Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fbi Virus Moneypak [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now retry TDSSKiller please but rename it to winlogon first

On completion could have a fresh OTL scan with the following parameters

  • Run OTL.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

Advertisements


#17
risefreeze

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here are the TDS and Otl logs. It looks like the otl extras log didn't update.

09:15:50.0228 1300 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:15:50.0446 1300 ============================================================
09:15:50.0446 1300 Current date / time: 2012/09/25 09:15:50.0446
09:15:50.0446 1300 SystemInfo:
09:15:50.0446 1300
09:15:50.0446 1300 OS Version: 6.1.7601 ServicePack: 1.0
09:15:50.0446 1300 Product type: Workstation
09:15:50.0446 1300 ComputerName: PHIL-PC
09:15:50.0446 1300 UserName: Admin
09:15:50.0446 1300 Windows directory: C:\Windows
09:15:50.0446 1300 System windows directory: C:\Windows
09:15:50.0446 1300 Running under WOW64
09:15:50.0446 1300 Processor architecture: Intel x64
09:15:50.0446 1300 Number of processors: 4
09:15:50.0446 1300 Page size: 0x1000
09:15:50.0446 1300 Boot type: Normal boot
09:15:50.0446 1300 ============================================================
09:15:52.0630 1300 !crdlk
09:15:52.0646 1300 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
09:15:52.0646 1300 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
09:15:52.0662 1300 Drive \Device\Harddisk2\DR2 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:15:52.0662 1300 ============================================================
09:15:52.0662 1300 \Device\Harddisk0\DR0:
09:15:52.0662 1300 MBR partitions:
09:15:52.0662 1300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
09:15:52.0662 1300 \Device\Harddisk1\DR1:
09:15:52.0662 1300 MBR partitions:
09:15:52.0662 1300 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
09:15:52.0662 1300 \Device\Harddisk2\DR2:
09:15:52.0662 1300 MBR partitions:
09:15:52.0662 1300 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
09:15:52.0662 1300 ============================================================
09:15:52.0677 1300 C: <-> \Device\Harddisk1\DR1\Partition1
09:15:52.0693 1300 E: <-> \Device\Harddisk0\DR0\Partition1
09:15:52.0693 1300 ============================================================
09:15:52.0693 1300 Initialize success
09:15:52.0693 1300 ============================================================
09:16:04.0362 3292 ============================================================
09:16:04.0362 3292 Scan started
09:16:04.0362 3292 Mode: Manual; SigCheck; TDLFS;
09:16:04.0362 3292 ============================================================
09:16:04.0908 3292 ================ Scan system memory ========================
09:16:04.0908 3292 System memory - ok
09:16:04.0908 3292 ================ Scan services =============================
09:16:05.0079 3292 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:16:05.0079 3292 1394ohci ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0079 3292 1394ohci - detected UnsignedFile.Multi.Generic (1)
09:16:05.0079 3292 Suspicious service (NoAccess): 4b67c937a5c89fb4
09:16:05.0110 3292 [ 0A7DAB6A5D1C59348CD56EDA45CF90B7 ] 4b67c937a5c89fb4 C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys
09:16:05.0110 3292 Suspicious file (NoAccess): C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys. md5: 0A7DAB6A5D1C59348CD56EDA45CF90B7
09:16:05.0110 3292 4b67c937a5c89fb4 ( Rootkit.Win32.Necurs.gen ) - infected
09:16:05.0110 3292 4b67c937a5c89fb4 - detected Rootkit.Win32.Necurs.gen (0)
09:16:05.0142 3292 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:16:05.0142 3292 ACPI ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0142 3292 ACPI - detected UnsignedFile.Multi.Generic (1)
09:16:05.0157 3292 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:16:05.0157 3292 AcpiPmi ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0157 3292 AcpiPmi - detected UnsignedFile.Multi.Generic (1)
09:16:05.0235 3292 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:16:05.0235 3292 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0235 3292 AdobeFlashPlayerUpdateSvc - detected UnsignedFile.Multi.Generic (1)
09:16:05.0282 3292 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:16:05.0282 3292 adp94xx ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0282 3292 adp94xx - detected UnsignedFile.Multi.Generic (1)
09:16:05.0298 3292 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:16:05.0298 3292 adpahci ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0298 3292 adpahci - detected UnsignedFile.Multi.Generic (1)
09:16:05.0313 3292 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:16:05.0329 3292 adpu320 ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0329 3292 adpu320 - detected UnsignedFile.Multi.Generic (1)
09:16:05.0360 3292 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:16:05.0360 3292 AeLookupSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0360 3292 AeLookupSvc - detected UnsignedFile.Multi.Generic (1)
09:16:05.0407 3292 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:16:05.0407 3292 AFD ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0407 3292 AFD - detected UnsignedFile.Multi.Generic (1)
09:16:05.0422 3292 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:16:05.0422 3292 agp440 ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0422 3292 agp440 - detected UnsignedFile.Multi.Generic (1)
09:16:05.0438 3292 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:16:05.0438 3292 ALG ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0438 3292 ALG - detected UnsignedFile.Multi.Generic (1)
09:16:05.0454 3292 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:16:05.0454 3292 aliide ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0454 3292 aliide - detected UnsignedFile.Multi.Generic (1)
09:16:05.0485 3292 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:16:05.0485 3292 AMD External Events Utility ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0485 3292 AMD External Events Utility - detected UnsignedFile.Multi.Generic (1)
09:16:05.0563 3292 AMD FUEL Service - ok
09:16:05.0578 3292 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:16:05.0578 3292 amdide ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0578 3292 amdide - detected UnsignedFile.Multi.Generic (1)
09:16:05.0610 3292 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
09:16:05.0610 3292 amdiox64 ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0610 3292 amdiox64 - detected UnsignedFile.Multi.Generic (1)
09:16:05.0625 3292 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:16:05.0625 3292 AmdK8 ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0625 3292 AmdK8 - detected UnsignedFile.Multi.Generic (1)
09:16:05.0766 3292 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:16:05.0828 3292 amdkmdag ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0828 3292 amdkmdag - detected UnsignedFile.Multi.Generic (1)
09:16:05.0844 3292 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:16:05.0844 3292 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0844 3292 amdkmdap - detected UnsignedFile.Multi.Generic (1)
09:16:05.0875 3292 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:16:05.0875 3292 AmdPPM ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0875 3292 AmdPPM - detected UnsignedFile.Multi.Generic (1)
09:16:05.0890 3292 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:16:05.0890 3292 amdsata ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0890 3292 amdsata - detected UnsignedFile.Multi.Generic (1)
09:16:05.0906 3292 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:16:05.0906 3292 amdsbs ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0906 3292 amdsbs - detected UnsignedFile.Multi.Generic (1)
09:16:05.0937 3292 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:16:05.0937 3292 amdxata ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0937 3292 amdxata - detected UnsignedFile.Multi.Generic (1)
09:16:05.0968 3292 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys
09:16:05.0968 3292 Andbus ( UnsignedFile.Multi.Generic ) - warning
09:16:05.0968 3292 Andbus - detected UnsignedFile.Multi.Generic (1)
09:16:05.0984 3292 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys
09:16:05.0984 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lganddiag64.sys. md5: 08CBACC00D15DCDBBAAE1A7C8F231C61
09:16:06.0000 3292 AndDiag ( LockedFile.Multi.Generic ) - warning
09:16:06.0000 3292 AndDiag - detected LockedFile.Multi.Generic (1)
09:16:06.0015 3292 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys
09:16:06.0015 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lgandgps64.sys. md5: CEA9A4CD6B3A83428CE8501240833668
09:16:06.0015 3292 AndGps ( LockedFile.Multi.Generic ) - warning
09:16:06.0015 3292 AndGps - detected LockedFile.Multi.Generic (1)
09:16:06.0046 3292 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys
09:16:06.0046 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lgandmodem64.sys. md5: E2B5663E547FA5E756B253EFA8EC8286
09:16:06.0046 3292 ANDModem ( LockedFile.Multi.Generic ) - warning
09:16:06.0046 3292 ANDModem - detected LockedFile.Multi.Generic (1)
09:16:06.0093 3292 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
09:16:06.0093 3292 Suspicious file (NoAccess): C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys. md5: 5B25D1A753CC3A3EDB909BB759AC1098
09:16:06.0093 3292 AODDriver4.1 ( LockedFile.Multi.Generic ) - warning
09:16:06.0093 3292 AODDriver4.1 - detected LockedFile.Multi.Generic (1)
09:16:06.0124 3292 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:16:06.0124 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\appid.sys. md5: 89A69C3F2F319B43379399547526D952
09:16:06.0124 3292 AppID ( LockedFile.Multi.Generic ) - warning
09:16:06.0124 3292 AppID - detected LockedFile.Multi.Generic (1)
09:16:06.0140 3292 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:16:06.0140 3292 AppIDSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:06.0140 3292 AppIDSvc - detected UnsignedFile.Multi.Generic (1)
09:16:06.0171 3292 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:16:06.0171 3292 Appinfo ( UnsignedFile.Multi.Generic ) - warning
09:16:06.0171 3292 Appinfo - detected UnsignedFile.Multi.Generic (1)
09:16:06.0202 3292 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:16:06.0202 3292 AppMgmt ( UnsignedFile.Multi.Generic ) - warning
09:16:06.0202 3292 AppMgmt - detected UnsignedFile.Multi.Generic (1)
09:16:06.0218 3292 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:16:06.0218 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arc.sys. md5: C484F8CEB1717C540242531DB7845C4E
09:16:06.0218 3292 arc ( LockedFile.Multi.Generic ) - warning
09:16:06.0218 3292 arc - detected LockedFile.Multi.Generic (1)
09:16:06.0234 3292 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:16:06.0234 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 019AF6924AEFE7839F61C830227FE79C
09:16:06.0234 3292 arcsas ( LockedFile.Multi.Generic ) - warning
09:16:06.0234 3292 arcsas - detected LockedFile.Multi.Generic (1)
09:16:06.0296 3292 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
09:16:06.0296 3292 Suspicious file (NoAccess): C:\Windows\syswow64\drivers\AsIO.sys. md5: 8065A7659562005127673AC52898675F
09:16:06.0296 3292 AsIO ( LockedFile.Multi.Generic ) - warning
09:16:06.0296 3292 AsIO - detected LockedFile.Multi.Generic (1)
09:16:06.0327 3292 AsSysCtrlService - ok
09:16:06.0374 3292 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:16:06.0374 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765CE2CC62867468CEA93969B2242
09:16:06.0374 3292 AsyncMac ( LockedFile.Multi.Generic ) - warning
09:16:06.0374 3292 AsyncMac - detected LockedFile.Multi.Generic (1)
09:16:06.0405 3292 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:16:06.0405 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C
09:16:06.0405 3292 atapi ( LockedFile.Multi.Generic ) - warning
09:16:06.0405 3292 atapi - detected LockedFile.Multi.Generic (1)
09:16:06.0468 3292 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:16:06.0468 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\AtihdW76.sys. md5: 24464B908E143D2561E9E452FEE97309
09:16:06.0483 3292 AtiHDAudioService ( LockedFile.Multi.Generic ) - warning
09:16:06.0483 3292 AtiHDAudioService - detected LockedFile.Multi.Generic (1)
09:16:06.0514 3292 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
09:16:06.0514 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\AtiHdmi.sys. md5: 3B9014FB7CE9E20FD726321C7DB7D8B0
09:16:06.0514 3292 AtiHdmiService ( LockedFile.Multi.Generic ) - warning
09:16:06.0514 3292 AtiHdmiService - detected LockedFile.Multi.Generic (1)
09:16:06.0639 3292 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:16:06.0639 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\atikmdag.sys. md5: 0B45C18B0F3EE996D25BAA4E74884B83
09:16:06.0670 3292 atikmdag ( LockedFile.Multi.Generic ) - warning
09:16:06.0670 3292 atikmdag - detected LockedFile.Multi.Generic (1)
09:16:06.0702 3292 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
09:16:06.0702 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AtiPcie.sys. md5: 7C5D273E29DCC5505469B299C6F29163
09:16:06.0702 3292 AtiPcie ( LockedFile.Multi.Generic ) - warning
09:16:06.0702 3292 AtiPcie - detected LockedFile.Multi.Generic (1)
09:16:06.0748 3292 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:16:06.0748 3292 AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - warning
09:16:06.0748 3292 AudioEndpointBuilder - detected UnsignedFile.Multi.Generic (1)
09:16:06.0764 3292 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:16:06.0764 3292 AudioSrv ( UnsignedFile.Multi.Generic ) - warning
09:16:06.0764 3292 AudioSrv - detected UnsignedFile.Multi.Generic (1)
09:16:06.0795 3292 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:16:06.0795 3292 AxInstSV ( UnsignedFile.Multi.Generic ) - warning
09:16:06.0795 3292 AxInstSV - detected UnsignedFile.Multi.Generic (1)
09:16:06.0826 3292 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:16:06.0826 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bxvbda.sys. md5: 3E5B191307609F7514148C6832BB0842
09:16:06.0842 3292 b06bdrv ( LockedFile.Multi.Generic ) - warning
09:16:06.0842 3292 b06bdrv - detected LockedFile.Multi.Generic (1)
09:16:06.0858 3292 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:16:06.0858 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\b57nd60a.sys. md5: B5ACE6968304A3900EEB1EBFD9622DF2
09:16:06.0858 3292 b57nd60a ( LockedFile.Multi.Generic ) - warning
09:16:06.0858 3292 b57nd60a - detected LockedFile.Multi.Generic (1)
09:16:06.0873 3292 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:16:06.0889 3292 BDESVC ( UnsignedFile.Multi.Generic ) - warning
09:16:06.0889 3292 BDESVC - detected UnsignedFile.Multi.Generic (1)
09:16:06.0904 3292 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:16:06.0904 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\Beep.sys. md5: 16A47CE2DECC9B099349A5F840654746
09:16:06.0904 3292 Beep ( LockedFile.Multi.Generic ) - warning
09:16:06.0904 3292 Beep - detected LockedFile.Multi.Generic (1)
09:16:06.0951 3292 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:16:06.0967 3292 BFE ( UnsignedFile.Multi.Generic ) - warning
09:16:06.0967 3292 BFE - detected UnsignedFile.Multi.Generic (1)
09:16:07.0014 3292 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
09:16:07.0014 3292 BITS ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0014 3292 BITS - detected UnsignedFile.Multi.Generic (1)
09:16:07.0045 3292 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:16:07.0045 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3
09:16:07.0045 3292 blbdrive ( LockedFile.Multi.Generic ) - warning
09:16:07.0045 3292 blbdrive - detected LockedFile.Multi.Generic (1)
09:16:07.0092 3292 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
09:16:07.0107 3292 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0107 3292 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
09:16:07.0138 3292 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:16:07.0138 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5
09:16:07.0138 3292 bowser ( LockedFile.Multi.Generic ) - warning
09:16:07.0138 3292 bowser - detected LockedFile.Multi.Generic (1)
09:16:07.0154 3292 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:16:07.0154 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8
09:16:07.0154 3292 BrFiltLo ( LockedFile.Multi.Generic ) - warning
09:16:07.0154 3292 BrFiltLo - detected LockedFile.Multi.Generic (1)
09:16:07.0170 3292 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:16:07.0170 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6
09:16:07.0170 3292 BrFiltUp ( LockedFile.Multi.Generic ) - warning
09:16:07.0170 3292 BrFiltUp - detected LockedFile.Multi.Generic (1)
09:16:07.0185 3292 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:16:07.0185 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bridge.sys. md5: 5C2F352A4E961D72518261257AAE204B
09:16:07.0185 3292 BridgeMP ( LockedFile.Multi.Generic ) - warning
09:16:07.0185 3292 BridgeMP - detected LockedFile.Multi.Generic (1)
09:16:07.0232 3292 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:16:07.0232 3292 Browser ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0232 3292 Browser - detected UnsignedFile.Multi.Generic (1)
09:16:07.0248 3292 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:16:07.0248 3292 Suspicious file (NoAccess): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD
09:16:07.0248 3292 Brserid ( LockedFile.Multi.Generic ) - warning
09:16:07.0248 3292 Brserid - detected LockedFile.Multi.Generic (1)
09:16:07.0248 3292 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:16:07.0248 3292 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42
09:16:07.0263 3292 BrSerWdm ( LockedFile.Multi.Generic ) - warning
09:16:07.0263 3292 BrSerWdm - detected LockedFile.Multi.Generic (1)
09:16:07.0263 3292 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:16:07.0263 3292 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524
09:16:07.0279 3292 BrUsbMdm ( LockedFile.Multi.Generic ) - warning
09:16:07.0279 3292 BrUsbMdm - detected LockedFile.Multi.Generic (1)
09:16:07.0279 3292 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:16:07.0279 3292 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF
09:16:07.0279 3292 BrUsbSer ( LockedFile.Multi.Generic ) - warning
09:16:07.0279 3292 BrUsbSer - detected LockedFile.Multi.Generic (1)
09:16:07.0294 3292 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:16:07.0294 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8
09:16:07.0310 3292 BTHMODEM ( LockedFile.Multi.Generic ) - warning
09:16:07.0310 3292 BTHMODEM - detected LockedFile.Multi.Generic (1)
09:16:07.0341 3292 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:16:07.0341 3292 bthserv ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0341 3292 bthserv - detected UnsignedFile.Multi.Generic (1)
09:16:07.0466 3292 catchme - ok
09:16:07.0482 3292 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:16:07.0482 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A
09:16:07.0482 3292 cdfs ( LockedFile.Multi.Generic ) - warning
09:16:07.0482 3292 cdfs - detected LockedFile.Multi.Generic (1)
09:16:07.0513 3292 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:16:07.0528 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416
09:16:07.0528 3292 cdrom ( LockedFile.Multi.Generic ) - warning
09:16:07.0528 3292 cdrom - detected LockedFile.Multi.Generic (1)
09:16:07.0560 3292 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:16:07.0560 3292 CertPropSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0560 3292 CertPropSvc - detected UnsignedFile.Multi.Generic (1)
09:16:07.0575 3292 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:16:07.0575 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF
09:16:07.0575 3292 circlass ( LockedFile.Multi.Generic ) - warning
09:16:07.0575 3292 circlass - detected LockedFile.Multi.Generic (1)
09:16:07.0606 3292 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:16:07.0606 3292 Suspicious file (NoAccess): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206
09:16:07.0606 3292 CLFS ( LockedFile.Multi.Generic ) - warning
09:16:07.0606 3292 CLFS - detected LockedFile.Multi.Generic (1)
09:16:07.0669 3292 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:16:07.0669 3292 clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0669 3292 clr_optimization_v2.0.50727_32 - detected UnsignedFile.Multi.Generic (1)
09:16:07.0731 3292 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:16:07.0731 3292 clr_optimization_v2.0.50727_64 ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0731 3292 clr_optimization_v2.0.50727_64 - detected UnsignedFile.Multi.Generic (1)
09:16:07.0794 3292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:16:07.0809 3292 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0809 3292 clr_optimization_v4.0.30319_32 - detected UnsignedFile.Multi.Generic (1)
09:16:07.0825 3292 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:16:07.0825 3292 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0825 3292 clr_optimization_v4.0.30319_64 - detected UnsignedFile.Multi.Generic (1)
09:16:07.0840 3292 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:16:07.0840 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33
09:16:07.0840 3292 CmBatt ( LockedFile.Multi.Generic ) - warning
09:16:07.0840 3292 CmBatt - detected LockedFile.Multi.Generic (1)
09:16:07.0872 3292 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:16:07.0872 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD
09:16:07.0872 3292 cmdide ( LockedFile.Multi.Generic ) - warning
09:16:07.0872 3292 cmdide - detected LockedFile.Multi.Generic (1)
09:16:07.0903 3292 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:16:07.0903 3292 Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: 9AC4F97C2D3E93367E2148EA940CD2CD
09:16:07.0903 3292 CNG ( LockedFile.Multi.Generic ) - warning
09:16:07.0903 3292 CNG - detected LockedFile.Multi.Generic (1)
09:16:07.0918 3292 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:16:07.0918 3292 Compbatt ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0918 3292 Compbatt - detected UnsignedFile.Multi.Generic (1)
09:16:07.0934 3292 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:16:07.0934 3292 CompositeBus ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0934 3292 CompositeBus - detected UnsignedFile.Multi.Generic (1)
09:16:07.0934 3292 COMSysApp - ok
09:16:07.0950 3292 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:16:07.0950 3292 crcdisk ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0950 3292 crcdisk - detected UnsignedFile.Multi.Generic (1)
09:16:07.0981 3292 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:16:07.0996 3292 CryptSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:07.0996 3292 CryptSvc - detected UnsignedFile.Multi.Generic (1)
09:16:08.0028 3292 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:16:08.0028 3292 CSC ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0028 3292 CSC - detected UnsignedFile.Multi.Generic (1)
09:16:08.0043 3292 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:16:08.0059 3292 CscService ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0059 3292 CscService - detected UnsignedFile.Multi.Generic (1)
09:16:08.0152 3292 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
09:16:08.0152 3292 DAUpdaterSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0152 3292 DAUpdaterSvc - detected UnsignedFile.Multi.Generic (1)
09:16:08.0199 3292 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:16:08.0199 3292 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0199 3292 DcomLaunch - detected UnsignedFile.Multi.Generic (1)
09:16:08.0246 3292 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:16:08.0246 3292 defragsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0246 3292 defragsvc - detected UnsignedFile.Multi.Generic (1)
09:16:08.0277 3292 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:16:08.0277 3292 DfsC ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0277 3292 DfsC - detected UnsignedFile.Multi.Generic (1)
09:16:08.0308 3292 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:16:08.0308 3292 Dhcp ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0308 3292 Dhcp - detected UnsignedFile.Multi.Generic (1)
09:16:08.0324 3292 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:16:08.0324 3292 discache ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0324 3292 discache - detected UnsignedFile.Multi.Generic (1)
09:16:08.0355 3292 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:16:08.0355 3292 Disk ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0355 3292 Disk - detected UnsignedFile.Multi.Generic (1)
09:16:08.0386 3292 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:16:08.0386 3292 Dnscache ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0386 3292 Dnscache - detected UnsignedFile.Multi.Generic (1)
09:16:08.0433 3292 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:16:08.0433 3292 dot3svc ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0433 3292 dot3svc - detected UnsignedFile.Multi.Generic (1)
09:16:08.0464 3292 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:16:08.0464 3292 DPS ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0464 3292 DPS - detected UnsignedFile.Multi.Generic (1)
09:16:08.0511 3292 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:16:08.0511 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754
09:16:08.0511 3292 drmkaud ( LockedFile.Multi.Generic ) - warning
09:16:08.0511 3292 drmkaud - detected LockedFile.Multi.Generic (1)
09:16:08.0574 3292 [ E603B2BBCAB828088AB43F016188B259 ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
09:16:08.0589 3292 DvmMDES ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0589 3292 DvmMDES - detected UnsignedFile.Multi.Generic (1)
09:16:08.0605 3292 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:16:08.0605 3292 Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: F5BEE30450E18E6B83A5012C100616FD
09:16:08.0620 3292 DXGKrnl ( LockedFile.Multi.Generic ) - warning
09:16:08.0620 3292 DXGKrnl - detected LockedFile.Multi.Generic (1)
09:16:08.0652 3292 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:16:08.0652 3292 EapHost ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0652 3292 EapHost - detected UnsignedFile.Multi.Generic (1)
09:16:08.0730 3292 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:16:08.0730 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F
09:16:08.0730 3292 ebdrv ( LockedFile.Multi.Generic ) - warning
09:16:08.0730 3292 ebdrv - detected LockedFile.Multi.Generic (1)
09:16:08.0761 3292 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:16:08.0761 3292 EFS ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0761 3292 EFS - detected UnsignedFile.Multi.Generic (1)
09:16:08.0823 3292 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:16:08.0823 3292 ehRecvr ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0823 3292 ehRecvr - detected UnsignedFile.Multi.Generic (1)
09:16:08.0854 3292 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:16:08.0854 3292 ehSched ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0854 3292 ehSched - detected UnsignedFile.Multi.Generic (1)
09:16:08.0886 3292 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:16:08.0886 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184
09:16:08.0886 3292 elxstor ( LockedFile.Multi.Generic ) - warning
09:16:08.0886 3292 elxstor - detected LockedFile.Multi.Generic (1)
09:16:08.0917 3292 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:16:08.0917 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B
09:16:08.0932 3292 ErrDev ( LockedFile.Multi.Generic ) - warning
09:16:08.0932 3292 ErrDev - detected LockedFile.Multi.Generic (1)
09:16:08.0964 3292 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:16:08.0964 3292 EventSystem ( UnsignedFile.Multi.Generic ) - warning
09:16:08.0964 3292 EventSystem - detected UnsignedFile.Multi.Generic (1)
09:16:08.0979 3292 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:16:08.0979 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B
09:16:08.0979 3292 exfat ( LockedFile.Multi.Generic ) - warning
09:16:08.0979 3292 exfat - detected LockedFile.Multi.Generic (1)
09:16:09.0010 3292 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:16:09.0010 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D
09:16:09.0010 3292 fastfat ( LockedFile.Multi.Generic ) - warning
09:16:09.0010 3292 fastfat - detected LockedFile.Multi.Generic (1)
09:16:09.0042 3292 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:16:09.0057 3292 Fax ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0057 3292 Fax - detected UnsignedFile.Multi.Generic (1)
09:16:09.0073 3292 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:16:09.0073 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB
09:16:09.0073 3292 fdc ( LockedFile.Multi.Generic ) - warning
09:16:09.0073 3292 fdc - detected LockedFile.Multi.Generic (1)
09:16:09.0104 3292 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:16:09.0104 3292 fdPHost ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0104 3292 fdPHost - detected UnsignedFile.Multi.Generic (1)
09:16:09.0135 3292 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:16:09.0135 3292 FDResPub ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0135 3292 FDResPub - detected UnsignedFile.Multi.Generic (1)
09:16:09.0135 3292 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:16:09.0135 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930
09:16:09.0151 3292 FileInfo ( LockedFile.Multi.Generic ) - warning
09:16:09.0151 3292 FileInfo - detected LockedFile.Multi.Generic (1)
09:16:09.0166 3292 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:16:09.0166 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47
09:16:09.0166 3292 Filetrace ( LockedFile.Multi.Generic ) - warning
09:16:09.0166 3292 Filetrace - detected LockedFile.Multi.Generic (1)
09:16:09.0182 3292 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:16:09.0182 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5
09:16:09.0182 3292 flpydisk ( LockedFile.Multi.Generic ) - warning
09:16:09.0182 3292 flpydisk - detected LockedFile.Multi.Generic (1)
09:16:09.0213 3292 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:16:09.0213 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741
09:16:09.0213 3292 FltMgr ( LockedFile.Multi.Generic ) - warning
09:16:09.0213 3292 FltMgr - detected LockedFile.Multi.Generic (1)
09:16:09.0260 3292 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:16:09.0276 3292 FontCache ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0276 3292 FontCache - detected UnsignedFile.Multi.Generic (1)
09:16:09.0322 3292 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:16:09.0322 3292 FontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0322 3292 FontCache3.0.0.0 - detected UnsignedFile.Multi.Generic (1)
09:16:09.0338 3292 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:16:09.0338 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC
09:16:09.0354 3292 FsDepends ( LockedFile.Multi.Generic ) - warning
09:16:09.0354 3292 FsDepends - detected LockedFile.Multi.Generic (1)
09:16:09.0385 3292 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:16:09.0385 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B
09:16:09.0385 3292 Fs_Rec ( LockedFile.Multi.Generic ) - warning
09:16:09.0385 3292 Fs_Rec - detected LockedFile.Multi.Generic (1)
09:16:09.0416 3292 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:16:09.0416 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED
09:16:09.0416 3292 fvevol ( LockedFile.Multi.Generic ) - warning
09:16:09.0416 3292 fvevol - detected LockedFile.Multi.Generic (1)
09:16:09.0432 3292 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:16:09.0432 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6
09:16:09.0447 3292 gagp30kx ( LockedFile.Multi.Generic ) - warning
09:16:09.0447 3292 gagp30kx - detected LockedFile.Multi.Generic (1)
09:16:09.0478 3292 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:16:09.0494 3292 gpsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0494 3292 gpsvc - detected UnsignedFile.Multi.Generic (1)
09:16:09.0556 3292 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:16:09.0556 3292 gupdate ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0556 3292 gupdate - detected UnsignedFile.Multi.Generic (1)
09:16:09.0603 3292 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:16:09.0603 3292 gupdatem ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0603 3292 gupdatem - detected UnsignedFile.Multi.Generic (1)
09:16:09.0619 3292 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:16:09.0619 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0
09:16:09.0619 3292 hcw85cir ( LockedFile.Multi.Generic ) - warning
09:16:09.0619 3292 hcw85cir - detected LockedFile.Multi.Generic (1)
09:16:09.0666 3292 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:16:09.0666 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410F6F415B2A5A9037224C41DA8BF12
09:16:09.0666 3292 HdAudAddService ( LockedFile.Multi.Generic ) - warning
09:16:09.0666 3292 HdAudAddService - detected LockedFile.Multi.Generic (1)
09:16:09.0697 3292 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:16:09.0697 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB
09:16:09.0697 3292 HDAudBus ( LockedFile.Multi.Generic ) - warning
09:16:09.0697 3292 HDAudBus - detected LockedFile.Multi.Generic (1)
09:16:09.0712 3292 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:16:09.0712 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F
09:16:09.0712 3292 HidBatt ( LockedFile.Multi.Generic ) - warning
09:16:09.0712 3292 HidBatt - detected LockedFile.Multi.Generic (1)
09:16:09.0728 3292 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:16:09.0728 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104
09:16:09.0728 3292 HidBth ( LockedFile.Multi.Generic ) - warning
09:16:09.0728 3292 HidBth - detected LockedFile.Multi.Generic (1)
09:16:09.0744 3292 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:16:09.0744 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825
09:16:09.0759 3292 HidIr ( LockedFile.Multi.Generic ) - warning
09:16:09.0759 3292 HidIr - detected LockedFile.Multi.Generic (1)
09:16:09.0790 3292 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
09:16:09.0790 3292 hidserv ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0790 3292 hidserv - detected UnsignedFile.Multi.Generic (1)
09:16:09.0806 3292 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:16:09.0806 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536
09:16:09.0806 3292 HidUsb ( LockedFile.Multi.Generic ) - warning
09:16:09.0806 3292 HidUsb - detected LockedFile.Multi.Generic (1)
09:16:09.0837 3292 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:16:09.0837 3292 hkmsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0837 3292 hkmsvc - detected UnsignedFile.Multi.Generic (1)
09:16:09.0868 3292 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:16:09.0868 3292 HomeGroupListener ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0868 3292 HomeGroupListener - detected UnsignedFile.Multi.Generic (1)
09:16:09.0915 3292 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:16:09.0915 3292 HomeGroupProvider ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0915 3292 HomeGroupProvider - detected UnsignedFile.Multi.Generic (1)
09:16:09.0931 3292 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:16:09.0946 3292 HpSAMD ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0946 3292 HpSAMD - detected UnsignedFile.Multi.Generic (1)
09:16:09.0993 3292 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:16:09.0993 3292 HTTP ( UnsignedFile.Multi.Generic ) - warning
09:16:09.0993 3292 HTTP - detected UnsignedFile.Multi.Generic (1)
09:16:10.0024 3292 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:16:10.0024 3292 hwpolicy ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0024 3292 hwpolicy - detected UnsignedFile.Multi.Generic (1)
09:16:10.0056 3292 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:16:10.0056 3292 i8042prt ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0056 3292 i8042prt - detected UnsignedFile.Multi.Generic (1)
09:16:10.0087 3292 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:16:10.0087 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366
09:16:10.0087 3292 iaStorV ( LockedFile.Multi.Generic ) - warning
09:16:10.0087 3292 iaStorV - detected LockedFile.Multi.Generic (1)
09:16:10.0118 3292 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:16:10.0118 3292 idsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0118 3292 idsvc - detected UnsignedFile.Multi.Generic (1)
09:16:10.0149 3292 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:16:10.0149 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21
09:16:10.0149 3292 iirsp ( LockedFile.Multi.Generic ) - warning
09:16:10.0149 3292 iirsp - detected LockedFile.Multi.Generic (1)
09:16:10.0180 3292 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:16:10.0180 3292 IKEEXT ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0180 3292 IKEEXT - detected UnsignedFile.Multi.Generic (1)
09:16:10.0243 3292 [ 5BA1779E2C84FDE2A5E201FFF9C42C9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:16:10.0243 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 5BA1779E2C84FDE2A5E201FFF9C42C9C
09:16:10.0243 3292 IntcAzAudAddService ( LockedFile.Multi.Generic ) - warning
09:16:10.0243 3292 IntcAzAudAddService - detected LockedFile.Multi.Generic (1)
09:16:10.0258 3292 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:16:10.0258 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA
09:16:10.0258 3292 intelide ( LockedFile.Multi.Generic ) - warning
09:16:10.0258 3292 intelide - detected LockedFile.Multi.Generic (1)
09:16:10.0258 3292 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:16:10.0258 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1
09:16:10.0274 3292 intelppm ( LockedFile.Multi.Generic ) - warning
09:16:10.0274 3292 intelppm - detected LockedFile.Multi.Generic (1)
09:16:10.0305 3292 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:16:10.0305 3292 IPBusEnum ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0305 3292 IPBusEnum - detected UnsignedFile.Multi.Generic (1)
09:16:10.0336 3292 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:16:10.0336 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6
09:16:10.0336 3292 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
09:16:10.0336 3292 IpFilterDriver - detected LockedFile.Multi.Generic (1)
09:16:10.0368 3292 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:16:10.0368 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A
09:16:10.0368 3292 IPMIDRV ( LockedFile.Multi.Generic ) - warning
09:16:10.0368 3292 IPMIDRV - detected LockedFile.Multi.Generic (1)
09:16:10.0383 3292 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:16:10.0383 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0
09:16:10.0383 3292 IPNAT ( LockedFile.Multi.Generic ) - warning
09:16:10.0383 3292 IPNAT - detected LockedFile.Multi.Generic (1)
09:16:10.0399 3292 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:16:10.0399 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9
09:16:10.0399 3292 IRENUM ( LockedFile.Multi.Generic ) - warning
09:16:10.0399 3292 IRENUM - detected LockedFile.Multi.Generic (1)
09:16:10.0430 3292 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:16:10.0430 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38
09:16:10.0430 3292 isapnp ( LockedFile.Multi.Generic ) - warning
09:16:10.0430 3292 isapnp - detected LockedFile.Multi.Generic (1)
09:16:10.0446 3292 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:16:10.0446 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD
09:16:10.0461 3292 iScsiPrt ( LockedFile.Multi.Generic ) - warning
09:16:10.0461 3292 iScsiPrt - detected LockedFile.Multi.Generic (1)
09:16:10.0477 3292 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:16:10.0477 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5
09:16:10.0477 3292 kbdclass ( LockedFile.Multi.Generic ) - warning
09:16:10.0477 3292 kbdclass - detected LockedFile.Multi.Generic (1)
09:16:10.0492 3292 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:16:10.0492 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484
09:16:10.0508 3292 kbdhid ( LockedFile.Multi.Generic ) - warning
09:16:10.0508 3292 kbdhid - detected LockedFile.Multi.Generic (1)
09:16:10.0524 3292 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:16:10.0524 3292 KeyIso ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0524 3292 KeyIso - detected UnsignedFile.Multi.Generic (1)
09:16:10.0617 3292 [ F8D454FBA97DC28F02931C588BAFE4CF ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
09:16:10.0617 3292 Kodak AiO Network Discovery Service ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0617 3292 Kodak AiO Network Discovery Service - detected UnsignedFile.Multi.Generic (1)
09:16:10.0648 3292 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:16:10.0648 3292 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4
09:16:10.0648 3292 KSecDD ( LockedFile.Multi.Generic ) - warning
09:16:10.0648 3292 KSecDD - detected LockedFile.Multi.Generic (1)
09:16:10.0680 3292 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:16:10.0680 3292 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07
09:16:10.0680 3292 KSecPkg ( LockedFile.Multi.Generic ) - warning
09:16:10.0680 3292 KSecPkg - detected LockedFile.Multi.Generic (1)
09:16:10.0711 3292 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:16:10.0711 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4
09:16:10.0711 3292 ksthunk ( LockedFile.Multi.Generic ) - warning
09:16:10.0711 3292 ksthunk - detected LockedFile.Multi.Generic (1)
09:16:10.0742 3292 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:16:10.0742 3292 KtmRm ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0742 3292 KtmRm - detected UnsignedFile.Multi.Generic (1)
09:16:10.0789 3292 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:16:10.0789 3292 LanmanServer ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0789 3292 LanmanServer - detected UnsignedFile.Multi.Generic (1)
09:16:10.0820 3292 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:16:10.0836 3292 LanmanWorkstation ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0836 3292 LanmanWorkstation - detected UnsignedFile.Multi.Generic (1)
09:16:10.0851 3292 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:16:10.0851 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827
09:16:10.0851 3292 lltdio ( LockedFile.Multi.Generic ) - warning
09:16:10.0851 3292 lltdio - detected LockedFile.Multi.Generic (1)
09:16:10.0882 3292 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:16:10.0898 3292 lltdsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0898 3292 lltdsvc - detected UnsignedFile.Multi.Generic (1)
09:16:10.0914 3292 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:16:10.0914 3292 lmhosts ( UnsignedFile.Multi.Generic ) - warning
09:16:10.0914 3292 lmhosts - detected UnsignedFile.Multi.Generic (1)
09:16:10.0929 3292 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:16:10.0929 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6
09:16:10.0929 3292 LSI_FC ( LockedFile.Multi.Generic ) - warning
09:16:10.0929 3292 LSI_FC - detected LockedFile.Multi.Generic (1)
09:16:10.0945 3292 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:16:10.0945 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810
09:16:10.0960 3292 LSI_SAS ( LockedFile.Multi.Generic ) - warning
09:16:10.0960 3292 LSI_SAS - detected LockedFile.Multi.Generic (1)
09:16:10.0960 3292 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:16:10.0960 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93
09:16:10.0976 3292 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
09:16:10.0976 3292 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
09:16:10.0992 3292 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:16:10.0992 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A
09:16:10.0992 3292 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
09:16:10.0992 3292 LSI_SCSI - detected LockedFile.Multi.Generic (1)
09:16:11.0023 3292 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:16:11.0023 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E
09:16:11.0023 3292 luafv ( LockedFile.Multi.Generic ) - warning
09:16:11.0023 3292 luafv - detected LockedFile.Multi.Generic (1)
09:16:11.0054 3292 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:16:11.0054 3292 MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0054 3292 MBAMProtector - detected UnsignedFile.Multi.Generic (1)
09:16:11.0085 3292 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:16:11.0101 3292 MBAMScheduler ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0101 3292 MBAMScheduler - detected UnsignedFile.Multi.Generic (1)
09:16:11.0116 3292 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:16:11.0116 3292 MBAMService ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0116 3292 MBAMService - detected UnsignedFile.Multi.Generic (1)
09:16:11.0132 3292 McComponentHostService - ok
09:16:11.0179 3292 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:16:11.0179 3292 Mcx2Svc ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0179 3292 Mcx2Svc - detected UnsignedFile.Multi.Generic (1)
09:16:11.0194 3292 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:16:11.0194 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4
09:16:11.0194 3292 megasas ( LockedFile.Multi.Generic ) - warning
09:16:11.0194 3292 megasas - detected LockedFile.Multi.Generic (1)
09:16:11.0210 3292 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:16:11.0210 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3
09:16:11.0210 3292 MegaSR ( LockedFile.Multi.Generic ) - warning
09:16:11.0210 3292 MegaSR - detected LockedFile.Multi.Generic (1)
09:16:11.0257 3292 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:16:11.0257 3292 MMCSS ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0257 3292 MMCSS - detected UnsignedFile.Multi.Generic (1)
09:16:11.0272 3292 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:16:11.0272 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137
09:16:11.0272 3292 Modem ( LockedFile.Multi.Generic ) - warning
09:16:11.0272 3292 Modem - detected LockedFile.Multi.Generic (1)
09:16:11.0288 3292 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:16:11.0288 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA
09:16:11.0288 3292 monitor ( LockedFile.Multi.Generic ) - warning
09:16:11.0288 3292 monitor - detected LockedFile.Multi.Generic (1)
09:16:11.0304 3292 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:16:11.0304 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99
09:16:11.0304 3292 mouclass ( LockedFile.Multi.Generic ) - warning
09:16:11.0304 3292 mouclass - detected LockedFile.Multi.Generic (1)
09:16:11.0319 3292 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:16:11.0319 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6
09:16:11.0335 3292 mouhid ( LockedFile.Multi.Generic ) - warning
09:16:11.0335 3292 mouhid - detected LockedFile.Multi.Generic (1)
09:16:11.0366 3292 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:16:11.0366 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA
09:16:11.0366 3292 mountmgr ( LockedFile.Multi.Generic ) - warning
09:16:11.0366 3292 mountmgr - detected LockedFile.Multi.Generic (1)
09:16:11.0428 3292 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:16:11.0428 3292 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0428 3292 MozillaMaintenance - detected UnsignedFile.Multi.Generic (1)
09:16:11.0460 3292 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:16:11.0460 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58
09:16:11.0460 3292 mpio ( LockedFile.Multi.Generic ) - warning
09:16:11.0460 3292 mpio - detected LockedFile.Multi.Generic (1)
09:16:11.0475 3292 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:16:11.0475 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F
09:16:11.0475 3292 mpsdrv ( LockedFile.Multi.Generic ) - warning
09:16:11.0475 3292 mpsdrv - detected LockedFile.Multi.Generic (1)
09:16:11.0538 3292 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:16:11.0553 3292 MpsSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0553 3292 MpsSvc - detected UnsignedFile.Multi.Generic (1)
09:16:11.0584 3292 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:16:11.0584 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380
09:16:11.0584 3292 MRxDAV ( LockedFile.Multi.Generic ) - warning
09:16:11.0584 3292 MRxDAV - detected LockedFile.Multi.Generic (1)
09:16:11.0631 3292 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:16:11.0631 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC
09:16:11.0631 3292 mrxsmb ( LockedFile.Multi.Generic ) - warning
09:16:11.0631 3292 mrxsmb - detected LockedFile.Multi.Generic (1)
09:16:11.0647 3292 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:16:11.0647 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163
09:16:11.0662 3292 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
09:16:11.0662 3292 mrxsmb10 - detected LockedFile.Multi.Generic (1)
09:16:11.0678 3292 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:16:11.0678 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C
09:16:11.0678 3292 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
09:16:11.0678 3292 mrxsmb20 - detected LockedFile.Multi.Generic (1)
09:16:11.0709 3292 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:16:11.0709 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796
09:16:11.0709 3292 msahci ( LockedFile.Multi.Generic ) - warning
09:16:11.0709 3292 msahci - detected LockedFile.Multi.Generic (1)
09:16:11.0725 3292 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:16:11.0725 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900
09:16:11.0725 3292 msdsm ( LockedFile.Multi.Generic ) - warning
09:16:11.0725 3292 msdsm - detected LockedFile.Multi.Generic (1)
09:16:11.0740 3292 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:16:11.0756 3292 MSDTC ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0756 3292 MSDTC - detected UnsignedFile.Multi.Generic (1)
09:16:11.0772 3292 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:16:11.0772 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96
09:16:11.0772 3292 Msfs ( LockedFile.Multi.Generic ) - warning
09:16:11.0772 3292 Msfs - detected LockedFile.Multi.Generic (1)
09:16:11.0787 3292 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:16:11.0787 3292 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326
09:16:11.0787 3292 mshidkmdf ( LockedFile.Multi.Generic ) - warning
09:16:11.0787 3292 mshidkmdf - detected LockedFile.Multi.Generic (1)
09:16:11.0818 3292 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:16:11.0818 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D
09:16:11.0818 3292 msisadrv ( LockedFile.Multi.Generic ) - warning
09:16:11.0818 3292 msisadrv - detected LockedFile.Multi.Generic (1)
09:16:11.0850 3292 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:16:11.0865 3292 MSiSCSI ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0865 3292 MSiSCSI - detected UnsignedFile.Multi.Generic (1)
09:16:11.0865 3292 msiserver - ok
09:16:11.0896 3292 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:16:11.0896 3292 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
09:16:11.0896 3292 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
09:16:11.0912 3292 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:16:11.0912 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3
09:16:11.0912 3292 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
09:16:11.0912 3292 MSPCLOCK - detected LockedFile.Multi.Generic (1)
09:16:11.0928 3292 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:16:11.0928 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0
09:16:11.0943 3292 MSPQM ( LockedFile.Multi.Generic ) - warning
09:16:11.0943 3292 MSPQM - detected LockedFile.Multi.Generic (1)
09:16:11.0974 3292 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:16:11.0974 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D
09:16:11.0974 3292 MsRPC ( LockedFile.Multi.Generic ) - warning
09:16:11.0974 3292 MsRPC - detected LockedFile.Multi.Generic (1)
09:16:11.0990 3292 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:16:11.0990 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288
09:16:11.0990 3292 mssmbios ( LockedFile.Multi.Generic ) - warning
09:16:11.0990 3292 mssmbios - detected LockedFile.Multi.Generic (1)
09:16:12.0021 3292 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:16:12.0021 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779
09:16:12.0021 3292 MSTEE ( LockedFile.Multi.Generic ) - warning
09:16:12.0021 3292 MSTEE - detected LockedFile.Multi.Generic (1)
09:16:12.0037 3292 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:16:12.0037 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD
09:16:12.0052 3292 MTConfig ( LockedFile.Multi.Generic ) - warning
09:16:12.0052 3292 MTConfig - detected LockedFile.Multi.Generic (1)
09:16:12.0084 3292 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
09:16:12.0084 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 2219A3D695405E7BA2186BA6B9EDE14A
09:16:12.0084 3292 MTsensor ( LockedFile.Multi.Generic ) - warning
09:16:12.0084 3292 MTsensor - detected LockedFile.Multi.Generic (1)
09:16:12.0099 3292 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:16:12.0099 3292 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8
09:16:12.0115 3292 Mup ( LockedFile.Multi.Generic ) - warning
09:16:12.0115 3292 Mup - detected LockedFile.Multi.Generic (1)
09:16:12.0162 3292 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:16:12.0162 3292 napagent ( UnsignedFile.Multi.Generic ) - warning
09:16:12.0162 3292 napagent - detected UnsignedFile.Multi.Generic (1)
09:16:12.0193 3292 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:16:12.0193 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33
09:16:12.0193 3292 NativeWifiP ( LockedFile.Multi.Generic ) - warning
09:16:12.0193 3292 NativeWifiP - detected LockedFile.Multi.Generic (1)
09:16:12.0224 3292 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:16:12.0224 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C
09:16:12.0240 3292 NDIS ( LockedFile.Multi.Generic ) - warning
09:16:12.0240 3292 NDIS - detected LockedFile.Multi.Generic (1)
09:16:12.0255 3292 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:16:12.0255 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC
09:16:12.0255 3292 NdisCap ( LockedFile.Multi.Generic ) - warning
09:16:12.0255 3292 NdisCap - detected LockedFile.Multi.Generic (1)
09:16:12.0318 3292 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:16:12.0318 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5
09:16:12.0333 3292 NdisTapi ( LockedFile.Multi.Generic ) - warning
09:16:12.0333 3292 NdisTapi - detected LockedFile.Multi.Generic (1)
09:16:12.0349 3292 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:16:12.0349 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356
09:16:12.0364 3292 Ndisuio ( LockedFile.Multi.Generic ) - warning
09:16:12.0364 3292 Ndisuio - detected LockedFile.Multi.Generic (1)
09:16:12.0380 3292 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:16:12.0380 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11
09:16:12.0396 3292 NdisWan ( LockedFile.Multi.Generic ) - warning
09:16:12.0396 3292 NdisWan - detected LockedFile.Multi.Generic (1)
09:16:12.0411 3292 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:16:12.0411 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879
09:16:12.0411 3292 NDProxy ( LockedFile.Multi.Generic ) - warning
09:16:12.0411 3292 NDProxy - detected LockedFile.Multi.Generic (1)
09:16:12.0427 3292 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:16:12.0427 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4
09:16:12.0442 3292 NetBIOS ( LockedFile.Multi.Generic ) - warning
09:16:12.0442 3292 NetBIOS - detected LockedFile.Multi.Generic (1)
09:16:12.0458 3292 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:16:12.0458 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068
09:16:12.0474 3292 NetBT ( LockedFile.Multi.Generic ) - warning
09:16:12.0474 3292 NetBT - detected LockedFile.Multi.Generic (1)
09:16:12.0474 3292 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:16:12.0474 3292 Netlogon ( UnsignedFile.Multi.Generic ) - warning
09:16:12.0474 3292 Netlogon - detected UnsignedFile.Multi.Generic (1)
09:16:12.0505 3292 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:16:12.0520 3292 Netman ( UnsignedFile.Multi.Generic ) - warning
09:16:12.0520 3292 Netman - detected UnsignedFile.Multi.Generic (1)
09:16:12.0536 3292 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:16:12.0536 3292 netprofm ( UnsignedFile.Multi.Generic ) - warning
09:16:12.0552 3292 netprofm - detected UnsignedFile.Multi.Generic (1)
09:16:12.0583 3292 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:16:12.0583 3292 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning
09:16:12.0583 3292 NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1)
09:16:12.0598 3292 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:16:12.0598 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92
09:16:12.0598 3292 nfrd960 ( LockedFile.Multi.Generic ) - warning
09:16:12.0598 3292 nfrd960 - detected LockedFile.Multi.Generic (1)
09:16:12.0630 3292 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:16:12.0645 3292 NlaSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:12.0645 3292 NlaSvc - detected UnsignedFile.Multi.Generic (1)
09:16:12.0645 3292 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:16:12.0645 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7
09:16:12.0661 3292 Npfs ( LockedFile.Multi.Generic ) - warning
09:16:12.0661 3292 Npfs - detected LockedFile.Multi.Generic (1)
09:16:12.0676 3292 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:16:12.0692 3292 nsi ( UnsignedFile.Multi.Generic ) - warning
09:16:12.0692 3292 nsi - detected UnsignedFile.Multi.Generic (1)
09:16:12.0708 3292 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:16:12.0708 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001
09:16:12.0708 3292 nsiproxy ( LockedFile.Multi.Generic ) - warning
09:16:12.0708 3292 nsiproxy - detected LockedFile.Multi.Generic (1)
09:16:12.0754 3292 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:16:12.0754 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: A2F74975097F52A00745F9637451FDD8
09:16:12.0754 3292 Ntfs ( LockedFile.Multi.Generic ) - warning
09:16:12.0754 3292 Ntfs - detected LockedFile.Multi.Generic (1)
09:16:12.0770 3292 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:16:12.0770 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1
09:16:12.0770 3292 Null ( LockedFile.Multi.Generic ) - warning
09:16:12.0770 3292 Null - detected LockedFile.Multi.Generic (1)
09:16:12.0801 3292 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:16:12.0801 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD
09:16:12.0817 3292 nvraid ( LockedFile.Multi.Generic ) - warning
09:16:12.0817 3292 nvraid - detected LockedFile.Multi.Generic (1)
09:16:12.0848 3292 [ 5266D03C0628FAE9C35F40EEC078FC88 ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys
09:16:12.0848 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvrd64.sys. md5: 5266D03C0628FAE9C35F40EEC078FC88
09:16:12.0848 3292 nvrd64 ( LockedFile.Multi.Generic ) - warning
09:16:12.0848 3292 nvrd64 - detected LockedFile.Multi.Generic (1)
09:16:12.0864 3292 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
09:16:12.0864 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvsmu.sys. md5: E58D81FB8616D0CB55C1E36AA0B213C9
09:16:12.0864 3292 nvsmu ( LockedFile.Multi.Generic ) - warning
09:16:12.0864 3292 nvsmu - detected LockedFile.Multi.Generic (1)
09:16:12.0879 3292 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:16:12.0879 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A
09:16:12.0895 3292 nvstor ( LockedFile.Multi.Generic ) - warning
09:16:12.0895 3292 nvstor - detected LockedFile.Multi.Generic (1)
09:16:12.0926 3292 [ 2A718473EDE7032A508A8F44C633657F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
09:16:12.0926 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvstor64.sys. md5: 2A718473EDE7032A508A8F44C633657F
09:16:12.0926 3292 nvstor64 ( LockedFile.Multi.Generic ) - warning
09:16:12.0926 3292 nvstor64 - detected LockedFile.Multi.Generic (1)
09:16:12.0957 3292 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:16:12.0957 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05
09:16:12.0957 3292 nv_agp ( LockedFile.Multi.Generic ) - warning
09:16:12.0957 3292 nv_agp - detected LockedFile.Multi.Generic (1)
09:16:12.0988 3292 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:16:12.0988 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0
09:16:12.0988 3292 ohci1394 ( LockedFile.Multi.Generic ) - warning
09:16:12.0988 3292 ohci1394 - detected LockedFile.Multi.Generic (1)
09:16:13.0020 3292 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:16:13.0020 3292 p2pimsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0020 3292 p2pimsvc - detected UnsignedFile.Multi.Generic (1)
09:16:13.0051 3292 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:16:13.0066 3292 p2psvc ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0066 3292 p2psvc - detected UnsignedFile.Multi.Generic (1)
09:16:13.0082 3292 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:16:13.0082 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887
09:16:13.0082 3292 Parport ( LockedFile.Multi.Generic ) - warning
09:16:13.0082 3292 Parport - detected LockedFile.Multi.Generic (1)
09:16:13.0098 3292 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:16:13.0098 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C
09:16:13.0113 3292 partmgr ( LockedFile.Multi.Generic ) - warning
09:16:13.0113 3292 partmgr - detected LockedFile.Multi.Generic (1)
09:16:13.0129 3292 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:16:13.0129 3292 PcaSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0129 3292 PcaSvc - detected UnsignedFile.Multi.Generic (1)
09:16:13.0144 3292 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:16:13.0144 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3
09:16:13.0144 3292 pci ( LockedFile.Multi.Generic ) - warning
09:16:13.0144 3292 pci - detected LockedFile.Multi.Generic (1)
09:16:13.0176 3292 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:16:13.0176 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA
09:16:13.0176 3292 pciide ( LockedFile.Multi.Generic ) - warning
09:16:13.0176 3292 pciide - detected LockedFile.Multi.Generic (1)
09:16:13.0207 3292 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:16:13.0207 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F
09:16:13.0207 3292 pcmcia ( LockedFile.Multi.Generic ) - warning
09:16:13.0207 3292 pcmcia - detected LockedFile.Multi.Generic (1)
09:16:13.0222 3292 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:16:13.0222 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603
09:16:13.0222 3292 pcw ( LockedFile.Multi.Generic ) - warning
09:16:13.0222 3292 pcw - detected LockedFile.Multi.Generic (1)
09:16:13.0269 3292 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:16:13.0269 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E
09:16:13.0269 3292 PEAUTH ( LockedFile.Multi.Generic ) - warning
09:16:13.0269 3292 PEAUTH - detected LockedFile.Multi.Generic (1)
09:16:13.0300 3292 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:16:13.0316 3292 PeerDistSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0316 3292 PeerDistSvc - detected UnsignedFile.Multi.Generic (1)
09:16:13.0378 3292 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:16:13.0378 3292 PerfHost ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0378 3292 PerfHost - detected UnsignedFile.Multi.Generic (1)
09:16:13.0503 3292 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:16:13.0519 3292 pla ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0519 3292 pla - detected UnsignedFile.Multi.Generic (1)
09:16:13.0566 3292 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:16:13.0566 3292 PlugPlay ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0566 3292 PlugPlay - detected UnsignedFile.Multi.Generic (1)
09:16:13.0581 3292 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:16:13.0581 3292 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0581 3292 PNRPAutoReg - detected UnsignedFile.Multi.Generic (1)
09:16:13.0597 3292 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:16:13.0597 3292 PNRPsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0597 3292 PNRPsvc - detected UnsignedFile.Multi.Generic (1)
09:16:13.0644 3292 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:16:13.0644 3292 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0644 3292 PolicyAgent - detected UnsignedFile.Multi.Generic (1)
09:16:13.0675 3292 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:16:13.0675 3292 Power ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0675 3292 Power - detected UnsignedFile.Multi.Generic (1)
09:16:13.0706 3292 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:16:13.0706 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9
09:16:13.0706 3292 PptpMiniport ( LockedFile.Multi.Generic ) - warning
09:16:13.0706 3292 PptpMiniport - detected LockedFile.Multi.Generic (1)
09:16:13.0722 3292 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:16:13.0722 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF
09:16:13.0722 3292 Processor ( LockedFile.Multi.Generic ) - warning
09:16:13.0722 3292 Processor - detected LockedFile.Multi.Generic (1)
09:16:13.0753 3292 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:16:13.0768 3292 ProfSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0768 3292 ProfSvc - detected UnsignedFile.Multi.Generic (1)
09:16:13.0768 3292 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:16:13.0768 3292 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0768 3292 ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
09:16:13.0815 3292 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:16:13.0815 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D
09:16:13.0815 3292 Psched ( LockedFile.Multi.Generic ) - warning
09:16:13.0815 3292 Psched - detected LockedFile.Multi.Generic (1)
09:16:13.0846 3292 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:16:13.0846 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0
09:16:13.0846 3292 ql2300 ( LockedFile.Multi.Generic ) - warning
09:16:13.0846 3292 ql2300 - detected LockedFile.Multi.Generic (1)
09:16:13.0862 3292 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:16:13.0862 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8
09:16:13.0878 3292 ql40xx ( LockedFile.Multi.Generic ) - warning
09:16:13.0878 3292 ql40xx - detected LockedFile.Multi.Generic (1)
09:16:13.0909 3292 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:16:13.0909 3292 QWAVE ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0909 3292 QWAVE - detected UnsignedFile.Multi.Generic (1)
09:16:13.0924 3292 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:16:13.0924 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C
09:16:13.0940 3292 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
09:16:13.0940 3292 QWAVEdrv - detected LockedFile.Multi.Generic (1)
09:16:13.0987 3292 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
09:16:13.0987 3292 RapiMgr ( UnsignedFile.Multi.Generic ) - warning
09:16:13.0987 3292 RapiMgr - detected UnsignedFile.Multi.Generic (1)
09:16:14.0002 3292 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:16:14.0002 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704
09:16:14.0002 3292 RasAcd ( LockedFile.Multi.Generic ) - warning
09:16:14.0002 3292 RasAcd - detected LockedFile.Multi.Generic (1)
09:16:14.0034 3292 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:16:14.0034 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90
09:16:14.0049 3292 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
09:16:14.0049 3292 RasAgileVpn - detected LockedFile.Multi.Generic (1)
09:16:14.0065 3292 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:16:14.0065 3292 RasAuto ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0065 3292 RasAuto - detected UnsignedFile.Multi.Generic (1)
09:16:14.0080 3292 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:16:14.0080 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA
09:16:14.0080 3292 Rasl2tp ( LockedFile.Multi.Generic ) - warning
09:16:14.0080 3292 Rasl2tp - detected LockedFile.Multi.Generic (1)
09:16:14.0112 3292 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:16:14.0112 3292 RasMan ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0112 3292 RasMan - detected UnsignedFile.Multi.Generic (1)
09:16:14.0127 3292 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:16:14.0127 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25
09:16:14.0127 3292 RasPppoe ( LockedFile.Multi.Generic ) - warning
09:16:14.0127 3292 RasPppoe - detected LockedFile.Multi.Generic (1)
09:16:14.0143 3292 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:16:14.0143 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB
09:16:14.0143 3292 RasSstp ( LockedFile.Multi.Generic ) - warning
09:16:14.0143 3292 RasSstp - detected LockedFile.Multi.Generic (1)
09:16:14.0158 3292 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:16:14.0158 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F
09:16:14.0158 3292 rdbss ( LockedFile.Multi.Generic ) - warning
09:16:14.0158 3292 rdbss - detected LockedFile.Multi.Generic (1)
09:16:14.0190 3292 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:16:14.0190 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D
09:16:14.0205 3292 rdpbus ( LockedFile.Multi.Generic ) - warning
09:16:14.0205 3292 rdpbus - detected LockedFile.Multi.Generic (1)
09:16:14.0205 3292 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:16:14.0221 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24
09:16:14.0221 3292 RDPCDD ( LockedFile.Multi.Generic ) - warning
09:16:14.0221 3292 RDPCDD - detected LockedFile.Multi.Generic (1)
09:16:14.0252 3292 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:16:14.0252 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpdr.sys. md5: 1B6163C503398B23FF8B939C67747683
09:16:14.0252 3292 RDPDR ( LockedFile.Multi.Generic ) - warning
09:16:14.0252 3292 RDPDR - detected LockedFile.Multi.Generic (1)
09:16:14.0283 3292 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:16:14.0283 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365
09:16:14.0283 3292 RDPENCDD ( LockedFile.Multi.Generic ) - warning
09:16:14.0283 3292 RDPENCDD - detected LockedFile.Multi.Generic (1)
09:16:14.0299 3292 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:16:14.0299 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A
09:16:14.0299 3292 RDPREFMP ( LockedFile.Multi.Generic ) - warning
09:16:14.0299 3292 RDPREFMP - detected LockedFile.Multi.Generic (1)
09:16:14.0361 3292 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:16:14.0361 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpvideominiport.sys. md5: 70CBA1A0C98600A2AA1863479B35CB90
09:16:14.0361 3292 RdpVideoMiniport ( LockedFile.Multi.Generic ) - warning
09:16:14.0361 3292 RdpVideoMiniport - detected LockedFile.Multi.Generic (1)
09:16:14.0392 3292 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:16:14.0392 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A
09:16:14.0392 3292 RDPWD ( LockedFile.Multi.Generic ) - warning
09:16:14.0392 3292 RDPWD - detected LockedFile.Multi.Generic (1)
09:16:14.0439 3292 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:16:14.0439 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520
09:16:14.0455 3292 rdyboost ( LockedFile.Multi.Generic ) - warning
09:16:14.0455 3292 rdyboost - detected LockedFile.Multi.Generic (1)
09:16:14.0486 3292 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:16:14.0486 3292 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0486 3292 RemoteAccess - detected UnsignedFile.Multi.Generic (1)
09:16:14.0502 3292 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:16:14.0517 3292 RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0517 3292 RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
09:16:14.0533 3292 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:16:14.0533 3292 RpcEptMapper ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0533 3292 RpcEptMapper - detected UnsignedFile.Multi.Generic (1)
09:16:14.0548 3292 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:16:14.0548 3292 RpcLocator ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0548 3292 RpcLocator - detected UnsignedFile.Multi.Generic (1)
09:16:14.0595 3292 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
09:16:14.0595 3292 RpcSs ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0595 3292 RpcSs - detected UnsignedFile.Multi.Generic (1)
09:16:14.0611 3292 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:16:14.0611 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF
09:16:14.0611 3292 rspndr ( LockedFile.Multi.Generic ) - warning
09:16:14.0611 3292 rspndr - detected LockedFile.Multi.Generic (1)
09:16:14.0642 3292 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:16:14.0642 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: B49DC435AE3695BAC5623DD94B05732D
09:16:14.0658 3292 RTL8167 ( LockedFile.Multi.Generic ) - warning
09:16:14.0658 3292 RTL8167 - detected LockedFile.Multi.Generic (1)
09:16:14.0689 3292 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:16:14.0689 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\vms3cap.sys. md5: E60C0A09F997826C7627B244195AB581
09:16:14.0689 3292 s3cap ( LockedFile.Multi.Generic ) - warning
09:16:14.0689 3292 s3cap - detected LockedFile.Multi.Generic (1)
09:16:14.0704 3292 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:16:14.0704 3292 SamSs ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0704 3292 SamSs - detected UnsignedFile.Multi.Generic (1)
09:16:14.0736 3292 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:16:14.0736 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B
09:16:14.0736 3292 sbp2port ( LockedFile.Multi.Generic ) - warning
09:16:14.0736 3292 sbp2port - detected LockedFile.Multi.Generic (1)
09:16:14.0767 3292 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:16:14.0767 3292 SCardSvr ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0767 3292 SCardSvr - detected UnsignedFile.Multi.Generic (1)
09:16:14.0798 3292 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:16:14.0798 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B
09:16:14.0798 3292 scfilter ( LockedFile.Multi.Generic ) - warning
09:16:14.0798 3292 scfilter - detected LockedFile.Multi.Generic (1)
09:16:14.0845 3292 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:16:14.0860 3292 Schedule ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0860 3292 Schedule - detected UnsignedFile.Multi.Generic (1)
09:16:14.0876 3292 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:16:14.0876 3292 SCPolicySvc ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0876 3292 SCPolicySvc - detected UnsignedFile.Multi.Generic (1)
09:16:14.0907 3292 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:16:14.0907 3292 SDRSVC ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0907 3292 SDRSVC - detected UnsignedFile.Multi.Generic (1)
09:16:14.0923 3292 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:16:14.0923 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186
09:16:14.0923 3292 secdrv ( LockedFile.Multi.Generic ) - warning
09:16:14.0923 3292 secdrv - detected LockedFile.Multi.Generic (1)
09:16:14.0938 3292 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:16:14.0954 3292 seclogon ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0954 3292 seclogon - detected UnsignedFile.Multi.Generic (1)
09:16:14.0970 3292 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
09:16:14.0970 3292 SENS ( UnsignedFile.Multi.Generic ) - warning
09:16:14.0970 3292 SENS - detected UnsignedFile.Multi.Generic (1)
09:16:14.0985 3292 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:16:15.0001 3292 SensrSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0001 3292 SensrSvc - detected UnsignedFile.Multi.Generic (1)
09:16:15.0016 3292 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:16:15.0016 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B
09:16:15.0016 3292 Serenum ( LockedFile.Multi.Generic ) - warning
09:16:15.0016 3292 Serenum - detected LockedFile.Multi.Generic (1)
09:16:15.0032 3292 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:16:15.0032 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6
09:16:15.0032 3292 Serial ( LockedFile.Multi.Generic ) - warning
09:16:15.0032 3292 Serial - detected LockedFile.Multi.Generic (1)
09:16:15.0063 3292 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:16:15.0063 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3
09:16:15.0063 3292 sermouse ( LockedFile.Multi.Generic ) - warning
09:16:15.0063 3292 sermouse - detected LockedFile.Multi.Generic (1)
09:16:15.0110 3292 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:16:15.0110 3292 SessionEnv ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0110 3292 SessionEnv - detected UnsignedFile.Multi.Generic (1)
09:16:15.0126 3292 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:16:15.0126 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF
09:16:15.0126 3292 sffdisk ( LockedFile.Multi.Generic ) - warning
09:16:15.0126 3292 sffdisk - detected LockedFile.Multi.Generic (1)
09:16:15.0141 3292 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:16:15.0141 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF
09:16:15.0141 3292 sffp_mmc ( LockedFile.Multi.Generic ) - warning
09:16:15.0141 3292 sffp_mmc - detected LockedFile.Multi.Generic (1)
09:16:15.0157 3292 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:16:15.0157 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C
09:16:15.0157 3292 sffp_sd ( LockedFile.Multi.Generic ) - warning
09:16:15.0157 3292 sffp_sd - detected LockedFile.Multi.Generic (1)
09:16:15.0172 3292 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:16:15.0172 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4
09:16:15.0172 3292 sfloppy ( LockedFile.Multi.Generic ) - warning
09:16:15.0172 3292 sfloppy - detected LockedFile.Multi.Generic (1)
09:16:15.0219 3292 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:16:15.0219 3292 SharedAccess ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0219 3292 SharedAccess - detected UnsignedFile.Multi.Generic (1)
09:16:15.0266 3292 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:16:15.0266 3292 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0266 3292 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
09:16:15.0297 3292 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:16:15.0297 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1
09:16:15.0297 3292 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
09:16:15.0297 3292 SiSRaid2 - detected LockedFile.Multi.Generic (1)
09:16:15.0313 3292 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:16:15.0313 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4
09:16:15.0328 3292 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
09:16:15.0328 3292 SiSRaid4 - detected LockedFile.Multi.Generic (1)
09:16:15.0344 3292 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:16:15.0344 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4
09:16:15.0344 3292 Smb ( LockedFile.Multi.Generic ) - warning
09:16:15.0344 3292 Smb - detected LockedFile.Multi.Generic (1)
09:16:15.0375 3292 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:16:15.0375 3292 SNMPTRAP ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0375 3292 SNMPTRAP - detected UnsignedFile.Multi.Generic (1)
09:16:15.0406 3292 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:16:15.0406 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9
09:16:15.0406 3292 spldr ( LockedFile.Multi.Generic ) - warning
09:16:15.0406 3292 spldr - detected LockedFile.Multi.Generic (1)
09:16:15.0453 3292 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:16:15.0469 3292 Spooler ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0469 3292 Spooler - detected UnsignedFile.Multi.Generic (1)
09:16:15.0516 3292 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:16:15.0547 3292 sppsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0547 3292 sppsvc - detected UnsignedFile.Multi.Generic (1)
09:16:15.0594 3292 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:16:15.0594 3292 sppuinotify ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0594 3292 sppuinotify - detected UnsignedFile.Multi.Generic (1)
09:16:15.0625 3292 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:16:15.0625 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B
09:16:15.0625 3292 srv ( LockedFile.Multi.Generic ) - warning
09:16:15.0625 3292 srv - detected LockedFile.Multi.Generic (1)
09:16:15.0640 3292 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:16:15.0640 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28
09:16:15.0640 3292 srv2 ( LockedFile.Multi.Generic ) - warning
09:16:15.0640 3292 srv2 - detected LockedFile.Multi.Generic (1)
09:16:15.0656 3292 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:16:15.0656 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3
09:16:15.0656 3292 srvnet ( LockedFile.Multi.Generic ) - warning
09:16:15.0656 3292 srvnet - detected LockedFile.Multi.Generic (1)
09:16:15.0687 3292 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:16:15.0703 3292 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0703 3292 SSDPSRV - detected UnsignedFile.Multi.Generic (1)
09:16:15.0718 3292 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:16:15.0718 3292 SstpSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0718 3292 SstpSvc - detected UnsignedFile.Multi.Generic (1)
09:16:15.0765 3292 Steam Client Service - ok
09:16:15.0781 3292 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:16:15.0781 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A
09:16:15.0781 3292 stexstor ( LockedFile.Multi.Generic ) - warning
09:16:15.0781 3292 stexstor - detected LockedFile.Multi.Generic (1)
09:16:15.0812 3292 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:16:15.0812 3292 stisvc ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0812 3292 stisvc - detected UnsignedFile.Multi.Generic (1)
09:16:15.0843 3292 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:16:15.0843 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmstorfl.sys. md5: 7785DC213270D2FC066538DAF94087E7
09:16:15.0843 3292 storflt ( LockedFile.Multi.Generic ) - warning
09:16:15.0843 3292 storflt - detected LockedFile.Multi.Generic (1)
09:16:15.0859 3292 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:16:15.0859 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\storvsc.sys. md5: D34E4943D5AC096C8EDEEBFD80D76E23
09:16:15.0859 3292 storvsc ( LockedFile.Multi.Generic ) - warning
09:16:15.0859 3292 storvsc - detected LockedFile.Multi.Generic (1)
09:16:15.0890 3292 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:16:15.0890 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90
09:16:15.0890 3292 swenum ( LockedFile.Multi.Generic ) - warning
09:16:15.0890 3292 swenum - detected LockedFile.Multi.Generic (1)
09:16:15.0906 3292 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:16:15.0921 3292 swprv ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0921 3292 swprv - detected UnsignedFile.Multi.Generic (1)
09:16:15.0921 3292 Synth3dVsc - ok
09:16:15.0968 3292 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:16:15.0984 3292 SysMain ( UnsignedFile.Multi.Generic ) - warning
09:16:15.0984 3292 SysMain - detected UnsignedFile.Multi.Generic (1)
09:16:16.0030 3292 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:16:16.0030 3292 TabletInputService ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0030 3292 TabletInputService - detected UnsignedFile.Multi.Generic (1)
09:16:16.0062 3292 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:16:16.0062 3292 TapiSrv ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0062 3292 TapiSrv - detected UnsignedFile.Multi.Generic (1)
09:16:16.0108 3292 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:16:16.0108 3292 TBS ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0108 3292 TBS - detected UnsignedFile.Multi.Generic (1)
09:16:16.0155 3292 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:16:16.0155 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
09:16:16.0155 3292 Tcpip ( LockedFile.Multi.Generic ) - warning
09:16:16.0155 3292 Tcpip - detected LockedFile.Multi.Generic (1)
09:16:16.0186 3292 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:16:16.0186 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
09:16:16.0186 3292 TCPIP6 ( LockedFile.Multi.Generic ) - warning
09:16:16.0186 3292 TCPIP6 - detected LockedFile.Multi.Generic (1)
09:16:16.0233 3292 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:16:16.0233 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519
09:16:16.0249 3292 tcpipreg ( LockedFile.Multi.Generic ) - warning
09:16:16.0249 3292 tcpipreg - detected LockedFile.Multi.Generic (1)
09:16:16.0264 3292 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:16:16.0264 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C
09:16:16.0264 3292 TDPIPE ( LockedFile.Multi.Generic ) - warning
09:16:16.0264 3292 TDPIPE - detected LockedFile.Multi.Generic (1)
09:16:16.0296 3292 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:16:16.0296 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
09:16:16.0296 3292 TDTCP ( LockedFile.Multi.Generic ) - warning
09:16:16.0296 3292 TDTCP - detected LockedFile.Multi.Generic (1)
09:16:16.0327 3292 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:16:16.0327 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806
09:16:16.0327 3292 tdx ( LockedFile.Multi.Generic ) - warning
09:16:16.0327 3292 tdx - detected LockedFile.Multi.Generic (1)
09:16:16.0342 3292 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:16:16.0342 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5
09:16:16.0342 3292 TermDD ( LockedFile.Multi.Generic ) - warning
09:16:16.0342 3292 TermDD - detected LockedFile.Multi.Generic (1)
09:16:16.0374 3292 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:16:16.0389 3292 TermService ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0389 3292 TermService - detected UnsignedFile.Multi.Generic (1)
09:16:16.0405 3292 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:16:16.0405 3292 Themes ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0405 3292 Themes - detected UnsignedFile.Multi.Generic (1)
09:16:16.0420 3292 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:16:16.0420 3292 THREADORDER ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0420 3292 THREADORDER - detected UnsignedFile.Multi.Generic (1)
09:16:16.0483 3292 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
09:16:16.0483 3292 TomTomHOMEService ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0483 3292 TomTomHOMEService - detected UnsignedFile.Multi.Generic (1)
09:16:16.0514 3292 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:16:16.0514 3292 TrkWks ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0514 3292 TrkWks - detected UnsignedFile.Multi.Generic (1)
09:16:16.0561 3292 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:16:16.0561 3292 TrustedInstaller ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0561 3292 TrustedInstaller - detected UnsignedFile.Multi.Generic (1)
09:16:16.0592 3292 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:16:16.0592 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30
09:16:16.0592 3292 tssecsrv ( LockedFile.Multi.Generic ) - warning
09:16:16.0592 3292 tssecsrv - detected LockedFile.Multi.Generic (1)
09:16:16.0623 3292 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:16:16.0623 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9
09:16:16.0623 3292 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
09:16:16.0623 3292 TsUsbFlt - detected LockedFile.Multi.Generic (1)
09:16:16.0654 3292 tsusbhub - ok
09:16:16.0670 3292 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:16:16.0686 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894
09:16:16.0686 3292 tunnel ( LockedFile.Multi.Generic ) - warning
09:16:16.0686 3292 tunnel - detected LockedFile.Multi.Generic (1)
09:16:16.0701 3292 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:16:16.0701 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67
09:16:16.0701 3292 uagp35 ( LockedFile.Multi.Generic ) - warning
09:16:16.0701 3292 uagp35 - detected LockedFile.Multi.Generic (1)
09:16:16.0732 3292 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:16:16.0732 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593
09:16:16.0732 3292 udfs ( LockedFile.Multi.Generic ) - warning
09:16:16.0732 3292 udfs - detected LockedFile.Multi.Generic (1)
09:16:16.0748 3292 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:16:16.0748 3292 UI0Detect ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0748 3292 UI0Detect - detected UnsignedFile.Multi.Generic (1)
09:16:16.0764 3292 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:16:16.0764 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320
09:16:16.0764 3292 uliagpkx ( LockedFile.Multi.Generic ) - warning
09:16:16.0764 3292 uliagpkx - detected LockedFile.Multi.Generic (1)
09:16:16.0795 3292 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:16:16.0795 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561
09:16:16.0810 3292 umbus ( LockedFile.Multi.Generic ) - warning
09:16:16.0810 3292 umbus - detected LockedFile.Multi.Generic (1)
09:16:16.0826 3292 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:16:16.0826 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D
09:16:16.0842 3292 UmPass ( LockedFile.Multi.Generic ) - warning
09:16:16.0842 3292 UmPass - detected LockedFile.Multi.Generic (1)
09:16:16.0857 3292 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:16:16.0857 3292 UmRdpService ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0857 3292 UmRdpService - detected UnsignedFile.Multi.Generic (1)
09:16:16.0888 3292 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:16:16.0888 3292 upnphost ( UnsignedFile.Multi.Generic ) - warning
09:16:16.0888 3292 upnphost - detected UnsignedFile.Multi.Generic (1)
09:16:16.0920 3292 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:16:16.0920 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C
09:16:16.0920 3292 usbccgp ( LockedFile.Multi.Generic ) - warning
09:16:16.0920 3292 usbccgp - detected LockedFile.Multi.Generic (1)
09:16:16.0951 3292 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:16:16.0951 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
09:16:16.0951 3292 usbcir ( LockedFile.Multi.Generic ) - warning
09:16:16.0951 3292 usbcir - detected LockedFile.Multi.Generic (1)
09:16:16.0966 3292 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:16:16.0966 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B
09:16:16.0966 3292 usbehci ( LockedFile.Multi.Generic ) - warning
09:16:16.0966 3292 usbehci - detected LockedFile.Multi.Generic (1)
09:16:16.0982 3292 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:16:16.0982 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24
09:16:17.0013 3292 usbhub ( LockedFile.Multi.Generic ) - warning
09:16:17.0013 3292 usbhub - detected LockedFile.Multi.Generic (1)
09:16:17.0029 3292 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:16:17.0029 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31
09:16:17.0029 3292 usbohci ( LockedFile.Multi.Generic ) - warning
09:16:17.0029 3292 usbohci - detected LockedFile.Multi.Generic (1)
09:16:17.0060 3292 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:16:17.0060 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
09:16:17.0060 3292 usbprint ( LockedFile.Multi.Generic ) - warning
09:16:17.0060 3292 usbprint - detected LockedFile.Multi.Generic (1)
09:16:17.0091 3292 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:16:17.0091 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0
09:16:17.0091 3292 usbscan ( LockedFile.Multi.Generic ) - warning
09:16:17.0091 3292 usbscan - detected LockedFile.Multi.Generic (1)
09:16:17.0107 3292 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:16:17.0107 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6
09:16:17.0107 3292 USBSTOR ( LockedFile.Multi.Generic ) - warning
09:16:17.0107 3292 USBSTOR - detected LockedFile.Multi.Generic (1)
09:16:17.0122 3292 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:16:17.0122 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD
09:16:17.0138 3292 usbuhci ( LockedFile.Multi.Generic ) - warning
09:16:17.0138 3292 usbuhci - detected LockedFile.Multi.Generic (1)
09:16:17.0169 3292 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
09:16:17.0169 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usb8023x.sys. md5: 70D05EE263568A742D14E1876DF80532
09:16:17.0169 3292 usb_rndisx ( LockedFile.Multi.Generic ) - warning
09:16:17.0169 3292 usb_rndisx - detected LockedFile.Multi.Generic (1)
09:16:17.0200 3292 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:16:17.0200 3292 UxSms ( UnsignedFile.Multi.Generic ) - warning
09:16:17.0200 3292 UxSms - detected UnsignedFile.Multi.Generic (1)
09:16:17.0216 3292 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:16:17.0216 3292 VaultSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:17.0216 3292 VaultSvc - detected UnsignedFile.Multi.Generic (1)
09:16:17.0247 3292 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:16:17.0247 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
09:16:17.0247 3292 vdrvroot ( LockedFile.Multi.Generic ) - warning
09:16:17.0247 3292 vdrvroot - detected LockedFile.Multi.Generic (1)
09:16:17.0278 3292 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:16:17.0294 3292 vds ( UnsignedFile.Multi.Generic ) - warning
09:16:17.0294 3292 vds - detected UnsignedFile.Multi.Generic (1)
09:16:17.0310 3292 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:16:17.0310 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
09:16:17.0310 3292 vga ( LockedFile.Multi.Generic ) - warning
09:16:17.0310 3292 vga - detected LockedFile.Multi.Generic (1)
09:16:17.0325 3292 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:16:17.0325 3292 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
09:16:17.0325 3292 VgaSave ( LockedFile.Multi.Generic ) - warning
09:16:17.0325 3292 VgaSave - detected LockedFile.Multi.Generic (1)
09:16:17.0341 3292 VGPU - ok
09:16:17.0372 3292 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:16:17.0372 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
09:16:17.0372 3292 vhdmp ( LockedFile.Multi.Generic ) - warning
09:16:17.0372 3292 vhdmp - detected LockedFile.Multi.Generic (1)
09:16:17.0419 3292 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:16:17.0419 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
09:16:17.0419 3292 viaide ( LockedFile.Multi.Generic ) - warning
09:16:17.0419 3292 viaide - detected LockedFile.Multi.Generic (1)
09:16:17.0434 3292 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:16:17.0434 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmbus.sys. md5: 86EA3E79AE350FEA5331A1303054005F
09:16:17.0434 3292 vmbus ( LockedFile.Multi.Generic ) - warning
09:16:17.0434 3292 vmbus - detected LockedFile.Multi.Generic (1)
09:16:17.0450 3292 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:16:17.0450 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\VMBusHID.sys. md5: 7DE90B48F210D29649380545DB45A187
09:16:17.0466 3292 VMBusHID ( LockedFile.Multi.Generic ) - warning
09:16:17.0466 3292 VMBusHID - detected LockedFile.Multi.Generic (1)
09:16:17.0481 3292 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:16:17.0481 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
09:16:17.0481 3292 volmgr ( LockedFile.Multi.Generic ) - warning
09:16:17.0481 3292 volmgr - detected LockedFile.Multi.Generic (1)
09:16:17.0512 3292 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:16:17.0512 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
09:16:17.0512 3292 volmgrx ( LockedFile.Multi.Generic ) - warning
09:16:17.0512 3292 volmgrx - detected LockedFile.Multi.Generic (1)
09:16:17.0544 3292 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:16:17.0544 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
09:16:17.0544 3292 volsnap ( LockedFile.Multi.Generic ) - warning
09:16:17.0544 3292 volsnap - detected LockedFile.Multi.Generic (1)
09:16:17.0590 3292 [ 7254B4F4A59F9D18B49CAF8AA0428631 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
09:16:17.0590 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: 7254B4F4A59F9D18B49CAF8AA0428631
09:16:17.0590 3292 vpcbus ( LockedFile.Multi.Generic ) - warning
09:16:17.0590 3292 vpcbus - detected LockedFile.Multi.Generic (1)
09:16:17.0622 3292 [ ED501CEBF6F571FCCE55887BDF4888EA ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
09:16:17.0622 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: ED501CEBF6F571FCCE55887BDF4888EA
09:16:17.0622 3292 vpcnfltr ( LockedFile.Multi.Generic ) - warning
09:16:17.0622 3292 vpcnfltr - detected LockedFile.Multi.Generic (1)
09:16:17.0653 3292 [ 2CE21FFD391FE21763DDC32B1CAABA7D ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
09:16:17.0653 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 2CE21FFD391FE21763DDC32B1CAABA7D
09:16:17.0653 3292 vpcusb ( LockedFile.Multi.Generic ) - warning
09:16:17.0653 3292 vpcusb - detected LockedFile.Multi.Generic (1)
09:16:17.0684 3292 [ C3F658CD063EA677FCCBB620167B44C8 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
09:16:17.0684 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\vpcvmm.sys. md5: C3F658CD063EA677FCCBB620167B44C8
09:16:17.0684 3292 vpcvmm ( LockedFile.Multi.Generic ) - warning
09:16:17.0684 3292 vpcvmm - detected LockedFile.Multi.Generic (1)
09:16:17.0700 3292 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:16:17.0700 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
09:16:17.0715 3292 vsmraid ( LockedFile.Multi.Generic ) - warning
09:16:17.0715 3292 vsmraid - detected LockedFile.Multi.Generic (1)
09:16:17.0762 3292 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:16:17.0778 3292 VSS ( UnsignedFile.Multi.Generic ) - warning
09:16:17.0778 3292 VSS - detected UnsignedFile.Multi.Generic (1)
09:16:17.0793 3292 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:16:17.0793 3292 Suspicious file (NoAccess): C:\Windows\System32\drivers\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
09:16:17.0793 3292 vwifibus ( LockedFile.Multi.Generic ) - warning
09:16:17.0793 3292 vwifibus - detected LockedFile.Multi.Generic (1)
09:16:17.0840 3292 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:16:17.0840 3292 W32Time ( UnsignedFile.Multi.Generic ) - warning
09:16:17.0840 3292 W32Time - detected UnsignedFile.Multi.Generic (1)
09:16:17.0856 3292 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:16:17.0856 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
09:16:17.0856 3292 WacomPen ( LockedFile.Multi.Generic ) - warning
09:16:17.0856 3292 WacomPen - detected LockedFile.Multi.Generic (1)
09:16:17.0871 3292 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:16:17.0871 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
09:16:17.0871 3292 WANARP ( LockedFile.Multi.Generic ) - warning
09:16:17.0871 3292 WANARP - detected LockedFile.Multi.Generic (1)
09:16:17.0887 3292 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:16:17.0887 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
09:16:17.0887 3292 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
09:16:17.0887 3292 Wanarpv6 - detected LockedFile.Multi.Generic (1)
09:16:17.0934 3292 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:16:17.0949 3292 WatAdminSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:17.0949 3292 WatAdminSvc - detected UnsignedFile.Multi.Generic (1)
09:16:17.0996 3292 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:16:18.0012 3292 wbengine ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0012 3292 wbengine - detected UnsignedFile.Multi.Generic (1)
09:16:18.0027 3292 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:16:18.0043 3292 WbioSrvc ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0043 3292 WbioSrvc - detected UnsignedFile.Multi.Generic (1)
09:16:18.0074 3292 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
09:16:18.0090 3292 WcesComm ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0090 3292 WcesComm - detected UnsignedFile.Multi.Generic (1)
09:16:18.0121 3292 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:16:18.0121 3292 wcncsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0121 3292 wcncsvc - detected UnsignedFile.Multi.Generic (1)
09:16:18.0136 3292 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:16:18.0136 3292 WcsPlugInService ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0136 3292 WcsPlugInService - detected UnsignedFile.Multi.Generic (1)
09:16:18.0152 3292 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:16:18.0152 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
09:16:18.0152 3292 Wd ( LockedFile.Multi.Generic ) - warning
09:16:18.0152 3292 Wd - detected LockedFile.Multi.Generic (1)
09:16:18.0183 3292 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:16:18.0183 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
09:16:18.0183 3292 Wdf01000 ( LockedFile.Multi.Generic ) - warning
09:16:18.0183 3292 Wdf01000 - detected LockedFile.Multi.Generic (1)
09:16:18.0199 3292 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:16:18.0214 3292 WdiServiceHost ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0214 3292 WdiServiceHost - detected UnsignedFile.Multi.Generic (1)
09:16:18.0214 3292 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:16:18.0214 3292 WdiSystemHost ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0214 3292 WdiSystemHost - detected UnsignedFile.Multi.Generic (1)
09:16:18.0246 3292 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:16:18.0261 3292 WebClient ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0261 3292 WebClient - detected UnsignedFile.Multi.Generic (1)
09:16:18.0277 3292 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:16:18.0277 3292 Wecsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0277 3292 Wecsvc - detected UnsignedFile.Multi.Generic (1)
09:16:18.0292 3292 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:16:18.0308 3292 wercplsupport ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0308 3292 wercplsupport - detected UnsignedFile.Multi.Generic (1)
09:16:18.0324 3292 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:16:18.0324 3292 WerSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0324 3292 WerSvc - detected UnsignedFile.Multi.Generic (1)
09:16:18.0339 3292 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:16:18.0339 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
09:16:18.0339 3292 WfpLwf ( LockedFile.Multi.Generic ) - warning
09:16:18.0339 3292 WfpLwf - detected LockedFile.Multi.Generic (1)
09:16:18.0339 3292 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:16:18.0339 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
09:16:18.0355 3292 WIMMount ( LockedFile.Multi.Generic ) - warning
09:16:18.0355 3292 WIMMount - detected LockedFile.Multi.Generic (1)
09:16:18.0386 3292 WinDefend - ok
09:16:18.0402 3292 WinHttpAutoProxySvc - ok
09:16:18.0464 3292 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:16:18.0464 3292 Winmgmt ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0464 3292 Winmgmt - detected UnsignedFile.Multi.Generic (1)
09:16:18.0511 3292 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:16:18.0526 3292 WinRM ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0526 3292 WinRM - detected UnsignedFile.Multi.Generic (1)
09:16:18.0589 3292 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:16:18.0589 3292 Wlansvc ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0589 3292 Wlansvc - detected UnsignedFile.Multi.Generic (1)
09:16:18.0636 3292 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:16:18.0636 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
09:16:18.0636 3292 WmiAcpi ( LockedFile.Multi.Generic ) - warning
09:16:18.0636 3292 WmiAcpi - detected LockedFile.Multi.Generic (1)
09:16:18.0651 3292 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:16:18.0667 3292 wmiApSrv ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0667 3292 wmiApSrv - detected UnsignedFile.Multi.Generic (1)
09:16:18.0682 3292 WMPNetworkSvc - ok
09:16:18.0698 3292 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:16:18.0698 3292 WPCSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0698 3292 WPCSvc - detected UnsignedFile.Multi.Generic (1)
09:16:18.0729 3292 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:16:18.0729 3292 WPDBusEnum ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0729 3292 WPDBusEnum - detected UnsignedFile.Multi.Generic (1)
09:16:18.0760 3292 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:16:18.0760 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
09:16:18.0760 3292 ws2ifsl ( LockedFile.Multi.Generic ) - warning
09:16:18.0760 3292 ws2ifsl - detected LockedFile.Multi.Generic (1)
09:16:18.0807 3292 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
09:16:18.0807 3292 wscsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0807 3292 wscsvc - detected UnsignedFile.Multi.Generic (1)
09:16:18.0823 3292 WSearch - ok
09:16:18.0885 3292 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:16:18.0916 3292 wuauserv ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0916 3292 wuauserv - detected UnsignedFile.Multi.Generic (1)
09:16:18.0932 3292 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:16:18.0932 3292 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C
09:16:18.0948 3292 WudfPf ( LockedFile.Multi.Generic ) - warning
09:16:18.0948 3292 WudfPf - detected LockedFile.Multi.Generic (1)
09:16:18.0963 3292 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:16:18.0963 3292 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682
09:16:18.0963 3292 WUDFRd ( LockedFile.Multi.Generic ) - warning
09:16:18.0963 3292 WUDFRd - detected LockedFile.Multi.Generic (1)
09:16:18.0994 3292 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:16:18.0994 3292 wudfsvc ( UnsignedFile.Multi.Generic ) - warning
09:16:18.0994 3292 wudfsvc - detected UnsignedFile.Multi.Generic (1)
09:16:19.0026 3292 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:16:19.0026 3292 WwanSvc ( UnsignedFile.Multi.Generic ) - warning
09:16:19.0026 3292 WwanSvc - detected UnsignedFile.Multi.Generic (1)
09:16:19.0041 3292 ================ Scan global ===============================
09:16:19.0072 3292 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:16:19.0104 3292 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:16:19.0104 3292 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:16:19.0135 3292 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:16:19.0150 3292 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:16:19.0150 3292 [Global] - ok
09:16:19.0150 3292 ================ Scan MBR ==================================
09:16:19.0150 3292 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:16:20.0118 3292 \Device\Harddisk0\DR0 - ok
09:16:20.0133 3292 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
09:16:20.0274 3292 \Device\Harddisk1\DR1 - ok
09:16:20.0274 3292 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
09:16:20.0414 3292 \Device\Harddisk2\DR2 - ok
09:16:20.0414 3292 ================ Scan VBR ==================================
09:16:20.0414 3292 [ A2E94D13C32AF0FAE7CD79A650AE99C2 ] \Device\Harddisk0\DR0\Partition1
09:16:20.0414 3292 \Device\Harddisk0\DR0\Partition1 - ok
09:16:20.0414 3292 [ 0266E121F5120423D28FE21294D24366 ] \Device\Harddisk1\DR1\Partition1
09:16:20.0414 3292 \Device\Harddisk1\DR1\Partition1 - ok
09:16:20.0414 3292 [ 8FE092683862D83B37760171FA686F7C ] \Device\Harddisk2\DR2\Partition1
09:16:20.0414 3292 \Device\Harddisk2\DR2\Partition1 - ok
09:16:20.0414 3292 ============================================================
09:16:20.0414 3292 Scan finished
09:16:20.0414 3292 ============================================================
09:16:20.0430 2252 Detected object count: 416
09:16:20.0430 2252 Actual detected object count: 416
09:17:00.0724 2252 1394ohci ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0724 2252 1394ohci ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0724 2252 4b67c937a5c89fb4 ( Rootkit.Win32.Necurs.gen ) - skipped by user
09:17:00.0724 2252 4b67c937a5c89fb4 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
09:17:00.0740 2252 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 AcpiPmi ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 AcpiPmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 adp94xx ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 adp94xx ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 adpahci ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 adpahci ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 AeLookupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 AeLookupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 agp440 ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 agp440 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 ALG ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 aliide ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 aliide ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 AMD External Events Utility ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 AMD External Events Utility ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 amdide ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 amdide ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0740 2252 amdiox64 ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0740 2252 amdiox64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 amdkmdag ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 amdkmdag ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 AmdPPM ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 AmdPPM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 amdsata ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 amdsata ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 amdsbs ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 amdsbs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 amdxata ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 amdxata ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 Andbus ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 Andbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 AndDiag ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 AndDiag ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 AndGps ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 AndGps ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 ANDModem ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 ANDModem ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 AODDriver4.1 ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 AODDriver4.1 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 AppID ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0756 2252 AppID ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0756 2252 AppIDSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 AppIDSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 Appinfo ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 Appinfo ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 AppMgmt ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 AppMgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 arc ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 arc ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 arcsas ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 arcsas ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 AsIO ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 AsIO ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 AsyncMac ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 AsyncMac ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 atapi ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 AtiHDAudioService ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 AtiHDAudioService ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 AtiHdmiService ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 AtiHdmiService ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 atikmdag ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 atikmdag ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 AtiPcie ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 AtiPcie ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0771 2252 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0771 2252 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 AxInstSV ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 AxInstSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 b06bdrv ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 b06bdrv ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 b57nd60a ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 b57nd60a ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 BDESVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 BDESVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 Beep ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 Beep ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 BFE ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 BFE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 BITS ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 blbdrive ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 blbdrive ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 bowser ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 bowser ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 BrFiltLo ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 BrFiltLo ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 BrFiltUp ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 BrFiltUp ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 BridgeMP ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0787 2252 BridgeMP ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0787 2252 Browser ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 Brserid ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 Brserid ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 BrSerWdm ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 BrSerWdm ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 BrUsbMdm ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 BrUsbMdm ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 BrUsbSer ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 BrUsbSer ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 BTHMODEM ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 BTHMODEM ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 bthserv ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 bthserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 cdfs ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 cdfs ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 cdrom ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 CertPropSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 CertPropSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 circlass ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 circlass ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 CLFS ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 CLFS ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 clr_optimization_v2.0.50727_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0802 2252 clr_optimization_v2.0.50727_64 ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0802 2252 clr_optimization_v2.0.50727_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 clr_optimization_v4.0.30319_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 CmBatt ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 cmdide ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 cmdide ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 CNG ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 CNG ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 Compbatt ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 CompositeBus ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 CompositeBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 crcdisk ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 crcdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 CSC ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 CSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 CscService ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 CscService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 DAUpdaterSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 DAUpdaterSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0818 2252 defragsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0818 2252 defragsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 DfsC ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 DfsC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 discache ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 discache ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 Disk ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 DPS ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 DPS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 drmkaud ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 ebdrv ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0834 2252 EFS ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0834 2252 EFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 ehSched ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 ehSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 elxstor ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 elxstor ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 ErrDev ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 exfat ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 exfat ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 fastfat ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 Fax ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 Fax ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 fdc ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 fdc ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 fdPHost ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 fdPHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 FDResPub ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 FDResPub ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 FileInfo ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 Filetrace ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0849 2252 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0849 2252 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 FltMgr ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 FontCache ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 FontCache ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 FontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 FontCache3.0.0.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 FsDepends ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 fvevol ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 gpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 gpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 gupdate ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 gupdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 gupdatem ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 gupdatem ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0865 2252 HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0865 2252 HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 HidBatt ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 HidBth ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 HidIr ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 hidserv ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 hidserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 HomeGroupListener ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 HomeGroupListener ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 HomeGroupProvider ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 HomeGroupProvider ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 HpSAMD ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 HpSAMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 hwpolicy ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 hwpolicy ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0880 2252 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0880 2252 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 iirsp ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 IKEEXT ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 IKEEXT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 IntcAzAudAddService ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 IntcAzAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 intelide ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 intelppm ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 IPBusEnum ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 IPBusEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 isapnp ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0896 2252 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0896 2252 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 KeyIso ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 KeyIso ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 Kodak AiO Network Discovery Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 Kodak AiO Network Discovery Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 ksthunk ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 KtmRm ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 KtmRm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 LanmanServer ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 LanmanServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 LanmanWorkstation ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 LanmanWorkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 lltdio ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 lltdsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 lltdsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 lmhosts ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 lmhosts ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0912 2252 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0912 2252 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 luafv ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 MBAMScheduler ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 MBAMScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 MBAMService ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 MBAMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 Mcx2Svc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 Mcx2Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 megasas ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 MMCSS ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 MMCSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 Modem ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 monitor ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0927 2252 mouclass ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0927 2252 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 mouhid ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 mountmgr ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 MozillaMaintenance ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 mpio ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 MpsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 MpsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 msahci ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 msdsm ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0943 2252 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0943 2252 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 Msfs ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 MSiSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 MSiSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 MTsensor ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 MTsensor ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 Mup ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0958 2252 napagent ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0958 2252 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 NDIS ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 NetBT ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 NetBT ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 Netman ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 netprofm ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 netprofm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0974 2252 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0974 2252 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 NlaSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 NlaSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 Npfs ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 nsi ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 nsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 Null ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 Null ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 nvraid ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 nvrd64 ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 nvrd64 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 nvsmu ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 nvsmu ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 nvstor ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 nvstor64 ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 nvstor64 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:00.0990 2252 p2pimsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:00.0990 2252 p2pimsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 p2psvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 p2psvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 Parport ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 partmgr ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 PcaSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 PcaSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 pci ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 pci ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 pciide ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 pcw ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 pcw ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 PeerDistSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 PeerDistSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 PerfHost ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 PerfHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 pla ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 pla ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0005 2252 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0005 2252 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 PNRPAutoReg ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 PNRPsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 PNRPsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 Power ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 Power ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 Processor ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 ProfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 ProfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 Psched ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 QWAVE ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 QWAVE ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0021 2252 RapiMgr ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0021 2252 RapiMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 rdbss ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RDPDR ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RDPDR ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0036 2252 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0036 2252 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 RdpVideoMiniport ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 RdpVideoMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 RpcEptMapper ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 RpcEptMapper ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 rspndr ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 s3cap ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 s3cap ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0052 2252 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0052 2252 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 scfilter ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 SCPolicySvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 SCPolicySvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 SDRSVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 SDRSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 secdrv ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 SENS ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 SensrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 SensrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 Serenum ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 Serial ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 sermouse ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 SessionEnv ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 SessionEnv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0068 2252 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0068 2252 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 Smb ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 SNMPTRAP ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 SNMPTRAP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 spldr ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 sppsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 sppsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 sppuinotify ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 sppuinotify ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0083 2252 srv ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0083 2252 srv ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 srv2 ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 srvnet ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 SstpSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 SstpSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 stexstor ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 storflt ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 storflt ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 storvsc ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 storvsc ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 swenum ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 swprv ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 swprv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 SysMain ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 SysMain ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 TabletInputService ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 TabletInputService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0099 2252 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0099 2252 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 TBS ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 TBS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 tdx ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 TermDD ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 TermService ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 THREADORDER ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 THREADORDER ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 TomTomHOMEService ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 TomTomHOMEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0114 2252 TrustedInstaller ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0114 2252 TrustedInstaller ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 tunnel ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 udfs ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 UI0Detect ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 UI0Detect ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 umbus ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 UmPass ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 UmRdpService ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 UmRdpService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0130 2252 usbcir ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0130 2252 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 usbehci ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 usbhub ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 usbohci ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 usbprint ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 usbscan ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 usb_rndisx ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 usb_rndisx ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 UxSms ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 UxSms ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 VaultSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 VaultSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 vds ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 vds ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 vga ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 vga ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0146 2252 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0146 2252 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 viaide ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 vmbus ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 vmbus ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 VMBusHID ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 VMBusHID ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 volmgr ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 volsnap ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 vpcbus ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 vpcbus ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 vpcnfltr ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 vpcnfltr ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 vpcusb ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 vpcusb ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 vpcvmm ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 vpcvmm ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0161 2252 VSS ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0161 2252 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 WANARP ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 WatAdminSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 WatAdminSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 wbengine ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 wbengine ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 WbioSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 WbioSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 WcesComm ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 WcesComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 wcncsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 wcncsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 WcsPlugInService ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 WcsPlugInService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 Wd ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0177 2252 WdiServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0177 2252 WdiServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 WdiSystemHost ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 WdiSystemHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 Wecsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 Wecsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 wercplsupport ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 wercplsupport ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 WerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 WerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 Winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 Winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 WinRM ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 WinRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 Wlansvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 Wlansvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 wmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 wmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0192 2252 WPCSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0192 2252 WPCSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0208 2252 WPDBusEnum ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0208 2252 WPDBusEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0208 2252 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0208 2252 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0208 2252 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0208 2252 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0208 2252 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0208 2252 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0208 2252 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0208 2252 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0208 2252 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
09:17:01.0208 2252 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
09:17:01.0208 2252 wudfsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0208 2252 wudfsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:17:01.0208 2252 WwanSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:17:01.0208 2252 WwanSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip


OTL logfile created on: 25/09/2012 09:23:17 - Run 5
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 14.41 Gb Available Physical Memory | 90.08% Memory free
32.00 Gb Paging File | 30.31 Gb Available in Paging File | 94.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 804.65 Gb Free Space | 86.39% Space Free | Partition Type: NTFS
Drive D: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.75 Gb Total Space | 411.97 Gb Free Space | 88.45% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 7.06 Gb Free Space | 94.46% Space Free | Partition Type: FAT32

Computer Name: PHIL-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 15:43:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/13 22:23:32 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (No Company Name) ==========

MOD - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009/03/25 17:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 17:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/20 19:53:18 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/18 12:23:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/17 15:24:16 | 000,308,592 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:17 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/26 11:36:12 | 000,323,584 | -H-- | M] (DeviceVM) [Disabled | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:12:24 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:12:24 | 000,027,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:12:22 | 000,027,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:12:22 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/20 19:20:18 | 000,356,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/08/20 19:20:18 | 000,187,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/20 19:20:18 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/08/20 19:20:18 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/07/24 02:49:00 | 000,119,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 17:52:30 | 000,215,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/04 12:30:28 | 000,016,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 16 0D C4 B8 9A CD 01 [binary data]
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/21 22:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/18 12:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/18 12:23:01 | 000,000,000 | ---D | M]

[2012/09/23 15:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/09/18 12:23:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/30 20:03:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/30 20:03:32 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/24 20:54:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF20412.3XE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1824711558-3474206165-418731102-1004..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\diablo acct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1824711558-3474206165-418731102-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6026CA55-B83D-4F90-9F70-668444118E2E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/09 10:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/31 19:01:11 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/31 19:01:28 | 001,101,824 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 23:15:46 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/08/30 23:15:25 | 000,001,214 | R--- | M] () - D:\autorun.str -- [ CDFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/09/24 20:54:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/24 20:52:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/24 20:47:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/24 13:38:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\avenger
[2012/09/24 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2012/09/24 10:29:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/24 10:29:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/24 10:29:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/24 10:26:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/24 10:26:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/24 10:25:23 | 004,759,205 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/09/24 10:05:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\rk logs
[2012/09/24 10:01:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/23 17:48:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/23 16:44:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\RK_Quarantine
[2012/09/23 16:42:35 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\winlogon.exe
[2012/09/23 15:48:17 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/23 15:20:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012/09/23 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012/09/23 15:17:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/09/23 15:17:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\Virtual Machines
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
[2012/09/23 15:17:26 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/23 15:17:26 | 000,000,000 | -H-D | C] -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/23 15:17:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2012/09/23 15:17:17 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Templates
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Start Menu
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\PrintHood
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\NetHood
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\My Documents
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Local Settings
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2012/09/23 15:17:08 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Application Data
[2012/09/23 15:17:07 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2012/09/23 15:17:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/23 15:17:07 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2012/09/23 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012/09/23 15:17:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012/09/23 12:39:57 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/09/18 12:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/02 09:53:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2012/09/25 09:12:47 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 09:12:47 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 09:10:47 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 09:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/25 09:07:37 | 4294,320,126 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 21:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/24 20:54:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/24 20:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/24 13:48:55 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\jslpyfao.sys
[2012/09/24 13:48:55 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2012/09/24 13:40:57 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\epfy.sys
[2012/09/24 13:33:54 | 000,724,952 | ---- | M] () -- C:\Users\Admin\Desktop\avenger.zip
[2012/09/24 11:27:29 | 004,759,205 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/09/23 16:30:06 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\winlogon.exe
[2012/09/23 16:29:42 | 001,391,104 | ---- | M] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/09/23 15:43:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/23 15:25:26 | 000,001,437 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/20 19:53:18 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/20 19:53:18 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/18 12:23:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/02 09:47:32 | 000,086,472 | ---- | M] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys

========== Files Created - No Company Name ==========

[2012/09/24 13:48:55 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\jslpyfao.sys
[2012/09/24 13:40:57 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\epfy.sys
[2012/09/24 13:40:57 | 000,000,000 | ---- | C] () -- C:\backup.reg
[2012/09/24 13:38:24 | 000,731,136 | ---- | C] () -- C:\Users\Admin\Desktop\avenger.exe
[2012/09/24 13:36:08 | 000,724,952 | ---- | C] () -- C:\Users\Admin\Desktop\avenger.zip
[2012/09/24 10:29:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/24 10:29:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/24 10:29:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/24 10:29:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/24 10:29:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/23 16:42:22 | 001,391,104 | ---- | C] () -- C:\Users\Admin\Desktop\RogueKiller.exe
[2012/09/23 15:25:26 | 000,001,437 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 15:17:29 | 000,001,409 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/09/23 15:17:26 | 000,001,443 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/23 15:17:07 | 000,000,290 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/23 15:17:07 | 000,000,272 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/02 09:53:39 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/02 09:47:32 | 000,086,472 | ---- | C] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/08 22:11:30 | 000,120,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/09 16:53:44 | 000,041,068 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/08/07 22:19:12 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/08/07 22:19:12 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/08/07 22:19:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 09:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 09:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\system64\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows.old\Windows\System32\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\system64\drivers\etc\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\system64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\system64\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.EXE.VIR >
[2009/07/13 21:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC -- C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/09/24 08:47:49 | 000,000,134 | ---- | M] () MD5=D9E5E8226638234CF0DCEF5620C7DEAA -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PD2GP9BJ\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\system64\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\system64\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\system64\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2010/05/21 01:34:38 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2009/08/19 11:24:20 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Windows.old\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2010/05/21 01:28:42 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2009/08/19 11:23:28 | 005,472,256 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Windows.old\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/09/23 16:30:06 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) MD5=9ED9F21D73F9D71E30EAB71835E656EB -- C:\Users\Admin\Desktop\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >


OTL Extras logfile created on: 23/09/2012 15:55:59 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Admin\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

16.00 Gb Total Physical Memory | 13.98 Gb Available Physical Memory | 87.37% Memory free
32.00 Gb Paging File | 29.75 Gb Available in Paging File | 92.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 804.07 Gb Free Space | 86.33% Space Free | Partition Type: NTFS
Drive D: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.75 Gb Total Space | 411.97 Gb Free Space | 88.45% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 7.07 Gb Free Space | 94.57% Space Free | Partition Type: FAT32

Computer Name: PHIL-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Virtual Windows XP
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{44B4F244-5B4D-856E-B3A6-E8DDBDC7F127}" = AMD Fuel
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{7A98574D-B3EA-2A5C-CF11-02EF1D1DB500}" = ATI AVIVO64 Codecs
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Process_Hacker_is1" = Process Hacker 1.5
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = AMD VISION Engine Control Center
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A1A9A33E-F1E5-FBF4-8D72-E90BEAC7108A}" = HydraVision
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{CCE5576D-BFB1-4530-9014-F4C7B7DA63C9}_is1" = µTorrent
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DCF9A8CC-6EB4-156B-7E67-BABDACF9218D}" = Family Feud
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bodog Poker_is1" = Bodog Poker
"Cake Poker 2.0" = Cake Poker 2.0
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Family Feud" = Family Feud (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"mIRC" = mIRC
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Universal Extractor_is1" = Universal Extractor 1.6
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/09/2012 04:25:39 | Computer Name = Phil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4fd626ed Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
id: 0x5b4 Faulting application start time: 0x01cd98d34356a017 Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 40fc3c5e-0558-11e2-b302-90e6ba431217

Error - 23/09/2012 11:53:47 | Computer Name = Phil-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 23/09/2012 12:33:45 | Computer Name = Phil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4fd626ed Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
id: 0x5ac Faulting application start time: 0x01cd99a2dfc61346 Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 71433e57-059c-11e2-a7a3-90e6ba431217

Error - 23/09/2012 12:41:01 | Computer Name = Phil-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 23/09/2012 15:23:28 | Computer Name = Phil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
stamp: 0x4fd626ed Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
id: 0x604 Faulting application start time: 0x01cd99a951e0b5fc Faulting application
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 26d04b29-05b4-11e2-95b1-90e6ba431217

Error - 23/09/2012 15:25:02 | Computer Name = Phil-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The file or directory
is corrupted and unreadable.

Error - 23/09/2012 15:25:02 | Computer Name = Phil-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The file or directory
is corrupted and unreadable.

Error - 23/09/2012 15:25:03 | Computer Name = Phil-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The file or directory
is corrupted and unreadable.

Error - 23/09/2012 15:28:33 | Computer Name = Phil-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 23/09/2012 15:49:28 | Computer Name = Phil-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

[ System Events ]
Error - 23/09/2012 16:00:51 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =

Error - 23/09/2012 16:00:51 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =

Error - 23/09/2012 16:00:51 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =

Error - 23/09/2012 16:00:51 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =

Error - 23/09/2012 16:00:51 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =

Error - 23/09/2012 16:00:51 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =

Error - 23/09/2012 16:00:52 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =

Error - 23/09/2012 16:00:52 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =

Error - 23/09/2012 16:00:52 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =

Error - 23/09/2012 16:00:52 | Computer Name = Phil-PC | Source = Ntfs | ID = 262199
Description =


< End of report >
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to create a CD ? As I will need to run an AV programme outside of windows to try and kill this driver

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    SRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
    DRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    [2012/09/24 13:48:55 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\jslpyfao.sys
    [2012/09/24 13:40:57 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\epfy.sys
    [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys 
    
    :Files
    C:\Windows\System32\drivers\4b67c937a5c89fb4.sys
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


CREATE A CD

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#19
risefreeze

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I ran otl with the script and then burned dr web to a cd. Dr Web took a few hours to complete. When it was finished, I selected all the items it allowed me to of the 41 and clicked cure. It ended up saying 2 threats neutralized, and then a window in the bottom right kept coming up saying "not enough space on disk". I then reselected everything and tried the options quarantine and remove. After 4-5 times, the program froze but I did notice quite a few things in quarantine when I reopened it. I restarted the computer and my main account now appears to be clean :) The backup admin account still has corrupted files and problems, but I'm thinking I can just delete it and use my regular account? The only problem that I see still remains is when the computer starts up I still get this message: "Checking file system on C:/ The type of Files system is NTFS. One if your disks needs to be checked for consistency. CHKDSK is verifying files. Then it starts the scan if I don't abort and about 10 seconds in, it will restart the computer and repeat the cycle. I do remember CHKDSK being one of the files that was corrupt on the admin account. Here is a copy of my OTL log and a malewarebytes log I ran from my main account. Is most of it gone?

OTL logfile created on: 9/25/2012 6:17:39 PM - Run 7
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Phil\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 14.17 Gb Available Physical Memory | 88.58% Memory free
32.00 Gb Paging File | 29.88 Gb Available in Paging File | 93.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 804.60 Gb Free Space | 86.38% Space Free | Partition Type: NTFS
Drive D: | 191.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 465.75 Gb Total Space | 411.97 Gb Free Space | 88.45% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 6.87 Gb Free Space | 91.88% Space Free | Partition Type: FAT32

Computer Name: PHIL-PC | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/25 18:17:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
PRC - [2012/09/18 12:23:03 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/24 10:39:25 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/01/23 00:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/08/13 22:23:32 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/18 12:23:03 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/24 10:39:25 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2009/06/10 16:30:06 | 004,113,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009/03/25 17:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/05/11 17:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/20 19:53:18 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/18 12:23:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/05/17 15:24:16 | 000,308,592 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 15:07:17 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/26 11:36:12 | 000,323,584 | -H-- | M] (DeviceVM) [Disabled | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/02 09:47:32 | 000,086,472 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys -- (4b67c937a5c89fb4)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/07 14:12:24 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:12:24 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:12:22 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:12:22 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/20 19:20:18 | 000,356,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/08/20 19:20:18 | 000,187,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/20 19:20:18 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/08/20 19:20:18 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/07/24 02:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 17:52:30 | 000,215,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/04 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1000\..\SearchScopes\{B3E08E79-7C57-4632-BC89-2D39218DE104}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1824711558-3474206165-418731102-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50923

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/21 22:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/18 12:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/18 12:23:01 | 000,000,000 | ---D | M]

[2012/06/29 21:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
[2012/06/11 12:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/07/01 02:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\cbvm06q9.default\extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012/09/18 12:22:59 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/09/18 12:23:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/30 20:03:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/30 20:03:32 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/25 10:31:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1824711558-3474206165-418731102-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF20412.3XE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1824711558-3474206165-418731102-1000..\Run: [GoogleChrome] C:\Users\Phil\AppData\Local\Temp\appipu.exe File not found
O4 - HKU\S-1-5-21-1824711558-3474206165-418731102-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1824711558-3474206165-418731102-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\diablo acct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1824711558-3474206165-418731102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe (Bodog)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6026CA55-B83D-4F90-9F70-668444118E2E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/09 10:48:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6c746bac-1550-11df-ab27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6c746bac-1550-11df-ab27-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\Diablo III Setup.exe"
O33 - MountPoints2\{eba3bf49-8237-11e0-96a8-90e6ba431217}\Shell - "" = AutoRun
O33 - MountPoints2\{eba3bf49-8237-11e0-96a8-90e6ba431217}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/25 18:17:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2012/09/25 10:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/09/25 10:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/09/24 20:54:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/24 20:52:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/24 20:52:42 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\temp
[2012/09/24 20:47:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/24 10:29:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/24 10:29:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/24 10:29:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/24 10:26:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/24 10:26:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/24 10:01:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/23 17:48:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/23 12:39:57 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/09/18 12:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/02 09:53:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/02 09:52:44 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam-setup-1.62.0.1300.exe

========== Files - Modified Within 30 Days ==========

[2012/09/25 18:17:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Desktop\OTL.exe
[2012/09/25 17:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/25 17:48:30 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 17:48:30 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 17:43:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 17:43:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/25 17:43:21 | 4294,320,126 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/25 10:57:13 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/09/25 10:31:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/25 09:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/25 07:05:51 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/09/24 13:48:55 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2012/09/18 12:23:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/02 09:52:46 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phil\Desktop\mbam-setup-1.62.0.1300.exe
[2012/09/02 09:47:32 | 000,086,472 | ---- | M] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys
[2012/09/02 09:17:16 | 001,543,642 | ---- | M] () -- C:\Users\Phil\Desktop\Spin_The_Wheel.rar

========== Files Created - No Company Name ==========

[2012/09/25 10:57:13 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/09/25 10:57:13 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/09/25 07:05:37 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/09/24 13:40:57 | 000,000,000 | ---- | C] () -- C:\backup.reg
[2012/09/24 10:29:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/24 10:29:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/24 10:29:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/24 10:29:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/24 10:29:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/02 09:53:39 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/02 09:47:32 | 000,086,472 | ---- | C] () -- C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys
[2012/09/02 09:17:04 | 001,543,642 | ---- | C] () -- C:\Users\Phil\Desktop\Spin_The_Wheel.rar
[2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/08 22:11:30 | 000,120,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/21 22:16:27 | 000,005,258 | -HS- | C] () -- C:\Users\Phil\AppData\Local\id8i1jjw6f143c6io0c76
[2011/12/21 13:47:25 | 000,005,114 | -HS- | C] () -- C:\Users\Phil\AppData\Local\wnvmdd1a4gvf4tdl1nup0y664v8u
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/09 16:53:44 | 000,041,068 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/08/07 22:19:12 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/08/07 22:19:12 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/08/07 22:19:12 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/02/09 09:14:59 | 000,000,990 | ---- | C] () -- C:\Users\Phil\AppData\Local\7F68A003.il
[2010/02/09 09:14:59 | 000,000,832 | ---- | C] () -- C:\Users\Phil\AppData\Local\IndexIE_7F68A003.il

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1824711558-3474206165-418731102-1000\$d3ca52920c504a92c66898d8688ada15\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2012/09/25 11:00:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImgBurn
[2011/08/16 01:40:21 | 000,000,000 | ---D | M] -- C:\Users\diablo acct\AppData\Roaming\OpenOffice.org
[2011/07/19 18:45:37 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\acccore
[2012/09/16 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\CarbonPoker
[2011/06/22 21:01:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\OpenOffice.org
[2011/07/14 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\FrostWire
[2010/06/28 14:57:47 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\iWin
[2010/10/22 08:45:46 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\OpenOffice.org
[2011/09/06 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Subversion
[2011/02/17 22:19:34 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Temp
[2012/06/11 12:48:23 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TomTom
[2012/03/03 20:13:09 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Phil :: PHIL-PC [administrator]

9/25/2012 6:28:27 PM
mbam-log-2012-09-25 (18-28-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258867
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleChrome (Trojan.Agent) -> Data: C:\Users\Phil\AppData\Local\Temp\appipu.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Admin\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We still have the driver that does not want to go. I will try one more time with combofix, then we will see if we can fix the chkdisc


Allow Combofix to update if it requests

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
C:\Windows\System32\drivers\4b67c937a5c89fb4.sys

Registry::
[-HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}]

Driver::
4b67c937a5c89fb4

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



CHKDISC

Open an elevated command prompt
Go Start > All programs > Accessories
Right click Command prompt and select run as Administrator
In the black box type the following pressing enter after each line :

fsutil dirty query c:.
type chkntfs /x c:


The first line will query as to whether there is a dirty bit or not, please report on any output
The second line will stop Chkdisc running at next boot
  • 0

#21
risefreeze

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ran combofix with your script, it ran and then restarted. The log popped up on the restart. I closed it to take a picture of dos. When I went to retrieve it again, there wasn't a combofix folder in the C drive. I did a search for combofix and can't seem to locate the log. I can run it again but will wait for your instructions.

Posted Image
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes run it again please. I will check out how to clear the dirty bit that is causing the chkdisc problem..... Back soon
  • 0

#23
risefreeze

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Reran with same script here is the log. chkdisc isn't coming up at start anymore. Looks like everything is working for the most part.

ComboFix 12-09-26.01 - Phil 09/26/2012 10:42:02.6.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16383.14564 [GMT -4:00]
Running from: c:\users\Phil\Desktop\ComboFix.exe
Command switches used :: c:\users\Phil\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_4B67C937A5C89FB4
-------\Service_4b67c937a5c89fb4
.
.
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 14:45 . 2012-09-26 14:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-26 14:45 . 2012-09-26 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-26 14:03 . 2012-09-26 14:03 -------- d-----w- c:\users\diablo acct
2012-09-25 14:57 . 2012-09-25 14:57 -------- d-----w- c:\program files (x86)\ImgBurn
2012-09-25 00:52 . 2012-09-26 14:46 -------- d-----w- c:\users\Phil\AppData\Local\temp
2012-09-24 17:40 . 2012-09-24 17:48 0 ----a-w- C:\backup.reg
2012-09-24 14:01 . 2012-09-24 14:01 -------- d-----w- C:\_OTL
2012-09-23 21:48 . 2012-09-23 21:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 19:17 . 2012-09-26 13:46 -------- d-----w- c:\users\Admin
2012-09-23 16:39 . 2012-09-23 16:39 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-14 04:11 . 2012-09-14 04:11 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia
2012-09-14 04:11 . 2012-09-14 04:11 -------- d-----w- c:\users\Guest\AppData\Local\AMD
2012-09-02 13:53 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 00:02 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C63BE266-4DD5-4C06-A444-C8791FD2F47F}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 23:53 . 2012-04-03 16:39 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 23:53 . 2011-06-07 15:05 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 06:05 . 2011-07-30 05:32 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 18:15 . 2012-08-15 16:34 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 02:06 . 2012-08-11 16:55 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2010-11-21 06:37 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:16 . 2012-08-15 16:34 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 16:34 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 16:34 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 16:34 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-16 06:06 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-16 06:06 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-16 06:06 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-16 06:06 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-16 06:06 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-16 06:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-16 06:06 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-16 06:06 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-16 06:06 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-16 06:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-16 06:06 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-16 06:06 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-16 06:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-16 06:06 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-16 06:06 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-16 06:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-16 06:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 06:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 06:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-05-07 2042368]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-18 114144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-30 1255736]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2008-11-26 323584]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 308592]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 4B67C937A5C89FB4
*Deregistered* - 4b67c937a5c89fb4
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:53]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-03 23:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-05-07 2042368]
"combofix"="c:\combofix\CF7238.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50923
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\cbvm06q9.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\4b67c937a5c89fb4]
"ImagePath"="\SystemRoot\System32\Drivers\4b67c937a5c89fb4.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\EPU\EPU.exe
c:\windows\DAODx.exe
.
**************************************************************************
.
Completion time: 2012-09-26 10:48:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-26 14:48
ComboFix2.txt 2012-09-26 14:03
.
Pre-Run: 863,792,283,648 bytes free
Post-Run: 863,489,273,856 bytes free
.
- - End Of File - - 0EA63120DF10F749F59A2A2F7113C74E
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looks like we kicked its butt this time :)

What we will do now is attempt to remove the dirty bit. This will mean that it will run a check disc at next boot but it will run all the way through and stop the continual running

Open an elevated command prompt as before
Type in this command :

chkdsk c: /f /r

It will ask to do it on next boot, agree to that.
When you reboot disc check will run but this time should complete and remove the dirty bit.

If it fails to do that then run the chkntfs /x c: command again to stop it
Then I will have a rethunk

How is the computer now ? Any further problems
  • 0

#25
risefreeze

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It still restarts, however I have no concern about it as long as it won't cause problems with anything else. The only other problem I have occasionally is when my computer stays on for awhile, I will often lose picture to my monitor when I am logging on or off from my account or for no reason at all. I tested it with 2 different monitors and they both do the same thing. I checked power settings and changed turn off display to never and put computer to sleep never. The only way to restore picture is to hold the power button in and restart the computer. Any thoughts on that would be appreciated.

I want to thank you for your help. You have restored my computer from what appeared to be a hopeless situation. Definitely an expert, Thank you! :)
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK as it displays the same even with different monitors my first thought would be that the video card is either overheating or on the way out..

Do you have a seperate video card or is it an onboard one ?

If you do not know then download Speccy from here
Run it and that will then show the video card that you have
[attachment=60754:Capture.GIF]

We can also check the temperatures

Download Speedfan and install it.
Once it's installed, run the program and post here the information it shows.
The information I want you to post is the stuff that is circled in the example picture I have attached.
If you are running on a vista machine, please go to where you installed the program and run the program as administrator.
Posted Image (this is a screenshot from a vista machine)

Apart from that what other problems are you experiencing
  • 0

#27
risefreeze

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Graphics card is seperate its a ATI Radeon HD 4800 Series.

Both programs didn't work.

Posted Image
Posted Image

Posted Image

Everything else appears to be working.
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will remove my tools and then see if we can resolve the video problem

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:

Could you retry Speed fan but this time right click and select run as Administrator

Do you also have an onboard video driver ?
If so remove the card and allow that chip to run the video and see if the problem recurs
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP