballm\AppData\Local\temp\mmwjkgyumdrjikeqhd.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND
[ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725032A9A364 ATA Device +++++
--- User ---
[MBR] 2f88e0b67c8c18f2aeee2464029cf30a
[BSP] 0dc65d58790837823d67b5a4f92876f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305129 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625113088 | Size: 10 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User: ballm [Admin rights]
Mode: Scan -- Date: 08/19/2012 09:50:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : (C:\Users\ballm\AppData\Local\temp\mmwjkgyumdrjikeqhd.exe) -> FOUND
[Rans.Gendarm] HKLM\[...]\Run : SonyAgent (C:\Windows\temp\temp52.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-746137067-1078145449-1060284298-1645[...]\Run : (C:\Users\ballm\AppData\Local\temp\mmwjkgyumdrjikeqhd.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND
[ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725032A9A364 ATA Device +++++
--- User ---
[MBR] 2f88e0b67c8c18f2aeee2464029cf30a
[BSP] 0dc65d58790837823d67b5a4f92876f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305129 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625113088 | Size: 10 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User: ballm [Admin rights]
Mode: Scan -- Date: 08/19/2012 09:50:41

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : (C:\Users\ballm\AppData\Local\temp\mmwjkgyumdrjikeqhd.exe) -> FOUND
[Rans.Gendarm] HKLM\[...]\Run : SonyAgent (C:\Windows\temp\temp52.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-746137067-1078145449-1060284298-1645[...]\Run : (C:\Users\ballm\AppData\Local\temp\mmwjkgyumdrjikeqhd.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\n --> FOUND
[ZeroAccess][FILE] @ : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND
[ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725032A9A364 ATA Device +++++
--- User ---
[MBR] 2f88e0b67c8c18f2aeee2464029cf30a
[BSP] 0dc65d58790837823d67b5a4f92876f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305129 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625113088 | Size: 10 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: ballm [Admin rights]
Mode: Scan -- Date: 08/19/2012 10:22:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725032A9A364 ATA Device +++++
--- User ---
[MBR] 2f88e0b67c8c18f2aeee2464029cf30a
[BSP] 0dc65d58790837823d67b5a4f92876f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305129 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625113088 | Size: 10 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[3].txt ; RKreport[4].txt



RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: ballm [Admin rights]
Mode: Scan -- Date: 08/19/2012 10:23:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{d451183a-fd27-2606-545d-c7ea451e533c}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725032A9A364 ATA Device +++++
--- User ---
[MBR] 2f88e0b67c8c18f2aeee2464029cf30a
[BSP] 0dc65d58790837823d67b5a4f92876f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305129 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625113088 | Size: 10 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
  • 0

#29
Rigeldog

Rigeldog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
10:35:34.0241 0884 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
10:35:37.0798 0884 ============================================================
10:35:37.0798 0884 Current date / time: 2012/08/19 10:35:37.0798
10:35:37.0798 0884 SystemInfo:
10:35:37.0798 0884
10:35:37.0798 0884 OS Version: 6.1.7601 ServicePack: 1.0
10:35:37.0798 0884 Product type: Workstation
10:35:37.0798 0884 ComputerName: HILLTOPBALL
10:35:37.0798 0884 UserName: ballm
10:35:37.0798 0884 Windows directory: C:\Windows
10:35:37.0798 0884 System windows directory: C:\Windows
10:35:37.0798 0884 Processor architecture: Intel x86
10:35:37.0798 0884 Number of processors: 2
10:35:37.0798 0884 Page size: 0x1000
10:35:37.0798 0884 Boot type: Normal boot
10:35:37.0798 0884 ============================================================
10:35:43.0757 0884 !crdlk
10:35:43.0945 0884 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
10:35:43.0976 0884 ============================================================
10:35:43.0976 0884 \Device\Harddisk0\DR0:
10:35:43.0976 0884 MBR partitions:
10:35:43.0976 0884 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:35:43.0976 0884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253F4AB0
10:35:43.0976 0884 ============================================================
10:35:44.0007 0884 C: <-> \Device\Harddisk0\DR0\Partition1
10:35:44.0007 0884 ============================================================
10:35:44.0007 0884 Initialize success
10:35:44.0007 0884 ============================================================
10:35:52.0649 4172 ============================================================
10:35:52.0649 4172 Scan started
10:35:52.0649 4172 Mode: Manual; SigCheck; TDLFS;
10:35:52.0649 4172 ============================================================
10:35:53.0882 4172 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:35:54.0053 4172 1394ohci - ok
10:35:54.0085 4172 Suspicious service (NoAccess): 31ec08d98c4cdd2f
10:35:54.0131 4172 31ec08d98c4cdd2f (20aa26252a78b3b7ca61a45d0e10a833) C:\Windows\System32\Drivers\31ec08d98c4cdd2f.sys
10:35:54.0131 4172 Suspicious file (NoAccess): C:\Windows\System32\Drivers\31ec08d98c4cdd2f.sys. md5: 20aa26252a78b3b7ca61a45d0e10a833
10:35:54.0178 4172 31ec08d98c4cdd2f ( LockedService.Multi.Generic ) - warning
10:35:54.0178 4172 31ec08d98c4cdd2f - detected LockedService.Multi.Generic (1)
10:35:54.0241 4172 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:35:54.0256 4172 Accelerometer - ok
10:35:54.0334 4172 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:35:54.0350 4172 ACPI - ok
10:35:54.0428 4172 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:35:54.0521 4172 AcpiPmi - ok
10:35:54.0662 4172 AdobeARMservice (d19c4ee2ac7c47b8f5f84fff1a789d8a) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:35:54.0709 4172 AdobeARMservice - ok
10:35:54.0865 4172 AdobeFlashPlayerUpdateSvc (a9d3b95e8466bd58eeb8a1154654e162) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:35:54.0880 4172 AdobeFlashPlayerUpdateSvc - ok
10:35:54.0989 4172 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:35:55.0036 4172 adp94xx - ok
10:35:55.0083 4172 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:35:55.0099 4172 adpahci - ok
10:35:55.0130 4172 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:35:55.0161 4172 adpu320 - ok
10:35:55.0239 4172 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:35:55.0317 4172 AeLookupSvc - ok
10:35:55.0411 4172 AESTAud (822d53766d57c90c437536232ece9023) C:\Windows\system32\drivers\AESTAud.sys
10:35:55.0473 4172 AESTAud - ok
10:35:55.0645 4172 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe
10:35:55.0723 4172 AESTFilters - ok
10:35:55.0801 4172 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:35:55.0879 4172 AFD - ok
10:35:56.0019 4172 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
10:35:56.0081 4172 AgereModemAudio - ok
10:35:56.0269 4172 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
10:35:56.0347 4172 AgereSoftModem - ok
10:35:56.0409 4172 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:35:56.0425 4172 agp440 - ok
10:35:56.0503 4172 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:35:56.0534 4172 aic78xx - ok
10:35:56.0565 4172 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:35:56.0643 4172 ALG - ok
10:35:56.0690 4172 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:35:56.0721 4172 aliide - ok
10:35:56.0799 4172 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:35:56.0830 4172 amdagp - ok
10:35:56.0846 4172 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:35:56.0861 4172 amdide - ok
10:35:56.0893 4172 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:35:56.0924 4172 AmdK8 - ok
10:35:57.0002 4172 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:35:57.0064 4172 AmdPPM - ok
10:35:57.0127 4172 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
10:35:57.0158 4172 amdsata - ok
10:35:57.0236 4172 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:35:57.0236 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\amdsbs.sys. md5: ea43af0c423ff267355f74e7a53bdaba
10:35:57.0267 4172 amdsbs ( LockedFile.Multi.Generic ) - warning
10:35:57.0267 4172 amdsbs - detected LockedFile.Multi.Generic (1)
10:35:57.0314 4172 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
10:35:57.0314 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\amdxata.sys. md5: 146459d2b08bfdcbfa856d9947043c81
10:35:57.0314 4172 amdxata ( LockedFile.Multi.Generic ) - warning
10:35:57.0314 4172 amdxata - detected LockedFile.Multi.Generic (1)
10:35:57.0392 4172 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:35:57.0392 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\appid.sys. md5: aea177f783e20150ace5383ee368da19
10:35:57.0392 4172 AppID ( LockedFile.Multi.Generic ) - warning
10:35:57.0392 4172 AppID - detected LockedFile.Multi.Generic (1)
10:35:57.0485 4172 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:35:57.0610 4172 AppIDSvc - ok
10:35:57.0704 4172 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:35:57.0797 4172 Appinfo - ok
10:35:57.0938 4172 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:35:57.0969 4172 Apple Mobile Device - ok
10:35:58.0047 4172 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:35:58.0125 4172 AppMgmt - ok
10:35:58.0219 4172 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:35:58.0219 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arc.sys. md5: 2932004f49677bd84dbc72edb754ffb3
10:35:58.0250 4172 arc ( LockedFile.Multi.Generic ) - warning
10:35:58.0250 4172 arc - detected LockedFile.Multi.Generic (1)
10:35:58.0297 4172 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:35:58.0297 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 5d6f36c46fd283ae1b57bd2e9feb0bc7
10:35:58.0297 4172 arcsas ( LockedFile.Multi.Generic ) - warning
10:35:58.0297 4172 arcsas - detected LockedFile.Multi.Generic (1)
10:35:58.0359 4172 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:35:58.0359 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: add2ade1c2b285ab8378d2daaf991481
10:35:58.0359 4172 AsyncMac ( LockedFile.Multi.Generic ) - warning
10:35:58.0359 4172 AsyncMac - detected LockedFile.Multi.Generic (1)
10:35:58.0437 4172 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:35:58.0437 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\atapi.sys. md5: 338c86357871c167a96ab976519bf59e
10:35:58.0437 4172 atapi ( LockedFile.Multi.Generic ) - warning
10:35:58.0437 4172 atapi - detected LockedFile.Multi.Generic (1)
10:35:58.0562 4172 athr (8a6f60baa4660bcfa1919e29e89acf89) C:\Windows\system32\DRIVERS\athr.sys
10:35:58.0562 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\athr.sys. md5: 8a6f60baa4660bcfa1919e29e89acf89
10:35:58.0577 4172 athr ( LockedFile.Multi.Generic ) - warning
10:35:58.0577 4172 athr - detected LockedFile.Multi.Generic (1)
10:35:58.0687 4172 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:35:58.0718 4172 AudioEndpointBuilder - ok
10:35:58.0733 4172 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:35:58.0780 4172 Audiosrv - ok
10:35:58.0843 4172 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:35:58.0936 4172 AxInstSV - ok
10:35:59.0045 4172 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:35:59.0045 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bxvbdx.sys. md5: 1a231abec60fd316ec54c66715543cec
10:35:59.0092 4172 b06bdrv ( LockedFile.Multi.Generic ) - warning
10:35:59.0092 4172 b06bdrv - detected LockedFile.Multi.Generic (1)
10:35:59.0155 4172 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:35:59.0155 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\b57nd60x.sys. md5: bd8869eb9cde6bbe4508d869929869ee
10:35:59.0186 4172 b57nd60x ( LockedFile.Multi.Generic ) - warning
10:35:59.0186 4172 b57nd60x - detected LockedFile.Multi.Generic (1)
10:35:59.0389 4172 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:35:59.0435 4172 BBSvc - ok
10:35:59.0498 4172 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:35:59.0529 4172 BBUpdate - ok
10:35:59.0623 4172 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:35:59.0701 4172 BDESVC - ok
10:35:59.0794 4172 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:35:59.0794 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\Beep.sys. md5: 505506526a9d467307b3c393dedaf858
10:35:59.0794 4172 Beep ( LockedFile.Multi.Generic ) - warning
10:35:59.0794 4172 Beep - detected LockedFile.Multi.Generic (1)
10:35:59.0903 4172 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
10:35:59.0966 4172 BITS - ok
10:36:00.0059 4172 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:36:00.0059 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 2287078ed48fcfc477b05b20cf38f36f
10:36:00.0075 4172 blbdrive ( LockedFile.Multi.Generic ) - warning
10:36:00.0091 4172 blbdrive - detected LockedFile.Multi.Generic (1)
10:36:00.0200 4172 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:36:00.0247 4172 Bonjour Service - ok
10:36:00.0340 4172 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:36:00.0340 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bowser.sys. md5: 8f2da3028d5fcbd1a060a3de64cd6506
10:36:00.0340 4172 bowser ( LockedFile.Multi.Generic ) - warning
10:36:00.0340 4172 bowser - detected LockedFile.Multi.Generic (1)
10:36:00.0403 4172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:36:00.0403 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: 9f9acc7f7ccde8a15c282d3f88b43309
10:36:00.0418 4172 BrFiltLo ( LockedFile.Multi.Generic ) - warning
10:36:00.0418 4172 BrFiltLo - detected LockedFile.Multi.Generic (1)
10:36:00.0434 4172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:36:00.0434 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: 56801ad62213a41f6497f96dee83755a
10:36:00.0481 4172 BrFiltUp ( LockedFile.Multi.Generic ) - warning
10:36:00.0481 4172 BrFiltUp - detected LockedFile.Multi.Generic (1)
10:36:00.0574 4172 Browser (3daa727b5b0a45039b0e1c9a211b8400) C:\Windows\System32\browser.dll
10:36:00.0637 4172 Browser - ok
10:36:00.0699 4172 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:36:00.0699 4172 Suspicious file (NoAccess): C:\Windows\System32\Drivers\Brserid.sys. md5: 845b8ce732e67f3b4133164868c666ea
10:36:00.0730 4172 Brserid ( LockedFile.Multi.Generic ) - warning
10:36:00.0730 4172 Brserid - detected LockedFile.Multi.Generic (1)
10:36:00.0777 4172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:36:00.0777 4172 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: 203f0b1e73adadbbb7b7b1fabd901f6b
10:36:00.0777 4172 BrSerWdm ( LockedFile.Multi.Generic ) - warning
10:36:00.0777 4172 BrSerWdm - detected LockedFile.Multi.Generic (1)
10:36:00.0808 4172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:36:00.0808 4172 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: bd456606156ba17e60a04e18016ae54b
10:36:00.0808 4172 BrUsbMdm ( LockedFile.Multi.Generic ) - warning
10:36:00.0808 4172 BrUsbMdm - detected LockedFile.Multi.Generic (1)
10:36:00.0824 4172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:36:00.0824 4172 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: af72ed54503f717a43268b3cc5faec2e
10:36:00.0839 4172 BrUsbSer ( LockedFile.Multi.Generic ) - warning
10:36:00.0839 4172 BrUsbSer - detected LockedFile.Multi.Generic (1)
10:36:00.0871 4172 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:36:00.0871 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: ed3df7c56ce0084eb2034432fc56565a
10:36:00.0871 4172 BTHMODEM ( LockedFile.Multi.Generic ) - warning
10:36:00.0871 4172 BTHMODEM - detected LockedFile.Multi.Generic (1)
10:36:00.0980 4172 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:36:01.0105 4172 bthserv - ok
10:36:01.0183 4172 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:36:01.0183 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdfs.sys. md5: 77ea11b065e0a8ab902d78145ca51e10
10:36:01.0229 4172 cdfs ( LockedFile.Multi.Generic ) - warning
10:36:01.0229 4172 cdfs - detected LockedFile.Multi.Generic (1)
10:36:01.0307 4172 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:36:01.0307 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\cdrom.sys. md5: be167ed0fdb9c1fa1133953c18d5a6c9
10:36:01.0307 4172 cdrom ( LockedFile.Multi.Generic ) - warning
10:36:01.0307 4172 cdrom - detected LockedFile.Multi.Generic (1)
10:36:01.0401 4172 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:36:01.0479 4172 CertPropSvc - ok
10:36:01.0541 4172 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:36:01.0541 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: 3fe3fe94a34df6fb06e6418d0f6a0060
