Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Fbi Virus Moneypak [Solved]

Started by risefreeze , Sep 23 2012 02:14 PM

This topic is locked

#1
risefreeze

Posted 23 September 2012 - 02:14 PM

Member

Member
27 posts

I got the ransomware virus fbi moneypak. I get the fbi screen asking to send money to them to unlock the computer. The good news is that only my main admin account is locked out. I am using my other backup admin account right now. On the backup account hyperlinks that I click get redirected to other websites and firefox is not working because of an unreadable/corrupt file. Other than that everything else seems to be working on the backup. I downloaded OTL using my 2nd computer and used a usb drive to transfer it onto my backup admin account on the infected computer (this one). Here is a copy of my OTL log, hope you guys can help

OTL logfile created on: 23/09/2012 15:55:59 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 13.98 Gb Available Physical Memory | 87.37% Memory free
32.00 Gb Paging File | 29.75 Gb Available in Paging File | 92.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 804.07 Gb Free Space | 86.33% Space Free | Partition Type: NTFS
Drive D: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.75 Gb Total Space | 411.97 Gb Free Space | 88.45% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 7.07 Gb Free Space | 94.57% Space Free | Partition Type: FAT32

Computer Name: PHIL-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 15:43:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/13 22:23:32 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009/03/25 17:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 17:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/20 19:53:18 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/18 12:23:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/17 15:24:16 | 000,308,592 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:17 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/26 11:36:12 | 000,323,584 | -H-- | M] (DeviceVM) [Disabled | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:12:24 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:12:24 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:12:22 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:12:22 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/20 19:20:18 | 000,356,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/08/20 19:20:18 | 000,187,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/20 19:20:18 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/08/20 19:20:18 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/07/24 02:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 17:52:30 | 000,215,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/04 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 ED 74 30 C1 99 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/21 22:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/18 12:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/18 12:23:01 | 000,000,000 | ---D | M]

[2012/09/23 15:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/09/18 12:23:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/30 20:03:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/30 20:03:32 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6026CA55-B83D-4F90-9F70-668444118E2E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/09 10:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/31 19:01:11 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/31 19:01:28 | 001,101,824 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 23:15:46 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 23:15:25 | 000,001,214 | R--- | M] () - D:\autorun.str -- [ CDFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{eba3bf49-8237-11e0-96a8-90e6ba431217}\Shell - "" = AutoRun
O33 - MountPoints2\{eba3bf49-8237-11e0-96a8-90e6ba431217}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 15:48:17 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/23 15:20:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012/09/23 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012/09/23 15:17:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/09/23 15:17:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\Virtual Machines
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/23 15:17:26 | 000,000,000 | -H-D | C] -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/23 15:17:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2012/09/23 15:17:17 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Templates
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Start Menu
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\PrintHood
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\NetHood
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\My Documents
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Local Settings
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Application Data
[2012/09/23 15:17:07 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/23 15:17:07 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2012/09/23 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012/09/23 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012/09/23 12:39:57 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/09/18 12:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/14 00:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60
[2012/09/02 09:53:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2012/09/23 15:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/23 15:43:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/23 15:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/23 15:29:18 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 15:29:18 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 15:25:26 | 000,001,437 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 15:25:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/23 15:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/23 15:24:09 | 4294,320,126 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 12:29:29 | 083,023,306 | ---- | M] () -- C:\ProgramData\c156342.pad
[2012/09/18 12:26:46 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/09/18 12:23:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/02 09:47:32 | 000,086,472 | ---- | M] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys

========== Files Created - No Company Name ==========

[2012/09/23 15:25:26 | 000,001,437 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 15:17:29 | 000,001,409 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/09/23 15:17:26 | 000,001,443 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/23 15:17:07 | 000,000,290 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/23 15:17:07 | 000,000,272 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/23 12:28:42 | 083,023,306 | ---- | C] () -- C:\ProgramData\c156342.pad
[2012/09/04 08:30:25 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/09/02 09:53:39 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/02 09:47:32 | 000,086,472 | ---- | C] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/08 22:11:30 | 000,120,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/21 22:16:27 | 000,005,258 | -HS- | C] () -- C:\ProgramData\id8i1jjw6f143c6io0c76
[2011/12/21 13:47:25 | 000,005,114 | -HS- | C] () -- C:\ProgramData\wnvmdd1a4gvf4tdl1nup0y664v8u
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/09 16:53:44 | 000,041,068 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/08/07 22:19:12 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/08/07 22:19:12 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/08/07 22:19:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/05/25 19:10:22 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll

========== ZeroAccess Check ==========

[2011/11/17 02:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\@
[2012/09/23 12:32:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\L
[2012/09/23 15:25:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U
[2012/09/23 15:24:14 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\L\00000004.@
[2012/09/23 12:29:00 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\00000004.@
[2012/09/23 15:25:16 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\00000008.@
[2012/09/23 15:24:48 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\000000cb.@
[2012/09/23 15:24:54 | 000,016,896 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\80000000.@
[2012/09/23 12:29:17 | 000,091,136 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\80000032.@
[2012/09/23 12:29:17 | 000,077,824 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\80000064.@
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/09/23 15:24:14 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/09/23 15:24:14 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

========== Purity Check ==========

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >

#2
Essexboy

Posted 23 September 2012 - 02:21 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I can see multiple problems. I will run two killing programmes first and then follow up with a different OTL scan to clear the remanants

Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application
Then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

FINALLY

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window.
Post all logs

#3
risefreeze

Posted 23 September 2012 - 02:51 PM

Member

Topic Starter
Member
27 posts

Thank you for the quick response!

Ok I followed the instructions with roguekiller. I ran the scan and then hit the delete button and the program crashed. I tried it 3x and it crashed all times. Before the third try I disabled smartscreen filter, but it didn't change anything. Here are the logs for the first two attempts. Also to be noted during the scan windows explorer popped up with a RK website. Also the corrupted file is winlogon I believe. I get a notification when I first log in that it is corrupted.

[SUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤
[Services][LOCK] HKLM\[...]\ControlSet001\Services\4b67c937a5c89fb4 (4b67c937a5c89fb4.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet002\Services\4b67c937a5c89fb4 (4b67c937a5c89fb4.sys) -> FOUND
[TASK][SUSP PATH] RunDAOD : C:\Windows\DAODx.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\n.) -> FOUND
[RUN][SUSP PATH] [ON_E:]HKLM\Software[...]\Wow6432Node\Run : RunDAOD (E:\WINDOWS\DAODx.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1824711558-3474206165-418731102-1000\$d3ca52920c504a92c66898d8688ada15\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1824711558-3474206165-418731102-1000\$d3ca52920c504a92c66898d8688ada15\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1824711558-3474206165-418731102-1000\$d3ca52920c504a92c66898d8688ada15\L --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Documents and Settings\Administrator\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 696db4a401b1c06a278228f13fbfccfd
[BSP] 4db9414e6c13dd55c9bede0733fc487f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 5d29adfaa2b9c63a4440b6a5e2cde929
[BSP] 66079846a4a6fa6409fbcb571ec15f82 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SanDisk SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 4a296257b22c19f9bfb72764b330eeb0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 44 | Size: 7655 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Scan -- Date : 09/23/2012 16:46:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[Services][LOCK] HKLM\[...]\ControlSet001\Services\4b67c937a5c89fb4 (4b67c937a5c89fb4.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet002\Services\4b67c937a5c89fb4 (4b67c937a5c89fb4.sys) -> FOUND
[TASK][SUSP PATH] RunDAOD : C:\Windows\DAODx.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\n.) -> FOUND
[RUN][SUSP PATH] [ON_E:]HKLM\Software[...]\Wow6432Node\Run : RunDAOD (E:\WINDOWS\DAODx.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1824711558-3474206165-418731102-1000\$d3ca52920c504a92c66898d8688ada15\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1824711558-3474206165-418731102-1000\$d3ca52920c504a92c66898d8688ada15\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$d3ca52920c504a92c66898d8688ada15\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1824711558-3474206165-418731102-1000\$d3ca52920c504a92c66898d8688ada15\L --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Documents and Settings\Administrator\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 696db4a401b1c06a278228f13fbfccfd
[BSP] 4db9414e6c13dd55c9bede0733fc487f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 5d29adfaa2b9c63a4440b6a5e2cde929
[BSP] 66079846a4a6fa6409fbcb571ec15f82 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SanDisk SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 4a296257b22c19f9bfb72764b330eeb0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 44 | Size: 7655 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Edited by risefreeze, 23 September 2012 - 03:07 PM.

#4
Essexboy

Posted 23 September 2012 - 03:26 PM

GeekU Moderator

Retired Staff
69,964 posts

You have zero access and a probable MBR infection, so go ahead with TDSSKiller please

#5
risefreeze

Posted 23 September 2012 - 04:05 PM

Member

Topic Starter
Member
27 posts

Here are my logs from TDS and OTL. The TDS was a quick scan that only lasted about 20 seconds. It says there are still unprocessed malware objects.

17:47:17.0252 2900 Page size: 0x1000
17:47:17.0252 2900 Boot type: Normal boot
17:47:17.0252 2900 ============================================================
17:47:20.0990 2900 Raw registry subsystem init failed!
17:47:21.0113 2900 !crdlk
17:47:25.0529 2900 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
17:47:25.0554 2900 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
17:47:25.0562 2900 Drive \Device\Harddisk2\DR2 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:47:25.0564 2900 ============================================================
17:47:25.0564 2900 \Device\Harddisk0\DR0:
17:47:25.0564 2900 MBR partitions:
17:47:25.0564 2900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
17:47:25.0564 2900 \Device\Harddisk1\DR1:
17:47:25.0564 2900 MBR partitions:
17:47:25.0564 2900 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
17:47:25.0564 2900 \Device\Harddisk2\DR2:
17:47:25.0565 2900 MBR partitions:
17:47:25.0565 2900 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
17:47:25.0565 2900 ============================================================
17:47:25.0590 2900 C: <-> \Device\Harddisk1\DR1\Partition1
17:47:25.0610 2900 E: <-> \Device\Harddisk0\DR0\Partition1
17:47:25.0610 2900 ============================================================
17:47:25.0610 2900 Initialize success
17:47:25.0610 2900 ============================================================
17:47:50.0258 1896 ============================================================
17:47:50.0258 1896 Scan started
17:47:50.0258 1896 Mode: Manual; SigCheck; TDLFS;
17:47:50.0258 1896 ============================================================
17:47:50.0258 1896 ================ Scan system memory ========================
17:47:50.0258 1896 System memory - ok
17:47:50.0260 1896 ================ Scan services =============================
17:47:50.0260 1896 ================ Scan global ===============================
17:47:50.0373 1896 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
17:47:50.0376 1896 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
17:47:50.0376 1896 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
17:47:50.0376 1896 ================ Scan MBR ==================================
17:47:50.0379 1896 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:47:51.0357 1896 \Device\Harddisk0\DR0 - ok
17:47:51.0359 1896 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:47:51.0514 1896 \Device\Harddisk1\DR1 - ok
17:47:51.0518 1896 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
17:47:51.0653 1896 \Device\Harddisk2\DR2 - ok
17:47:51.0653 1896 ================ Scan VBR ==================================
17:47:51.0655 1896 [ A2E94D13C32AF0FAE7CD79A650AE99C2 ] \Device\Harddisk0\DR0\Partition1
17:47:51.0656 1896 \Device\Harddisk0\DR0\Partition1 - ok
17:47:51.0659 1896 [ 0266E121F5120423D28FE21294D24366 ] \Device\Harddisk1\DR1\Partition1
17:47:51.0659 1896 \Device\Harddisk1\DR1\Partition1 - ok
17:47:51.0664 1896 [ 5A5323B0BE778C47B01DDA1AFC51EC94 ] \Device\Harddisk2\DR2\Partition1
17:47:51.0665 1896 \Device\Harddisk2\DR2\Partition1 - ok
17:47:51.0665 1896 ============================================================
17:47:51.0665 1896 Scan finished
17:47:51.0665 1896 ============================================================
17:47:51.0670 0904 Detected object count: 1
17:47:51.0670 0904 Actual detected object count: 1
17:48:22.0700 0904 C:\Windows\system32\services.exe - copied to quarantine
17:48:23.0707 0904 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
17:48:23.0707 0904 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
17:48:43.0130 0904 Backup copy not found, trying to cure infected file..
17:48:43.0130 0904 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
17:48:43.0130 0904 C:\Windows\system32\services.exe - processing error
17:48:43.0130 0904 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure

OTL logfile created on: 23/09/2012 17:54:45 - Run 2
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 14.16 Gb Available Physical Memory | 88.52% Memory free
32.00 Gb Paging File | 30.07 Gb Available in Paging File | 93.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 804.12 Gb Free Space | 86.33% Space Free | Partition Type: NTFS
Drive D: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.75 Gb Total Space | 411.97 Gb Free Space | 88.45% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 7.07 Gb Free Space | 94.53% Space Free | Partition Type: FAT32

Computer Name: PHIL-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 15:43:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/13 22:23:32 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
MOD - [2009/03/25 17:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 17:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/20 19:53:18 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/18 12:23:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/17 15:24:16 | 000,308,592 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:17 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/26 11:36:12 | 000,323,584 | -H-- | M] (DeviceVM) [Disabled | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:12:24 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:12:24 | 000,027,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:12:22 | 000,027,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:12:22 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/20 19:20:18 | 000,356,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/08/20 19:20:18 | 000,187,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/20 19:20:18 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/08/20 19:20:18 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/07/24 02:49:00 | 000,119,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 17:52:30 | 000,215,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/04 12:30:28 | 000,016,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 ED 74 30 C1 99 CD 01 [binary data]
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/21 22:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/18 12:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/18 12:23:01 | 000,000,000 | ---D | M]

[2012/09/23 15:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/09/18 12:23:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/30 20:03:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/30 20:03:32 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1824711558-3474206165-418731102-1004..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\diablo acct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6026CA55-B83D-4F90-9F70-668444118E2E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/09 10:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/31 19:01:11 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/31 19:01:28 | 001,101,824 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 23:15:46 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 23:15:25 | 000,001,214 | R--- | M] () - D:\autorun.str -- [ CDFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6c746bac-1550-11df-ab27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c746bac-1550-11df-ab27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2003/08/31 19:01:28 | 001,101,824 | R--- | M] ()
O33 - MountPoints2\{eba3bf49-8237-11e0-96a8-90e6ba431217}\Shell - "" = AutoRun
O33 - MountPoints2\{eba3bf49-8237-11e0-96a8-90e6ba431217}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 17:48:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/23 16:44:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RK_Quarantine
[2012/09/23 16:42:35 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/09/23 15:48:17 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/23 15:20:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012/09/23 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012/09/23 15:17:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/09/23 15:17:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\Virtual Machines
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/23 15:17:26 | 000,000,000 | -H-D | C] -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/23 15:17:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2012/09/23 15:17:17 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Templates
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Start Menu
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\PrintHood
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\NetHood
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\My Documents
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Local Settings
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Application Data
[2012/09/23 15:17:07 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/23 15:17:07 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2012/09/23 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012/09/23 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012/09/23 12:39:57 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/09/18 12:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/14 00:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60
[2012/09/02 09:53:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2012/09/23 17:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/23 17:33:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/23 16:46:18 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 16:46:18 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 16:41:29 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/23 16:41:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/23 16:40:59 | 4294,320,126 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 16:30:06 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/09/23 16:29:42 | 001,391,104 | ---- | M] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/09/23 15:43:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/23 15:25:26 | 000,001,437 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 12:29:29 | 083,023,306 | ---- | M] () -- C:\ProgramData\c156342.pad
[2012/09/18 12:26:46 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/09/18 12:23:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/02 09:47:32 | 000,086,472 | ---- | M] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys

========== Files Created - No Company Name ==========

[2012/09/23 16:42:22 | 001,391,104 | ---- | C] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/09/23 15:25:26 | 000,001,437 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 15:17:29 | 000,001,409 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/09/23 15:17:26 | 000,001,443 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/23 15:17:07 | 000,000,290 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/23 15:17:07 | 000,000,272 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/23 12:28:42 | 083,023,306 | ---- | C] () -- C:\ProgramData\c156342.pad
[2012/09/04 08:30:25 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/09/02 09:53:39 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/02 09:47:32 | 000,086,472 | ---- | C] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/08 22:11:30 | 000,120,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/21 22:16:27 | 000,005,258 | -HS- | C] () -- C:\ProgramData\id8i1jjw6f143c6io0c76
[2011/12/21 13:47:25 | 000,005,114 | -HS- | C] () -- C:\ProgramData\wnvmdd1a4gvf4tdl1nup0y664v8u
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/09 16:53:44 | 000,041,068 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/08/07 22:19:12 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/08/07 22:19:12 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/08/07 22:19:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/05/25 19:10:22 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll

========== ZeroAccess Check ==========

[2011/11/17 02:41:18 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\@
[2012/09/23 12:32:16 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\L
[2012/09/23 15:25:16 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U
[2012/09/23 16:41:16 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\L\00000004.@
[2012/09/23 12:29:00 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\00000004.@
[2012/09/23 15:25:16 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\00000008.@
[2012/09/23 15:24:48 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\000000cb.@
[2012/09/23 15:24:54 | 000,016,896 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\80000000.@
[2012/09/23 12:29:17 | 000,091,136 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\80000032.@
[2012/09/23 12:29:17 | 000,077,824 | ---- | M] () -- C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}\U\80000064.@
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/09/23 16:41:15 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/09/23 16:41:15 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/16 01:40:21 | 000,000,000 | ---D | M] -- C:\Users\diablo acct\AppData\Roaming\OpenOffice.org
[2011/07/19 18:45:37 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\acccore
[2012/09/16 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\CarbonPoker
[2011/06/22 21:01:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OpenOffice.org
[2011/07/14 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FrostWire
[2010/06/28 14:57:47 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\iWin
[2010/10/22 08:45:46 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\OpenOffice.org
[2011/09/06 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Subversion
[2011/02/17 22:19:34 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Temp
[2012/06/11 12:48:23 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TomTom
[2012/03/03 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 09:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
No service found with a name of BITS
No service found with a name of BFE
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 09:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
No service found with a name of wuauserv
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\system64\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows.old\Windows\System32\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\system64\drivers\etc\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 21:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC -- C:\Windows\system64\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\system64\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2011/08/27 16:56:36 | 000,000,475 | ---- | M] () MD5=ADD81569FC29835C0056A9D52DA83525 -- C:\Users\diablo acct\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6E7YFV6C\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\system64\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\system64\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2010/05/21 01:34:38 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2009/08/19 11:24:20 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Windows.old\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2010/05/21 01:28:42 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2009/08/19 11:23:28 | 005,472,256 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Windows.old\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >
[2009/07/14 01:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 01:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/03 19:38:06 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/07/03 19:38:07 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 12:40:01 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >

#6
Essexboy

Posted 24 September 2012 - 07:20 AM

GeekU Moderator

Retired Staff
69,964 posts

I will have to use a stronger tool to kill zero access and replace the services file

When you re-run OTL please select All Users so that I can check the other admin account

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL
[2012/09/23 16:41:15 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/09/23 16:41:15 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
[2012/09/23 12:28:42 | 083,023,306 | ---- | C] () -- C:\ProgramData\c156342.pad
[2012/09/04 08:30:25 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2011/12/21 22:16:27 | 000,005,258 | -HS- | C] () -- C:\ProgramData\id8i1jjw6f143c6io0c76
[2011/12/21 13:47:25 | 000,005,114 | -HS- | C] () -- C:\ProgramData\wnvmdd1a4gvf4tdl1nup0y664v8u

:Files
C:\Windows\Installer\{d3ca5292-0c50-4a92-c668-98d8688ada15}

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

Re-run TDSSKiller with the same parameters as before

#7
risefreeze

Posted 24 September 2012 - 08:59 AM

Member

Topic Starter
Member
27 posts

Here are the logs for all 3 scans. When I double click on TDS it still says cannot load driver, but it still lets me run the program. TDS found 1 malicious object, the only options I had were delete, copy to quarantine, and skip. I chose skip. Also there have been two hidden files named desktop.ini sitting on my desktop since the first scan I ran.

OTL logfile created on: 24/09/2012 10:11:53 - Run 4
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 14.32 Gb Available Physical Memory | 89.52% Memory free
32.00 Gb Paging File | 30.28 Gb Available in Paging File | 94.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 803.96 Gb Free Space | 86.32% Space Free | Partition Type: NTFS
Drive D: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.75 Gb Total Space | 411.97 Gb Free Space | 88.45% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 7.07 Gb Free Space | 94.53% Space Free | Partition Type: FAT32

Computer Name: PHIL-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 15:43:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/13 22:23:32 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009/03/25 17:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 17:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/20 19:53:18 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/18 12:23:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/17 15:24:16 | 000,308,592 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:17 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/26 11:36:12 | 000,323,584 | -H-- | M] (DeviceVM) [Disabled | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:12:24 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:12:24 | 000,027,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:12:22 | 000,027,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:12:22 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/20 19:20:18 | 000,356,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/08/20 19:20:18 | 000,187,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/20 19:20:18 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/08/20 19:20:18 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/07/24 02:49:00 | 000,119,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 17:52:30 | 000,215,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/04 12:30:28 | 000,016,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 ED 74 30 C1 99 CD 01 [binary data]
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/21 22:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/18 12:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/18 12:23:01 | 000,000,000 | ---D | M]

[2012/09/23 15:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/09/18 12:23:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/30 20:03:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/30 20:03:32 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/24 10:01:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1824711558-3474206165-418731102-1004..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\diablo acct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6026CA55-B83D-4F90-9F70-668444118E2E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/09 10:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/31 19:01:11 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/31 19:01:28 | 001,101,824 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 23:15:46 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 23:15:25 | 000,001,214 | R--- | M] () - D:\autorun.str -- [ CDFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6c746bac-1550-11df-ab27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c746bac-1550-11df-ab27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2003/08/31 19:01:28 | 001,101,824 | R--- | M] ()
O33 - MountPoints2\{eba3bf49-8237-11e0-96a8-90e6ba431217}\Shell - "" = AutoRun
O33 - MountPoints2\{eba3bf49-8237-11e0-96a8-90e6ba431217}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/24 10:05:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\rk logs
[2012/09/24 10:01:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/23 17:48:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/23 16:44:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RK_Quarantine
[2012/09/23 16:42:35 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/09/23 15:48:17 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/23 15:20:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012/09/23 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012/09/23 15:17:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/09/23 15:17:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\Virtual Machines
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/23 15:17:26 | 000,000,000 | -H-D | C] -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/23 15:17:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2012/09/23 15:17:17 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Templates
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Start Menu
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\PrintHood
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\NetHood
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\My Documents
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Local Settings
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Application Data
[2012/09/23 15:17:07 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/23 15:17:07 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2012/09/23 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012/09/23 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012/09/23 12:39:57 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/09/18 12:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/14 00:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60
[2012/09/02 09:53:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2012/09/24 10:09:25 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 10:09:25 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 10:04:33 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/24 10:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/24 10:04:01 | 4294,320,126 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 10:01:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/24 09:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/24 09:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/23 16:30:06 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/09/23 16:29:42 | 001,391,104 | ---- | M] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/09/23 15:43:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/23 15:25:26 | 000,001,437 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/18 12:23:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/02 09:47:32 | 000,086,472 | ---- | M] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys

========== Files Created - No Company Name ==========

[2012/09/23 16:42:22 | 001,391,104 | ---- | C] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/09/23 15:25:26 | 000,001,437 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 15:17:29 | 000,001,409 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/09/23 15:17:26 | 000,001,443 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/23 15:17:07 | 000,000,290 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/23 15:17:07 | 000,000,272 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/02 09:53:39 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/02 09:47:32 | 000,086,472 | ---- | C] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/08 22:11:30 | 000,120,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/09 16:53:44 | 000,041,068 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/08/07 22:19:12 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/08/07 22:19:12 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/08/07 22:19:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/05/25 19:10:22 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/09/24 10:04:22 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2012/09/24 10:04:22 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/16 01:40:21 | 000,000,000 | ---D | M] -- C:\Users\diablo acct\AppData\Roaming\OpenOffice.org
[2011/07/19 18:45:37 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\acccore
[2012/09/16 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\CarbonPoker
[2011/06/22 21:01:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OpenOffice.org
[2011/07/14 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FrostWire
[2010/06/28 14:57:47 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\iWin
[2010/10/22 08:45:46 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\OpenOffice.org
[2011/09/06 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Subversion
[2011/02/17 22:19:34 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Temp
[2012/06/11 12:48:23 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TomTom
[2012/03/03 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >

ComboFix 12-09-24.01 - Admin 24/09/2012 10:31:53.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16383.14844 [GMT -4:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\install.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\jestertb.dll

Infected copy of C:\Windows\system32\services.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))

2012-09-24 14:36:06 . 2012-09-24 14:36:06 -------- d-----w- C:\Users\Phil\AppData\Local\temp
2012-09-24 14:36:06 . 2012-09-24 14:36:06 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2012-09-24 14:36:06 . 2012-09-24 14:36:06 -------- d-----w- C:\Users\diablo acct\AppData\Local\temp
2012-09-24 14:36:06 . 2012-09-24 14:36:06 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-24 14:01:25 . 2012-09-24 14:01:25 -------- d-----w- C:\_OTL
2012-09-23 21:48:22 . 2012-09-23 21:48:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 19:17:07 . 2012-09-23 19:17:26 -------- d-----w- C:\Users\Admin
2012-09-23 16:39:57 . 2012-09-23 16:39:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-14 04:11:26 . 2012-09-14 04:11:26 -------- d-----w- C:\Users\Guest\AppData\Local\Macromedia
2012-09-14 04:11:01 . 2012-09-14 04:11:01 -------- d-----w- C:\Users\Guest\AppData\Local\AMD
2012-09-14 04:07:29 . 2012-09-14 04:09:20 -------- d-----w- C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60
2012-09-10 03:57:06 . 2012-09-10 03:57:06 -------- d-----w- C:\Users\diablo acct\AppData\Roaming\Malwarebytes
2012-09-09 15:38:39 . 2012-09-09 15:38:39 -------- d-----w- C:\Users\diablo acct\AppData\Local\Macromedia
2012-09-09 15:34:46 . 2012-09-09 15:34:46 -------- d-----w- C:\Users\diablo acct\AppData\Local\AMD
2012-09-02 13:53:37 . 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-09-01 00:02:53 . 2012-08-23 08:26:40 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C63BE266-4DD5-4C06-A444-C8791FD2F47F}\mpengine.dll
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-20 23:53:18 . 2012-04-03 16:39:59 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-20 23:53:18 . 2011-06-07 15:05:50 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 06:05:18 . 2011-07-30 05:32:56 62134624 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-15 16:34:45 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-06 02:06:30 . 2012-08-11 16:55:45 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 . 2010-11-21 06:37:23 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 22:16:43 . 2012-08-15 16:34:46 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-15 16:34:46 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-15 16:34:46 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-15 16:34:46 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-16 06:06:20 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-16 06:06:19 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-16 06:06:22 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-16 06:06:22 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-16 06:06:21 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-16 06:06:22 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-16 06:06:23 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-16 06:06:21 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-16 06:06:21 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-16 06:06:22 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-16 06:06:23 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-16 06:06:23 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-16 06:06:24 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-16 06:06:22 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-16 06:06:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-16 06:06:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-16 06:06:22 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-16 06:06:22 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-16 06:06:24 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-08-14 02:23:32 380928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"EKIJ5000StatusMonitor"="C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-05-07 15:53:36 2042368]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 19:00:26 641704]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 15:07:54 252296]

C:\Users\diablo acct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:03 136176]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 21:04:46 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 23:53:18 250288]
R3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 18:12:22 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 18:12:22 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 18:12:24 27136]
R3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 18:12:24 34304]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:03 136176]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-07 21:04:46 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 16:23:03 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-30 07:00:33 1255736]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 19:07:17 25832]
R4 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2008-11-26 15:36:12 323584]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 19:24:16 308592]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-04-06 02:16:02 236544]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 17:12:16 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 20:04:30 53888]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 21:04:46 399432]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 04:43:08 92592]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 13:18:24 46136]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 05:22:40 11174400]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 01:10:44 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 12:32:04 95760]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 21:52:30 215040]

--- Other Services/Drivers In Memory ---

*Deregistered* - 4b67c937a5c89fb4

Contents of the 'Scheduled Tasks' folder

2012-09-24 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:39:59 . 2012-09-20 23:53:18]

2012-09-24 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:05 . 2010-07-03 23:38:03]

2012-09-24 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:05 . 2010-07-03 23:38:03]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-05-07 15:53:36 2042368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8mat3jcw.default\

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\4b67c937a5c89fb4]
"ImagePath"="\SystemRoot\System32\Drivers\4b67c937a5c89fb4.sys"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Windows\DAODx.exe

**************************************************************************

Completion time: 2012-09-24 10:40:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 14:40:41

Pre-Run: 863,036,502,016 bytes free
Post-Run: 864,357,482,496 bytes free

- - End Of File - - 480A3ED00A11D7B2E25737815D37029A

10:45:50.0032 2888 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:45:50.0282 2888 ============================================================
10:45:50.0282 2888 Current date / time: 2012/09/24 10:45:50.0282
10:45:50.0282 2888 SystemInfo:
10:45:50.0282 2888
10:45:50.0282 2888 OS Version: 6.1.7601 ServicePack: 1.0
10:45:50.0282 2888 Product type: Workstation
10:45:50.0282 2888 ComputerName: PHIL-PC
10:45:50.0282 2888 UserName: Admin
10:45:50.0282 2888 Windows directory: C:\Windows
10:45:50.0282 2888 System windows directory: C:\Windows
10:45:50.0282 2888 Running under WOW64
10:45:50.0282 2888 Processor architecture: Intel x64
10:45:50.0282 2888 Number of processors: 4
10:45:50.0282 2888 Page size: 0x1000
10:45:50.0282 2888 Boot type: Normal boot
10:45:50.0282 2888 ============================================================
10:45:57.0801 2888 !crdlk
10:45:57.0801 2888 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
10:45:57.0832 2888 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
10:45:57.0832 2888 Drive \Device\Harddisk2\DR2 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:45:57.0832 2888 ============================================================
10:45:57.0832 2888 \Device\Harddisk0\DR0:
10:45:57.0832 2888 MBR partitions:
10:45:57.0832 2888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
10:45:57.0832 2888 \Device\Harddisk1\DR1:
10:45:57.0832 2888 MBR partitions:
10:45:57.0832 2888 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
10:45:57.0832 2888 \Device\Harddisk2\DR2:
10:45:57.0848 2888 MBR partitions:
10:45:57.0848 2888 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
10:45:57.0848 2888 ============================================================
10:45:57.0863 2888 C: <-> \Device\Harddisk1\DR1\Partition1
10:45:57.0879 2888 E: <-> \Device\Harddisk0\DR0\Partition1
10:45:57.0879 2888 ============================================================
10:45:57.0879 2888 Initialize success
10:45:57.0879 2888 ============================================================
10:46:13.0401 0192 ============================================================
10:46:13.0401 0192 Scan started
10:46:13.0401 0192 Mode: Manual; SigCheck; TDLFS;
10:46:13.0401 0192 ============================================================
10:46:14.0009 0192 ================ Scan system memory ========================
10:46:14.0009 0192 System memory - ok
10:46:14.0009 0192 ================ Scan services =============================
10:46:14.0165 0192 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:46:14.0165 0192 1394ohci ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0165 0192 1394ohci - detected UnsignedFile.Multi.Generic (1)
10:46:14.0165 0192 Suspicious service (NoAccess): 4b67c937a5c89fb4
10:46:14.0196 0192 [ 0A7DAB6A5D1C59348CD56EDA45CF90B7 ] 4b67c937a5c89fb4 C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys
10:46:14.0196 0192 Suspicious file (NoAccess): C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys. md5: 0A7DAB6A5D1C59348CD56EDA45CF90B7
10:46:14.0196 0192 4b67c937a5c89fb4 ( Rootkit.Win32.Necurs.gen ) - infected
10:46:14.0196 0192 4b67c937a5c89fb4 - detected Rootkit.Win32.Necurs.gen (0)
10:46:14.0228 0192 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:46:14.0228 0192 ACPI ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0228 0192 ACPI - detected UnsignedFile.Multi.Generic (1)
10:46:14.0243 0192 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:46:14.0243 0192 AcpiPmi ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0243 0192 AcpiPmi - detected UnsignedFile.Multi.Generic (1)
10:46:14.0352 0192 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:46:14.0352 0192 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0352 0192 AdobeFlashPlayerUpdateSvc - detected UnsignedFile.Multi.Generic (1)
10:46:14.0399 0192 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:46:14.0399 0192 adp94xx ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0399 0192 adp94xx - detected UnsignedFile.Multi.Generic (1)
10:46:14.0415 0192 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:46:14.0415 0192 adpahci ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0415 0192 adpahci - detected UnsignedFile.Multi.Generic (1)
10:46:14.0430 0192 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:46:14.0430 0192 adpu320 ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0430 0192 adpu320 - detected UnsignedFile.Multi.Generic (1)
10:46:14.0477 0192 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:46:14.0477 0192 AeLookupSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0477 0192 AeLookupSvc - detected UnsignedFile.Multi.Generic (1)
10:46:14.0508 0192 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:46:14.0524 0192 AFD ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0524 0192 AFD - detected UnsignedFile.Multi.Generic (1)
10:46:14.0540 0192 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:46:14.0540 0192 agp440 ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0540 0192 agp440 - detected UnsignedFile.Multi.Generic (1)
10:46:14.0555 0192 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:46:14.0555 0192 ALG ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0555 0192 ALG - detected UnsignedFile.Multi.Generic (1)
10:46:14.0571 0192 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:46:14.0571 0192 aliide ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0571 0192 aliide - detected UnsignedFile.Multi.Generic (1)
10:46:14.0602 0192 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:46:14.0602 0192 AMD External Events Utility ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0602 0192 AMD External Events Utility - detected UnsignedFile.Multi.Generic (1)
10:46:14.0680 0192 AMD FUEL Service - ok
10:46:14.0696 0192 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:46:14.0696 0192 amdide ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0696 0192 amdide - detected UnsignedFile.Multi.Generic (1)
10:46:14.0727 0192 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
10:46:14.0727 0192 amdiox64 ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0727 0192 amdiox64 - detected UnsignedFile.Multi.Generic (1)
10:46:14.0742 0192 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:46:14.0742 0192 AmdK8 ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0742 0192 AmdK8 - detected UnsignedFile.Multi.Generic (1)
10:46:14.0883 0192 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:46:14.0945 0192 amdkmdag ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0945 0192 amdkmdag - detected UnsignedFile.Multi.Generic (1)
10:46:14.0976 0192 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:46:14.0976 0192 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
10:46:14.0976 0192 amdkmdap - detected UnsignedFile.Multi.Generic (1)
10:46:15.0008 0192 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:46:15.0008 0192 AmdPPM ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0008 0192 AmdPPM - detected UnsignedFile.Multi.Generic (1)
10:46:15.0023 0192 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:46:15.0023 0192 amdsata ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0023 0192 amdsata - detected UnsignedFile.Multi.Generic (1)
10:46:15.0039 0192 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:46:15.0039 0192 amdsbs ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0039 0192 amdsbs - detected UnsignedFile.Multi.Generic (1)
10:46:15.0054 0192 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:46:15.0054 0192 amdxata ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0070 0192 amdxata - detected UnsignedFile.Multi.Generic (1)
10:46:15.0101 0192 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys
10:46:15.0101 0192 Andbus ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0101 0192 Andbus - detected UnsignedFile.Multi.Generic (1)
10:46:15.0117 0192 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys
10:46:15.0117 0192 AndDiag ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0117 0192 AndDiag - detected UnsignedFile.Multi.Generic (1)
10:46:15.0132 0192 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys
10:46:15.0132 0192 AndGps ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0132 0192 AndGps - detected UnsignedFile.Multi.Generic (1)
10:46:15.0148 0192 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys
10:46:15.0164 0192 ANDModem ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0164 0192 ANDModem - detected UnsignedFile.Multi.Generic (1)
10:46:15.0195 0192 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:46:15.0195 0192 AODDriver4.1 ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0195 0192 AODDriver4.1 - detected UnsignedFile.Multi.Generic (1)
10:46:15.0226 0192 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:46:15.0226 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\appid.sys. md5: 89A69C3F2F319B43379399547526D952
10:46:15.0242 0192 AppID ( LockedFile.Multi.Generic ) - warning
10:46:15.0242 0192 AppID - detected LockedFile.Multi.Generic (1)
10:46:15.0273 0192 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:46:15.0273 0192 AppIDSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0273 0192 AppIDSvc - detected UnsignedFile.Multi.Generic (1)
10:46:15.0288 0192 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:46:15.0304 0192 Appinfo ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0304 0192 Appinfo - detected UnsignedFile.Multi.Generic (1)
10:46:15.0320 0192 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:46:15.0320 0192 AppMgmt ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0320 0192 AppMgmt - detected UnsignedFile.Multi.Generic (1)
10:46:15.0335 0192 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:46:15.0335 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arc.sys. md5: C484F8CEB1717C540242531DB7845C4E
10:46:15.0351 0192 arc ( LockedFile.Multi.Generic ) - warning
10:46:15.0351 0192 arc - detected LockedFile.Multi.Generic (1)
10:46:15.0366 0192 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:46:15.0366 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 019AF6924AEFE7839F61C830227FE79C
10:46:15.0366 0192 arcsas ( LockedFile.Multi.Generic ) - warning
10:46:15.0366 0192 arcsas - detected LockedFile.Multi.Generic (1)
10:46:15.0429 0192 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
10:46:15.0429 0192 Suspicious file (NoAccess): C:\Windows\syswow64\drivers\AsIO.sys. md5: 8065A7659562005127673AC52898675F
10:46:15.0429 0192 AsIO ( LockedFile.Multi.Generic ) - warning
10:46:15.0429 0192 AsIO - detected LockedFile.Multi.Generic (1)
10:46:15.0460 0192 AsSysCtrlService - ok
10:46:15.0491 0192 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:46:15.0491 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765CE2CC62867468CEA93969B2242
10:46:15.0491 0192 AsyncMac ( LockedFile.Multi.Generic ) - warning
10:46:15.0491 0192 AsyncMac - detected LockedFile.Multi.Generic (1)
10:46:15.0538 0192 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:46:15.0538 0192 atapi ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0538 0192 atapi - detected UnsignedFile.Multi.Generic (1)
10:46:15.0569 0192 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:46:15.0569 0192 AtiHDAudioService ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0569 0192 AtiHDAudioService - detected UnsignedFile.Multi.Generic (1)
10:46:15.0616 0192 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:46:15.0616 0192 AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0616 0192 AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
10:46:15.0756 0192 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:46:15.0803 0192 atikmdag ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0803 0192 atikmdag - detected UnsignedFile.Multi.Generic (1)
10:46:15.0850 0192 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
10:46:15.0850 0192 AtiPcie ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0850 0192 AtiPcie - detected UnsignedFile.Multi.Generic (1)
10:46:15.0897 0192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:46:15.0897 0192 AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0897 0192 AudioEndpointBuilder - detected UnsignedFile.Multi.Generic (1)
10:46:15.0912 0192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:46:15.0912 0192 AudioSrv ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0912 0192 AudioSrv - detected UnsignedFile.Multi.Generic (1)
10:46:15.0944 0192 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:46:15.0944 0192 AxInstSV ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0944 0192 AxInstSV - detected UnsignedFile.Multi.Generic (1)
10:46:15.0975 0192 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:46:15.0990 0192 b06bdrv ( UnsignedFile.Multi.Generic ) - warning
10:46:15.0990 0192 b06bdrv - detected UnsignedFile.Multi.Generic (1)
10:46:16.0006 0192 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:46:16.0006 0192 b57nd60a ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0006 0192 b57nd60a - detected UnsignedFile.Multi.Generic (1)
10:46:16.0037 0192 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:46:16.0037 0192 BDESVC ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0037 0192 BDESVC - detected UnsignedFile.Multi.Generic (1)
10:46:16.0053 0192 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:46:16.0053 0192 Beep ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0053 0192 Beep - detected UnsignedFile.Multi.Generic (1)
10:46:16.0131 0192 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:46:16.0131 0192 BFE ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0131 0192 BFE - detected UnsignedFile.Multi.Generic (1)
10:46:16.0178 0192 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:46:16.0178 0192 BITS ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0178 0192 BITS - detected UnsignedFile.Multi.Generic (1)
10:46:16.0193 0192 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:46:16.0193 0192 blbdrive ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0193 0192 blbdrive - detected UnsignedFile.Multi.Generic (1)
10:46:16.0224 0192 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
10:46:16.0240 0192 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0240 0192 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
10:46:16.0271 0192 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:46:16.0271 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5
10:46:16.0287 0192 bowser ( LockedFile.Multi.Generic ) - warning
10:46:16.0287 0192 bowser - detected LockedFile.Multi.Generic (1)
10:46:16.0302 0192 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:46:16.0302 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8
10:46:16.0302 0192 BrFiltLo ( LockedFile.Multi.Generic ) - warning
10:46:16.0302 0192 BrFiltLo - detected LockedFile.Multi.Generic (1)
10:46:16.0318 0192 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:46:16.0318 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6
10:46:16.0318 0192 BrFiltUp ( LockedFile.Multi.Generic ) - warning
10:46:16.0318 0192 BrFiltUp - detected LockedFile.Multi.Generic (1)
10:46:16.0334 0192 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:46:16.0334 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bridge.sys. md5: 5C2F352A4E961D72518261257AAE204B
10:46:16.0334 0192 BridgeMP ( LockedFile.Multi.Generic ) - warning
10:46:16.0334 0192 BridgeMP - detected LockedFile.Multi.Generic (1)
10:46:16.0365 0192 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:46:16.0365 0192 Browser ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0365 0192 Browser - detected UnsignedFile.Multi.Generic (1)
10:46:16.0380 0192 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:46:16.0380 0192 Suspicious file (NoAccess): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD
10:46:16.0380 0192 Brserid ( LockedFile.Multi.Generic ) - warning
10:46:16.0380 0192 Brserid - detected LockedFile.Multi.Generic (1)
10:46:16.0396 0192 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:46:16.0396 0192 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42
10:46:16.0412 0192 BrSerWdm ( LockedFile.Multi.Generic ) - warning
10:46:16.0412 0192 BrSerWdm - detected LockedFile.Multi.Generic (1)
10:46:16.0412 0192 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:46:16.0412 0192 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524
10:46:16.0427 0192 BrUsbMdm ( LockedFile.Multi.Generic ) - warning
10:46:16.0427 0192 BrUsbMdm - detected LockedFile.Multi.Generic (1)
10:46:16.0427 0192 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:46:16.0427 0192 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF
10:46:16.0427 0192 BrUsbSer ( LockedFile.Multi.Generic ) - warning
10:46:16.0427 0192 BrUsbSer - detected LockedFile.Multi.Generic (1)
10:46:16.0443 0192 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:46:16.0443 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8
10:46:16.0458 0192 BTHMODEM ( LockedFile.Multi.Generic ) - warning
10:46:16.0458 0192 BTHMODEM - detected LockedFile.Multi.Generic (1)
10:46:16.0490 0192 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:46:16.0490 0192 bthserv ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0490 0192 bthserv - detected UnsignedFile.Multi.Generic (1)
10:46:16.0614 0192 catchme - ok
10:46:16.0630 0192 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:46:16.0630 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A
10:46:16.0630 0192 cdfs ( LockedFile.Multi.Generic ) - warning
10:46:16.0630 0192 cdfs - detected LockedFile.Multi.Generic (1)
10:46:16.0661 0192 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:46:16.0661 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416
10:46:16.0677 0192 cdrom ( LockedFile.Multi.Generic ) - warning
10:46:16.0677 0192 cdrom - detected LockedFile.Multi.Generic (1)
10:46:16.0708 0192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:46:16.0708 0192 CertPropSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0708 0192 CertPropSvc - detected UnsignedFile.Multi.Generic (1)
10:46:16.0708 0192 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:46:16.0708 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF
10:46:16.0724 0192 circlass ( LockedFile.Multi.Generic ) - warning
10:46:16.0724 0192 circlass - detected LockedFile.Multi.Generic (1)
10:46:16.0755 0192 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:46:16.0755 0192 Suspicious file (NoAccess): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206
10:46:16.0755 0192 CLFS ( LockedFile.Multi.Generic ) - warning
10:46:16.0755 0192 CLFS - detected LockedFile.Multi.Generic (1)
10:46:16.0817 0192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:46:16.0817 0192 clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0817 0192 clr_optimization_v2.0.50727_32 - detected UnsignedFile.Multi.Generic (1)
10:46:16.0880 0192 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:46:16.0880 0192 clr_optimization_v2.0.50727_64 ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0880 0192 clr_optimization_v2.0.50727_64 - detected UnsignedFile.Multi.Generic (1)
10:46:16.0942 0192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:46:16.0958 0192 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0958 0192 clr_optimization_v4.0.30319_32 - detected UnsignedFile.Multi.Generic (1)
10:46:16.0973 0192 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:46:16.0973 0192 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - warning
10:46:16.0973 0192 clr_optimization_v4.0.30319_64 - detected UnsignedFile.Multi.Generic (1)
10:46:16.0989 0192 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:46:16.0989 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33
10:46:16.0989 0192 CmBatt ( LockedFile.Multi.Generic ) - warning
10:46:16.0989 0192 CmBatt - detected LockedFile.Multi.Generic (1)
10:46:17.0020 0192 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:46:17.0020 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD
10:46:17.0020 0192 cmdide ( LockedFile.Multi.Generic ) - warning
10:46:17.0020 0192 cmdide - detected LockedFile.Multi.Generic (1)
10:46:17.0051 0192 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:46:17.0051 0192 Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: 9AC4F97C2D3E93367E2148EA940CD2CD
10:46:17.0051 0192 CNG ( LockedFile.Multi.Generic ) - warning
10:46:17.0051 0192 CNG - detected LockedFile.Multi.Generic (1)
10:46:17.0067 0192 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:46:17.0067 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14
10:46:17.0067 0192 Compbatt ( LockedFile.Multi.Generic ) - warning
10:46:17.0067 0192 Compbatt - detected LockedFile.Multi.Generic (1)
10:46:17.0082 0192 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:46:17.0082 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8
10:46:17.0082 0192 CompositeBus ( LockedFile.Multi.Generic ) - warning
10:46:17.0082 0192 CompositeBus - detected LockedFile.Multi.Generic (1)
10:46:17.0098 0192 COMSysApp - ok
10:46:17.0114 0192 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:46:17.0114 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597
10:46:17.0114 0192 crcdisk ( LockedFile.Multi.Generic ) - warning
10:46:17.0114 0192 crcdisk - detected LockedFile.Multi.Generic (1)
10:46:17.0145 0192 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:46:17.0160 0192 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0160 0192 CryptSvc - detected UnsignedFile.Multi.Generic (1)
10:46:17.0192 0192 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:46:17.0192 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\csc.sys. md5: 54DA3DFD29ED9F1619B6F53F3CE55E49
10:46:17.0207 0192 CSC ( LockedFile.Multi.Generic ) - warning
10:46:17.0207 0192 CSC - detected LockedFile.Multi.Generic (1)
10:46:17.0223 0192 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:46:17.0238 0192 CscService ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0238 0192 CscService - detected UnsignedFile.Multi.Generic (1)
10:46:17.0332 0192 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
10:46:17.0332 0192 DAUpdaterSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0332 0192 DAUpdaterSvc - detected UnsignedFile.Multi.Generic (1)
10:46:17.0379 0192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:46:17.0379 0192 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0379 0192 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
10:46:17.0410 0192 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:46:17.0426 0192 defragsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0426 0192 defragsvc - detected UnsignedFile.Multi.Generic (1)
10:46:17.0457 0192 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:46:17.0457 0192 Suspicious file (NoAccess): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4
10:46:17.0457 0192 DfsC ( LockedFile.Multi.Generic ) - warning
10:46:17.0457 0192 DfsC - detected LockedFile.Multi.Generic (1)
10:46:17.0472 0192 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:46:17.0488 0192 Dhcp ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0488 0192 Dhcp - detected UnsignedFile.Multi.Generic (1)
10:46:17.0504 0192 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:46:17.0504 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3
10:46:17.0504 0192 discache ( LockedFile.Multi.Generic ) - warning
10:46:17.0504 0192 discache - detected LockedFile.Multi.Generic (1)
10:46:17.0519 0192 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:46:17.0519 0192 Disk ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0519 0192 Disk - detected UnsignedFile.Multi.Generic (1)
10:46:17.0566 0192 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:46:17.0566 0192 Dnscache ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0566 0192 Dnscache - detected UnsignedFile.Multi.Generic (1)
10:46:17.0597 0192 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:46:17.0597 0192 dot3svc ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0597 0192 dot3svc - detected UnsignedFile.Multi.Generic (1)
10:46:17.0628 0192 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:46:17.0628 0192 DPS ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0628 0192 DPS - detected UnsignedFile.Multi.Generic (1)
10:46:17.0675 0192 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:46:17.0675 0192 drmkaud ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0675 0192 drmkaud - detected UnsignedFile.Multi.Generic (1)
10:46:17.0738 0192 [ E603B2BBCAB828088AB43F016188B259 ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
10:46:17.0753 0192 DvmMDES ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0753 0192 DvmMDES - detected UnsignedFile.Multi.Generic (1)
10:46:17.0784 0192 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:46:17.0784 0192 DXGKrnl ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0784 0192 DXGKrnl - detected UnsignedFile.Multi.Generic (1)
10:46:17.0816 0192 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:46:17.0831 0192 EapHost ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0831 0192 EapHost - detected UnsignedFile.Multi.Generic (1)
10:46:17.0894 0192 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:46:17.0925 0192 ebdrv ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0925 0192 ebdrv - detected UnsignedFile.Multi.Generic (1)
10:46:17.0972 0192 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:46:17.0972 0192 EFS ( UnsignedFile.Multi.Generic ) - warning
10:46:17.0972 0192 EFS - detected UnsignedFile.Multi.Generic (1)
10:46:18.0018 0192 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:46:18.0034 0192 ehRecvr ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0034 0192 ehRecvr - detected UnsignedFile.Multi.Generic (1)
10:46:18.0050 0192 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:46:18.0050 0192 ehSched ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0050 0192 ehSched - detected UnsignedFile.Multi.Generic (1)
10:46:18.0081 0192 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:46:18.0096 0192 elxstor ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0096 0192 elxstor - detected UnsignedFile.Multi.Generic (1)
10:46:18.0128 0192 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:46:18.0128 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B
10:46:18.0128 0192 ErrDev ( LockedFile.Multi.Generic ) - warning
10:46:18.0128 0192 ErrDev - detected LockedFile.Multi.Generic (1)
10:46:18.0174 0192 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:46:18.0174 0192 EventSystem ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0174 0192 EventSystem - detected UnsignedFile.Multi.Generic (1)
10:46:18.0206 0192 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:46:18.0206 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B
10:46:18.0206 0192 exfat ( LockedFile.Multi.Generic ) - warning
10:46:18.0206 0192 exfat - detected LockedFile.Multi.Generic (1)
10:46:18.0221 0192 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:46:18.0221 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D
10:46:18.0221 0192 fastfat ( LockedFile.Multi.Generic ) - warning
10:46:18.0221 0192 fastfat - detected LockedFile.Multi.Generic (1)
10:46:18.0252 0192 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:46:18.0268 0192 Fax ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0268 0192 Fax - detected UnsignedFile.Multi.Generic (1)
10:46:18.0284 0192 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:46:18.0284 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB
10:46:18.0284 0192 fdc ( LockedFile.Multi.Generic ) - warning
10:46:18.0284 0192 fdc - detected LockedFile.Multi.Generic (1)
10:46:18.0315 0192 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:46:18.0315 0192 fdPHost ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0315 0192 fdPHost - detected UnsignedFile.Multi.Generic (1)
10:46:18.0330 0192 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:46:18.0330 0192 FDResPub ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0330 0192 FDResPub - detected UnsignedFile.Multi.Generic (1)
10:46:18.0346 0192 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:46:18.0346 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930
10:46:18.0346 0192 FileInfo ( LockedFile.Multi.Generic ) - warning
10:46:18.0346 0192 FileInfo - detected LockedFile.Multi.Generic (1)
10:46:18.0362 0192 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:46:18.0362 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47
10:46:18.0377 0192 Filetrace ( LockedFile.Multi.Generic ) - warning
10:46:18.0377 0192 Filetrace - detected LockedFile.Multi.Generic (1)
10:46:18.0393 0192 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:46:18.0393 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5
10:46:18.0393 0192 flpydisk ( LockedFile.Multi.Generic ) - warning
10:46:18.0393 0192 flpydisk - detected LockedFile.Multi.Generic (1)
10:46:18.0408 0192 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:46:18.0408 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741
10:46:18.0408 0192 FltMgr ( LockedFile.Multi.Generic ) - warning
10:46:18.0408 0192 FltMgr - detected LockedFile.Multi.Generic (1)
10:46:18.0471 0192 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:46:18.0471 0192 FontCache ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0471 0192 FontCache - detected UnsignedFile.Multi.Generic (1)
10:46:18.0533 0192 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:46:18.0533 0192 FontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0533 0192 FontCache3.0.0.0 - detected UnsignedFile.Multi.Generic (1)
10:46:18.0549 0192 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:46:18.0549 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC
10:46:18.0549 0192 FsDepends ( LockedFile.Multi.Generic ) - warning
10:46:18.0549 0192 FsDepends - detected LockedFile.Multi.Generic (1)
10:46:18.0580 0192 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:46:18.0580 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B
10:46:18.0580 0192 Fs_Rec ( LockedFile.Multi.Generic ) - warning
10:46:18.0580 0192 Fs_Rec - detected LockedFile.Multi.Generic (1)
10:46:18.0627 0192 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:46:18.0627 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED
10:46:18.0627 0192 fvevol ( LockedFile.Multi.Generic ) - warning
10:46:18.0627 0192 fvevol - detected LockedFile.Multi.Generic (1)
10:46:18.0642 0192 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:46:18.0642 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6
10:46:18.0642 0192 gagp30kx ( LockedFile.Multi.Generic ) - warning
10:46:18.0642 0192 gagp30kx - detected LockedFile.Multi.Generic (1)
10:46:18.0689 0192 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:46:18.0689 0192 gpsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0689 0192 gpsvc - detected UnsignedFile.Multi.Generic (1)
10:46:18.0767 0192 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:46:18.0767 0192 gupdate ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0767 0192 gupdate - detected UnsignedFile.Multi.Generic (1)
10:46:18.0798 0192 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:46:18.0798 0192 gupdatem ( UnsignedFile.Multi.Generic ) - warning
10:46:18.0798 0192 gupdatem - detected UnsignedFile.Multi.Generic (1)
10:46:18.0814 0192 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:46:18.0814 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0
10:46:18.0814 0192 hcw85cir ( LockedFile.Multi.Generic ) - warning
10:46:18.0814 0192 hcw85cir - detected LockedFile.Multi.Generic (1)
10:46:18.0861 0192 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:46:18.0861 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410F6F415B2A5A9037224C41DA8BF12
10:46:18.0861 0192 HdAudAddService ( LockedFile.Multi.Generic ) - warning
10:46:18.0861 0192 HdAudAddService - detected LockedFile.Multi.Generic (1)
10:46:18.0908 0192 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:46:18.0908 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB
10:46:18.0908 0192 HDAudBus ( LockedFile.Multi.Generic ) - warning
10:46:18.0908 0192 HDAudBus - detected LockedFile.Multi.Generic (1)
10:46:18.0923 0192 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:46:18.0923 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F
10:46:18.0923 0192 HidBatt ( LockedFile.Multi.Generic ) - warning
10:46:18.0923 0192 HidBatt - detected LockedFile.Multi.Generic (1)
10:46:18.0939 0192 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:46:18.0939 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104
10:46:18.0954 0192 HidBth ( LockedFile.Multi.Generic ) - warning
10:46:18.0954 0192 HidBth - detected LockedFile.Multi.Generic (1)
10:46:18.0970 0192 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:46:18.0970 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825
10:46:18.0970 0192 HidIr ( LockedFile.Multi.Generic ) - warning
10:46:18.0970 0192 HidIr - detected LockedFile.Multi.Generic (1)
10:46:19.0001 0192 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:46:19.0001 0192 hidserv ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0001 0192 hidserv - detected UnsignedFile.Multi.Generic (1)
10:46:19.0032 0192 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:46:19.0032 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536
10:46:19.0032 0192 HidUsb ( LockedFile.Multi.Generic ) - warning
10:46:19.0032 0192 HidUsb - detected LockedFile.Multi.Generic (1)
10:46:19.0064 0192 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:46:19.0064 0192 hkmsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0064 0192 hkmsvc - detected UnsignedFile.Multi.Generic (1)
10:46:19.0095 0192 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:46:19.0095 0192 HomeGroupListener ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0095 0192 HomeGroupListener - detected UnsignedFile.Multi.Generic (1)
10:46:19.0142 0192 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:46:19.0142 0192 HomeGroupProvider ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0142 0192 HomeGroupProvider - detected UnsignedFile.Multi.Generic (1)
10:46:19.0157 0192 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:46:19.0157 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC
10:46:19.0157 0192 HpSAMD ( LockedFile.Multi.Generic ) - warning
10:46:19.0157 0192 HpSAMD - detected LockedFile.Multi.Generic (1)
10:46:19.0188 0192 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:46:19.0188 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28
10:46:19.0204 0192 HTTP ( LockedFile.Multi.Generic ) - warning
10:46:19.0204 0192 HTTP - detected LockedFile.Multi.Generic (1)
10:46:19.0220 0192 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:46:19.0220 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392
10:46:19.0220 0192 hwpolicy ( LockedFile.Multi.Generic ) - warning
10:46:19.0220 0192 hwpolicy - detected LockedFile.Multi.Generic (1)
10:46:19.0251 0192 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:46:19.0251 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3
10:46:19.0251 0192 i8042prt ( LockedFile.Multi.Generic ) - warning
10:46:19.0251 0192 i8042prt - detected LockedFile.Multi.Generic (1)
10:46:19.0282 0192 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:46:19.0282 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366
10:46:19.0298 0192 iaStorV ( LockedFile.Multi.Generic ) - warning
10:46:19.0298 0192 iaStorV - detected LockedFile.Multi.Generic (1)
10:46:19.0329 0192 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:46:19.0329 0192 idsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0329 0192 idsvc - detected UnsignedFile.Multi.Generic (1)
10:46:19.0344 0192 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:46:19.0344 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21
10:46:19.0344 0192 iirsp ( LockedFile.Multi.Generic ) - warning
10:46:19.0344 0192 iirsp - detected LockedFile.Multi.Generic (1)
10:46:19.0376 0192 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:46:19.0391 0192 IKEEXT ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0391 0192 IKEEXT - detected UnsignedFile.Multi.Generic (1)
10:46:19.0438 0192 [ 5BA1779E2C84FDE2A5E201FFF9C42C9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:46:19.0438 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 5BA1779E2C84FDE2A5E201FFF9C42C9C
10:46:19.0454 0192 IntcAzAudAddService ( LockedFile.Multi.Generic ) - warning
10:46:19.0454 0192 IntcAzAudAddService - detected LockedFile.Multi.Generic (1)
10:46:19.0454 0192 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:46:19.0454 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA
10:46:19.0454 0192 intelide ( LockedFile.Multi.Generic ) - warning
10:46:19.0454 0192 intelide - detected LockedFile.Multi.Generic (1)
10:46:19.0469 0192 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:46:19.0469 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1
10:46:19.0469 0192 intelppm ( LockedFile.Multi.Generic ) - warning
10:46:19.0469 0192 intelppm - detected LockedFile.Multi.Generic (1)
10:46:19.0500 0192 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:46:19.0500 0192 IPBusEnum ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0500 0192 IPBusEnum - detected UnsignedFile.Multi.Generic (1)
10:46:19.0532 0192 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:46:19.0547 0192 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0547 0192 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
10:46:19.0563 0192 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:46:19.0563 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A
10:46:19.0563 0192 IPMIDRV ( LockedFile.Multi.Generic ) - warning
10:46:19.0563 0192 IPMIDRV - detected LockedFile.Multi.Generic (1)
10:46:19.0578 0192 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:46:19.0578 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0
10:46:19.0578 0192 IPNAT ( LockedFile.Multi.Generic ) - warning
10:46:19.0578 0192 IPNAT - detected LockedFile.Multi.Generic (1)
10:46:19.0594 0192 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:46:19.0594 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9
10:46:19.0594 0192 IRENUM ( LockedFile.Multi.Generic ) - warning
10:46:19.0594 0192 IRENUM - detected LockedFile.Multi.Generic (1)
10:46:19.0625 0192 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:46:19.0625 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38
10:46:19.0625 0192 isapnp ( LockedFile.Multi.Generic ) - warning
10:46:19.0625 0192 isapnp - detected LockedFile.Multi.Generic (1)
10:46:19.0656 0192 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:46:19.0656 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD
10:46:19.0656 0192 iScsiPrt ( LockedFile.Multi.Generic ) - warning
10:46:19.0656 0192 iScsiPrt - detected LockedFile.Multi.Generic (1)
10:46:19.0672 0192 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:46:19.0672 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5
10:46:19.0672 0192 kbdclass ( LockedFile.Multi.Generic ) - warning
10:46:19.0672 0192 kbdclass - detected LockedFile.Multi.Generic (1)
10:46:19.0688 0192 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:46:19.0688 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484
10:46:19.0688 0192 kbdhid ( LockedFile.Multi.Generic ) - warning
10:46:19.0688 0192 kbdhid - detected LockedFile.Multi.Generic (1)
10:46:19.0703 0192 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:46:19.0719 0192 KeyIso ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0719 0192 KeyIso - detected UnsignedFile.Multi.Generic (1)
10:46:19.0797 0192 [ F8D454FBA97DC28F02931C588BAFE4CF ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
10:46:19.0797 0192 Kodak AiO Network Discovery Service ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0797 0192 Kodak AiO Network Discovery Service - detected UnsignedFile.Multi.Generic (1)
10:46:19.0828 0192 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:46:19.0828 0192 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4
10:46:19.0828 0192 KSecDD ( LockedFile.Multi.Generic ) - warning
10:46:19.0828 0192 KSecDD - detected LockedFile.Multi.Generic (1)
10:46:19.0859 0192 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:46:19.0859 0192 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07
10:46:19.0859 0192 KSecPkg ( LockedFile.Multi.Generic ) - warning
10:46:19.0859 0192 KSecPkg - detected LockedFile.Multi.Generic (1)
10:46:19.0890 0192 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:46:19.0890 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4
10:46:19.0890 0192 ksthunk ( LockedFile.Multi.Generic ) - warning
10:46:19.0890 0192 ksthunk - detected LockedFile.Multi.Generic (1)
10:46:19.0922 0192 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:46:19.0922 0192 KtmRm ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0922 0192 KtmRm - detected UnsignedFile.Multi.Generic (1)
10:46:19.0968 0192 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:46:19.0968 0192 LanmanServer ( UnsignedFile.Multi.Generic ) - warning
10:46:19.0968 0192 LanmanServer - detected UnsignedFile.Multi.Generic (1)
10:46:20.0000 0192 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:46:20.0015 0192 LanmanWorkstation ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0015 0192 LanmanWorkstation - detected UnsignedFile.Multi.Generic (1)
10:46:20.0031 0192 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:46:20.0031 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827
10:46:20.0031 0192 lltdio ( LockedFile.Multi.Generic ) - warning
10:46:20.0031 0192 lltdio - detected LockedFile.Multi.Generic (1)
10:46:20.0062 0192 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:46:20.0078 0192 lltdsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0078 0192 lltdsvc - detected UnsignedFile.Multi.Generic (1)
10:46:20.0093 0192 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:46:20.0093 0192 lmhosts ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0093 0192 lmhosts - detected UnsignedFile.Multi.Generic (1)
10:46:20.0109 0192 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:46:20.0109 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6
10:46:20.0109 0192 LSI_FC ( LockedFile.Multi.Generic ) - warning
10:46:20.0109 0192 LSI_FC - detected LockedFile.Multi.Generic (1)
10:46:20.0124 0192 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:46:20.0124 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810
10:46:20.0140 0192 LSI_SAS ( LockedFile.Multi.Generic ) - warning
10:46:20.0140 0192 LSI_SAS - detected LockedFile.Multi.Generic (1)
10:46:20.0140 0192 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:46:20.0140 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93
10:46:20.0156 0192 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
10:46:20.0156 0192 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
10:46:20.0171 0192 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:46:20.0171 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A
10:46:20.0171 0192 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
10:46:20.0171 0192 LSI_SCSI - detected LockedFile.Multi.Generic (1)
10:46:20.0202 0192 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:46:20.0202 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E
10:46:20.0218 0192 luafv ( LockedFile.Multi.Generic ) - warning
10:46:20.0218 0192 luafv - detected LockedFile.Multi.Generic (1)
10:46:20.0249 0192 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:46:20.0249 0192 MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0249 0192 MBAMProtector - detected UnsignedFile.Multi.Generic (1)
10:46:20.0280 0192 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:46:20.0280 0192 MBAMScheduler ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0280 0192 MBAMScheduler - detected UnsignedFile.Multi.Generic (1)
10:46:20.0312 0192 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:46:20.0312 0192 MBAMService ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0312 0192 MBAMService - detected UnsignedFile.Multi.Generic (1)
10:46:20.0343 0192 McComponentHostService - ok
10:46:20.0374 0192 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:46:20.0374 0192 Mcx2Svc ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0374 0192 Mcx2Svc - detected UnsignedFile.Multi.Generic (1)
10:46:20.0390 0192 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:46:20.0390 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4
10:46:20.0390 0192 megasas ( LockedFile.Multi.Generic ) - warning
10:46:20.0390 0192 megasas - detected LockedFile.Multi.Generic (1)
10:46:20.0405 0192 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:46:20.0405 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3
10:46:20.0421 0192 MegaSR ( LockedFile.Multi.Generic ) - warning
10:46:20.0421 0192 MegaSR - detected LockedFile.Multi.Generic (1)
10:46:20.0452 0192 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:46:20.0452 0192 MMCSS ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0452 0192 MMCSS - detected UnsignedFile.Multi.Generic (1)
10:46:20.0468 0192 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:46:20.0468 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137
10:46:20.0468 0192 Modem ( LockedFile.Multi.Generic ) - warning
10:46:20.0468 0192 Modem - detected LockedFile.Multi.Generic (1)
10:46:20.0483 0192 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:46:20.0483 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA
10:46:20.0483 0192 monitor ( LockedFile.Multi.Generic ) - warning
10:46:20.0483 0192 monitor - detected LockedFile.Multi.Generic (1)
10:46:20.0499 0192 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:46:20.0499 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99
10:46:20.0499 0192 mouclass ( LockedFile.Multi.Generic ) - warning
10:46:20.0499 0192 mouclass - detected LockedFile.Multi.Generic (1)
10:46:20.0530 0192 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:46:20.0530 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6
10:46:20.0530 0192 mouhid ( LockedFile.Multi.Generic ) - warning
10:46:20.0530 0192 mouhid - detected LockedFile.Multi.Generic (1)
10:46:20.0561 0192 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:46:20.0561 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA
10:46:20.0561 0192 mountmgr ( LockedFile.Multi.Generic ) - warning
10:46:20.0561 0192 mountmgr - detected LockedFile.Multi.Generic (1)
10:46:20.0624 0192 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:46:20.0624 0192 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0624 0192 MozillaMaintenance - detected UnsignedFile.Multi.Generic (1)
10:46:20.0655 0192 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:46:20.0655 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58
10:46:20.0655 0192 mpio ( LockedFile.Multi.Generic ) - warning
10:46:20.0655 0192 mpio - detected LockedFile.Multi.Generic (1)
10:46:20.0670 0192 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:46:20.0686 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F
10:46:20.0686 0192 mpsdrv ( LockedFile.Multi.Generic ) - warning
10:46:20.0686 0192 mpsdrv - detected LockedFile.Multi.Generic (1)
10:46:20.0733 0192 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:46:20.0748 0192 MpsSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0748 0192 MpsSvc - detected UnsignedFile.Multi.Generic (1)
10:46:20.0780 0192 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:46:20.0780 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380
10:46:20.0780 0192 MRxDAV ( LockedFile.Multi.Generic ) - warning
10:46:20.0780 0192 MRxDAV - detected LockedFile.Multi.Generic (1)
10:46:20.0811 0192 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:46:20.0811 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC
10:46:20.0811 0192 mrxsmb ( LockedFile.Multi.Generic ) - warning
10:46:20.0811 0192 mrxsmb - detected LockedFile.Multi.Generic (1)
10:46:20.0842 0192 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:46:20.0842 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163
10:46:20.0842 0192 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
10:46:20.0842 0192 mrxsmb10 - detected LockedFile.Multi.Generic (1)
10:46:20.0858 0192 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:46:20.0858 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C
10:46:20.0873 0192 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
10:46:20.0873 0192 mrxsmb20 - detected LockedFile.Multi.Generic (1)
10:46:20.0904 0192 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:46:20.0904 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796
10:46:20.0904 0192 msahci ( LockedFile.Multi.Generic ) - warning
10:46:20.0904 0192 msahci - detected LockedFile.Multi.Generic (1)
10:46:20.0920 0192 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:46:20.0920 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900
10:46:20.0920 0192 msdsm ( LockedFile.Multi.Generic ) - warning
10:46:20.0920 0192 msdsm - detected LockedFile.Multi.Generic (1)
10:46:20.0936 0192 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:46:20.0936 0192 MSDTC ( UnsignedFile.Multi.Generic ) - warning
10:46:20.0936 0192 MSDTC - detected UnsignedFile.Multi.Generic (1)
10:46:20.0967 0192 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:46:20.0967 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96
10:46:20.0967 0192 Msfs ( LockedFile.Multi.Generic ) - warning
10:46:20.0967 0192 Msfs - detected LockedFile.Multi.Generic (1)
10:46:20.0982 0192 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:46:20.0982 0192 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326
10:46:20.0982 0192 mshidkmdf ( LockedFile.Multi.Generic ) - warning
10:46:20.0982 0192 mshidkmdf - detected LockedFile.Multi.Generic (1)
10:46:20.0998 0192 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:46:20.0998 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D
10:46:20.0998 0192 msisadrv ( LockedFile.Multi.Generic ) - warning
10:46:20.0998 0192 msisadrv - detected LockedFile.Multi.Generic (1)
10:46:21.0045 0192 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:46:21.0045 0192 MSiSCSI ( UnsignedFile.Multi.Generic ) - warning
10:46:21.0045 0192 MSiSCSI - detected UnsignedFile.Multi.Generic (1)
10:46:21.0045 0192 msiserver - ok
10:46:21.0076 0192 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:46:21.0076 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366
10:46:21.0076 0192 MSKSSRV ( LockedFile.Multi.Generic ) - warning
10:46:21.0076 0192 MSKSSRV - detected LockedFile.Multi.Generic (1)
10:46:21.0092 0192 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:46:21.0092 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3
10:46:21.0092 0192 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
10:46:21.0092 0192 MSPCLOCK - detected LockedFile.Multi.Generic (1)
10:46:21.0107 0192 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:46:21.0123 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0
10:46:21.0123 0192 MSPQM ( LockedFile.Multi.Generic ) - warning
10:46:21.0123 0192 MSPQM - detected LockedFile.Multi.Generic (1)
10:46:21.0154 0192 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:46:21.0154 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D
10:46:21.0154 0192 MsRPC ( LockedFile.Multi.Generic ) - warning
10:46:21.0154 0192 MsRPC - detected LockedFile.Multi.Generic (1)
10:46:21.0170 0192 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:46:21.0170 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288
10:46:21.0170 0192 mssmbios ( LockedFile.Multi.Generic ) - warning
10:46:21.0170 0192 mssmbios - detected LockedFile.Multi.Generic (1)
10:46:21.0201 0192 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:46:21.0201 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779
10:46:21.0201 0192 MSTEE ( LockedFile.Multi.Generic ) - warning
10:46:21.0201 0192 MSTEE - detected LockedFile.Multi.Generic (1)
10:46:21.0216 0192 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:46:21.0232 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD
10:46:21.0232 0192 MTConfig ( LockedFile.Multi.Generic ) - warning
10:46:21.0232 0192 MTConfig - detected LockedFile.Multi.Generic (1)
10:46:21.0263 0192 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
10:46:21.0263 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 2219A3D695405E7BA2186BA6B9EDE14A
10:46:21.0263 0192 MTsensor ( LockedFile.Multi.Generic ) - warning
10:46:21.0263 0192 MTsensor - detected LockedFile.Multi.Generic (1)
10:46:21.0279 0192 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:46:21.0279 0192 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8
10:46:21.0294 0192 Mup ( LockedFile.Multi.Generic ) - warning
10:46:21.0294 0192 Mup - detected LockedFile.Multi.Generic (1)
10:46:21.0326 0192 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:46:21.0326 0192 napagent ( UnsignedFile.Multi.Generic ) - warning
10:46:21.0326 0192 napagent - detected UnsignedFile.Multi.Generic (1)
10:46:21.0357 0192 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:46:21.0357 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33
10:46:21.0357 0192 NativeWifiP ( LockedFile.Multi.Generic ) - warning
10:46:21.0357 0192 NativeWifiP - detected LockedFile.Multi.Generic (1)
10:46:21.0388 0192 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:46:21.0388 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C
10:46:21.0404 0192 NDIS ( LockedFile.Multi.Generic ) - warning
10:46:21.0404 0192 NDIS - detected LockedFile.Multi.Generic (1)
10:46:21.0419 0192 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:46:21.0419 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC
10:46:21.0419 0192 NdisCap ( LockedFile.Multi.Generic ) - warning
10:46:21.0419 0192 NdisCap - detected LockedFile.Multi.Generic (1)
10:46:21.0435 0192 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:46:21.0435 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5
10:46:21.0450 0192 NdisTapi ( LockedFile.Multi.Generic ) - warning
10:46:21.0450 0192 NdisTapi - detected LockedFile.Multi.Generic (1)
10:46:21.0466 0192 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:46:21.0466 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356
10:46:21.0466 0192 Ndisuio ( LockedFile.Multi.Generic ) - warning
10:46:21.0466 0192 Ndisuio - detected LockedFile.Multi.Generic (1)
10:46:21.0497 0192 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:46:21.0497 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11
10:46:21.0497 0192 NdisWan ( LockedFile.Multi.Generic ) - warning
10:46:21.0497 0192 NdisWan - detected LockedFile.Multi.Generic (1)
10:46:21.0528 0192 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:46:21.0528 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879
10:46:21.0528 0192 NDProxy ( LockedFile.Multi.Generic ) - warning
10:46:21.0528 0192 NDProxy - detected LockedFile.Multi.Generic (1)
10:46:21.0544 0192 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:46:21.0544 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4
10:46:21.0560 0192 NetBIOS ( LockedFile.Multi.Generic ) - warning
10:46:21.0560 0192 NetBIOS - detected LockedFile.Multi.Generic (1)
10:46:21.0591 0192 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:46:21.0591 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068
10:46:21.0606 0192 NetBT ( LockedFile.Multi.Generic ) - warning
10:46:21.0606 0192 NetBT - detected LockedFile.Multi.Generic (1)
10:46:21.0606 0192 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:46:21.0606 0192 Netlogon ( UnsignedFile.Multi.Generic ) - warning
10:46:21.0606 0192 Netlogon - detected UnsignedFile.Multi.Generic (1)
10:46:21.0638 0192 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:46:21.0638 0192 Netman ( UnsignedFile.Multi.Generic ) - warning
10:46:21.0638 0192 Netman - detected UnsignedFile.Multi.Generic (1)
10:46:21.0669 0192 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:46:21.0669 0192 netprofm ( UnsignedFile.Multi.Generic ) - warning
10:46:21.0669 0192 netprofm - detected UnsignedFile.Multi.Generic (1)
10:46:21.0716 0192 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:46:21.0716 0192 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning
10:46:21.0716 0192 NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1)
10:46:21.0747 0192 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:46:21.0747 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92
10:46:21.0747 0192 nfrd960 ( LockedFile.Multi.Generic ) - warning
10:46:21.0747 0192 nfrd960 - detected LockedFile.Multi.Generic (1)
10:46:21.0762 0192 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:46:21.0778 0192 NlaSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:21.0778 0192 NlaSvc - detected UnsignedFile.Multi.Generic (1)
10:46:21.0794 0192 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:46:21.0794 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7
10:46:21.0794 0192 Npfs ( LockedFile.Multi.Generic ) - warning
10:46:21.0794 0192 Npfs - detected LockedFile.Multi.Generic (1)
10:46:21.0825 0192 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:46:21.0825 0192 nsi ( UnsignedFile.Multi.Generic ) - warning
10:46:21.0825 0192 nsi - detected UnsignedFile.Multi.Generic (1)
10:46:21.0840 0192 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:46:21.0840 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001
10:46:21.0840 0192 nsiproxy ( LockedFile.Multi.Generic ) - warning
10:46:21.0840 0192 nsiproxy - detected LockedFile.Multi.Generic (1)
10:46:21.0887 0192 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:46:21.0887 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: A2F74975097F52A00745F9637451FDD8
10:46:21.0903 0192 Ntfs ( LockedFile.Multi.Generic ) - warning
10:46:21.0903 0192 Ntfs - detected LockedFile.Multi.Generic (1)
10:46:21.0918 0192 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:46:21.0918 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1
10:46:21.0918 0192 Null ( LockedFile.Multi.Generic ) - warning
10:46:21.0918 0192 Null - detected LockedFile.Multi.Generic (1)
10:46:21.0950 0192 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:46:21.0950 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD
10:46:21.0965 0192 nvraid ( LockedFile.Multi.Generic ) - warning
10:46:21.0965 0192 nvraid - detected LockedFile.Multi.Generic (1)
10:46:21.0981 0192 [ 5266D03C0628FAE9C35F40EEC078FC88 ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys
10:46:21.0981 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvrd64.sys. md5: 5266D03C0628FAE9C35F40EEC078FC88
10:46:21.0981 0192 nvrd64 ( LockedFile.Multi.Generic ) - warning
10:46:21.0981 0192 nvrd64 - detected LockedFile.Multi.Generic (1)
10:46:21.0996 0192 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
10:46:21.0996 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvsmu.sys. md5: E58D81FB8616D0CB55C1E36AA0B213C9
10:46:21.0996 0192 nvsmu ( LockedFile.Multi.Generic ) - warning
10:46:21.0996 0192 nvsmu - detected LockedFile.Multi.Generic (1)
10:46:22.0012 0192 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:46:22.0012 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A
10:46:22.0028 0192 nvstor ( LockedFile.Multi.Generic ) - warning
10:46:22.0028 0192 nvstor - detected LockedFile.Multi.Generic (1)
10:46:22.0043 0192 [ 2A718473EDE7032A508A8F44C633657F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
10:46:22.0043 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvstor64.sys. md5: 2A718473EDE7032A508A8F44C633657F
10:46:22.0059 0192 nvstor64 ( LockedFile.Multi.Generic ) - warning
10:46:22.0059 0192 nvstor64 - detected LockedFile.Multi.Generic (1)
10:46:22.0074 0192 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:46:22.0074 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05
10:46:22.0074 0192 nv_agp ( LockedFile.Multi.Generic ) - warning
10:46:22.0074 0192 nv_agp - detected LockedFile.Multi.Generic (1)
10:46:22.0106 0192 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:46:22.0106 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0
10:46:22.0106 0192 ohci1394 ( LockedFile.Multi.Generic ) - warning
10:46:22.0106 0192 ohci1394 - detected LockedFile.Multi.Generic (1)
10:46:22.0137 0192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:46:22.0137 0192 p2pimsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0137 0192 p2pimsvc - detected UnsignedFile.Multi.Generic (1)
10:46:22.0168 0192 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:46:22.0168 0192 p2psvc ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0168 0192 p2psvc - detected UnsignedFile.Multi.Generic (1)
10:46:22.0184 0192 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:46:22.0199 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887
10:46:22.0199 0192 Parport ( LockedFile.Multi.Generic ) - warning
10:46:22.0199 0192 Parport - detected LockedFile.Multi.Generic (1)
10:46:22.0215 0192 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:46:22.0215 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C
10:46:22.0215 0192 partmgr ( LockedFile.Multi.Generic ) - warning
10:46:22.0215 0192 partmgr - detected LockedFile.Multi.Generic (1)
10:46:22.0246 0192 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:46:22.0246 0192 PcaSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0246 0192 PcaSvc - detected UnsignedFile.Multi.Generic (1)
10:46:22.0246 0192 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:46:22.0262 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3
10:46:22.0262 0192 pci ( LockedFile.Multi.Generic ) - warning
10:46:22.0262 0192 pci - detected LockedFile.Multi.Generic (1)
10:46:22.0308 0192 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:46:22.0308 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA
10:46:22.0308 0192 pciide ( LockedFile.Multi.Generic ) - warning
10:46:22.0308 0192 pciide - detected LockedFile.Multi.Generic (1)
10:46:22.0324 0192 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:46:22.0324 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F
10:46:22.0324 0192 pcmcia ( LockedFile.Multi.Generic ) - warning
10:46:22.0324 0192 pcmcia - detected LockedFile.Multi.Generic (1)
10:46:22.0340 0192 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:46:22.0340 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603
10:46:22.0355 0192 pcw ( LockedFile.Multi.Generic ) - warning
10:46:22.0355 0192 pcw - detected LockedFile.Multi.Generic (1)
10:46:22.0371 0192 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:46:22.0371 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E
10:46:22.0386 0192 PEAUTH ( LockedFile.Multi.Generic ) - warning
10:46:22.0386 0192 PEAUTH - detected LockedFile.Multi.Generic (1)
10:46:22.0418 0192 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:46:22.0433 0192 PeerDistSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0433 0192 PeerDistSvc - detected UnsignedFile.Multi.Generic (1)
10:46:22.0496 0192 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:46:22.0496 0192 PerfHost ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0496 0192 PerfHost - detected UnsignedFile.Multi.Generic (1)
10:46:22.0558 0192 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:46:22.0558 0192 pla ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0558 0192 pla - detected UnsignedFile.Multi.Generic (1)
10:46:22.0605 0192 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:46:22.0620 0192 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0620 0192 PlugPlay - detected UnsignedFile.Multi.Generic (1)
10:46:22.0636 0192 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:46:22.0636 0192 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0636 0192 PNRPAutoReg - detected UnsignedFile.Multi.Generic (1)
10:46:22.0652 0192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:46:22.0652 0192 PNRPsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0652 0192 PNRPsvc - detected UnsignedFile.Multi.Generic (1)
10:46:22.0683 0192 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:46:22.0698 0192 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0698 0192 PolicyAgent - detected UnsignedFile.Multi.Generic (1)
10:46:22.0730 0192 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:46:22.0730 0192 Power ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0730 0192 Power - detected UnsignedFile.Multi.Generic (1)
10:46:22.0761 0192 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:46:22.0761 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9
10:46:22.0776 0192 PptpMiniport ( LockedFile.Multi.Generic ) - warning
10:46:22.0776 0192 PptpMiniport - detected LockedFile.Multi.Generic (1)
10:46:22.0792 0192 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:46:22.0792 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF
10:46:22.0792 0192 Processor ( LockedFile.Multi.Generic ) - warning
10:46:22.0792 0192 Processor - detected LockedFile.Multi.Generic (1)
10:46:22.0823 0192 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:46:22.0823 0192 ProfSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0823 0192 ProfSvc - detected UnsignedFile.Multi.Generic (1)
10:46:22.0839 0192 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:46:22.0839 0192 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0839 0192 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
10:46:22.0870 0192 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:46:22.0870 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D
10:46:22.0870 0192 Psched ( LockedFile.Multi.Generic ) - warning
10:46:22.0870 0192 Psched - detected LockedFile.Multi.Generic (1)
10:46:22.0901 0192 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:46:22.0901 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0
10:46:22.0917 0192 ql2300 ( LockedFile.Multi.Generic ) - warning
10:46:22.0917 0192 ql2300 - detected LockedFile.Multi.Generic (1)
10:46:22.0932 0192 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:46:22.0932 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8
10:46:22.0932 0192 ql40xx ( LockedFile.Multi.Generic ) - warning
10:46:22.0932 0192 ql40xx - detected LockedFile.Multi.Generic (1)
10:46:22.0979 0192 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:46:22.0979 0192 QWAVE ( UnsignedFile.Multi.Generic ) - warning
10:46:22.0979 0192 QWAVE - detected UnsignedFile.Multi.Generic (1)
10:46:22.0995 0192 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:46:22.0995 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C
10:46:22.0995 0192 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
10:46:22.0995 0192 QWAVEdrv - detected LockedFile.Multi.Generic (1)
10:46:23.0057 0192 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
10:46:23.0057 0192 RapiMgr ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0057 0192 RapiMgr - detected UnsignedFile.Multi.Generic (1)
10:46:23.0073 0192 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:46:23.0073 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704
10:46:23.0073 0192 RasAcd ( LockedFile.Multi.Generic ) - warning
10:46:23.0073 0192 RasAcd - detected LockedFile.Multi.Generic (1)
10:46:23.0104 0192 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:46:23.0104 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90
10:46:23.0104 0192 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
10:46:23.0104 0192 RasAgileVpn - detected LockedFile.Multi.Generic (1)
10:46:23.0120 0192 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:46:23.0120 0192 RasAuto ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0120 0192 RasAuto - detected UnsignedFile.Multi.Generic (1)
10:46:23.0135 0192 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:46:23.0135 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA
10:46:23.0151 0192 Rasl2tp ( LockedFile.Multi.Generic ) - warning
10:46:23.0151 0192 Rasl2tp - detected LockedFile.Multi.Generic (1)
10:46:23.0166 0192 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:46:23.0182 0192 RasMan ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0182 0192 RasMan - detected UnsignedFile.Multi.Generic (1)
10:46:23.0182 0192 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:46:23.0182 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25
10:46:23.0198 0192 RasPppoe ( LockedFile.Multi.Generic ) - warning
10:46:23.0198 0192 RasPppoe - detected LockedFile.Multi.Generic (1)
10:46:23.0213 0192 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:46:23.0213 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB
10:46:23.0213 0192 RasSstp ( LockedFile.Multi.Generic ) - warning
10:46:23.0213 0192 RasSstp - detected LockedFile.Multi.Generic (1)
10:46:23.0229 0192 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:46:23.0229 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F
10:46:23.0229 0192 rdbss ( LockedFile.Multi.Generic ) - warning
10:46:23.0229 0192 rdbss - detected LockedFile.Multi.Generic (1)
10:46:23.0260 0192 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:46:23.0260 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D
10:46:23.0260 0192 rdpbus ( LockedFile.Multi.Generic ) - warning
10:46:23.0260 0192 rdpbus - detected LockedFile.Multi.Generic (1)
10:46:23.0276 0192 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:46:23.0276 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24
10:46:23.0276 0192 RDPCDD ( LockedFile.Multi.Generic ) - warning
10:46:23.0276 0192 RDPCDD - detected LockedFile.Multi.Generic (1)
10:46:23.0322 0192 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:46:23.0322 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpdr.sys. md5: 1B6163C503398B23FF8B939C67747683
10:46:23.0322 0192 RDPDR ( LockedFile.Multi.Generic ) - warning
10:46:23.0322 0192 RDPDR - detected LockedFile.Multi.Generic (1)
10:46:23.0338 0192 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:46:23.0338 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365
10:46:23.0354 0192 RDPENCDD ( LockedFile.Multi.Generic ) - warning
10:46:23.0354 0192 RDPENCDD - detected LockedFile.Multi.Generic (1)
10:46:23.0369 0192 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:46:23.0369 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A
10:46:23.0369 0192 RDPREFMP ( LockedFile.Multi.Generic ) - warning
10:46:23.0369 0192 RDPREFMP - detected LockedFile.Multi.Generic (1)
10:46:23.0416 0192 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:46:23.0416 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpvideominiport.sys. md5: 70CBA1A0C98600A2AA1863479B35CB90
10:46:23.0432 0192 RdpVideoMiniport ( LockedFile.Multi.Generic ) - warning
10:46:23.0432 0192 RdpVideoMiniport - detected LockedFile.Multi.Generic (1)
10:46:23.0463 0192 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:46:23.0463 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A
10:46:23.0463 0192 RDPWD ( LockedFile.Multi.Generic ) - warning
10:46:23.0463 0192 RDPWD - detected LockedFile.Multi.Generic (1)
10:46:23.0494 0192 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:46:23.0494 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520
10:46:23.0510 0192 rdyboost ( LockedFile.Multi.Generic ) - warning
10:46:23.0510 0192 rdyboost - detected LockedFile.Multi.Generic (1)
10:46:23.0541 0192 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:46:23.0541 0192 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0541 0192 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
10:46:23.0572 0192 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:46:23.0572 0192 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0572 0192 RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
10:46:23.0603 0192 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:46:23.0603 0192 RpcEptMapper ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0603 0192 RpcEptMapper - detected UnsignedFile.Multi.Generic (1)
10:46:23.0619 0192 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:46:23.0619 0192 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0619 0192 RpcLocator - detected UnsignedFile.Multi.Generic (1)
10:46:23.0666 0192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
10:46:23.0666 0192 RpcSs ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0666 0192 RpcSs - detected UnsignedFile.Multi.Generic (1)
10:46:23.0712 0192 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:46:23.0712 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF
10:46:23.0712 0192 rspndr ( LockedFile.Multi.Generic ) - warning
10:46:23.0712 0192 rspndr - detected LockedFile.Multi.Generic (1)
10:46:23.0744 0192 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:46:23.0744 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: B49DC435AE3695BAC5623DD94B05732D
10:46:23.0744 0192 RTL8167 ( LockedFile.Multi.Generic ) - warning
10:46:23.0744 0192 RTL8167 - detected LockedFile.Multi.Generic (1)
10:46:23.0775 0192 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:46:23.0775 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\vms3cap.sys. md5: E60C0A09F997826C7627B244195AB581
10:46:23.0775 0192 s3cap ( LockedFile.Multi.Generic ) - warning
10:46:23.0775 0192 s3cap - detected LockedFile.Multi.Generic (1)
10:46:23.0806 0192 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:46:23.0806 0192 SamSs ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0806 0192 SamSs - detected UnsignedFile.Multi.Generic (1)
10:46:23.0822 0192 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:46:23.0822 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B
10:46:23.0822 0192 sbp2port ( LockedFile.Multi.Generic ) - warning
10:46:23.0822 0192 sbp2port - detected LockedFile.Multi.Generic (1)
10:46:23.0853 0192 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:46:23.0868 0192 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0868 0192 SCardSvr - detected UnsignedFile.Multi.Generic (1)
10:46:23.0884 0192 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:46:23.0884 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B
10:46:23.0900 0192 scfilter ( LockedFile.Multi.Generic ) - warning
10:46:23.0900 0192 scfilter - detected LockedFile.Multi.Generic (1)
10:46:23.0931 0192 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:46:23.0946 0192 Schedule ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0946 0192 Schedule - detected UnsignedFile.Multi.Generic (1)
10:46:23.0978 0192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:46:23.0978 0192 SCPolicySvc ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0978 0192 SCPolicySvc - detected UnsignedFile.Multi.Generic (1)
10:46:23.0993 0192 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:46:23.0993 0192 SDRSVC ( UnsignedFile.Multi.Generic ) - warning
10:46:23.0993 0192 SDRSVC - detected UnsignedFile.Multi.Generic (1)
10:46:24.0009 0192 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:46:24.0009 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186
10:46:24.0009 0192 secdrv ( LockedFile.Multi.Generic ) - warning
10:46:24.0009 0192 secdrv - detected LockedFile.Multi.Generic (1)
10:46:24.0040 0192 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:46:24.0040 0192 seclogon ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0040 0192 seclogon - detected UnsignedFile.Multi.Generic (1)
10:46:24.0056 0192 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:46:24.0056 0192 SENS ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0056 0192 SENS - detected UnsignedFile.Multi.Generic (1)
10:46:24.0071 0192 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:46:24.0071 0192 SensrSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0071 0192 SensrSvc - detected UnsignedFile.Multi.Generic (1)
10:46:24.0087 0192 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:46:24.0087 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B
10:46:24.0102 0192 Serenum ( LockedFile.Multi.Generic ) - warning
10:46:24.0102 0192 Serenum - detected LockedFile.Multi.Generic (1)
10:46:24.0118 0192 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:46:24.0118 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6
10:46:24.0118 0192 Serial ( LockedFile.Multi.Generic ) - warning
10:46:24.0118 0192 Serial - detected LockedFile.Multi.Generic (1)
10:46:24.0134 0192 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:46:24.0134 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3
10:46:24.0134 0192 sermouse ( LockedFile.Multi.Generic ) - warning
10:46:24.0134 0192 sermouse - detected LockedFile.Multi.Generic (1)
10:46:24.0180 0192 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:46:24.0180 0192 SessionEnv ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0180 0192 SessionEnv - detected UnsignedFile.Multi.Generic (1)
10:46:24.0196 0192 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:46:24.0196 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF
10:46:24.0196 0192 sffdisk ( LockedFile.Multi.Generic ) - warning
10:46:24.0196 0192 sffdisk - detected LockedFile.Multi.Generic (1)
10:46:24.0212 0192 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:46:24.0212 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF
10:46:24.0212 0192 sffp_mmc ( LockedFile.Multi.Generic ) - warning
10:46:24.0212 0192 sffp_mmc - detected LockedFile.Multi.Generic (1)
10:46:24.0227 0192 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:46:24.0227 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C
10:46:24.0227 0192 sffp_sd ( LockedFile.Multi.Generic ) - warning
10:46:24.0227 0192 sffp_sd - detected LockedFile.Multi.Generic (1)
10:46:24.0243 0192 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:46:24.0243 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4
10:46:24.0243 0192 sfloppy ( LockedFile.Multi.Generic ) - warning
10:46:24.0243 0192 sfloppy - detected LockedFile.Multi.Generic (1)
10:46:24.0290 0192 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:46:24.0290 0192 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0290 0192 SharedAccess - detected UnsignedFile.Multi.Generic (1)
10:46:24.0336 0192 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:46:24.0336 0192 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0336 0192 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
10:46:24.0368 0192 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:46:24.0368 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1
10:46:24.0368 0192 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
10:46:24.0368 0192 SiSRaid2 - detected LockedFile.Multi.Generic (1)
10:46:24.0399 0192 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:46:24.0399 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4
10:46:24.0399 0192 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
10:46:24.0399 0192 SiSRaid4 - detected LockedFile.Multi.Generic (1)
10:46:24.0430 0192 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:46:24.0430 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4
10:46:24.0430 0192 Smb ( LockedFile.Multi.Generic ) - warning
10:46:24.0430 0192 Smb - detected LockedFile.Multi.Generic (1)
10:46:24.0461 0192 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:46:24.0461 0192 SNMPTRAP ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0461 0192 SNMPTRAP - detected UnsignedFile.Multi.Generic (1)
10:46:24.0477 0192 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:46:24.0477 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9
10:46:24.0477 0192 spldr ( LockedFile.Multi.Generic ) - warning
10:46:24.0477 0192 spldr - detected LockedFile.Multi.Generic (1)
10:46:24.0524 0192 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:46:24.0524 0192 Spooler ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0524 0192 Spooler - detected UnsignedFile.Multi.Generic (1)
10:46:24.0586 0192 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:46:24.0633 0192 sppsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0633 0192 sppsvc - detected UnsignedFile.Multi.Generic (1)
10:46:24.0664 0192 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:46:24.0664 0192 sppuinotify ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0664 0192 sppuinotify - detected UnsignedFile.Multi.Generic (1)
10:46:24.0695 0192 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:46:24.0695 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B
10:46:24.0695 0192 srv ( LockedFile.Multi.Generic ) - warning
10:46:24.0695 0192 srv - detected LockedFile.Multi.Generic (1)
10:46:24.0711 0192 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:46:24.0711 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28
10:46:24.0711 0192 srv2 ( LockedFile.Multi.Generic ) - warning
10:46:24.0711 0192 srv2 - detected LockedFile.Multi.Generic (1)
10:46:24.0742 0192 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:46:24.0742 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3
10:46:24.0742 0192 srvnet ( LockedFile.Multi.Generic ) - warning
10:46:24.0742 0192 srvnet - detected LockedFile.Multi.Generic (1)
10:46:24.0773 0192 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:46:24.0773 0192 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0773 0192 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
10:46:24.0789 0192 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:46:24.0789 0192 SstpSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0789 0192 SstpSvc - detected UnsignedFile.Multi.Generic (1)
10:46:24.0836 0192 Steam Client Service - ok
10:46:24.0851 0192 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:46:24.0851 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A
10:46:24.0851 0192 stexstor ( LockedFile.Multi.Generic ) - warning
10:46:24.0851 0192 stexstor - detected LockedFile.Multi.Generic (1)
10:46:24.0898 0192 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:46:24.0898 0192 stisvc ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0898 0192 stisvc - detected UnsignedFile.Multi.Generic (1)
10:46:24.0914 0192 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:46:24.0914 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmstorfl.sys. md5: 7785DC213270D2FC066538DAF94087E7
10:46:24.0929 0192 storflt ( LockedFile.Multi.Generic ) - warning
10:46:24.0929 0192 storflt - detected LockedFile.Multi.Generic (1)
10:46:24.0945 0192 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:46:24.0945 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\storvsc.sys. md5: D34E4943D5AC096C8EDEEBFD80D76E23
10:46:24.0945 0192 storvsc ( LockedFile.Multi.Generic ) - warning
10:46:24.0945 0192 storvsc - detected LockedFile.Multi.Generic (1)
10:46:24.0960 0192 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:46:24.0960 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90
10:46:24.0960 0192 swenum ( LockedFile.Multi.Generic ) - warning
10:46:24.0976 0192 swenum - detected LockedFile.Multi.Generic (1)
10:46:24.0992 0192 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:46:24.0992 0192 swprv ( UnsignedFile.Multi.Generic ) - warning
10:46:24.0992 0192 swprv - detected UnsignedFile.Multi.Generic (1)
10:46:25.0007 0192 Synth3dVsc - ok
10:46:25.0054 0192 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:46:25.0070 0192 SysMain ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0070 0192 SysMain - detected UnsignedFile.Multi.Generic (1)
10:46:25.0116 0192 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:46:25.0116 0192 TabletInputService ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0116 0192 TabletInputService - detected UnsignedFile.Multi.Generic (1)
10:46:25.0148 0192 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:46:25.0148 0192 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0148 0192 TapiSrv - detected UnsignedFile.Multi.Generic (1)
10:46:25.0194 0192 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:46:25.0194 0192 TBS ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0194 0192 TBS - detected UnsignedFile.Multi.Generic (1)
10:46:25.0241 0192 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:46:25.0241 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
10:46:25.0241 0192 Tcpip ( LockedFile.Multi.Generic ) - warning
10:46:25.0241 0192 Tcpip - detected LockedFile.Multi.Generic (1)
10:46:25.0272 0192 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:46:25.0272 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
10:46:25.0272 0192 TCPIP6 ( LockedFile.Multi.Generic ) - warning
10:46:25.0272 0192 TCPIP6 - detected LockedFile.Multi.Generic (1)
10:46:25.0319 0192 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:46:25.0319 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519
10:46:25.0319 0192 tcpipreg ( LockedFile.Multi.Generic ) - warning
10:46:25.0319 0192 tcpipreg - detected LockedFile.Multi.Generic (1)
10:46:25.0350 0192 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:46:25.0350 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C
10:46:25.0350 0192 TDPIPE ( LockedFile.Multi.Generic ) - warning
10:46:25.0350 0192 TDPIPE - detected LockedFile.Multi.Generic (1)
10:46:25.0382 0192 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:46:25.0382 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
10:46:25.0382 0192 TDTCP ( LockedFile.Multi.Generic ) - warning
10:46:25.0382 0192 TDTCP - detected LockedFile.Multi.Generic (1)
10:46:25.0413 0192 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:46:25.0413 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806
10:46:25.0413 0192 tdx ( LockedFile.Multi.Generic ) - warning
10:46:25.0413 0192 tdx - detected LockedFile.Multi.Generic (1)
10:46:25.0428 0192 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:46:25.0428 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5
10:46:25.0428 0192 TermDD ( LockedFile.Multi.Generic ) - warning
10:46:25.0428 0192 TermDD - detected LockedFile.Multi.Generic (1)
10:46:25.0475 0192 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:46:25.0475 0192 TermService ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0475 0192 TermService - detected UnsignedFile.Multi.Generic (1)
10:46:25.0491 0192 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:46:25.0491 0192 Themes ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0491 0192 Themes - detected UnsignedFile.Multi.Generic (1)
10:46:25.0506 0192 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:46:25.0506 0192 THREADORDER ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0506 0192 THREADORDER - detected UnsignedFile.Multi.Generic (1)
10:46:25.0569 0192 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
10:46:25.0569 0192 TomTomHOMEService ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0569 0192 TomTomHOMEService - detected UnsignedFile.Multi.Generic (1)
10:46:25.0600 0192 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:46:25.0600 0192 TrkWks ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0600 0192 TrkWks - detected UnsignedFile.Multi.Generic (1)
10:46:25.0662 0192 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:46:25.0662 0192 TrustedInstaller ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0662 0192 TrustedInstaller - detected UnsignedFile.Multi.Generic (1)
10:46:25.0694 0192 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:46:25.0694 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30
10:46:25.0694 0192 tssecsrv ( LockedFile.Multi.Generic ) - warning
10:46:25.0694 0192 tssecsrv - detected LockedFile.Multi.Generic (1)
10:46:25.0725 0192 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:46:25.0725 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9
10:46:25.0725 0192 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
10:46:25.0725 0192 TsUsbFlt - detected LockedFile.Multi.Generic (1)
10:46:25.0740 0192 tsusbhub - ok
10:46:25.0772 0192 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:46:25.0772 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894
10:46:25.0772 0192 tunnel ( LockedFile.Multi.Generic ) - warning
10:46:25.0772 0192 tunnel - detected LockedFile.Multi.Generic (1)
10:46:25.0787 0192 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:46:25.0803 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67
10:46:25.0803 0192 uagp35 ( LockedFile.Multi.Generic ) - warning
10:46:25.0803 0192 uagp35 - detected LockedFile.Multi.Generic (1)
10:46:25.0818 0192 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:46:25.0818 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593
10:46:25.0834 0192 udfs ( LockedFile.Multi.Generic ) - warning
10:46:25.0834 0192 udfs - detected LockedFile.Multi.Generic (1)
10:46:25.0850 0192 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:46:25.0850 0192 UI0Detect ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0850 0192 UI0Detect - detected UnsignedFile.Multi.Generic (1)
10:46:25.0881 0192 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:46:25.0881 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320
10:46:25.0881 0192 uliagpkx ( LockedFile.Multi.Generic ) - warning
10:46:25.0881 0192 uliagpkx - detected LockedFile.Multi.Generic (1)
10:46:25.0912 0192 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:46:25.0912 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561
10:46:25.0912 0192 umbus ( LockedFile.Multi.Generic ) - warning
10:46:25.0912 0192 umbus - detected LockedFile.Multi.Generic (1)
10:46:25.0928 0192 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:46:25.0928 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D
10:46:25.0928 0192 UmPass ( LockedFile.Multi.Generic ) - warning
10:46:25.0928 0192 UmPass - detected LockedFile.Multi.Generic (1)
10:46:25.0943 0192 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:46:25.0943 0192 UmRdpService ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0943 0192 UmRdpService - detected UnsignedFile.Multi.Generic (1)
10:46:25.0974 0192 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:46:25.0990 0192 upnphost ( UnsignedFile.Multi.Generic ) - warning
10:46:25.0990 0192 upnphost - detected UnsignedFile.Multi.Generic (1)
10:46:26.0006 0192 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:46:26.0006 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C
10:46:26.0021 0192 usbccgp ( LockedFile.Multi.Generic ) - warning
10:46:26.0021 0192 usbccgp - detected LockedFile.Multi.Generic (1)
10:46:26.0037 0192 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:46:26.0037 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
10:46:26.0037 0192 usbcir ( LockedFile.Multi.Generic ) - warning
10:46:26.0037 0192 usbcir - detected LockedFile.Multi.Generic (1)
10:46:26.0052 0192 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:46:26.0052 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B
10:46:26.0068 0192 usbehci ( LockedFile.Multi.Generic ) - warning
10:46:26.0068 0192 usbehci - detected LockedFile.Multi.Generic (1)
10:46:26.0084 0192 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:46:26.0084 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24
10:46:26.0115 0192 usbhub ( LockedFile.Multi.Generic ) - warning
10:46:26.0115 0192 usbhub - detected LockedFile.Multi.Generic (1)
10:46:26.0130 0192 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:46:26.0130 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31
10:46:26.0130 0192 usbohci ( LockedFile.Multi.Generic ) - warning
10:46:26.0130 0192 usbohci - detected LockedFile.Multi.Generic (1)
10:46:26.0162 0192 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:46:26.0162 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
10:46:26.0177 0192 usbprint ( LockedFile.Multi.Generic ) - warning
10:46:26.0177 0192 usbprint - detected LockedFile.Multi.Generic (1)
10:46:26.0193 0192 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:46:26.0193 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0
10:46:26.0193 0192 usbscan ( LockedFile.Multi.Generic ) - warning
10:46:26.0193 0192 usbscan - detected LockedFile.Multi.Generic (1)
10:46:26.0208 0192 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:46:26.0208 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6
10:46:26.0224 0192 USBSTOR ( LockedFile.Multi.Generic ) - warning
10:46:26.0224 0192 USBSTOR - detected LockedFile.Multi.Generic (1)
10:46:26.0240 0192 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:46:26.0240 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD
10:46:26.0240 0192 usbuhci ( LockedFile.Multi.Generic ) - warning
10:46:26.0240 0192 usbuhci - detected LockedFile.Multi.Generic (1)
10:46:26.0286 0192 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
10:46:26.0286 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usb8023x.sys. md5: 70D05EE263568A742D14E1876DF80532
10:46:26.0286 0192 usb_rndisx ( LockedFile.Multi.Generic ) - warning
10:46:26.0286 0192 usb_rndisx - detected LockedFile.Multi.Generic (1)
10:46:26.0302 0192 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:46:26.0302 0192 UxSms ( UnsignedFile.Multi.Generic ) - warning
10:46:26.0302 0192 UxSms - detected UnsignedFile.Multi.Generic (1)
10:46:26.0318 0192 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:46:26.0318 0192 VaultSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:26.0318 0192 VaultSvc - detected UnsignedFile.Multi.Generic (1)
10:46:26.0349 0192 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:46:26.0349 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
10:46:26.0349 0192 vdrvroot ( LockedFile.Multi.Generic ) - warning
10:46:26.0349 0192 vdrvroot - detected LockedFile.Multi.Generic (1)
10:46:26.0396 0192 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:46:26.0411 0192 vds ( UnsignedFile.Multi.Generic ) - warning
10:46:26.0411 0192 vds - detected UnsignedFile.Multi.Generic (1)
10:46:26.0427 0192 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:46:26.0427 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
10:46:26.0427 0192 vga ( LockedFile.Multi.Generic ) - warning
10:46:26.0427 0192 vga - detected LockedFile.Multi.Generic (1)
10:46:26.0427 0192 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:46:26.0427 0192 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
10:46:26.0442 0192 VgaSave ( LockedFile.Multi.Generic ) - warning
10:46:26.0442 0192 VgaSave - detected LockedFile.Multi.Generic (1)
10:46:26.0458 0192 VGPU - ok
10:46:26.0474 0192 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:46:26.0474 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
10:46:26.0489 0192 vhdmp ( LockedFile.Multi.Generic ) - warning
10:46:26.0489 0192 vhdmp - detected LockedFile.Multi.Generic (1)
10:46:26.0505 0192 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:46:26.0505 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
10:46:26.0505 0192 viaide ( LockedFile.Multi.Generic ) - warning
10:46:26.0505 0192 viaide - detected LockedFile.Multi.Generic (1)
10:46:26.0520 0192 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:46:26.0520 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmbus.sys. md5: 86EA3E79AE350FEA5331A1303054005F
10:46:26.0536 0192 vmbus ( LockedFile.Multi.Generic ) - warning
10:46:26.0536 0192 vmbus - detected LockedFile.Multi.Generic (1)
10:46:26.0552 0192 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:46:26.0552 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\VMBusHID.sys. md5: 7DE90B48F210D29649380545DB45A187
10:46:26.0552 0192 VMBusHID ( LockedFile.Multi.Generic ) - warning
10:46:26.0552 0192 VMBusHID - detected LockedFile.Multi.Generic (1)
10:46:26.0567 0192 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:46:26.0567 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
10:46:26.0567 0192 volmgr ( LockedFile.Multi.Generic ) - warning
10:46:26.0567 0192 volmgr - detected LockedFile.Multi.Generic (1)
10:46:26.0614 0192 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:46:26.0614 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
10:46:26.0614 0192 volmgrx ( LockedFile.Multi.Generic ) - warning
10:46:26.0614 0192 volmgrx - detected LockedFile.Multi.Generic (1)
10:46:26.0630 0192 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:46:26.0645 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
10:46:26.0645 0192 volsnap ( LockedFile.Multi.Generic ) - warning
10:46:26.0645 0192 volsnap - detected LockedFile.Multi.Generic (1)
10:46:26.0676 0192 [ 7254B4F4A59F9D18B49CAF8AA0428631 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
10:46:26.0676 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: 7254B4F4A59F9D18B49CAF8AA0428631
10:46:26.0676 0192 vpcbus ( LockedFile.Multi.Generic ) - warning
10:46:26.0676 0192 vpcbus - detected LockedFile.Multi.Generic (1)
10:46:26.0708 0192 [ ED501CEBF6F571FCCE55887BDF4888EA ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
10:46:26.0708 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: ED501CEBF6F571FCCE55887BDF4888EA
10:46:26.0708 0192 vpcnfltr ( LockedFile.Multi.Generic ) - warning
10:46:26.0708 0192 vpcnfltr - detected LockedFile.Multi.Generic (1)
10:46:26.0739 0192 [ 2CE21FFD391FE21763DDC32B1CAABA7D ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
10:46:26.0739 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 2CE21FFD391FE21763DDC32B1CAABA7D
10:46:26.0739 0192 vpcusb ( LockedFile.Multi.Generic ) - warning
10:46:26.0739 0192 vpcusb - detected LockedFile.Multi.Generic (1)
10:46:26.0770 0192 [ C3F658CD063EA677FCCBB620167B44C8 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
10:46:26.0770 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\vpcvmm.sys. md5: C3F658CD063EA677FCCBB620167B44C8
10:46:26.0770 0192 vpcvmm ( LockedFile.Multi.Generic ) - warning
10:46:26.0770 0192 vpcvmm - detected LockedFile.Multi.Generic (1)
10:46:26.0786 0192 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:46:26.0786 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
10:46:26.0786 0192 vsmraid ( LockedFile.Multi.Generic ) - warning
10:46:26.0786 0192 vsmraid - detected LockedFile.Multi.Generic (1)
10:46:26.0832 0192 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:46:26.0848 0192 VSS ( UnsignedFile.Multi.Generic ) - warning
10:46:26.0848 0192 VSS - detected UnsignedFile.Multi.Generic (1)
10:46:26.0879 0192 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:46:26.0879 0192 Suspicious file (NoAccess): C:\Windows\System32\drivers\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
10:46:26.0879 0192 vwifibus ( LockedFile.Multi.Generic ) - warning
10:46:26.0879 0192 vwifibus - detected LockedFile.Multi.Generic (1)
10:46:26.0926 0192 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:46:26.0926 0192 W32Time ( UnsignedFile.Multi.Generic ) - warning
10:46:26.0926 0192 W32Time - detected UnsignedFile.Multi.Generic (1)
10:46:26.0942 0192 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:46:26.0942 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
10:46:26.0942 0192 WacomPen ( LockedFile.Multi.Generic ) - warning
10:46:26.0942 0192 WacomPen - detected LockedFile.Multi.Generic (1)
10:46:26.0957 0192 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:46:26.0957 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
10:46:26.0957 0192 WANARP ( LockedFile.Multi.Generic ) - warning
10:46:26.0957 0192 WANARP - detected LockedFile.Multi.Generic (1)
10:46:26.0957 0192 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:46:26.0957 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
10:46:26.0973 0192 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
10:46:26.0973 0192 Wanarpv6 - detected LockedFile.Multi.Generic (1)
10:46:27.0020 0192 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:46:27.0035 0192 WatAdminSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0035 0192 WatAdminSvc - detected UnsignedFile.Multi.Generic (1)
10:46:27.0082 0192 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:46:27.0098 0192 wbengine ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0098 0192 wbengine - detected UnsignedFile.Multi.Generic (1)
10:46:27.0113 0192 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:46:27.0113 0192 WbioSrvc ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0113 0192 WbioSrvc - detected UnsignedFile.Multi.Generic (1)
10:46:27.0160 0192 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
10:46:27.0160 0192 WcesComm ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0160 0192 WcesComm - detected UnsignedFile.Multi.Generic (1)
10:46:27.0191 0192 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:46:27.0191 0192 wcncsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0191 0192 wcncsvc - detected UnsignedFile.Multi.Generic (1)
10:46:27.0207 0192 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:46:27.0207 0192 WcsPlugInService ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0207 0192 WcsPlugInService - detected UnsignedFile.Multi.Generic (1)
10:46:27.0222 0192 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:46:27.0222 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
10:46:27.0222 0192 Wd ( LockedFile.Multi.Generic ) - warning
10:46:27.0222 0192 Wd - detected LockedFile.Multi.Generic (1)
10:46:27.0254 0192 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:46:27.0254 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
10:46:27.0254 0192 Wdf01000 ( LockedFile.Multi.Generic ) - warning
10:46:27.0254 0192 Wdf01000 - detected LockedFile.Multi.Generic (1)
10:46:27.0269 0192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:46:27.0269 0192 WdiServiceHost ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0269 0192 WdiServiceHost - detected UnsignedFile.Multi.Generic (1)
10:46:27.0285 0192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:46:27.0285 0192 WdiSystemHost ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0285 0192 WdiSystemHost - detected UnsignedFile.Multi.Generic (1)
10:46:27.0316 0192 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:46:27.0316 0192 WebClient ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0316 0192 WebClient - detected UnsignedFile.Multi.Generic (1)
10:46:27.0347 0192 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:46:27.0347 0192 Wecsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0347 0192 Wecsvc - detected UnsignedFile.Multi.Generic (1)
10:46:27.0363 0192 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:46:27.0363 0192 wercplsupport ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0363 0192 wercplsupport - detected UnsignedFile.Multi.Generic (1)
10:46:27.0378 0192 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:46:27.0378 0192 WerSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0378 0192 WerSvc - detected UnsignedFile.Multi.Generic (1)
10:46:27.0394 0192 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:46:27.0394 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
10:46:27.0410 0192 WfpLwf ( LockedFile.Multi.Generic ) - warning
10:46:27.0410 0192 WfpLwf - detected LockedFile.Multi.Generic (1)
10:46:27.0410 0192 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:46:27.0410 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
10:46:27.0410 0192 WIMMount ( LockedFile.Multi.Generic ) - warning
10:46:27.0410 0192 WIMMount - detected LockedFile.Multi.Generic (1)
10:46:27.0456 0192 WinDefend - ok
10:46:27.0472 0192 WinHttpAutoProxySvc - ok
10:46:27.0519 0192 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:46:27.0534 0192 Winmgmt ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0534 0192 Winmgmt - detected UnsignedFile.Multi.Generic (1)
10:46:27.0566 0192 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:46:27.0597 0192 WinRM ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0597 0192 WinRM - detected UnsignedFile.Multi.Generic (1)
10:46:27.0659 0192 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:46:27.0659 0192 Wlansvc ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0659 0192 Wlansvc - detected UnsignedFile.Multi.Generic (1)
10:46:27.0706 0192 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:46:27.0706 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
10:46:27.0706 0192 WmiAcpi ( LockedFile.Multi.Generic ) - warning
10:46:27.0706 0192 WmiAcpi - detected LockedFile.Multi.Generic (1)
10:46:27.0737 0192 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:46:27.0737 0192 wmiApSrv ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0737 0192 wmiApSrv - detected UnsignedFile.Multi.Generic (1)
10:46:27.0753 0192 WMPNetworkSvc - ok
10:46:27.0768 0192 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:46:27.0768 0192 WPCSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0768 0192 WPCSvc - detected UnsignedFile.Multi.Generic (1)
10:46:27.0800 0192 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:46:27.0800 0192 WPDBusEnum ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0800 0192 WPDBusEnum - detected UnsignedFile.Multi.Generic (1)
10:46:27.0831 0192 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:46:27.0831 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
10:46:27.0846 0192 ws2ifsl ( LockedFile.Multi.Generic ) - warning
10:46:27.0846 0192 ws2ifsl - detected LockedFile.Multi.Generic (1)
10:46:27.0862 0192 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:46:27.0862 0192 wscsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0862 0192 wscsvc - detected UnsignedFile.Multi.Generic (1)
10:46:27.0878 0192 WSearch - ok
10:46:27.0940 0192 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:46:27.0971 0192 wuauserv ( UnsignedFile.Multi.Generic ) - warning
10:46:27.0971 0192 wuauserv - detected UnsignedFile.Multi.Generic (1)
10:46:28.0002 0192 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:46:28.0002 0192 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C
10:46:28.0002 0192 WudfPf ( LockedFile.Multi.Generic ) - warning
10:46:28.0002 0192 WudfPf - detected LockedFile.Multi.Generic (1)
10:46:28.0018 0192 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:46:28.0018 0192 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682
10:46:28.0018 0192 WUDFRd ( LockedFile.Multi.Generic ) - warning
10:46:28.0018 0192 WUDFRd - detected LockedFile.Multi.Generic (1)
10:46:28.0049 0192 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:46:28.0049 0192 wudfsvc ( UnsignedFile.Multi.Generic ) - warning
10:46:28.0049 0192 wudfsvc - detected UnsignedFile.Multi.Generic (1)
10:46:28.0080 0192 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:46:28.0096 0192 WwanSvc ( UnsignedFile.Multi.Generic ) - warning
10:46:28.0096 0192 WwanSvc - detected UnsignedFile.Multi.Generic (1)
10:46:28.0096 0192 ================ Scan global ===============================
10:46:28.0127 0192 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:46:28.0158 0192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:46:28.0174 0192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:46:28.0190 0192 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:46:28.0205 0192 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:46:28.0205 0192 [Global] - ok
10:46:28.0205 0192 ================ Scan MBR ==================================
10:46:28.0221 0192 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:46:28.0548 0192 \Device\Harddisk0\DR0 - ok
10:46:28.0564 0192 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:46:28.0704 0192 \Device\Harddisk1\DR1 - ok
10:46:28.0704 0192 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
10:46:28.0829 0192 \Device\Harddisk2\DR2 - ok
10:46:28.0845 0192 ================ Scan VBR ==================================
10:46:28.0845 0192 [ A2E94D13C32AF0FAE7CD79A650AE99C2 ] \Device\Harddisk0\DR0\Partition1
10:46:28.0845 0192 \Device\Harddisk0\DR0\Partition1 - ok
10:46:28.0845 0192 [ 0266E121F5120423D28FE21294D24366 ] \Device\Harddisk1\DR1\Partition1
10:46:28.0845 0192 \Device\Harddisk1\DR1\Partition1 - ok
10:46:28.0845 0192 [ DFC6F37D3EA58451D5E22E62D5200B9A ] \Device\Harddisk2\DR2\Partition1
10:46:28.0845 0192 \Device\Harddisk2\DR2\Partition1 - ok
10:46:28.0845 0192 ============================================================
10:46:28.0845 0192 Scan finished
10:46:28.0845 0192 ============================================================
10:46:28.0860 1860 Detected object count: 416
10:46:28.0860 1860 Actual detected object count: 416
10:48:13.0771 1860 1394ohci ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0771 1860 1394ohci ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0771 1860 4b67c937a5c89fb4 ( Rootkit.Win32.Necurs.gen ) - skipped by user
10:48:13.0771 1860 4b67c937a5c89fb4 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
10:48:13.0771 1860 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0771 1860 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0771 1860 AcpiPmi ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0771 1860 AcpiPmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 adp94xx ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 adp94xx ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 adpahci ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 adpahci ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 AeLookupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 AeLookupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 agp440 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 agp440 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 ALG ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 aliide ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 aliide ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 AMD External Events Utility ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 AMD External Events Utility ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 amdide ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 amdide ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 amdiox64 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 amdiox64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0786 1860 AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0786 1860 AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 amdkmdag ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 amdkmdag ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 AmdPPM ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 AmdPPM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 amdsata ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 amdsata ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 amdsbs ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 amdsbs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 amdxata ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 amdxata ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 Andbus ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 Andbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 AndDiag ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 AndDiag ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 AndGps ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 AndGps ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 ANDModem ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 ANDModem ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 AODDriver4.1 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 AODDriver4.1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 AppID ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 AppID ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0802 1860 AppIDSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0802 1860 AppIDSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 Appinfo ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 Appinfo ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 arc ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 arc ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 arcsas ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 arcsas ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 AsIO ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 AsIO ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 AsyncMac ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 AsyncMac ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 AtiHDAudioService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 AtiHDAudioService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 atikmdag ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 atikmdag ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 AtiPcie ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 AtiPcie ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0817 1860 AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0817 1860 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 AxInstSV ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 AxInstSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 b06bdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 b06bdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 b57nd60a ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 b57nd60a ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 BDESVC ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 BDESVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 Beep ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 BFE ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 BFE ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 BITS ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 blbdrive ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 blbdrive ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 bowser ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 bowser ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 BrFiltLo ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 BrFiltLo ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0833 1860 BrFiltUp ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0833 1860 BrFiltUp ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 BridgeMP ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 BridgeMP ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 Browser ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 Brserid ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 Brserid ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 BrSerWdm ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 BrSerWdm ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 BrUsbMdm ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 BrUsbMdm ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 BrUsbSer ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 BrUsbSer ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 BTHMODEM ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 BTHMODEM ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 bthserv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 bthserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 cdfs ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 cdfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 cdrom ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 CertPropSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 CertPropSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 circlass ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 circlass ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0849 1860 CLFS ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0849 1860 CLFS ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 clr_optimization_v2.0.50727_64 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 clr_optimization_v2.0.50727_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 CmBatt ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 cmdide ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 cmdide ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 CNG ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 CNG ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 Compbatt ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 crcdisk ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 CSC ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 CSC ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0864 1860 CscService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0864 1860 CscService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 DAUpdaterSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 DAUpdaterSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 defragsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 defragsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 DfsC ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 DfsC ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 discache ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 discache ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 DPS ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 DPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0880 1860 DXGKrnl ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0880 1860 DXGKrnl ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 ebdrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 ebdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 EFS ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 EFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 ehSched ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 ehSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 elxstor ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 elxstor ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 ErrDev ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 exfat ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 exfat ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 fastfat ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 Fax ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 Fax ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0895 1860 fdc ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0895 1860 fdc ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 fdPHost ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 fdPHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 FDResPub ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 FDResPub ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 FileInfo ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 Filetrace ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 FltMgr ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 FontCache ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 FontCache ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 FontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 FontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 FsDepends ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 fvevol ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0911 1860 gpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0911 1860 gpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 gupdate ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 gupdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 gupdatem ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 gupdatem ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 HidBatt ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 HidBth ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 HidIr ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 hidserv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 hidserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 HomeGroupListener ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 HomeGroupListener ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0927 1860 HomeGroupProvider ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0927 1860 HomeGroupProvider ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 HTTP ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 iirsp ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 IKEEXT ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 IKEEXT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 IntcAzAudAddService ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 IntcAzAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 intelide ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 intelppm ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 IPBusEnum ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 IPBusEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0942 1860 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0942 1860 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 isapnp ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 KeyIso ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 KeyIso ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 Kodak AiO Network Discovery Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 Kodak AiO Network Discovery Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 ksthunk ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0958 1860 KtmRm ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0958 1860 KtmRm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 LanmanServer ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 LanmanServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 LanmanWorkstation ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 LanmanWorkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 lltdio ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 lltdsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 lltdsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 lmhosts ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 lmhosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 luafv ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 MBAMScheduler ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 MBAMScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0973 1860 MBAMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0973 1860 MBAMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 Mcx2Svc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 Mcx2Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 megasas ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 MMCSS ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 MMCSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 Modem ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 monitor ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 mouclass ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 mouhid ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 mountmgr ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 mpio ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:13.0989 1860 MpsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:13.0989 1860 MpsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 msahci ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 msdsm ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 Msfs ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 MSiSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 MSiSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0005 1860 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0005 1860 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 MTsensor ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 MTsensor ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 Mup ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 napagent ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 NDIS ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0020 1860 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0020 1860 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 NetBT ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 NetBT ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 Netman ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 netprofm ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 netprofm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 NlaSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 NlaSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 Npfs ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 nsi ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 nsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0036 1860 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0036 1860 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 Null ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 Null ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 nvraid ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 nvrd64 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 nvrd64 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 nvsmu ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 nvsmu ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 nvstor ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 nvstor64 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 nvstor64 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 p2pimsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 p2pimsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 p2psvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 p2psvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 Parport ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0051 1860 partmgr ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0051 1860 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 PcaSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 PcaSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 pci ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 pci ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 pciide ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 pcw ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 pcw ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 PeerDistSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 PeerDistSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 PerfHost ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 PerfHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 pla ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 pla ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 PNRPsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 PNRPsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0067 1860 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0067 1860 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 Power ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 Power ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 Processor ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 ProfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 ProfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 Psched ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 QWAVE ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 QWAVE ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 RapiMgr ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 RapiMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0083 1860 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0083 1860 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 rdbss ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 RDPDR ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 RDPDR ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0098 1860 RdpVideoMiniport ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0098 1860 RdpVideoMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 RpcEptMapper ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 RpcEptMapper ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 rspndr ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 s3cap ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 s3cap ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0114 1860 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0114 1860 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 scfilter ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 SCPolicySvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 SCPolicySvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 SDRSVC ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 SDRSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 secdrv ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 SENS ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 SensrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 SensrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 Serenum ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 Serial ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 sermouse ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 SessionEnv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 SessionEnv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0129 1860 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0129 1860 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 Smb ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 SNMPTRAP ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 SNMPTRAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 spldr ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 sppsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 sppsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0145 1860 sppuinotify ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0145 1860 sppuinotify ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 srv ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 srv ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 srv2 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 srvnet ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 SstpSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 SstpSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 stexstor ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 storflt ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 storflt ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 storvsc ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 storvsc ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 swenum ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 swprv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 swprv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 SysMain ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 SysMain ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0161 1860 TabletInputService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0161 1860 TabletInputService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 TBS ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 TBS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 tdx ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 TermDD ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 THREADORDER ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 THREADORDER ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0176 1860 TomTomHOMEService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0176 1860 TomTomHOMEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 TrustedInstaller ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 TrustedInstaller ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 tunnel ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 udfs ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 UI0Detect ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 UI0Detect ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 umbus ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 UmPass ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 UmRdpService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 UmRdpService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0192 1860 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0192 1860 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 usbcir ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 usbehci ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 usbhub ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 usbohci ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 usbprint ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 usbscan ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 usb_rndisx ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 usb_rndisx ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 UxSms ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 UxSms ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 VaultSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 VaultSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0207 1860 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0207 1860 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 vds ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 vds ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 vga ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 vga ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 viaide ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 vmbus ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 vmbus ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 VMBusHID ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 VMBusHID ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 volmgr ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 volsnap ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 vpcbus ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 vpcbus ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 vpcnfltr ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 vpcnfltr ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0223 1860 vpcusb ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0223 1860 vpcusb ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 vpcvmm ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 vpcvmm ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 VSS ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 WANARP ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 WatAdminSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 WatAdminSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 wbengine ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 wbengine ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 WbioSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 WbioSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 WcesComm ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 WcesComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0239 1860 wcncsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0239 1860 wcncsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 WcsPlugInService ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 WcsPlugInService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 Wd ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 WdiServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 WdiServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 WdiSystemHost ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 WdiSystemHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 Wecsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 Wecsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 wercplsupport ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 wercplsupport ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 WerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 WerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0254 1860 Winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0254 1860 Winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 WinRM ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 WinRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 Wlansvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 Wlansvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 wmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 wmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 WPCSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 WPCSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 WPDBusEnum ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 WPDBusEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 wudfsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 wudfsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:48:14.0270 1860 WwanSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:48:14.0270 1860 WwanSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

#8
Essexboy

Posted 24 September 2012 - 09:22 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets try and get that last driver

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\drivers\4b67c937a5c89fb4.sys

Driver::
Unknown (-1)
4b67c937a5c89fb4

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

#9
risefreeze

Posted 24 September 2012 - 09:37 AM

Member

Topic Starter
Member
27 posts

Here is my combofix log

ComboFix 12-09-24.02 - Admin 24/09/2012 11:28:42.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16383.14638 [GMT -4:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Admin\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

FILE ::
"C:\Windows\System32\drivers\4b67c937a5c89fb4.sys"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

---- Previous Run -------

C:\install.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\jestertb.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_4B67C937A5C89FB4
-------\Service_4b67c937a5c89fb4

((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))

2012-09-24 15:32:08 . 2012-09-24 15:32:08 -------- d-----w- C:\Users\Phil\AppData\Local\temp
2012-09-24 15:32:08 . 2012-09-24 15:32:08 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2012-09-24 14:01:25 . 2012-09-24 14:01:25 -------- d-----w- C:\_OTL
2012-09-23 21:48:22 . 2012-09-23 21:48:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 19:17:07 . 2012-09-23 19:17:26 -------- d-----w- C:\Users\Admin
2012-09-23 16:39:57 . 2012-09-23 16:39:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-14 04:11:26 . 2012-09-14 04:11:26 -------- d-----w- C:\Users\Guest\AppData\Local\Macromedia
2012-09-14 04:11:01 . 2012-09-14 04:11:01 -------- d-----w- C:\Users\Guest\AppData\Local\AMD
2012-09-14 04:07:29 . 2012-09-14 04:09:20 -------- d-----w- C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60
2012-09-10 03:57:06 . 2012-09-10 03:57:06 -------- d-----w- C:\Users\diablo acct\AppData\Roaming\Malwarebytes
2012-09-09 15:38:39 . 2012-09-09 15:38:39 -------- d-----w- C:\Users\diablo acct\AppData\Local\Macromedia
2012-09-09 15:34:46 . 2012-09-09 15:34:46 -------- d-----w- C:\Users\diablo acct\AppData\Local\AMD
2012-09-02 13:53:37 . 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-09-01 00:02:53 . 2012-08-23 08:26:40 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C63BE266-4DD5-4C06-A444-C8791FD2F47F}\mpengine.dll
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-20 23:53:18 . 2012-04-03 16:39:59 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-20 23:53:18 . 2011-06-07 15:05:50 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 06:05:18 . 2011-07-30 05:32:56 62134624 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-15 16:34:45 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-06 02:06:30 . 2012-08-11 16:55:45 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 . 2010-11-21 06:37:23 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 22:16:43 . 2012-08-15 16:34:46 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-15 16:34:46 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-15 16:34:46 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-15 16:34:46 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-16 06:06:20 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-16 06:06:19 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-16 06:06:22 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-16 06:06:22 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-16 06:06:21 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-16 06:06:22 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-16 06:06:23 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-16 06:06:21 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-16 06:06:21 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-16 06:06:22 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-16 06:06:23 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-16 06:06:23 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-16 06:06:24 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-16 06:06:22 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-16 06:06:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-16 06:06:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-16 06:06:22 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-16 06:06:22 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-16 06:06:24 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-08-14 02:23:32 380928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"EKIJ5000StatusMonitor"="C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-05-07 15:53:36 2042368]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 19:00:26 641704]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 15:07:54 252296]

C:\Users\diablo acct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:03 136176]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 21:04:46 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 23:53:18 250288]
R3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 18:12:22 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 18:12:22 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 18:12:24 27136]
R3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 18:12:24 34304]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:03 136176]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-07 21:04:46 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 16:23:03 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-30 07:00:33 1255736]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 19:07:17 25832]
R4 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2008-11-26 15:36:12 323584]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 19:24:16 308592]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-04-06 02:16:02 236544]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 17:12:16 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 20:04:30 53888]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 21:04:46 399432]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 04:43:08 92592]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 13:18:24 46136]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 05:22:40 11174400]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 01:10:44 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 12:32:04 95760]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 21:52:30 215040]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 4B67C937A5C89FB4
*Deregistered* - 4b67c937a5c89fb4

Contents of the 'Scheduled Tasks' folder

2012-09-24 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:39:59 . 2012-09-20 23:53:18]

2012-09-24 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:05 . 2010-07-03 23:38:03]

2012-09-24 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:05 . 2010-07-03 23:38:03]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-05-07 15:53:36 2042368]
"combofix"="C:\ComboFix\CF9136.3XE" [2010-11-20 13:24:33 345088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8mat3jcw.default\

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\4b67c937a5c89fb4]
"ImagePath"="\SystemRoot\System32\Drivers\4b67c937a5c89fb4.sys"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Windows\DAODx.exe

**************************************************************************

Completion time: 2012-09-24 11:36:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 15:36:01

Pre-Run: 864,423,600,128 bytes free
Post-Run: 864,206,848,000 bytes free

- - End Of File - - 4FFF242E0799480B40FEE2B78D534F76

#10
Essexboy

Posted 24 September 2012 - 11:27 AM

GeekU Moderator

Retired Staff
69,964 posts

OK that driver does not want to go ... So lets work deeper

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to delete:
C:\Windows\system32\4b67c937a5c89fb4.sys

Drivers to delete:
4b67c937a5c89fb4

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Accept the disclaimer
Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

#11
risefreeze

Posted 24 September 2012 - 11:56 AM

Member

Topic Starter
Member
27 posts

I extracted the file to my desktop and ran avenger. I posted the script, and then it ran and restarted the computer. When I went to look for the log, there wasn't a folder in c:/ named avenger. When I opened the program and hit File > open log file, it said no log file exists. I repeated the process just to be sure and it did not create a log file.

#12
Essexboy

Posted 24 September 2012 - 11:56 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you run combofix again please to see if it was removed

#13
risefreeze

Posted 24 September 2012 - 12:09 PM

Member

Topic Starter
Member
27 posts

Yes here is my combofix log. Also getting alot of notices of corrupt files: kdbsync.exe, f5944.3xe, and winlogon.

ComboFix 12-09-24.02 - Admin 24/09/2012 13:59:25.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16383.14743 [GMT -4:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_4B67C937A5C89FB4
-------\Service_4b67c937a5c89fb4
-------\Legacy_4B67C937A5C89FB4
-------\Service_4b67c937a5c89fb4

((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))

2012-09-24 18:03:05 . 2012-09-24 18:03:05 -------- d-----w- C:\Users\Phil\AppData\Local\temp
2012-09-24 18:03:05 . 2012-09-24 18:03:05 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2012-09-24 18:03:05 . 2012-09-24 18:03:05 -------- d-----w- C:\Users\diablo acct\AppData\Local\temp
2012-09-24 18:03:05 . 2012-09-24 18:03:05 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-24 17:48:55 . 2012-09-24 17:48:55 61440 ----a-w- C:\Windows\SysWow64\drivers\jslpyfao.sys
2012-09-24 17:40:57 . 2012-09-24 17:48:55 0 ----a-w- C:\backup.reg
2012-09-24 17:40:57 . 2012-09-24 17:40:57 61440 ----a-w- C:\Windows\SysWow64\drivers\epfy.sys
2012-09-24 14:01:25 . 2012-09-24 14:01:25 -------- d-----w- C:\_OTL
2012-09-23 21:48:22 . 2012-09-23 21:48:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 19:17:07 . 2012-09-23 19:17:26 -------- d-----w- C:\Users\Admin
2012-09-23 16:39:57 . 2012-09-23 16:39:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-14 04:11:26 . 2012-09-14 04:11:26 -------- d-----w- C:\Users\Guest\AppData\Local\Macromedia
2012-09-14 04:11:01 . 2012-09-14 04:11:01 -------- d-----w- C:\Users\Guest\AppData\Local\AMD
2012-09-14 04:07:29 . 2012-09-14 04:09:20 -------- d-----w- C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60
2012-09-10 03:57:06 . 2012-09-10 03:57:06 -------- d-----w- C:\Users\diablo acct\AppData\Roaming\Malwarebytes
2012-09-09 15:38:39 . 2012-09-09 15:38:39 -------- d-----w- C:\Users\diablo acct\AppData\Local\Macromedia
2012-09-09 15:34:46 . 2012-09-09 15:34:46 -------- d-----w- C:\Users\diablo acct\AppData\Local\AMD
2012-09-02 13:53:37 . 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-09-01 00:02:53 . 2012-08-23 08:26:40 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C63BE266-4DD5-4C06-A444-C8791FD2F47F}\mpengine.dll
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-20 23:53:18 . 2012-04-03 16:39:59 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-20 23:53:18 . 2011-06-07 15:05:50 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 06:05:18 . 2011-07-30 05:32:56 62134624 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-15 16:34:45 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-06 02:06:30 . 2012-08-11 16:55:45 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 . 2010-11-21 06:37:23 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 22:16:43 . 2012-08-15 16:34:46 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-15 16:34:46 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-15 16:34:46 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-15 16:34:46 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-16 06:06:20 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-16 06:06:19 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-16 06:06:22 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-16 06:06:22 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-16 06:06:21 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-16 06:06:22 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-16 06:06:23 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-16 06:06:21 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-16 06:06:21 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-16 06:06:22 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-16 06:06:23 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-16 06:06:23 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-16 06:06:24 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-16 06:06:22 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-16 06:06:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-16 06:06:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-16 06:06:22 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-16 06:06:22 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-16 06:06:24 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-08-14 02:23:32 380928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"EKIJ5000StatusMonitor"="C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-05-07 15:53:36 2042368]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 19:00:26 641704]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 15:07:54 252296]

C:\Users\diablo acct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

R0 ingp;ingp;C:\Windows\system32\drivers\epfy.sys [x]
R0 oilak;oilak;C:\Windows\system32\drivers\jslpyfao.sys [x]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:03 136176]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 21:04:46 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 23:53:18 250288]
R3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 18:12:22 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 18:12:22 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 18:12:24 27136]
R3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 18:12:24 34304]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:03 136176]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-07 21:04:46 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 16:23:03 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-30 07:00:33 1255736]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 19:07:17 25832]
R4 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2008-11-26 15:36:12 323584]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 19:24:16 308592]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-04-06 02:16:02 236544]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 17:12:16 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 20:04:30 53888]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 21:04:46 399432]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 04:43:08 92592]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 13:18:24 46136]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 05:22:40 11174400]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 01:10:44 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 12:32:04 95760]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 21:52:30 215040]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 4B67C937A5C89FB4
*Deregistered* - 4b67c937a5c89fb4

Contents of the 'Scheduled Tasks' folder

2012-09-24 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:39:59 . 2012-09-20 23:53:18]

2012-09-24 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:05 . 2010-07-03 23:38:03]

2012-09-24 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:05 . 2010-07-03 23:38:03]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-05-07 15:53:36 2042368]
"combofix"="C:\ComboFix\CF5944.3XE" [2010-11-20 13:24:33 345088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8mat3jcw.default\

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\4b67c937a5c89fb4]
"ImagePath"="\SystemRoot\System32\Drivers\4b67c937a5c89fb4.sys"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Windows\DAODx.exe

**************************************************************************

Completion time: 2012-09-24 14:06:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 18:06:47

Pre-Run: 864,063,336,448 bytes free
Post-Run: 863,968,215,040 bytes free

- - End Of File - - 8551CCBDD0A1D079A23F8AF562198B23

#14
Essexboy

Posted 24 September 2012 - 12:47 PM

GeekU Moderator

Retired Staff
69,964 posts

Getting there, that has now revealed two further drivers to kill. These may be the spawners. Once they are killed we should be able to remove the rest with TDSSKiller and OTL

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys

File::
C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys
C:\Windows\system32\drivers\jslpyfao.sys
C:\Windows\system32\drivers\epfy.sys

Folder::
C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\4b67c937a5c89fb4]

Driver::
ingp
oilak
4b67c937a5c89fb4

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

#15
risefreeze

Posted 24 September 2012 - 06:59 PM

Member

Topic Starter
Member
27 posts

Here is the log for combofix:

ComboFix 12-09-24.02 - Admin 24/09/2012 20:48:06.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16383.14748 [GMT -4:00]
Running from: C:\Users\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Admin\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

FILE ::
"C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys"
"C:\Windows\system32\drivers\epfy.sys"
"C:\Windows\system32\drivers\jslpyfao.sys"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60
C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60\7531E8D9C186A8C602D1D37DF875EF60
C:\ProgramData\7531E8D9C186A8C602D1D37DF875EF60\7531E8D9C186A8C602D1D37DF875EF60.ico

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_4B67C937A5C89FB4
-------\Service_4b67c937a5c89fb4
-------\Legacy_4B67C937A5C89FB4
-------\Service_4b67c937a5c89fb4
-------\Legacy_4B67C937A5C89FB4
-------\Service_4b67c937a5c89fb4
-------\Service_ingp
-------\Service_oilak

((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))

2012-09-25 00:52:42 . 2012-09-25 00:52:42 -------- d-----w- C:\Users\Phil\AppData\Local\temp
2012-09-25 00:52:42 . 2012-09-25 00:52:42 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2012-09-25 00:52:42 . 2012-09-25 00:52:42 -------- d-----w- C:\Users\diablo acct\AppData\Local\temp
2012-09-25 00:52:42 . 2012-09-25 00:52:42 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-24 14:01:25 . 2012-09-24 14:01:25 -------- d-----w- C:\_OTL
2012-09-23 21:48:22 . 2012-09-23 21:48:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 19:17:07 . 2012-09-23 19:17:26 -------- d-----w- C:\Users\Admin
2012-09-23 16:39:57 . 2012-09-23 16:39:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-09-14 04:11:26 . 2012-09-14 04:11:26 -------- d-----w- C:\Users\Guest\AppData\Local\Macromedia
2012-09-14 04:11:01 . 2012-09-14 04:11:01 -------- d-----w- C:\Users\Guest\AppData\Local\AMD
2012-09-10 03:57:06 . 2012-09-10 03:57:06 -------- d-----w- C:\Users\diablo acct\AppData\Roaming\Malwarebytes
2012-09-09 15:38:39 . 2012-09-09 15:38:39 -------- d-----w- C:\Users\diablo acct\AppData\Local\Macromedia
2012-09-09 15:34:46 . 2012-09-09 15:34:46 -------- d-----w- C:\Users\diablo acct\AppData\Local\AMD
2012-09-02 13:53:37 . 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-09-01 00:02:53 . 2012-08-23 08:26:40 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C63BE266-4DD5-4C06-A444-C8791FD2F47F}\mpengine.dll
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-20 23:53:18 . 2012-04-03 16:39:59 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-20 23:53:18 . 2011-06-07 15:05:50 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 06:05:18 . 2011-07-30 05:32:56 62134624 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-15 16:34:45 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-06 02:06:30 . 2012-08-11 16:55:45 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 . 2010-11-21 06:37:23 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 22:16:43 . 2012-08-15 16:34:46 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-15 16:34:46 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-15 16:34:46 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-15 16:34:46 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-16 06:06:20 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-16 06:06:19 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-16 06:06:22 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-16 06:06:22 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-16 06:06:21 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-16 06:06:22 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-16 06:06:23 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-16 06:06:21 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-16 06:06:21 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-16 06:06:22 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-16 06:06:23 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-16 06:06:23 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-16 06:06:24 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-16 06:06:22 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-16 06:06:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-16 06:06:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-16 06:06:22 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-16 06:06:22 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-16 06:06:24 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-08-14 02:23:32 380928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"EKIJ5000StatusMonitor"="C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-05-07 15:53:36 2042368]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 19:00:26 641704]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 15:07:54 252296]

C:\Users\diablo acct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:03 136176]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 21:04:46 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 23:53:18 250288]
R3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 18:12:22 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 18:12:22 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 18:12:24 27136]
R3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 18:12:24 34304]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:03 136176]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-07 21:04:46 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 16:23:03 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-30 07:00:33 1255736]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 19:07:17 25832]
R4 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2008-11-26 15:36:12 323584]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 19:24:16 308592]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-04-06 02:16:02 236544]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 17:12:16 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 20:04:30 53888]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 21:04:46 399432]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 04:43:08 92592]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 13:18:24 46136]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 05:22:40 11174400]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 01:10:44 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 12:32:04 95760]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 21:52:30 215040]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 4B67C937A5C89FB4
*Deregistered* - 4b67c937a5c89fb4

Contents of the 'Scheduled Tasks' folder

2012-09-25 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:39:59 . 2012-09-20 23:53:18]

2012-09-25 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:05 . 2010-07-03 23:38:03]

2012-09-25 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38:05 . 2010-07-03 23:38:03]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-05-07 15:53:36 2042368]
"combofix"="C:\ComboFix\CF20412.3XE" [2010-11-20 13:24:33 345088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8mat3jcw.default\

- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\4b67c937a5c89fb4]
"ImagePath"="\SystemRoot\System32\Drivers\4b67c937a5c89fb4.sys"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Other Running Processes ------------------------

C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Windows\DAODx.exe

**************************************************************************

Completion time: 2012-09-24 20:56:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-25 00:56:30

Pre-Run: 864,063,918,080 bytes free
Post-Run: 863,967,174,656 bytes free

- - End Of File - - 01AD6C3270C5213A9239C3EDD25021D8