10:36:01.0541 4172 circlass ( LockedFile.Multi.Generic ) - warning
10:36:01.0541 4172 circlass - detected LockedFile.Multi.Generic (1)
10:36:01.0588 4172 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:36:01.0588 4172 Suspicious file (NoAccess): C:\Windows\system32\CLFS.sys. md5: 635181e0e9bbf16871bf5380d71db02d
10:36:01.0652 4172 CLFS ( LockedFile.Multi.Generic ) - warning
10:36:01.0652 4172 CLFS - detected LockedFile.Multi.Generic (1)
10:36:01.0745 4172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:36:01.0776 4172 clr_optimization_v2.0.50727_32 - ok
10:36:01.0917 4172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:36:01.0948 4172 clr_optimization_v4.0.30319_32 - ok
10:36:02.0026 4172 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:36:02.0026 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: dea805815e587dad1dd2c502220b5616
10:36:02.0026 4172 CmBatt ( LockedFile.Multi.Generic ) - warning
10:36:02.0026 4172 CmBatt - detected LockedFile.Multi.Generic (1)
10:36:02.0104 4172 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:36:02.0104 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\cmdide.sys. md5: c537b1db64d495b9b4717b4d6d9edbf2
10:36:02.0120 4172 cmdide ( LockedFile.Multi.Generic ) - warning
10:36:02.0120 4172 cmdide - detected LockedFile.Multi.Generic (1)
10:36:02.0213 4172 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
10:36:02.0213 4172 Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: 247b4ce2dab1160cd422d532d5241e1f
10:36:02.0213 4172 CNG ( LockedFile.Multi.Generic ) - warning
10:36:02.0213 4172 CNG - detected LockedFile.Multi.Generic (1)
10:36:02.0244 4172 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:36:02.0244 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: a6023d3823c37043986713f118a89bee
10:36:02.0244 4172 Compbatt ( LockedFile.Multi.Generic ) - warning
10:36:02.0244 4172 Compbatt - detected LockedFile.Multi.Generic (1)
10:36:02.0291 4172 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:36:02.0291 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\CompositeBus.sys. md5: cbe8c58a8579cfe5fccf809e6f114e89
10:36:02.0322 4172 CompositeBus ( LockedFile.Multi.Generic ) - warning
10:36:02.0322 4172 CompositeBus - detected LockedFile.Multi.Generic (1)
10:36:02.0338 4172 COMSysApp - ok
10:36:02.0385 4172 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:36:02.0385 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 2c4ebcfc84a9b44f209dff6c6e6c61d1
10:36:02.0385 4172 crcdisk ( LockedFile.Multi.Generic ) - warning
10:36:02.0385 4172 crcdisk - detected LockedFile.Multi.Generic (1)
10:36:02.0463 4172 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
10:36:02.0541 4172 CryptSvc - ok
10:36:02.0682 4172 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:36:02.0682 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\csc.sys. md5: 3c2177a897b4ca2788c6fb0c3fd81d4b
10:36:02.0776 4172 CSC ( LockedFile.Multi.Generic ) - warning
10:36:02.0776 4172 CSC - detected LockedFile.Multi.Generic (1)
10:36:02.0901 4172 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
10:36:02.0932 4172 CscService - ok
10:36:03.0072 4172 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:36:03.0143 4172 DcomLaunch - ok
10:36:03.0203 4172 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:36:03.0253 4172 defragsvc - ok
10:36:03.0353 4172 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:36:03.0353 4172 Suspicious file (NoAccess): C:\Windows\system32\Drivers\dfsc.sys. md5: f024449c97ec1e464aaffda18593db88
10:36:03.0393 4172 DfsC ( LockedFile.Multi.Generic ) - warning
10:36:03.0393 4172 DfsC - detected LockedFile.Multi.Generic (1)
10:36:03.0463 4172 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:36:03.0553 4172 Dhcp - ok
10:36:03.0653 4172 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:36:03.0653 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 1a050b0274bfb3890703d490f330c0da
10:36:03.0679 4172 discache ( LockedFile.Multi.Generic ) - warning
10:36:03.0679 4172 discache - detected LockedFile.Multi.Generic (1)
10:36:03.0788 4172 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:36:03.0788 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\disk.sys. md5: 565003f326f99802e68ca78f2a68e9ff
10:36:03.0788 4172 Disk ( LockedFile.Multi.Generic ) - warning
10:36:03.0788 4172 Disk - detected LockedFile.Multi.Generic (1)
10:36:03.0882 4172 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:36:03.0960 4172 Dnscache - ok
10:36:04.0038 4172 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:36:04.0100 4172 dot3svc - ok
10:36:04.0303 4172 DpHost (5544d66f9a0cff5429f7a750929407e9) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
10:36:04.0334 4172 DpHost - ok
10:36:04.0412 4172 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:36:04.0506 4172 DPS - ok
10:36:04.0568 4172 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:36:04.0568 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: b918e7c5f9bf77202f89e1a9539f2eb4
10:36:04.0599 4172 drmkaud ( LockedFile.Multi.Generic ) - warning
10:36:04.0599 4172 drmkaud - detected LockedFile.Multi.Generic (1)
10:36:04.0740 4172 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:36:04.0755 4172 Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 23f5d28378a160352ba8f817bd8c71cb
10:36:04.0771 4172 DXGKrnl ( LockedFile.Multi.Generic ) - warning
10:36:04.0771 4172 DXGKrnl - detected LockedFile.Multi.Generic (1)
10:36:04.0849 4172 eamon (af82dc664e3d8e2cba3b95e68f6448a7) C:\Windows\system32\DRIVERS\eamon.sys
10:36:04.0880 4172 eamon - ok
10:36:04.0958 4172 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:36:05.0052 4172 EapHost - ok
10:36:05.0317 4172 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:36:05.0317 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbdx.sys. md5: 024e1b5cac09731e4d868e64dbfb4ab0
10:36:05.0348 4172 ebdrv ( LockedFile.Multi.Generic ) - warning
10:36:05.0348 4172 ebdrv - detected LockedFile.Multi.Generic (1)
10:36:05.0489 4172 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:36:05.0567 4172 EFS - ok
10:36:05.0691 4172 ehdrv (686a799c1bf1b18941994daf9f45db06) C:\Windows\system32\DRIVERS\ehdrv.sys
10:36:05.0723 4172 ehdrv - ok
10:36:05.0863 4172 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:36:05.0910 4172 ehRecvr - ok
10:36:05.0988 4172 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:36:06.0066 4172 ehSched - ok
10:36:06.0237 4172 EhttpSrv (9329ba45c8b97485926a171e34c2abb8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
10:36:06.0269 4172 EhttpSrv - ok
10:36:06.0347 4172 ekrn (3543c6195d5ed4eda0316d3e1ba0e6ee) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
10:36:06.0409 4172 ekrn - ok
10:36:06.0565 4172 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:36:06.0565 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0ed67910c8c326796faa00b2bf6d9d3c
10:36:06.0612 4172 elxstor ( LockedFile.Multi.Generic ) - warning
10:36:06.0612 4172 elxstor - detected LockedFile.Multi.Generic (1)
10:36:06.0674 4172 epfwwfpr (8700eadc8bdfa27d948fcc43ee0ae434) C:\Windows\system32\DRIVERS\epfwwfpr.sys
10:36:06.0690 4172 epfwwfpr - ok
10:36:06.0768 4172 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:36:06.0768 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 8fc3208352dd3912c94367a206ab3f11
10:36:06.0768 4172 ErrDev ( LockedFile.Multi.Generic ) - warning
10:36:06.0768 4172 ErrDev - detected LockedFile.Multi.Generic (1)
10:36:06.0924 4172 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:36:07.0002 4172 EventSystem - ok
10:36:07.0111 4172 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:36:07.0111 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: 2dc9108d74081149cc8b651d3a26207f
10:36:07.0127 4172 exfat ( LockedFile.Multi.Generic ) - warning
10:36:07.0127 4172 exfat - detected LockedFile.Multi.Generic (1)
10:36:07.0173 4172 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:36:07.0173 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 7e0ab74553476622fb6ae36f73d97d35
10:36:07.0251 4172 fastfat ( LockedFile.Multi.Generic ) - warning
10:36:07.0251 4172 fastfat - detected LockedFile.Multi.Generic (1)
10:36:07.0392 4172 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:36:07.0470 4172 Fax - ok
10:36:07.0548 4172 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:36:07.0548 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: e817a017f82df2a1f8cfdbda29388b29
10:36:07.0548 4172 fdc ( LockedFile.Multi.Generic ) - warning
10:36:07.0548 4172 fdc - detected LockedFile.Multi.Generic (1)
10:36:07.0641 4172 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:36:07.0719 4172 fdPHost - ok
10:36:07.0782 4172 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:36:07.0860 4172 FDResPub - ok
10:36:07.0922 4172 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:36:07.0922 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 6cf00369c97f3cf563be99be983d13d8
10:36:07.0953 4172 FileInfo ( LockedFile.Multi.Generic ) - warning
10:36:07.0953 4172 FileInfo - detected LockedFile.Multi.Generic (1)
10:36:08.0000 4172 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:36:08.0000 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 42c51dc94c91da21cb9196eb64c45db9
10:36:08.0031 4172 Filetrace ( LockedFile.Multi.Generic ) - warning
10:36:08.0031 4172 Filetrace - detected LockedFile.Multi.Generic (1)
10:36:08.0078 4172 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:36:08.0078 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: 87907aa70cb3c56600f1c2fb8841579b
10:36:08.0094 4172 flpydisk ( LockedFile.Multi.Generic ) - warning
10:36:08.0094 4172 flpydisk - detected LockedFile.Multi.Generic (1)
10:36:08.0156 4172 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:36:08.0156 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: 7520ec808e0c35e0ee6f841294316653
10:36:08.0172 4172 FltMgr ( LockedFile.Multi.Generic ) - warning
10:36:08.0172 4172 FltMgr - detected LockedFile.Multi.Generic (1)
10:36:08.0281 4172 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
10:36:08.0375 4172 FontCache - ok
10:36:08.0468 4172 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:36:08.0499 4172 FontCache3.0.0.0 - ok
10:36:08.0562 4172 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:36:08.0577 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: 1a16b57943853e598cff37fe2b8cbf1d
10:36:08.0609 4172 FsDepends ( LockedFile.Multi.Generic ) - warning
10:36:08.0609 4172 FsDepends - detected LockedFile.Multi.Generic (1)
10:36:08.0671 4172 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:36:08.0671 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 7dae5ebcc80e45d3253f4923dc424d05
10:36:08.0671 4172 Fs_Rec ( LockedFile.Multi.Generic ) - warning
10:36:08.0671 4172 Fs_Rec - detected LockedFile.Multi.Generic (1)
10:36:08.0749 4172 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:36:08.0749 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 8a73e79089b282100b9393b644cb853b
10:36:08.0765 4172 fvevol ( LockedFile.Multi.Generic ) - warning
10:36:08.0765 4172 fvevol - detected LockedFile.Multi.Generic (1)
10:36:08.0827 4172 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:36:08.0827 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 65ee0c7a58b65e74ae05637418153938
10:36:08.0843 4172 gagp30kx ( LockedFile.Multi.Generic ) - warning
10:36:08.0843 4172 gagp30kx - detected LockedFile.Multi.Generic (1)
10:36:08.0921 4172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:36:08.0921 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8182ff89c65e4d38b2de4bb0fb18564e
10:36:08.0921 4172 GEARAspiWDM ( LockedFile.Multi.Generic ) - warning
10:36:08.0921 4172 GEARAspiWDM - detected LockedFile.Multi.Generic (1)
10:36:09.0030 4172 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:36:09.0108 4172 gpsvc - ok
10:36:09.0186 4172 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
10:36:09.0186 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\grmnusb.sys. md5: 6003bc70f1a8307262bd3c941bda0b7e
10:36:09.0233 4172 grmnusb ( LockedFile.Multi.Generic ) - warning
10:36:09.0233 4172 grmnusb - detected LockedFile.Multi.Generic (1)
10:36:09.0357 4172 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:36:09.0373 4172 gupdate - ok
10:36:09.0420 4172 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:36:09.0435 4172 gupdatem - ok
10:36:09.0498 4172 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:36:09.0529 4172 gusvc - ok
10:36:09.0591 4172 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:36:09.0591 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: c44e3c2bab6837db337ddee7544736db
10:36:09.0607 4172 hcw85cir ( LockedFile.Multi.Generic ) - warning
10:36:09.0607 4172 hcw85cir - detected LockedFile.Multi.Generic (1)
10:36:09.0685 4172 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:36:09.0685 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: a5ef29d5315111c80a5c1abad14c8972
10:36:09.0763 4172 HdAudAddService ( LockedFile.Multi.Generic ) - warning
10:36:09.0763 4172 HdAudAddService - detected LockedFile.Multi.Generic (1)
10:36:09.0903 4172 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:36:09.0903 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 9036377b8a6c15dc2eec53e489d159b5
10:36:09.0935 4172 HDAudBus ( LockedFile.Multi.Generic ) - warning
10:36:09.0935 4172 HDAudBus - detected LockedFile.Multi.Generic (1)
10:36:10.0059 4172 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
10:36:10.0059 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HECI.sys. md5: a88485dc6a7136c10d9a6c7e38fdfe3c
10:36:10.0122 4172 HECI ( LockedFile.Multi.Generic ) - warning
10:36:10.0122 4172 HECI - detected LockedFile.Multi.Generic (1)
10:36:10.0184 4172 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:36:10.0184 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 1d58a7f3e11a9731d0eaaaa8405acc36
10:36:10.0200 4172 HidBatt ( LockedFile.Multi.Generic ) - warning
10:36:10.0200 4172 HidBatt - detected LockedFile.Multi.Generic (1)
10:36:10.0278 4172 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:36:10.0278 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 89448f40e6df260c206a193a4683ba78
10:36:10.0278 4172 HidBth ( LockedFile.Multi.Generic ) - warning
10:36:10.0278 4172 HidBth - detected LockedFile.Multi.Generic (1)
10:36:10.0309 4172 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:36:10.0309 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: cf50b4cf4a4f229b9f3c08351f99ca5e
10:36:10.0309 4172 HidIr ( LockedFile.Multi.Generic ) - warning
10:36:10.0309 4172 HidIr - detected LockedFile.Multi.Generic (1)
10:36:10.0403 4172 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:36:10.0481 4172 hidserv - ok
10:36:10.0559 4172 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:36:10.0559 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\hidusb.sys. md5: 10c19f8290891af023eaec0832e1eb4d
10:36:10.0605 4172 HidUsb ( LockedFile.Multi.Generic ) - warning
10:36:10.0605 4172 HidUsb - detected LockedFile.Multi.Generic (1)
10:36:10.0699 4172 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:36:10.0793 4172 hkmsvc - ok
10:36:10.0917 4172 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:36:10.0949 4172 HomeGroupListener - ok
10:36:11.0011 4172 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:36:11.0058 4172 HomeGroupProvider - ok
10:36:11.0245 4172 HP ProtectTools Service (2666cfc4a063d75fe3d87bc334d7ecf5) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
10:36:11.0261 4172 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
10:36:11.0261 4172 HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
10:36:11.0339 4172 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:36:11.0339 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hpdskflt.sys. md5: d5c35e6416a379c445cda826b9fe452f
10:36:11.0385 4172 hpdskflt ( LockedFile.Multi.Generic ) - warning
10:36:11.0385 4172 hpdskflt - detected LockedFile.Multi.Generic (1)
10:36:11.0495 4172 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
10:36:11.0526 4172 hpqwmiex - ok
10:36:11.0588 4172 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:36:11.0588 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 295fdc419039090eb8b49ffdbb374549
10:36:11.0619 4172 HpSAMD ( LockedFile.Multi.Generic ) - warning
10:36:11.0619 4172 HpSAMD - detected LockedFile.Multi.Generic (1)
10:36:11.0666 4172 hpsrv (00dc55481fad2841284ed09e7d69cd11) C:\Windows\system32\Hpservice.exe
10:36:11.0682 4172 hpsrv - ok
10:36:11.0807 4172 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:36:11.0807 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 871917b07a141bff43d76d8844d48106
10:36:11.0838 4172 HTTP ( LockedFile.Multi.Generic ) - warning
10:36:11.0838 4172 HTTP - detected LockedFile.Multi.Generic (1)
10:36:11.0963 4172 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:36:11.0963 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: 0c4e035c7f105f1299258c90886c64c5
10:36:11.0978 4172 hwpolicy ( LockedFile.Multi.Generic ) - warning
10:36:11.0978 4172 hwpolicy - detected LockedFile.Multi.Generic (1)
10:36:12.0041 4172 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:36:12.0041 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\i8042prt.sys. md5: f151f0bdc47f4a28b1b20a0818ea36d6
10:36:12.0072 4172 i8042prt ( LockedFile.Multi.Generic ) - warning
10:36:12.0072 4172 i8042prt - detected LockedFile.Multi.Generic (1)
10:36:12.0181 4172 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
10:36:12.0181 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: a3cae5d281db4cff7cff8233507ee5ad
10:36:12.0181 4172 iaStorV ( LockedFile.Multi.Generic ) - warning
10:36:12.0181 4172 iaStorV - detected LockedFile.Multi.Generic (1)
10:36:12.0337 4172 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:36:12.0384 4172 idsvc - ok
10:36:13.0101 4172 igfx (b3a313080b0f73f4c8292290606fc15d) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:36:13.0101 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\igdkmd32.sys. md5: b3a313080b0f73f4c8292290606fc15d
10:36:13.0195 4172 igfx ( LockedFile.Multi.Generic ) - warning
10:36:13.0195 4172 igfx - detected LockedFile.Multi.Generic (1)
10:36:13.0335 4172 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:36:13.0335 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 4173ff5708f3236cf25195fecd742915
10:36:13.0335 4172 iirsp ( LockedFile.Multi.Generic ) - warning
10:36:13.0335 4172 iirsp - detected LockedFile.Multi.Generic (1)
10:36:13.0460 4172 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:36:13.0538 4172 IKEEXT - ok
10:36:13.0663 4172 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys
10:36:13.0663 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Impcd.sys. md5: 03c0d99bc2913226f1cea7cb0d984659
10:36:13.0694 4172 Impcd ( LockedFile.Multi.Generic ) - warning
10:36:13.0694 4172 Impcd - detected LockedFile.Multi.Generic (1)
10:36:13.0788 4172 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:36:13.0788 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\IntcDAud.sys. md5: bf31740828a26ab451803e3b35432651
10:36:13.0788 4172 IntcDAud ( LockedFile.Multi.Generic ) - warning
10:36:13.0788 4172 IntcDAud - detected LockedFile.Multi.Generic (1)
10:36:13.0850 4172 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:36:13.0850 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: a0f12f2c9ba6c72f3987ce780e77c130
10:36:13.0866 4172 intelide ( LockedFile.Multi.Generic ) - warning
10:36:13.0866 4172 intelide - detected LockedFile.Multi.Generic (1)
10:36:13.0897 4172 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:36:13.0897 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: 3b514d27bfc4accb4037bc6685f766e0
10:36:13.0897 4172 intelppm ( LockedFile.Multi.Generic ) - warning
10:36:13.0897 4172 intelppm - detected LockedFile.Multi.Generic (1)
10:36:14.0069 4172 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
10:36:14.0084 4172 IntuitUpdateService - ok
10:36:14.0178 4172 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:36:14.0240 4172 IPBusEnum - ok
10:36:14.0287 4172 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:36:14.0287 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 709d1761d3b19a932ff0238ea6d50200
10:36:14.0303 4172 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
10:36:14.0303 4172 IpFilterDriver - detected LockedFile.Multi.Generic (1)
10:36:14.0365 4172 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:36:14.0365 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 4bd7134618c1d2a27466a099062547bf
10:36:14.0365 4172 IPMIDRV ( LockedFile.Multi.Generic ) - warning
10:36:14.0365 4172 IPMIDRV - detected LockedFile.Multi.Generic (1)
10:36:14.0443 4172 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:36:14.0443 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: a5fa468d67abcdaa36264e463a7bb0cd
10:36:14.0474 4172 IPNAT ( LockedFile.Multi.Generic ) - warning
10:36:14.0474 4172 IPNAT - detected LockedFile.Multi.Generic (1)
10:36:14.0646 4172 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
10:36:14.0693 4172 iPod Service - ok
10:36:14.0771 4172 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:36:14.0786 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 42996cff20a3084a56017b7902307e9f
10:36:14.0786 4172 IRENUM ( LockedFile.Multi.Generic ) - warning
10:36:14.0786 4172 IRENUM - detected LockedFile.Multi.Generic (1)
10:36:14.0864 4172 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:36:14.0864 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 1f32bb6b38f62f7df1a7ab7292638a35
10:36:14.0864 4172 isapnp ( LockedFile.Multi.Generic ) - warning
10:36:14.0864 4172 isapnp - detected LockedFile.Multi.Generic (1)
10:36:14.0942 4172 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:36:14.0942 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: cb7a9abb12b8415bce5d74994c7ba3ae
10:36:14.0973 4172 iScsiPrt ( LockedFile.Multi.Generic ) - warning
10:36:14.0973 4172 iScsiPrt - detected LockedFile.Multi.Generic (1)
10:36:15.0020 4172 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:36:15.0020 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdclass.sys. md5: adef52ca1aeae82b50df86b56413107e
10:36:15.0020 4172 kbdclass ( LockedFile.Multi.Generic ) - warning
10:36:15.0020 4172 kbdclass - detected LockedFile.Multi.Generic (1)
10:36:15.0083 4172 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:36:15.0083 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdhid.sys. md5: 9e3ced91863e6ee98c24794d05e27a71
10:36:15.0098 4172 kbdhid ( LockedFile.Multi.Generic ) - warning
10:36:15.0098 4172 kbdhid - detected LockedFile.Multi.Generic (1)
10:36:15.0207 4172 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:36:15.0223 4172 KeyIso - ok
10:36:15.0332 4172 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
10:36:15.0332 4172 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: b7895b4182c0d16f6efadeb8081e8d36
10:36:15.0332 4172 KSecDD ( LockedFile.Multi.Generic ) - warning
10:36:15.0332 4172 KSecDD - detected LockedFile.Multi.Generic (1)
10:36:15.0379 4172 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
10:36:15.0379 4172 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: d30159ac9237519fbc62c6ec247d2d46
10:36:15.0379 4172 KSecPkg ( LockedFile.Multi.Generic ) - warning
10:36:15.0379 4172 KSecPkg - detected LockedFile.Multi.Generic (1)
10:36:15.0441 4172 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:36:15.0535 4172 KtmRm - ok
10:36:15.0629 4172 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:36:15.0691 4172 LanmanServer - ok
10:36:15.0769 4172 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:36:15.0847 4172 LanmanWorkstation - ok
10:36:15.0941 4172 Lbd - ok
10:36:16.0019 4172 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:36:16.0019 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: f7611ec07349979da9b0ae1f18ccc7a6
10:36:16.0065 4172 lltdio ( LockedFile.Multi.Generic ) - warning
10:36:16.0065 4172 lltdio - detected LockedFile.Multi.Generic (1)
10:36:16.0128 4172 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:36:16.0206 4172 lltdsvc - ok
10:36:16.0268 4172 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:36:16.0331 4172 lmhosts - ok
10:36:16.0487 4172 LMS (bb4e55778d8de3885e1cdac795de7bce) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:36:16.0518 4172 LMS - ok
10:36:16.0611 4172 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:36:16.0611 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: eb119a53ccf2acc000ac71b065b78fef
10:36:16.0643 4172 LSI_FC ( LockedFile.Multi.Generic ) - warning
10:36:16.0643 4172 LSI_FC - detected LockedFile.Multi.Generic (1)
10:36:16.0689 4172 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:36:16.0689 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 8ade1c877256a22e49b75d1cc9161f9c
10:36:16.0705 4172 LSI_SAS ( LockedFile.Multi.Generic ) - warning
10:36:16.0705 4172 LSI_SAS - detected LockedFile.Multi.Generic (1)
10:36:16.0752 4172 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:36:16.0752 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: dc9dc3d3daa0e276fd2ec262e38b11e9
10:36:16.0752 4172 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
10:36:16.0752 4172 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
10:36:16.0799 4172 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:36:16.0799 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0a036c7d7cab643a7f07135ac47e0524
10:36:16.0799 4172 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
10:36:16.0799 4172 LSI_SCSI - detected LockedFile.Multi.Generic (1)
10:36:16.0877 4172 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:36:16.0877 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 6703e366cc18d3b6e534f5cf7df39cee
10:36:16.0908 4172 luafv ( LockedFile.Multi.Generic ) - warning
10:36:16.0908 4172 luafv - detected LockedFile.Multi.Generic (1)
10:36:17.0001 4172 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
10:36:17.0033 4172 McComponentHostService - ok
10:36:17.0111 4172 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:36:17.0157 4172 Mcx2Svc - ok
10:36:17.0220 4172 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:36:17.0220 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: 0fff5b045293002ab38eb1fd1fc2fb74
10:36:17.0251 4172 megasas ( LockedFile.Multi.Generic ) - warning
10:36:17.0251 4172 megasas - detected LockedFile.Multi.Generic (1)
10:36:17.0313 4172 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:36:17.0313 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: dcbab2920c75f390caf1d29f675d03d6
10:36:17.0313 4172 MegaSR ( LockedFile.Multi.Generic ) - warning
10:36:17.0313 4172 MegaSR - detected LockedFile.Multi.Generic (1)
10:36:17.0360 4172 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:36:17.0438 4172 MMCSS - ok
10:36:17.0469 4172 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:36:17.0469 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: f001861e5700ee84e2d4e52c712f4964
10:36:17.0516 4172 Modem ( LockedFile.Multi.Generic ) - warning
10:36:17.0516 4172 Modem - detected LockedFile.Multi.Generic (1)
10:36:17.0563 4172 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:36:17.0563 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: 79d10964de86b292320e9dfe02282a23
10:36:17.0563 4172 monitor ( LockedFile.Multi.Generic ) - warning
10:36:17.0563 4172 monitor - detected LockedFile.Multi.Generic (1)
10:36:17.0641 4172 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:36:17.0641 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\mouclass.sys. md5: fb18cc1d4c2e716b6b903b0ac0cc0609
10:36:17.0641 4172 mouclass ( LockedFile.Multi.Generic ) - warning
10:36:17.0641 4172 mouclass - detected LockedFile.Multi.Generic (1)
10:36:17.0672 4172 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:36:17.0672 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: 2c388d2cd01c9042596cf3c8f3c7b24d
10:36:17.0688 4172 mouhid ( LockedFile.Multi.Generic ) - warning
10:36:17.0688 4172 mouhid - detected LockedFile.Multi.Generic (1)
10:36:17.0781 4172 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:36:17.0781 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: fc8771f45ecccfd89684e38842539b9b
10:36:17.0813 4172 mountmgr ( LockedFile.Multi.Generic ) - warning
10:36:17.0813 4172 mountmgr - detected LockedFile.Multi.Generic (1)
10:36:18.0031 4172 Movielink Core Service (19e4baa7be36144c41af844de1cfb50d) C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
10:36:18.0125 4172 Movielink Core Service - ok
10:36:18.0281 4172 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:36:18.0281 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: 2d699fb6e89ce0d8da14ecc03b3edfe0
10:36:18.0312 4172 mpio ( LockedFile.Multi.Generic ) - warning
10:36:18.0312 4172 mpio - detected LockedFile.Multi.Generic (1)
10:36:18.0359 4172 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:36:18.0359 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: ad2723a7b53dd1aacae6ad8c0bfbf4d0
10:36:18.0374 4172 mpsdrv ( LockedFile.Multi.Generic ) - warning
10:36:18.0374 4172 mpsdrv - detected LockedFile.Multi.Generic (1)
10:36:18.0452 4172 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:36:18.0452 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: ceb46ab7c01c9f825f8cc6babc18166a
10:36:18.0468 4172 MRxDAV ( LockedFile.Multi.Generic ) - warning
10:36:18.0468 4172 MRxDAV - detected LockedFile.Multi.Generic (1)
10:36:18.0530 4172 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:36:18.0530 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 5d16c921e3671636c0eba3bbaac5fd25
10:36:18.0530 4172 mrxsmb ( LockedFile.Multi.Generic ) - warning
10:36:18.0530 4172 mrxsmb - detected LockedFile.Multi.Generic (1)
10:36:18.0608 4172 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:36:18.0608 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 6d17a4791aca19328c685d256349fefc
10:36:18.0655 4172 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
10:36:18.0655 4172 mrxsmb10 - detected LockedFile.Multi.Generic (1)
10:36:18.0702 4172 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:36:18.0702 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: b81f204d146000be76651a50670a5e9e
10:36:18.0717 4172 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
10:36:18.0717 4172 mrxsmb20 - detected LockedFile.Multi.Generic (1)
10:36:18.0780 4172 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:36:18.0780 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: 012c5f4e9349e711e11e0f19a8589f0a
10:36:18.0780 4172 msahci ( LockedFile.Multi.Generic ) - warning
10:36:18.0780 4172 msahci - detected LockedFile.Multi.Generic (1)
10:36:18.0842 4172 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:36:18.0842 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: 55055f8ad8be27a64c831322a780a228
10:36:18.0873 4172 msdsm ( LockedFile.Multi.Generic ) - warning
10:36:18.0873 4172 msdsm - detected LockedFile.Multi.Generic (1)
10:36:18.0936 4172 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:36:18.0998 4172 MSDTC - ok
10:36:19.0061 4172 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:36:19.0061 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: daefb28e3af5a76abcc2c3078c07327f
10:36:19.0061 4172 Msfs ( LockedFile.Multi.Generic ) - warning
10:36:19.0061 4172 Msfs - detected LockedFile.Multi.Generic (1)
10:36:19.0092 4172 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:36:19.0092 4172 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: 3e1e5767043c5af9367f0056295e9f84
10:36:19.0123 4172 mshidkmdf ( LockedFile.Multi.Generic ) - warning
10:36:19.0123 4172 mshidkmdf - detected LockedFile.Multi.Generic (1)
10:36:19.0154 4172 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:36:19.0154 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: 0a4e5757ae09fa9622e3158cc1aef114
10:36:19.0185 4172 msisadrv ( LockedFile.Multi.Generic ) - warning
10:36:19.0185 4172 msisadrv - detected LockedFile.Multi.Generic (1)
10:36:19.0248 4172 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:36:19.0326 4172 MSiSCSI - ok
10:36:19.0357 4172 msiserver - ok
10:36:19.0419 4172 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:36:19.0419 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 8c0860d6366aaffb6c5bb9df9448e631
10:36:19.0451 4172 MSKSSRV ( LockedFile.Multi.Generic ) - warning
10:36:19.0451 4172 MSKSSRV - detected LockedFile.Multi.Generic (1)
10:36:19.0482 4172 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:36:19.0482 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: 3ea8b949f963562cedbb549eac0c11ce
10:36:19.0513 4172 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
10:36:19.0513 4172 MSPCLOCK - detected LockedFile.Multi.Generic (1)
10:36:19.0560 4172 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:36:19.0560 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: f456e973590d663b1073e9c463b40932
10:36:19.0560 4172 MSPQM ( LockedFile.Multi.Generic ) - warning
10:36:19.0560 4172 MSPQM - detected LockedFile.Multi.Generic (1)
10:36:19.0607 4172 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:36:19.0607 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 0e008fc4819d238c51d7c93e7b41e560
10:36:19.0622 4172 MsRPC ( LockedFile.Multi.Generic ) - warning
10:36:19.0622 4172 MsRPC - detected LockedFile.Multi.Generic (1)
10:36:19.0716 4172 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:36:19.0716 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: fc6b9ff600cc585ea38b12589bd4e246
10:36:19.0716 4172 mssmbios ( LockedFile.Multi.Generic ) - warning
10:36:19.0716 4172 mssmbios - detected LockedFile.Multi.Generic (1)
10:36:19.0763 4172 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:36:19.0763 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: b42c6b921f61a6e55159b8be6cd54a36
10:36:19.0778 4172 MSTEE ( LockedFile.Multi.Generic ) - warning
10:36:19.0778 4172 MSTEE - detected LockedFile.Multi.Generic (1)
10:36:19.0809 4172 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:36:19.0809 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 33599130f44e1f34631cea241de8ac84
10:36:19.0809 4172 MTConfig ( LockedFile.Multi.Generic ) - warning
10:36:19.0809 4172 MTConfig - detected LockedFile.Multi.Generic (1)
10:36:19.0872 4172 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:36:19.0872 4172 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: 159fad02f64e6381758c990f753bcc80
10:36:19.0903 4172 Mup ( LockedFile.Multi.Generic ) - warning
10:36:19.0903 4172 Mup - detected LockedFile.Multi.Generic (1)
10:36:19.0981 4172 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:36:20.0075 4172 napagent - ok
10:36:20.0153 4172 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:36:20.0153 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 26384429fcd85d83746f63e798ab1480
10:36:20.0199 4172 NativeWifiP ( LockedFile.Multi.Generic ) - warning
10:36:20.0199 4172 NativeWifiP - detected LockedFile.Multi.Generic (1)
10:36:20.0293 4172 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:36:20.0293 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: e7c54812a2aaf43316eb6930c1ffa108
10:36:20.0309 4172 NDIS ( LockedFile.Multi.Generic ) - warning
10:36:20.0309 4172 NDIS - detected LockedFile.Multi.Generic (1)
10:36:20.0324 4172 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:36:20.0324 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 0e1787aa6c9191d3d319e8bafe86f80c
10:36:20.0340 4172 NdisCap ( LockedFile.Multi.Generic ) - warning
10:36:20.0340 4172 NdisCap - detected LockedFile.Multi.Generic (1)
10:36:20.0371 4172 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:36:20.0371 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: e4a8aec125a2e43a9e32afeea7c9c888
10:36:20.0371 4172 NdisTapi ( LockedFile.Multi.Generic ) - warning
10:36:20.0371 4172 NdisTapi - detected LockedFile.Multi.Generic (1)
10:36:20.0433 4172 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:36:20.0433 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: d8a65dafb3eb41cbb622745676fcd072
10:36:20.0433 4172 Ndisuio ( LockedFile.Multi.Generic ) - warning
10:36:20.0433 4172 Ndisuio - detected LockedFile.Multi.Generic (1)
10:36:20.0511 4172 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:36:20.0511 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 38fbe267e7e6983311179230facb1017
10:36:20.0543 4172 NdisWan ( LockedFile.Multi.Generic ) - warning
10:36:20.0543 4172 NdisWan - detected LockedFile.Multi.Generic (1)
10:36:20.0589 4172 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:36:20.0589 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: a4bdc541e69674fbff1a8ff00be913f2
10:36:20.0621 4172 NDProxy ( LockedFile.Multi.Generic ) - warning
10:36:20.0621 4172 NDProxy - detected LockedFile.Multi.Generic (1)
10:36:20.0667 4172 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:36:20.0667 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 80b275b1ce3b0e79909db7b39af74d51
10:36:20.0699 4172 NetBIOS ( LockedFile.Multi.Generic ) - warning
10:36:20.0699 4172 NetBIOS - detected LockedFile.Multi.Generic (1)
10:36:20.0839 4172 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:36:20.0839 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 280122ddcf04b378edd1ad54d71c1e54
10:36:20.0886 4172 NetBT ( LockedFile.Multi.Generic ) - warning
10:36:20.0886 4172 NetBT - detected LockedFile.Multi.Generic (1)
10:36:20.0948 4172 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:36:20.0979 4172 Netlogon - ok
10:36:21.0057 4172 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:36:21.0135 4172 Netman - ok
10:36:21.0213 4172 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:36:21.0276 4172 netprofm - ok
10:36:21.0369 4172 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:36:21.0416 4172 NetTcpPortSharing - ok
10:36:21.0494 4172 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:36:21.0494 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 1d85c4b390b0ee09c7a46b91efb2c097
10:36:21.0525 4172 nfrd960 ( LockedFile.Multi.Generic ) - warning
10:36:21.0525 4172 nfrd960 - detected LockedFile.Multi.Generic (1)
10:36:21.0603 4172 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:36:21.0681 4172 NlaSvc - ok
10:36:21.0884 4172 nmraapache (13350ddd0976ceb5f125396c7bfb05b4) C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
10:36:21.0915 4172 nmraapache ( UnsignedFile.Multi.Generic ) - warning
10:36:21.0915 4172 nmraapache - detected UnsignedFile.Multi.Generic (1)
10:36:22.0071 4172 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
10:36:22.0118 4172 nmservice - ok
10:36:22.0181 4172 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:36:22.0181 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1db262a9f8c087e8153d89bef3d2235f
10:36:22.0243 4172 Npfs ( LockedFile.Multi.Generic ) - warning
10:36:22.0243 4172 Npfs - detected LockedFile.Multi.Generic (1)
10:36:22.0305 4172 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:36:22.0383 4172 nsi - ok
10:36:22.0430 4172 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:36:22.0430 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: e9a0a4d07e53d8fea2bb8387a3293c58
10:36:22.0461 4172 nsiproxy ( LockedFile.Multi.Generic ) - warning
10:36:22.0461 4172 nsiproxy - detected LockedFile.Multi.Generic (1)
10:36:22.0602 4172 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
10:36:22.0602 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: 33c3093d09017cfe2e219f2472bff6eb
10:36:22.0602 4172 Ntfs ( LockedFile.Multi.Generic ) - warning
10:36:22.0602 4172 Ntfs - detected LockedFile.Multi.Generic (1)
10:36:22.0758 4172 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:36:22.0758 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: f9756a98d69098dca8945d62858a812c
10:36:22.0789 4172 Null ( LockedFile.Multi.Generic ) - warning
10:36:22.0789 4172 Null - detected LockedFile.Multi.Generic (1)
10:36:22.0851 4172 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
10:36:22.0851 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: af2eec9580c1d32fb7eaf105d9784061
10:36:22.0867 4172 nvraid ( LockedFile.Multi.Generic ) - warning
10:36:22.0867 4172 nvraid - detected LockedFile.Multi.Generic (1)
10:36:22.0898 4172 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
10:36:22.0898 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: 9283c58ebaa2618f93482eb5dabcec82
10:36:22.0914 4172 nvstor ( LockedFile.Multi.Generic ) - warning
10:36:22.0914 4172 nvstor - detected LockedFile.Multi.Generic (1)
10:36:22.0976 4172 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:36:22.0976 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 5a0983915f02bae73267cc2a041f717d
10:36:22.0992 4172 nv_agp ( LockedFile.Multi.Generic ) - warning
10:36:22.0992 4172 nv_agp - detected LockedFile.Multi.Generic (1)
10:36:23.0148 4172 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:36:23.0179 4172 odserv - ok
10:36:23.0241 4172 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:36:23.0241 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 08a70a1f2cdde9bb49b885cb817a66eb
10:36:23.0273 4172 ohci1394 ( LockedFile.Multi.Generic ) - warning
10:36:23.0273 4172 ohci1394 - detected LockedFile.Multi.Generic (1)
10:36:23.0335 4172 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:36:23.0366 4172 ose - ok
10:36:23.0475 4172 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:36:23.0553 4172 p2pimsvc - ok
10:36:23.0600 4172 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:36:23.0663 4172 p2psvc - ok
10:36:23.0741 4172 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:36:23.0741 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 2ea877ed5dd9713c5ac74e8ea7348d14
10:36:23.0772 4172 Parport ( LockedFile.Multi.Generic ) - warning
10:36:23.0772 4172 Parport - detected LockedFile.Multi.Generic (1)
10:36:23.0834 4172 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:36:23.0834 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: 3f34a1b4c5f6475f320c275e63afce9b
10:36:23.0865 4172 partmgr ( LockedFile.Multi.Generic ) - warning
10:36:23.0865 4172 partmgr - detected LockedFile.Multi.Generic (1)
10:36:23.0912 4172 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:36:23.0928 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parvdm.sys. md5: eb0a59f29c19b86479d36b35983daadc
10:36:23.0928 4172 Parvdm ( LockedFile.Multi.Generic ) - warning
10:36:23.0928 4172 Parvdm - detected LockedFile.Multi.Generic (1)
10:36:23.0990 4172 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:36:24.0068 4172 PcaSvc - ok
10:36:24.0146 4172 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:36:24.0146 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 673e55c3498eb970088e812ea820aa8f
10:36:24.0177 4172 pci ( LockedFile.Multi.Generic ) - warning
10:36:24.0177 4172 pci - detected LockedFile.Multi.Generic (1)
10:36:24.0224 4172 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:36:24.0224 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: afe86f419014db4e5593f69ffe26ce0a
10:36:24.0224 4172 pciide ( LockedFile.Multi.Generic ) - warning
10:36:24.0224 4172 pciide - detected LockedFile.Multi.Generic (1)
10:36:24.0271 4172 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:36:24.0271 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: f396431b31693e71e8a80687ef523506
10:36:24.0349 4172 pcmcia ( LockedFile.Multi.Generic ) - warning
10:36:24.0349 4172 pcmcia - detected LockedFile.Multi.Generic (1)
10:36:24.0396 4172 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:36:24.0396 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: 250f6b43d2b613172035c6747aeeb19f
10:36:24.0396 4172 pcw ( LockedFile.Multi.Generic ) - warning
10:36:24.0396 4172 pcw - detected LockedFile.Multi.Generic (1)
10:36:24.0505 4172 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:36:24.0505 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 9e0104ba49f4e6973749a02bf41344ed
10:36:24.0505 4172 PEAUTH ( LockedFile.Multi.Generic ) - warning
10:36:24.0505 4172 PEAUTH - detected LockedFile.Multi.Generic (1)
10:36:24.0614 4172 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:36:24.0723 4172 PeerDistSvc - ok
10:36:25.0035 4172 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:36:25.0113 4172 pla - ok
10:36:25.0301 4172 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:36:25.0379 4172 PlugPlay - ok
10:36:25.0488 4172 pnarp (b63a3ae87ed0ac525b3aa88b39608bfc) C:\Windows\system32\DRIVERS\pnarp.sys
10:36:25.0488 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pnarp.sys. md5: b63a3ae87ed0ac525b3aa88b39608bfc
10:36:25.0535 4172 pnarp ( LockedFile.Multi.Generic ) - warning
10:36:25.0535 4172 pnarp - detected LockedFile.Multi.Generic (1)
10:36:25.0581 4172 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:36:25.0644 4172 PNRPAutoReg - ok
10:36:25.0722 4172 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:36:25.0753 4172 PNRPsvc - ok
10:36:25.0878 4172 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:36:25.0956 4172 PolicyAgent - ok
10:36:26.0034 4172 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:36:26.0096 4172 Power - ok
10:36:26.0143 4172 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:36:26.0143 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 631e3e205ad6d86f2aed6a4a8e69f2db
10:36:26.0174 4172 PptpMiniport ( LockedFile.Multi.Generic ) - warning
10:36:26.0174 4172 PptpMiniport - detected LockedFile.Multi.Generic (1)
10:36:26.0237 4172 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:36:26.0237 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 85b1e3a0c7585bc4aae6899ec6fcf011
10:36:26.0252 4172 Processor ( LockedFile.Multi.Generic ) - warning
10:36:26.0252 4172 Processor - detected LockedFile.Multi.Generic (1)
10:36:26.0330 4172 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
10:36:26.0393 4172 ProfSvc - ok
10:36:26.0455 4172 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:36:26.0486 4172 ProtectedStorage - ok
10:36:26.0549 4172 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:36:26.0549 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 6270ccae2a86de6d146529fe55b3246a
10:36:26.0549 4172 Psched ( LockedFile.Multi.Generic ) - warning
10:36:26.0549 4172 Psched - detected LockedFile.Multi.Generic (1)
10:36:26.0642 4172 purendis (633cc728d6493c4263368a86928b0bfd) C:\Windows\system32\DRIVERS\purendis.sys
10:36:26.0642 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\purendis.sys. md5: 633cc728d6493c4263368a86928b0bfd
10:36:26.0673 4172 purendis ( LockedFile.Multi.Generic ) - warning
10:36:26.0673 4172 purendis - detected LockedFile.Multi.Generic (1)
10:36:26.0861 4172 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:36:26.0861 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: ab95ecf1f6659a60ddc166d8315b0751
10:36:26.0907 4172 ql2300 ( LockedFile.Multi.Generic ) - warning
10:36:26.0907 4172 ql2300 - detected LockedFile.Multi.Generic (1)
10:36:27.0048 4172 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:36:27.0048 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: b4dd51dd25182244b86737dc51af2270
10:36:27.0048 4172 ql40xx ( LockedFile.Multi.Generic ) - warning
10:36:27.0048 4172 ql40xx - detected LockedFile.Multi.Generic (1)
10:36:27.0126 4172 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:36:27.0204 4172 QWAVE - ok
10:36:27.0251 4172 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:36:27.0251 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 584078ca1b95ca72df2a27c336f9719d
10:36:27.0266 4172 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
10:36:27.0266 4172 QWAVEdrv - detected LockedFile.Multi.Generic (1)
10:36:27.0329 4172 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:36:27.0329 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 30a81b53c766d0133bb86d234e5556ab
10:36:27.0360 4172 RasAcd ( LockedFile.Multi.Generic ) - warning
10:36:27.0360 4172 RasAcd - detected LockedFile.Multi.Generic (1)
10:36:27.0407 4172 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:36:27.0407 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 57ec4aef73660166074d8f7f31c0d4fd
10:36:27.0422 4172 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
10:36:27.0422 4172 RasAgileVpn - detected LockedFile.Multi.Generic (1)
10:36:27.0485 4172 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:36:27.0578 4172 RasAuto - ok
10:36:27.0625 4172 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:36:27.0625 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: d9f91eafec2815365cbe6d167e4e332a
10:36:27.0625 4172 Rasl2tp ( LockedFile.Multi.Generic ) - warning
10:36:27.0625 4172 Rasl2tp - detected LockedFile.Multi.Generic (1)
10:36:27.0703 4172 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:36:27.0797 4172 RasMan - ok
10:36:27.0875 4172 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:36:27.0875 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 0fe8b15916307a6ac12bfb6a63e45507
10:36:27.0906 4172 RasPppoe ( LockedFile.Multi.Generic ) - warning
10:36:27.0906 4172 RasPppoe - detected LockedFile.Multi.Generic (1)
10:36:27.0984 4172 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:36:27.0984 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: 44101f495a83ea6401d886e7fd70096b
10:36:28.0015 4172 RasSstp ( LockedFile.Multi.Generic ) - warning
10:36:28.0015 4172 RasSstp - detected LockedFile.Multi.Generic (1)
10:36:28.0109 4172 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:36:28.0109 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: d528bc58a489409ba40334ebf96a311b
10:36:28.0109 4172 rdbss ( LockedFile.Multi.Generic ) - warning
10:36:28.0109 4172 rdbss - detected LockedFile.Multi.Generic (1)
10:36:28.0171 4172 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:36:28.0171 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 0d8f05481cb76e70e1da06ee9f0da9df
10:36:28.0171 4172 rdpbus ( LockedFile.Multi.Generic ) - warning
10:36:28.0171 4172 rdpbus - detected LockedFile.Multi.Generic (1)
10:36:28.0249 4172 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:36:28.0249 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: 23dae03f29d253ae74c44f99e515f9a1
10:36:28.0249 4172 RDPCDD ( LockedFile.Multi.Generic ) - warning
10:36:28.0249 4172 RDPCDD - detected LockedFile.Multi.Generic (1)
10:36:28.0343 4172 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:36:28.0343 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpdr.sys. md5: b973fcfc50dc1434e1970a146f7e3885
10:36:28.0343 4172 RDPDR ( LockedFile.Multi.Generic ) - warning
10:36:28.0343 4172 RDPDR - detected LockedFile.Multi.Generic (1)
10:36:28.0389 4172 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:36:28.0389 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: 5a53ca1598dd4156d44196d200c94b8a
10:36:28.0421 4172 RDPENCDD ( LockedFile.Multi.Generic ) - warning
10:36:28.0421 4172 RDPENCDD - detected LockedFile.Multi.Generic (1)
10:36:28.0467 4172 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:36:28.0467 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 44b0a53cd4f27d50ed461dae0c0b4e1f
10:36:28.0499 4172 RDPREFMP ( LockedFile.Multi.Generic ) - warning
10:36:28.0499 4172 RDPREFMP - detected LockedFile.Multi.Generic (1)
10:36:28.0561 4172 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
10:36:28.0561 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: f031683e6d1fea157abb2ff260b51e61
10:36:28.0608 4172 RDPWD ( LockedFile.Multi.Generic ) - warning
10:36:28.0608 4172 RDPWD - detected LockedFile.Multi.Generic (1)
10:36:28.0701 4172 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:36:28.0701 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 518395321dc96fe2c9f0e96ac743b656
10:36:28.0733 4172 rdyboost ( LockedFile.Multi.Generic ) - warning
10:36:28.0733 4172 rdyboost - detected LockedFile.Multi.Generic (1)
10:36:28.0795 4172 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:36:28.0873 4172 RemoteAccess - ok
10:36:28.0967 4172 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:36:29.0029 4172 RemoteRegistry - ok
10:36:29.0091 4172 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:36:29.0169 4172 RpcEptMapper - ok
10:36:29.0232 4172 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:36:29.0263 4172 RpcLocator - ok
10:36:29.0341 4172 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:36:29.0372 4172 RpcSs - ok
10:36:29.0450 4172 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:36:29.0466 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: 032b0d36ad92b582d869879f5af5b928
10:36:29.0513 4172 rspndr ( LockedFile.Multi.Generic ) - warning
10:36:29.0513 4172 rspndr - detected LockedFile.Multi.Generic (1)
10:36:29.0591 4172 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\Windows\system32\Drivers\RtsUStor.sys
10:36:29.0591 4172 Suspicious file (NoAccess): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 6b065c88a4c05cf44793ac2bfc331ac5
10:36:29.0591 4172 RSUSBSTOR ( LockedFile.Multi.Generic ) - warning
10:36:29.0591 4172 RSUSBSTOR - detected LockedFile.Multi.Generic (1)
10:36:29.0622 4172 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:36:29.0622 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt86win7.sys. md5: 7dfd48e24479b68b258d8770121155a0
10:36:29.0653 4172 RTL8167 ( LockedFile.Multi.Generic ) - warning
10:36:29.0653 4172 RTL8167 - detected LockedFile.Multi.Generic (1)
10:36:29.0700 4172 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:36:29.0715 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\vms3cap.sys. md5: 7fa7f2e249a5dcbb7970630e15e1f482
10:36:29.0715 4172 s3cap ( LockedFile.Multi.Generic ) - warning
10:36:29.0715 4172 s3cap - detected LockedFile.Multi.Generic (1)
10:36:29.0809 4172 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:36:29.0840 4172 SamSs - ok
10:36:29.0871 4172 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:36:29.0871 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: 05d860da1040f111503ac416ccef2bca
10:36:29.0871 4172 sbp2port ( LockedFile.Multi.Generic ) - warning
10:36:29.0871 4172 sbp2port - detected LockedFile.Multi.Generic (1)
10:36:29.0934 4172 SBRE - ok
10:36:30.0012 4172 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:36:30.0074 4172 SCardSvr - ok
10:36:30.0152 4172 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:36:30.0152 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 0693b5ec673e34dc147e195779a4dcf6
10:36:30.0199 4172 scfilter ( LockedFile.Multi.Generic ) - warning
10:36:30.0199 4172 scfilter - detected LockedFile.Multi.Generic (1)
10:36:30.0339 4172 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:36:30.0402 4172 Schedule - ok
10:36:30.0495 4172 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:36:30.0527 4172 SCPolicySvc - ok
10:36:30.0589 4172 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:36:30.0667 4172 SDRSVC - ok
10:36:30.0714 4172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:36:30.0714 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 90a3935d05b494a5a39d37e71f09a677
10:36:30.0745 4172 secdrv ( LockedFile.Multi.Generic ) - warning
10:36:30.0745 4172 secdrv - detected LockedFile.Multi.Generic (1)
10:36:30.0807 4172 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:36:30.0901 4172 seclogon - ok
10:36:30.0932 4172 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:36:30.0963 4172 SENS - ok
10:36:30.0995 4172 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:36:31.0057 4172 SensrSvc - ok
10:36:31.0135 4172 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:36:31.0135 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: 9ad8b8b515e3df6acd4212ef465de2d1
10:36:31.0151 4172 Serenum ( LockedFile.Multi.Generic ) - warning
10:36:31.0151 4172 Serenum - detected LockedFile.Multi.Generic (1)
10:36:31.0182 4172 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:36:31.0182 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: 5fb7fcea0490d821f26f39cc5ea3d1e2
10:36:31.0182 4172 Serial ( LockedFile.Multi.Generic ) - warning
10:36:31.0182 4172 Serial - detected LockedFile.Multi.Generic (1)
10:36:31.0244 4172 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:36:31.0244 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 79bffb520327ff916a582dfea17aa813
10:36:31.0260 4172 sermouse ( LockedFile.Multi.Generic ) - warning
10:36:31.0260 4172 sermouse - detected LockedFile.Multi.Generic (1)
10:36:31.0353 4172 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:36:31.0416 4172 SessionEnv - ok
10:36:31.0447 4172 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:36:31.0447 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: 9f976e1eb233df46fce808d9dea3eb9c
10:36:31.0478 4172 sffdisk ( LockedFile.Multi.Generic ) - warning
10:36:31.0478 4172 sffdisk - detected LockedFile.Multi.Generic (1)
10:36:31.0525 4172 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:36:31.0525 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: 932a68ee27833cfd57c1639d375f2731
10:36:31.0541 4172 sffp_mmc ( LockedFile.Multi.Generic ) - warning
10:36:31.0541 4172 sffp_mmc - detected LockedFile.Multi.Generic (1)
10:36:31.0556 4172 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:36:31.0572 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: 6d4ccaedc018f1cf52866bbbaa235982
10:36:31.0572 4172 sffp_sd ( LockedFile.Multi.Generic ) - warning
10:36:31.0572 4172 sffp_sd - detected LockedFile.Multi.Generic (1)
10:36:31.0603 4172 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:36:31.0603 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: db96666cc8312ebc45032f30b007a547
10:36:31.0650 4172 sfloppy ( LockedFile.Multi.Generic ) - warning
10:36:31.0650 4172 sfloppy - detected LockedFile.Multi.Generic (1)
10:36:31.0759 4172 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:36:31.0821 4172 ShellHWDetection - ok
10:36:31.0884 4172 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:36:31.0884 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\sisagp.sys. md5: 2565cac0dc9fe0371bdce60832582b2e
10:36:31.0884 4172 sisagp ( LockedFile.Multi.Generic ) - warning
10:36:31.0884 4172 sisagp - detected LockedFile.Multi.Generic (1)
10:36:31.0946 4172 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:36:31.0946 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: a9f0486851becb6dda1d89d381e71055
10:36:31.0977 4172 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
10:36:31.0977 4172 SiSRaid2 - detected LockedFile.Multi.Generic (1)
10:36:32.0024 4172 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:36:32.0024 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 3727097b55738e2f554972c3be5bc1aa
10:36:32.0040 4172 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
10:36:32.0040 4172 SiSRaid4 - detected LockedFile.Multi.Generic (1)
10:36:32.0102 4172 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:36:32.0102 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 3e21c083b8a01cb70ba1f09303010fce
10:36:32.0102 4172 Smb ( LockedFile.Multi.Generic ) - warning
10:36:32.0102 4172 Smb - detected LockedFile.Multi.Generic (1)
10:36:32.0196 4172 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:36:32.0227 4172 SNMPTRAP - ok
10:36:32.0321 4172 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:36:32.0321 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: 95cf1ae7527fb70f7816563cbc09d942
10:36:32.0336 4172 spldr ( LockedFile.Multi.Generic ) - warning
10:36:32.0336 4172 spldr - detected LockedFile.Multi.Generic (1)
10:36:32.0414 4172 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:36:32.0508 4172 Spooler - ok
10:36:32.0773 4172 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:36:32.0898 4172 sppsvc - ok
10:36:33.0069 4172 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:36:33.0147 4172 sppuinotify - ok
10:36:33.0257 4172 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:36:33.0257 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: e4c2764065d66ea1d2d3ebc28fe99c46
10:36:33.0288 4172 srv ( LockedFile.Multi.Generic ) - warning
10:36:33.0288 4172 srv - detected LockedFile.Multi.Generic (1)
10:36:33.0350 4172 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:36:33.0350 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: 03f0545bd8d4c77fa0ae1ceedfcc71ab
10:36:33.0366 4172 srv2 ( LockedFile.Multi.Generic ) - warning
10:36:33.0366 4172 srv2 - detected LockedFile.Multi.Generic (1)
10:36:33.0397 4172 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:36:33.0397 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: be6bd660caa6f291ae06a718a4fa8abc
10:36:33.0428 4172 srvnet ( LockedFile.Multi.Generic ) - warning
10:36:33.0428 4172 srvnet - detected LockedFile.Multi.Generic (1)
10:36:33.0506 4172 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:36:33.0569 4172 SSDPSRV - ok
10:36:33.0631 4172 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:36:33.0693 4172 SstpSvc - ok
10:36:33.0849 4172 STacSV (43dc7ada838f6a24b93b7c7ff2fcd08d) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe
10:36:33.0896 4172 STacSV - ok
10:36:33.0974 4172 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:36:33.0974 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: db32d325c192b801df274bfd12a7e72b
10:36:34.0005 4172 stexstor ( LockedFile.Multi.Generic ) - warning
10:36:34.0005 4172 stexstor - detected LockedFile.Multi.Generic (1)
10:36:34.0130 4172 STHDA (356cc453b79c35b8ce1a14873dd6322d) C:\Windows\system32\DRIVERS\stwrt.sys
10:36:34.0130 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stwrt.sys. md5: 356cc453b79c35b8ce1a14873dd6322d
10:36:34.0161 4172 STHDA ( LockedFile.Multi.Generic ) - warning
10:36:34.0161 4172 STHDA - detected LockedFile.Multi.Generic (1)
10:36:34.0255 4172 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:36:34.0317 4172 StiSvc - ok
10:36:34.0411 4172 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:36:34.0411 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmstorfl.sys. md5: 472af0311073dceceaa8fa18ba2bdf89
10:36:34.0442 4172 storflt ( LockedFile.Multi.Generic ) - warning
10:36:34.0442 4172 storflt - detected LockedFile.Multi.Generic (1)
10:36:34.0489 4172 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
10:36:34.0536 4172 StorSvc - ok
10:36:34.0598 4172 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:36:34.0598 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\storvsc.sys. md5: dcaffd62259e0bdb433dd67b5bb37619
10:36:34.0614 4172 storvsc ( LockedFile.Multi.Generic ) - warning
10:36:34.0614 4172 storvsc - detected LockedFile.Multi.Generic (1)
10:36:34.0629 4172 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:36:34.0629 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: e58c78a848add9610a4db6d214af5224
10:36:34.0645 4172 swenum ( LockedFile.Multi.Generic ) - warning
10:36:34.0645 4172 swenum - detected LockedFile.Multi.Generic (1)
10:36:34.0692 4172 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:36:34.0770 4172 swprv - ok
10:36:34.0910 4172 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
10:36:34.0926 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 0e8676fb3bb95aa40fdf7a4a31018c8b
10:36:34.0941 4172 SynTP ( LockedFile.Multi.Generic ) - warning
10:36:34.0941 4172 SynTP - detected LockedFile.Multi.Generic (1)
10:36:34.0957 4172 Suspicious service (NoAccess): syshost32
10:36:35.0066 4172 syshost32 (ffd6e3682c00209061b56f916d1df18d) C:\Windows\Installer\{0AED59C0-6F3C-977D-0217-0690E1E3B6FB}\syshost.exe
10:36:35.0066 4172 Suspicious file (NoAccess): C:\Windows\Installer\{0AED59C0-6F3C-977D-0217-0690E1E3B6FB}\syshost.exe. md5: ffd6e3682c00209061b56f916d1df18d
10:36:35.0097 4172 syshost32 ( LockedService.Multi.Generic ) - warning
10:36:35.0097 4172 syshost32 - detected LockedService.Multi.Generic (1)
10:36:35.0316 4172 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:36:35.0363 4172 SysMain - ok
10:36:35.0456 4172 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:36:35.0503 4172 TabletInputService - ok
10:36:35.0581 4172 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:36:35.0643 4172 TapiSrv - ok
10:36:35.0706 4172 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:36:35.0753 4172 TBS - ok
10:36:35.0955 4172 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:36:35.0955 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: 7fa2e0f8b072bd04b77b421480b6cc22
10:36:36.0033 4172 Tcpip ( LockedFile.Multi.Generic ) - warning
10:36:36.0033 4172 Tcpip - detected LockedFile.Multi.Generic (1)
10:36:36.0221 4172 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:36:36.0221 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 7fa2e0f8b072bd04b77b421480b6cc22
10:36:36.0236 4172 TCPIP6 ( LockedFile.Multi.Generic ) - warning
10:36:36.0236 4172 TCPIP6 - detected LockedFile.Multi.Generic (1)
10:36:36.0345 4172 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:36:36.0345 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: cca24162e055c3714ce5a88b100c64ed
10:36:36.0345 4172 tcpipreg ( LockedFile.Multi.Generic ) - warning
10:36:36.0345 4172 tcpipreg - detected LockedFile.Multi.Generic (1)
10:36:36.0423 4172 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:36:36.0423 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 1cb91b2bd8f6dd367dfc2ef26fd751b2
10:36:36.0439 4172 TDPIPE ( LockedFile.Multi.Generic ) - warning
10:36:36.0439 4172 TDPIPE - detected LockedFile.Multi.Generic (1)
10:36:36.0486 4172 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:36:36.0486 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 2c2c5afe7ee4f620d69c23c0617651a8
10:36:36.0501 4172 TDTCP ( LockedFile.Multi.Generic ) - warning
10:36:36.0501 4172 TDTCP - detected LockedFile.Multi.Generic (1)
10:36:36.0564 4172 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:36:36.0564 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: b459575348c20e8121d6039da063c704
10:36:36.0579 4172 tdx ( LockedFile.Multi.Generic ) - warning
10:36:36.0579 4172 tdx - detected LockedFile.Multi.Generic (1)
10:36:36.0642 4172 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:36:36.0642 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 04dbf4b01ea4bf25a9a3e84affac9b20
10:36:36.0689 4172 TermDD ( LockedFile.Multi.Generic ) - warning
10:36:36.0689 4172 TermDD - detected LockedFile.Multi.Generic (1)
10:36:36.0782 4172 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:36:36.0845 4172 TermService - ok
10:36:36.0907 4172 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:36:36.0938 4172 Themes - ok
10:36:37.0001 4172 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:36:37.0063 4172 THREADORDER - ok
10:36:37.0125 4172 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:36:37.0203 4172 TrkWks - ok
10:36:37.0328 4172 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:36:37.0406 4172 TrustedInstaller - ok
10:36:37.0453 4172 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:36:37.0453 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 254bb140eee3c59d6114c1a86b636877
10:36:37.0500 4172 tssecsrv ( LockedFile.Multi.Generic ) - warning
10:36:37.0500 4172 tssecsrv - detected LockedFile.Multi.Generic (1)
10:36:37.0562 4172 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:36:37.0562 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: fd1d6c73e6333be727cbcc6054247654
10:36:37.0578 4172 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
10:36:37.0578 4172 TsUsbFlt - detected LockedFile.Multi.Generic (1)
10:36:37.0656 4172 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:36:37.0656 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: b2fa25d9b17a68bb93d58b0556e8c90d
10:36:37.0656 4172 tunnel ( LockedFile.Multi.Generic ) - warning
10:36:37.0656 4172 tunnel - detected LockedFile.Multi.Generic (1)
10:36:37.0749 4172 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:36:37.0749 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: 750fbcb269f4d7dd2e420c56b795db6d
10:36:37.0781 4172 uagp35 ( LockedFile.Multi.Generic ) - warning
10:36:37.0781 4172 uagp35 - detected LockedFile.Multi.Generic (1)
10:36:37.0874 4172 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:36:37.0874 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: ee43346c7e4b5e63e54f927babbb32ff
10:36:37.0874 4172 udfs ( LockedFile.Multi.Generic ) - warning
10:36:37.0874 4172 udfs - detected LockedFile.Multi.Generic (1)
10:36:37.0937 4172 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:36:37.0999 4172 UI0Detect - ok
10:36:38.0046 4172 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:36:38.0046 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 44e8048ace47befbfdc2e9be4cbc8880
10:36:38.0077 4172 uliagpkx ( LockedFile.Multi.Generic ) - warning
10:36:38.0077 4172 uliagpkx - detected LockedFile.Multi.Generic (1)
10:36:38.0139 4172 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:36:38.0139 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\umbus.sys. md5: d295bed4b898f0fd999fcfa9b32b071b
10:36:38.0186 4172 umbus ( LockedFile.Multi.Generic ) - warning
10:36:38.0186 4172 umbus - detected LockedFile.Multi.Generic (1)
10:36:38.0233 4172 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:36:38.0233 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: 7550ad0c6998ba1cb4843e920ee0feac
10:36:38.0280 4172 UmPass ( LockedFile.Multi.Generic ) - warning
10:36:38.0280 4172 UmPass - detected LockedFile.Multi.Generic (1)
10:36:38.0342 4172 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
10:36:38.0389 4172 UmRdpService - ok
10:36:38.0670 4172 UNS (44aa8d5d3b3b5610fef46ca8a9c52d8c) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:36:38.0732 4172 UNS - ok
10:36:38.0873 4172 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:36:38.0951 4172 upnphost - ok
10:36:39.0060 4172 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
10:36:39.0060 4172 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbaapl.sys. md5: eafe1e00739afe6c51487a050e772e17
10:36:39.0107 4172 USBAAPL ( LockedFile.Multi.Generic ) - warning
10:36:39.0107 4172 USBAAPL - detected LockedFile.Multi.Generic (1)
10:36:39.0169 4172 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
10:36:39.0169 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbccgp.sys. md5: 7e72e7d7e0757d59481d530fd2b0bfae
10:36:39.0169 4172 usbccgp ( LockedFile.Multi.Generic ) - warning
10:36:39.0169 4172 usbccgp - detected LockedFile.Multi.Generic (1)
10:36:39.0231 4172 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:36:39.0231 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: 04ec7cec62ec3b6d9354eee93327fc82
10:36:39.0231 4172 usbcir ( LockedFile.Multi.Generic ) - warning
10:36:39.0231 4172 usbcir - detected LockedFile.Multi.Generic (1)
10:36:39.0263 4172 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
10:36:39.0263 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: cfbce999c057d78979a181c9c60f208e
10:36:39.0278 4172 usbehci ( LockedFile.Multi.Generic ) - warning
10:36:39.0278 4172 usbehci - detected LockedFile.Multi.Generic (1)
10:36:39.0356 4172 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
10:36:39.0356 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbhub.sys. md5: 9d22aad9ac6a07c691a1113e5f860868
10:36:39.0387 4172 usbhub ( LockedFile.Multi.Generic ) - warning
10:36:39.0387 4172 usbhub - detected LockedFile.Multi.Generic (1)
10:36:39.0434 4172 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
10:36:39.0434 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: a6fb7957ea7afb1165991e54ce934b74
10:36:39.0450 4172 usbohci ( LockedFile.Multi.Generic ) - warning
10:36:39.0450 4172 usbohci - detected LockedFile.Multi.Generic (1)
10:36:39.0497 4172 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:36:39.0497 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 797d862fe0875e75c7cc4c1ad7b30252
10:36:39.0512 4172 usbprint ( LockedFile.Multi.Generic ) - warning
10:36:39.0512 4172 usbprint - detected LockedFile.Multi.Generic (1)
10:36:39.0575 4172 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:36:39.0575 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: bf63ebfc6979fefb2bc03df7989a0c1a
10:36:39.0621 4172 USBSTOR ( LockedFile.Multi.Generic ) - warning
10:36:39.0621 4172 USBSTOR - detected LockedFile.Multi.Generic (1)
10:36:39.0668 4172 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
10:36:39.0668 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 78780c3ebce17405b1ccd07a3a8a7d72
10:36:39.0668 4172 usbuhci ( LockedFile.Multi.Generic ) - warning
10:36:39.0668 4172 usbuhci - detected LockedFile.Multi.Generic (1)
10:36:39.0762 4172 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
10:36:39.0762 4172 Suspicious file (NoAccess): C:\Windows\System32\Drivers\usbvideo.sys. md5: 45f4e7bf43db40a6c6b4d92c76cbc3f2
10:36:39.0762 4172 usbvideo ( LockedFile.Multi.Generic ) - warning
10:36:39.0762 4172 usbvideo - detected LockedFile.Multi.Generic (1)
10:36:39.0840 4172 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:36:39.0918 4172 UxSms - ok
10:36:39.0980 4172 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:36:39.0996 4172 VaultSvc - ok
10:36:40.0183 4172 vcsFPService (8c72e0e88e5a1a70691135864f2f7f1b) C:\Windows\system32\vcsFPService.exe
10:36:40.0245 4172 vcsFPService - ok
10:36:40.0401 4172 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:36:40.0401 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: a059c4c3edb09e07d21a8e5c0aabd3cb
10:36:40.0464 4172 vdrvroot ( LockedFile.Multi.Generic ) - warning
10:36:40.0464 4172 vdrvroot - detected LockedFile.Multi.Generic (1)
10:36:40.0542 4172 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:36:40.0620 4172 vds - ok
10:36:40.0682 4172 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:36:40.0682 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: 17c408214ea61696cec9c66e388b14f3
10:36:40.0698 4172 vga ( LockedFile.Multi.Generic ) - warning
10:36:40.0698 4172 vga - detected LockedFile.Multi.Generic (1)
10:36:40.0791 4172 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:36:40.0791 4172 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 8e38096ad5c8570a6f1570a61e251561
10:36:40.0854 4172 VgaSave ( LockedFile.Multi.Generic ) - warning
10:36:40.0854 4172 VgaSave - detected LockedFile.Multi.Generic (1)
10:36:40.0932 4172 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:36:40.0932 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 5461686cca2fda57b024547733ab42e3
10:36:40.0947 4172 vhdmp ( LockedFile.Multi.Generic ) - warning
10:36:40.0947 4172 vhdmp - detected LockedFile.Multi.Generic (1)
10:36:40.0979 4172 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:36:40.0979 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaagp.sys. md5: c829317a37b4bea8f39735d4b076e923
10:36:40.0979 4172 viaagp ( LockedFile.Multi.Generic ) - warning
10:36:40.0994 4172 viaagp - detected LockedFile.Multi.Generic (1)
10:36:41.0010 4172 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:36:41.0010 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\viac7.sys. md5: e02f079a6aa107f06b16549c6e5c7b74
10:36:41.0025 4172 ViaC7 ( LockedFile.Multi.Generic ) - warning
10:36:41.0025 4172 ViaC7 - detected LockedFile.Multi.Generic (1)
10:36:41.0088 4172 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:36:41.0088 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: e43574f6a56a0ee11809b48c09e4fd3c
10:36:41.0103 4172 viaide ( LockedFile.Multi.Generic ) - warning
10:36:41.0103 4172 viaide - detected LockedFile.Multi.Generic (1)
10:36:41.0135 4172 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:36:41.0135 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmbus.sys. md5: c2f2911156fdc7817c52829c86da494e
10:36:41.0135 4172 vmbus ( LockedFile.Multi.Generic ) - warning
10:36:41.0135 4172 vmbus - detected LockedFile.Multi.Generic (1)
10:36:41.0166 4172 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:36:41.0166 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\VMBusHID.sys. md5: d4d77455211e204f370d08f4963063ce
10:36:41.0166 4172 VMBusHID ( LockedFile.Multi.Generic ) - warning
10:36:41.0166 4172 VMBusHID - detected LockedFile.Multi.Generic (1)
10:36:41.0228 4172 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:36:41.0228 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: 4c63e00f2f4b5f86ab48a58cd990f212
10:36:41.0228 4172 volmgr ( LockedFile.Multi.Generic ) - warning
10:36:41.0228 4172 volmgr - detected LockedFile.Multi.Generic (1)
10:36:41.0353 4172 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:36:41.0353 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: b5bb72067ddddbbfb04b2f89ff8c3c87
10:36:41.0400 4172 volmgrx ( LockedFile.Multi.Generic ) - warning
10:36:41.0400 4172 volmgrx - detected LockedFile.Multi.Generic (1)
10:36:41.0462 4172 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:36:41.0462 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: f497f67932c6fa693d7de2780631cfe7
10:36:41.0478 4172 volsnap ( LockedFile.Multi.Generic ) - warning
10:36:41.0478 4172 volsnap - detected LockedFile.Multi.Generic (1)
10:36:41.0525 4172 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:36:41.0525 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 9dfa0cc2f8855a04816729651175b631
10:36:41.0540 4172 vsmraid ( LockedFile.Multi.Generic ) - warning
10:36:41.0540 4172 vsmraid - detected LockedFile.Multi.Generic (1)
10:36:41.0681 4172 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:36:41.0743 4172 VSS - ok
10:36:41.0774 4172 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:36:41.0774 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 90567b1e658001e79d7c8bbd3dde5aa6
10:36:41.0805 4172 vwifibus ( LockedFile.Multi.Generic ) - warning
10:36:41.0805 4172 vwifibus - detected LockedFile.Multi.Generic (1)
10:36:41.0852 4172 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:36:41.0852 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 7090d3436eeb4e7da3373090a23448f7
10:36:41.0852 4172 vwififlt ( LockedFile.Multi.Generic ) - warning
10:36:41.0852 4172 vwififlt - detected LockedFile.Multi.Generic (1)
10:36:41.0883 4172 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
10:36:41.0883 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: a3f04cbea6c2a10e6cb01f8b47611882
10:36:41.0899 4172 vwifimp ( LockedFile.Multi.Generic ) - warning
10:36:41.0899 4172 vwifimp - detected LockedFile.Multi.Generic (1)
10:36:41.0993 4172 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:36:42.0071 4172 W32Time - ok
10:36:42.0133 4172 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:36:42.0133 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: de3721e89c653aa281428c8a69745d90
10:36:42.0133 4172 WacomPen ( LockedFile.Multi.Generic ) - warning
10:36:42.0133 4172 WacomPen - detected LockedFile.Multi.Generic (1)
10:36:42.0227 4172 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:36:42.0227 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3c3c78515f5ab448b022bdf5b8ffdd2e
10:36:42.0227 4172 WANARP ( LockedFile.Multi.Generic ) - warning
10:36:42.0227 4172 WANARP - detected LockedFile.Multi.Generic (1)
10:36:42.0242 4172 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:36:42.0258 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3c3c78515f5ab448b022bdf5b8ffdd2e
10:36:42.0258 4172 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
10:36:42.0258 4172 Wanarpv6 - detected LockedFile.Multi.Generic (1)
10:36:42.0429 4172 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:36:42.0492 4172 WatAdminSvc - ok
10:36:42.0788 4172 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:36:42.0866 4172 wbengine - ok
10:36:42.0960 4172 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:36:43.0022 4172 WbioSrvc - ok
10:36:43.0116 4172 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:36:43.0178 4172 wcncsvc - ok
10:36:43.0209 4172 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:36:43.0272 4172 WcsPlugInService - ok
10:36:43.0319 4172 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:36:43.0319 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 1112a9badacb47b7c0bb0392e3158dff
10:36:43.0365 4172 Wd ( LockedFile.Multi.Generic ) - warning
10:36:43.0365 4172 Wd - detected LockedFile.Multi.Generic (1)
10:36:43.0443 4172 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:36:43.0443 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 9950e3d0f08141c7e89e64456ae7dc73
10:36:43.0475 4172 Wdf01000 ( LockedFile.Multi.Generic ) - warning
10:36:43.0475 4172 Wdf01000 - detected LockedFile.Multi.Generic (1)
10:36:43.0537 4172 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:36:43.0631 4172 WdiServiceHost - ok
10:36:43.0677 4172 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:36:43.0724 4172 WdiSystemHost - ok
10:36:43.0802 4172 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:36:43.0865 4172 WebClient - ok
10:36:43.0927 4172 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:36:43.0974 4172 Wecsvc - ok
10:36:44.0005 4172 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:36:44.0067 4172 wercplsupport - ok
10:36:44.0114 4172 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:36:44.0177 4172 WerSvc - ok
10:36:44.0223 4172 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:36:44.0223 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 8b9a943f3b53861f2bfaf6c186168f79
10:36:44.0270 4172 WfpLwf ( LockedFile.Multi.Generic ) - warning
10:36:44.0270 4172 WfpLwf - detected LockedFile.Multi.Generic (1)
10:36:44.0317 4172 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:36:44.0317 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 5cf95b35e59e2a38023836fff31be64c
10:36:44.0348 4172 WIMMount ( LockedFile.Multi.Generic ) - warning
10:36:44.0348 4172 WIMMount - detected LockedFile.Multi.Generic (1)
10:36:44.0395 4172 WinHttpAutoProxySvc - ok
10:36:44.0489 4172 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:36:44.0551 4172 Winmgmt - ok
10:36:44.0738 4172 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:36:44.0816 4172 WinRM - ok
10:36:45.0003 4172 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:36:45.0003 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: a67e5f9a400f3bd1be3d80613b45f708
10:36:45.0035 4172 WinUsb ( LockedFile.Multi.Generic ) - warning
10:36:45.0035 4172 WinUsb - detected LockedFile.Multi.Generic (1)
10:36:45.0144 4172 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:36:45.0222 4172 Wlansvc - ok
10:36:45.0471 4172 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:36:45.0518 4172 wlidsvc - ok
10:36:45.0690 4172 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:36:45.0690 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: 0217679b8fca58714c3bf2726d2ca84e
10:36:45.0737 4172 WmiAcpi ( LockedFile.Multi.Generic ) - warning
10:36:45.0737 4172 WmiAcpi - detected LockedFile.Multi.Generic (1)
10:36:45.0846 4172 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:36:45.0908 4172 wmiApSrv - ok
10:36:46.0095 4172 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:36:46.0173 4172 WMPNetworkSvc - ok
10:36:46.0345 4172 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:36:46.0376 4172 WPCSvc - ok
10:36:46.0454 4172 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:36:46.0532 4172 WPDBusEnum - ok
10:36:46.0626 4172 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:36:46.0626 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6db3276587b853bf886b69528fdb048c
10:36:46.0673 4172 ws2ifsl ( LockedFile.Multi.Generic ) - warning
10:36:46.0673 4172 ws2ifsl - detected LockedFile.Multi.Generic (1)
10:36:46.0704 4172 WSearch - ok
10:36:46.0922 4172 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:36:47.0000 4172 wuauserv - ok
10:36:47.0141 4172 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:36:47.0141 4172 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: e714a1c0354636837e20ccbf00888ee7
10:36:47.0203 4172 WudfPf ( LockedFile.Multi.Generic ) - warning
10:36:47.0203 4172 WudfPf - detected LockedFile.Multi.Generic (1)
10:36:47.0250 4172 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:36:47.0250 4172 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 1023ee888c9b47178c5293ed5336ab69
10:36:47.0265 4172 WUDFRd ( LockedFile.Multi.Generic ) - warning
10:36:47.0265 4172 WUDFRd - detected LockedFile.Multi.Generic (1)
10:36:47.0328 4172 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:36:47.0406 4172 wudfsvc - ok
10:36:47.0484 4172 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:36:47.0499 4172 WwanSvc - ok
10:36:47.0624 4172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:36:47.0655 4172 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
10:36:47.0655 4172 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
10:36:47.0765 4172 Boot (0x1200) (5a9874c78d6dea5186d651008ceab805) \Device\Harddisk0\DR0\Partition0
10:36:47.0765 4172 \Device\Harddisk0\DR0\Partition0 - ok
10:36:47.0780 4172 Boot (0x1200) (153d98929eb2a480f8d0d608b9b0d72b) \Device\Harddisk0\DR0\Partition1
10:36:47.0780 4172 \Device\Harddisk0\DR0\Partition1 - ok
10:36:47.0780 4172 ============================================================
10:36:47.0780 4172 Scan finished
10:36:47.0780 4172 ============================================================
10:36:47.0796 4164 Detected object count: 247
10:36:47.0796 4164 Actual detected object count: 247
10:37:00.0136 4164 31ec08d98c4cdd2f ( LockedService.Multi.Generic ) - skipped by user
10:37:00.0136 4164 31ec08d98c4cdd2f ( LockedService.Multi.Generic ) - User select action: Skip
10:37:00.0136 4164 amdsbs ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0136 4164 amdsbs ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0136 4164 amdxata ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0136 4164 amdxata ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0136 4164 AppID ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0136 4164 AppID ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0136 4164 arc ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0136 4164 arc ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0136 4164 arcsas ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0136 4164 arcsas ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0136 4164 AsyncMac ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0136 4164 AsyncMac ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0136 4164 atapi ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0136 4164 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0151 4164 athr ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0151 4164 athr ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0151 4164 b06bdrv ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0151 4164 b06bdrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0151 4164 b57nd60x ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0151 4164 b57nd60x ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0151 4164 Beep ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0151 4164 Beep ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0151 4164 blbdrive ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0151 4164 blbdrive ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0151 4164 bowser ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0151 4164 bowser ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0151 4164 BrFiltLo ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0151 4164 BrFiltLo ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0151 4164 BrFiltUp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0151 4164 BrFiltUp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0167 4164 Brserid ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0167 4164 Brserid ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0167 4164 BrSerWdm ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0167 4164 BrSerWdm ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0167 4164 BrUsbMdm ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0167 4164 BrUsbMdm ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0167 4164 BrUsbSer ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0167 4164 BrUsbSer ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0167 4164 BTHMODEM ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0167 4164 BTHMODEM ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0167 4164 cdfs ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0167 4164 cdfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0167 4164 cdrom ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0167 4164 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0167 4164 circlass ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0167 4164 circlass ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0182 4164 CLFS ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0182 4164 CLFS ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0182 4164 CmBatt ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0182 4164 CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0182 4164 cmdide ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0182 4164 cmdide ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0182 4164 CNG ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0182 4164 CNG ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0182 4164 Compbatt ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0182 4164 Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0182 4164 CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0182 4164 CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0182 4164 crcdisk ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0182 4164 crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0182 4164 CSC ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0182 4164 CSC ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0182 4164 DfsC ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0182 4164 DfsC ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0198 4164 discache ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0198 4164 discache ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0198 4164 Disk ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0198 4164 Disk ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0198 4164 drmkaud ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0198 4164 drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0198 4164 DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0198 4164 DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0198 4164 ebdrv ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0198 4164 ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0198 4164 elxstor ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0198 4164 elxstor ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0198 4164 ErrDev ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0198 4164 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0198 4164 exfat ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0198 4164 exfat ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0214 4164 fastfat ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0214 4164 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0214 4164 fdc ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0214 4164 fdc ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0214 4164 FileInfo ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0214 4164 FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0214 4164 Filetrace ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0214 4164 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0214 4164 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0214 4164 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0214 4164 FltMgr ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0214 4164 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0214 4164 FsDepends ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0214 4164 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0214 4164 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0214 4164 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0214 4164 fvevol ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0214 4164 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0229 4164 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0229 4164 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0229 4164 GEARAspiWDM ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0229 4164 GEARAspiWDM ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0229 4164 grmnusb ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0229 4164 grmnusb ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0229 4164 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0229 4164 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0229 4164 HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0229 4164 HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0229 4164 HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0229 4164 HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0229 4164 HECI ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0229 4164 HECI ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0229 4164 HidBatt ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0245 4164 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0245 4164 HidBth ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0245 4164 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0245 4164 HidIr ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0245 4164 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0245 4164 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0245 4164 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0245 4164 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:37:00.0245 4164 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:37:00.0245 4164 hpdskflt ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0245 4164 hpdskflt ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0245 4164 HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0245 4164 HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0245 4164 HTTP ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0245 4164 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0260 4164 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0260 4164 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0260 4164 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0260 4164 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0260 4164 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0260 4164 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0260 4164 igfx ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0260 4164 igfx ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0260 4164 iirsp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0260 4164 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0260 4164 Impcd ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0260 4164 Impcd ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0260 4164 IntcDAud ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0260 4164 IntcDAud ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0260 4164 intelide ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0260 4164 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0260 4164 intelppm ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0260 4164 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0276 4164 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0276 4164 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0276 4164 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0276 4164 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0276 4164 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0276 4164 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0276 4164 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0276 4164 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0276 4164 isapnp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0276 4164 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0276 4164 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0276 4164 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0276 4164 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0292 4164 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0292 4164 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0292 4164 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0292 4164 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0292 4164 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0292 4164 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0292 4164 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0292 4164 lltdio ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0292 4164 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0292 4164 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0292 4164 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0292 4164 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0292 4164 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0292 4164 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0292 4164 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0292 4164 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0292 4164 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0307 4164 luafv ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0307 4164 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0307 4164 megasas ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0307 4164 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0307 4164 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0307 4164 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0307 4164 Modem ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0307 4164 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0307 4164 monitor ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0307 4164 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0307 4164 mouclass ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0307 4164 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0307 4164 mouhid ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0307 4164 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0307 4164 mountmgr ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0307 4164 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0323 4164 mpio ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0323 4164 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0323 4164 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0323 4164 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0323 4164 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0323 4164 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0323 4164 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0323 4164 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0323 4164 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0323 4164 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0323 4164 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0323 4164 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0323 4164 msahci ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0323 4164 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0323 4164 msdsm ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0323 4164 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0323 4164 Msfs ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0323 4164 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0338 4164 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0338 4164 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0338 4164 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0338 4164 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0338 4164 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0338 4164 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0338 4164 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0338 4164 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0338 4164 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0338 4164 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0338 4164 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0338 4164 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0338 4164 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0338 4164 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0338 4164 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0338 4164 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0354 4164 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0354 4164 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0354 4164 Mup ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0354 4164 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0354 4164 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0354 4164 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0354 4164 NDIS ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0354 4164 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0354 4164 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0354 4164 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0354 4164 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0354 4164 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0354 4164 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0354 4164 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0354 4164 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0354 4164 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0370 4164 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0370 4164 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0370 4164 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0370 4164 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0370 4164 NetBT ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0370 4164 NetBT ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0370 4164 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0370 4164 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0370 4164 nmraapache ( UnsignedFile.Multi.Generic ) - skipped by user
10:37:00.0370 4164 nmraapache ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:37:00.0370 4164 Npfs ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0370 4164 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0370 4164 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0370 4164 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0370 4164 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0370 4164 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0370 4164 Null ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0370 4164 Null ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0385 4164 nvraid ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0385 4164 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0385 4164 nvstor ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0385 4164 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0385 4164 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0385 4164 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0385 4164 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0385 4164 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0385 4164 Parport ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0385 4164 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0385 4164 partmgr ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0385 4164 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0385 4164 Parvdm ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0385 4164 Parvdm ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0385 4164 pci ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0385 4164 pci ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0385 4164 pciide ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0385 4164 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0401 4164 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0401 4164 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0401 4164 pcw ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0401 4164 pcw ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0401 4164 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0401 4164 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0401 4164 pnarp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0401 4164 pnarp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0401 4164 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0401 4164 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0401 4164 Processor ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0401 4164 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0401 4164 Psched ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0401 4164 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0401 4164 purendis ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0401 4164 purendis ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0401 4164 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0401 4164 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0416 4164 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0416 4164 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0416 4164 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0416 4164 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0416 4164 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0416 4164 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0416 4164 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0416 4164 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0416 4164 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0416 4164 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0416 4164 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0416 4164 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0416 4164 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0416 4164 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0416 4164 rdbss ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0416 4164 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0432 4164 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0432 4164 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0432 4164 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0432 4164 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0432 4164 RDPDR ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0432 4164 RDPDR ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0432 4164 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0432 4164 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0432 4164 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0432 4164 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0432 4164 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0432 4164 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0432 4164 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0432 4164 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0432 4164 rspndr ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0432 4164 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0432 4164 RSUSBSTOR ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0432 4164 RSUSBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0448 4164 RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0448 4164 RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0448 4164 s3cap ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0448 4164 s3cap ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0448 4164 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0448 4164 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0448 4164 scfilter ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0448 4164 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0448 4164 secdrv ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0448 4164 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0448 4164 Serenum ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0448 4164 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0448 4164 Serial ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0448 4164 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0448 4164 sermouse ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0448 4164 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0463 4164 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0463 4164 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0463 4164 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0463 4164 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0463 4164 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0463 4164 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0463 4164 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0463 4164 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0463 4164 sisagp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0463 4164 sisagp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0463 4164 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0463 4164 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0463 4164 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0463 4164 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0463 4164 Smb ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0463 4164 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0479 4164 spldr ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0479 4164 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0479 4164 srv ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0479 4164 srv ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0479 4164 srv2 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0479 4164 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0479 4164 srvnet ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0479 4164 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0479 4164 stexstor ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0479 4164 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0479 4164 STHDA ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0479 4164 STHDA ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0479 4164 storflt ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0479 4164 storflt ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0479 4164 storvsc ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0479 4164 storvsc ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0494 4164 swenum ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0494 4164 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0494 4164 SynTP ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0494 4164 SynTP ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0494 4164 syshost32 ( LockedService.Multi.Generic ) - skipped by user
10:37:00.0494 4164 syshost32 ( LockedService.Multi.Generic ) - User select action: Skip
10:37:00.0494 4164 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0494 4164 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0494 4164 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0494 4164 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0494 4164 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0494 4164 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0494 4164 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0494 4164 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0494 4164 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0494 4164 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0494 4164 tdx ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0494 4164 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0510 4164 TermDD ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0510 4164 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0510 4164 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0510 4164 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0510 4164 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0510 4164 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0510 4164 tunnel ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0510 4164 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0510 4164 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0510 4164 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0510 4164 udfs ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0510 4164 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0510 4164 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0510 4164 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0510 4164 umbus ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0510 4164 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0526 4164 UmPass ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0526 4164 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0526 4164 USBAAPL ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0526 4164 USBAAPL ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0526 4164 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0526 4164 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0526 4164 usbcir ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0526 4164 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0526 4164 usbehci ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0526 4164 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0526 4164 usbhub ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0526 4164 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0526 4164 usbohci ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0526 4164 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0526 4164 usbprint ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0526 4164 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0526 4164 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0526 4164 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0541 4164 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0541 4164 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0541 4164 usbvideo ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0541 4164 usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0541 4164 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0541 4164 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0541 4164 vga ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0541 4164 vga ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0541 4164 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0541 4164 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0541 4164 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0541 4164 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0541 4164 viaagp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0541 4164 viaagp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0541 4164 ViaC7 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0541 4164 ViaC7 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0557 4164 viaide ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0557 4164 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0557 4164 vmbus ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0557 4164 vmbus ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0557 4164 VMBusHID ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0557 4164 VMBusHID ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0557 4164 volmgr ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0557 4164 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0557 4164 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0557 4164 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0557 4164 volsnap ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0557 4164 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0557 4164 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0557 4164 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0557 4164 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0557 4164 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0572 4164 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0572 4164 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0572 4164 vwifimp ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0572 4164 vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0572 4164 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0572 4164 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0572 4164 WANARP ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0572 4164 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0572 4164 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0572 4164 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0572 4164 Wd ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0572 4164 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0572 4164 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0572 4164 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0572 4164 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0572 4164 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0572 4164 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0572 4164 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0588 4164 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0588 4164 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0588 4164 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0588 4164 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0588 4164 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0588 4164 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0588 4164 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0588 4164 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:00.0588 4164 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
10:37:00.0588 4164 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
10:37:01.0290 4164 \Device\Harddisk0\DR0\# - copied to quarantine
10:37:01.0290 4164 \Device\Harddisk0\DR0 - copied to quarantine
10:37:01.0368 4164 \Device\Harddisk0\DR0 - processing error
10:37:04.0722 4164 \Device\Harddisk0\DR0 - will be restored on reboot
10:37:04.0847 4164 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure Restore
  • 0

#30
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
did you run the same TDSSKiller version ? I want you to attempt to run the normal version
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP