Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fbi Virus Moneypak [Solved]

Started by risefreeze , Sep 23 2012 02:14 PM

  • This topic is locked This topic is locked

#46
Essexboy
Posted 07 October 2012 - 03:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I have found the miscreant... This is a very hard one to remove

When you run TDSSKiller and it shows the following file and driver select delete. This must be done the first time around as it will not see it on a second run

FILE : C:\Windows\SysNative\drivers\4b67c937a5c89fb4.sys
DRIVER : 4b67c937a5c89fb4


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

Advertisements

#47
risefreeze
Posted 07 October 2012 - 07:59 PM

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ran TDS it found the driver, and I set to delete. It asked for reboot and I accepted, Once I logged in I got a prompt to allow a program to run its named looked like the bad driver but it said publisher was Kaspersky so I accepted and let it run.

21:55:08.0993 3204 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:55:09.0399 3204 ============================================================
21:55:09.0399 3204 Current date / time: 2012/10/07 21:55:09.0399
21:55:09.0399 3204 SystemInfo:
21:55:09.0399 3204
21:55:09.0399 3204 OS Version: 6.1.7601 ServicePack: 1.0
21:55:09.0399 3204 Product type: Workstation
21:55:09.0399 3204 ComputerName: PHIL-PC
21:55:09.0399 3204 UserName: Phil
21:55:09.0399 3204 Windows directory: C:\Windows
21:55:09.0399 3204 System windows directory: C:\Windows
21:55:09.0399 3204 Running under WOW64
21:55:09.0399 3204 Processor architecture: Intel x64
21:55:09.0399 3204 Number of processors: 4
21:55:09.0399 3204 Page size: 0x1000
21:55:09.0399 3204 Boot type: Normal boot
21:55:09.0399 3204 ============================================================
21:55:11.0411 3204 BG loaded
21:55:12.0472 3204 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:55:12.0472 3204 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:55:12.0488 3204 Drive \Device\Harddisk2\DR2 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:55:12.0503 3204 ============================================================
21:55:12.0503 3204 \Device\Harddisk0\DR0:
21:55:12.0503 3204 MBR partitions:
21:55:12.0503 3204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
21:55:12.0503 3204 \Device\Harddisk1\DR1:
21:55:12.0503 3204 MBR partitions:
21:55:12.0503 3204 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
21:55:12.0503 3204 \Device\Harddisk2\DR2:
21:55:12.0503 3204 MBR partitions:
21:55:12.0503 3204 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
21:55:12.0503 3204 ============================================================
21:55:12.0581 3204 C: <-> \Device\Harddisk1\DR1\Partition1
21:55:12.0597 3204 E: <-> \Device\Harddisk0\DR0\Partition1
21:55:12.0597 3204 ============================================================
21:55:12.0597 3204 Initialize success
21:55:12.0597 3204 ============================================================
  • 0

#48
Essexboy
Posted 08 October 2012 - 07:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the log at C:\TDSSKiller date log

Also run a fresh FSS log

And see if AVG now works
  • 0

#49
risefreeze
Posted 08 October 2012 - 11:54 AM

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Posted Image

:woot: :D

Looks like it worked!

Below are the 3 tds logs from yesterday and fss log. Should I uninstall AVG or keep them both?

21:49:38.0119 0296 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:49:38.0493 0296 ============================================================
21:49:38.0493 0296 Current date / time: 2012/10/07 21:49:38.0493
21:49:38.0493 0296 SystemInfo:
21:49:38.0493 0296
21:49:38.0493 0296 OS Version: 6.1.7601 ServicePack: 1.0
21:49:38.0493 0296 Product type: Workstation
21:49:38.0493 0296 ComputerName: PHIL-PC
21:49:38.0493 0296 UserName: Phil
21:49:38.0493 0296 Windows directory: C:\Windows
21:49:38.0493 0296 System windows directory: C:\Windows
21:49:38.0493 0296 Running under WOW64
21:49:38.0493 0296 Processor architecture: Intel x64
21:49:38.0493 0296 Number of processors: 4
21:49:38.0493 0296 Page size: 0x1000
21:49:38.0493 0296 Boot type: Normal boot
21:49:38.0493 0296 ============================================================
21:49:46.0137 0296 !crdlk
21:49:46.0137 0296 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
21:49:46.0153 0296 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
21:49:46.0169 0296 Drive \Device\Harddisk2\DR2 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:49:46.0169 0296 ============================================================
21:49:46.0169 0296 \Device\Harddisk0\DR0:
21:49:46.0169 0296 MBR partitions:
21:49:46.0169 0296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
21:49:46.0169 0296 \Device\Harddisk1\DR1:
21:49:46.0169 0296 MBR partitions:
21:49:46.0169 0296 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
21:49:46.0169 0296 \Device\Harddisk2\DR2:
21:49:46.0169 0296 MBR partitions:
21:49:46.0169 0296 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
21:49:46.0169 0296 ============================================================
21:49:46.0200 0296 C: <-> \Device\Harddisk1\DR1\Partition1
21:49:46.0215 0296 E: <-> \Device\Harddisk0\DR0\Partition1
21:49:46.0215 0296 ============================================================
21:49:46.0215 0296 Initialize success
21:49:46.0215 0296 ============================================================
21:50:29.0583 2604 ============================================================
21:50:29.0583 2604 Scan started
21:50:29.0583 2604 Mode: Manual; SigCheck; TDLFS;
21:50:29.0583 2604 ============================================================
21:50:30.0129 2604 ================ Scan system memory ========================
21:50:30.0129 2604 System memory - ok
21:50:30.0145 2604 ================ Scan services =============================
21:50:30.0285 2604 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:50:30.0363 2604 1394ohci - ok
21:50:30.0379 2604 Suspicious service (NoAccess): 4b67c937a5c89fb4
21:50:30.0395 2604 [ 0A7DAB6A5D1C59348CD56EDA45CF90B7 ] 4b67c937a5c89fb4 C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys
21:50:30.0395 2604 Suspicious file (NoAccess): C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys. md5: 0A7DAB6A5D1C59348CD56EDA45CF90B7
21:50:30.0441 2604 4b67c937a5c89fb4 ( Rootkit.Win32.Necurs.gen ) - infected
21:50:30.0441 2604 4b67c937a5c89fb4 - detected Rootkit.Win32.Necurs.gen (0)
21:50:30.0457 2604 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:50:30.0473 2604 ACPI - ok
21:50:30.0488 2604 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:50:30.0519 2604 AcpiPmi - ok
21:50:30.0629 2604 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:50:30.0644 2604 AdobeARMservice - ok
21:50:30.0738 2604 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:50:30.0738 2604 AdobeFlashPlayerUpdateSvc - ok
21:50:30.0769 2604 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:50:30.0785 2604 adp94xx - ok
21:50:30.0816 2604 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:50:30.0816 2604 adpahci - ok
21:50:30.0831 2604 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:50:30.0847 2604 adpu320 - ok
21:50:30.0878 2604 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:50:30.0909 2604 AeLookupSvc - ok
21:50:30.0941 2604 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:50:30.0987 2604 AFD - ok
21:50:31.0019 2604 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:50:31.0019 2604 agp440 - ok
21:50:31.0034 2604 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:50:31.0065 2604 ALG - ok
21:50:31.0097 2604 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:50:31.0112 2604 aliide - ok
21:50:31.0143 2604 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:50:31.0175 2604 AMD External Events Utility - ok
21:50:31.0253 2604 AMD FUEL Service - ok
21:50:31.0268 2604 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:50:31.0268 2604 amdide - ok
21:50:31.0299 2604 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
21:50:31.0331 2604 amdiox64 - ok
21:50:31.0346 2604 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:50:31.0377 2604 AmdK8 - ok
21:50:31.0518 2604 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:50:31.0643 2604 amdkmdag - ok
21:50:31.0705 2604 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:50:31.0721 2604 amdkmdap - ok
21:50:31.0736 2604 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:50:31.0752 2604 AmdPPM - ok
21:50:31.0783 2604 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:50:31.0799 2604 amdsata - ok
21:50:31.0814 2604 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:50:31.0814 2604 amdsbs - ok
21:50:31.0830 2604 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:50:31.0845 2604 amdxata - ok
21:50:31.0877 2604 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys
21:50:31.0908 2604 Andbus - ok
21:50:31.0908 2604 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys
21:50:31.0955 2604 AndDiag - ok
21:50:31.0970 2604 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys
21:50:31.0986 2604 AndGps - ok
21:50:32.0017 2604 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys
21:50:32.0017 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lgandmodem64.sys. md5: E2B5663E547FA5E756B253EFA8EC8286
21:50:32.0033 2604 ANDModem ( LockedFile.Multi.Generic ) - warning
21:50:32.0033 2604 ANDModem - detected LockedFile.Multi.Generic (1)
21:50:32.0064 2604 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
21:50:32.0064 2604 Suspicious file (NoAccess): C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys. md5: 5B25D1A753CC3A3EDB909BB759AC1098
21:50:32.0064 2604 AODDriver4.1 ( LockedFile.Multi.Generic ) - warning
21:50:32.0064 2604 AODDriver4.1 - detected LockedFile.Multi.Generic (1)
21:50:32.0095 2604 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:50:32.0095 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\appid.sys. md5: 89A69C3F2F319B43379399547526D952
21:50:32.0095 2604 AppID ( LockedFile.Multi.Generic ) - warning
21:50:32.0095 2604 AppID - detected LockedFile.Multi.Generic (1)
21:50:32.0111 2604 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:50:32.0142 2604 AppIDSvc - ok
21:50:32.0173 2604 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:50:32.0235 2604 Appinfo - ok
21:50:32.0251 2604 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:50:32.0267 2604 AppMgmt - ok
21:50:32.0282 2604 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:50:32.0282 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arc.sys. md5: C484F8CEB1717C540242531DB7845C4E
21:50:32.0298 2604 arc ( LockedFile.Multi.Generic ) - warning
21:50:32.0298 2604 arc - detected LockedFile.Multi.Generic (1)
21:50:32.0313 2604 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:50:32.0313 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 019AF6924AEFE7839F61C830227FE79C
21:50:32.0313 2604 arcsas ( LockedFile.Multi.Generic ) - warning
21:50:32.0313 2604 arcsas - detected LockedFile.Multi.Generic (1)
21:50:32.0376 2604 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
21:50:32.0376 2604 Suspicious file (NoAccess): C:\Windows\syswow64\drivers\AsIO.sys. md5: 8065A7659562005127673AC52898675F
21:50:32.0376 2604 AsIO ( LockedFile.Multi.Generic ) - warning
21:50:32.0376 2604 AsIO - detected LockedFile.Multi.Generic (1)
21:50:32.0391 2604 AsSysCtrlService - ok
21:50:32.0423 2604 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:50:32.0423 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765CE2CC62867468CEA93969B2242
21:50:32.0423 2604 AsyncMac ( LockedFile.Multi.Generic ) - warning
21:50:32.0423 2604 AsyncMac - detected LockedFile.Multi.Generic (1)
21:50:32.0469 2604 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:50:32.0469 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C
21:50:32.0469 2604 atapi ( LockedFile.Multi.Generic ) - warning
21:50:32.0469 2604 atapi - detected LockedFile.Multi.Generic (1)
21:50:32.0516 2604 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:50:32.0516 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\AtihdW76.sys. md5: 24464B908E143D2561E9E452FEE97309
21:50:32.0516 2604 AtiHDAudioService ( LockedFile.Multi.Generic ) - warning
21:50:32.0516 2604 AtiHDAudioService - detected LockedFile.Multi.Generic (1)
21:50:32.0547 2604 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:50:32.0563 2604 AtiHdmiService - ok
21:50:32.0688 2604 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:50:32.0781 2604 atikmdag - ok
21:50:32.0813 2604 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
21:50:32.0828 2604 AtiPcie - ok
21:50:32.0859 2604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:50:32.0906 2604 AudioEndpointBuilder - ok
21:50:32.0922 2604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:50:32.0937 2604 AudioSrv - ok
21:50:33.0125 2604 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
21:50:33.0218 2604 AVGIDSAgent - ok
21:50:33.0249 2604 [ 5FD4D6C35738899905E16E5284981427 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:50:33.0249 2604 AVGIDSDriver - ok
21:50:33.0281 2604 [ 132251CBBB95062E12FF21E212EB8FB4 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:50:33.0281 2604 AVGIDSHA - ok
21:50:33.0312 2604 [ 996FCACE7A8EFD926C8BB2C70A40C83F ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:50:33.0312 2604 Avgldx64 - ok
21:50:33.0343 2604 [ 3E0E2D8CD63C58A37CF81704E83459DD ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
21:50:33.0359 2604 Avgloga - ok
21:50:33.0374 2604 [ DC353C527816297BD11B13EA60C9BE75 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:50:33.0374 2604 Avgmfx64 - ok
21:50:33.0421 2604 [ 639CBC2F67FB25F9AB31957D9BF5CF8F ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:50:33.0421 2604 Avgrkx64 - ok
21:50:33.0452 2604 [ 1917293728A872BF520952F69E024FE6 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:50:33.0452 2604 Avgtdia - ok
21:50:33.0499 2604 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
21:50:33.0499 2604 avgwd - ok
21:50:33.0530 2604 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:50:33.0546 2604 AxInstSV - ok
21:50:33.0593 2604 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:50:33.0624 2604 b06bdrv - ok
21:50:33.0639 2604 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:50:33.0686 2604 b57nd60a - ok
21:50:33.0717 2604 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:50:33.0749 2604 BDESVC - ok
21:50:33.0780 2604 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:50:33.0780 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\Beep.sys. md5: 16A47CE2DECC9B099349A5F840654746
21:50:33.0795 2604 Beep ( LockedFile.Multi.Generic ) - warning
21:50:33.0795 2604 Beep - detected LockedFile.Multi.Generic (1)
21:50:33.0827 2604 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:50:33.0873 2604 BFE - ok
21:50:33.0920 2604 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:50:33.0967 2604 BITS - ok
21:50:33.0983 2604 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:50:33.0983 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3
21:50:33.0983 2604 blbdrive ( LockedFile.Multi.Generic ) - warning
21:50:33.0983 2604 blbdrive - detected LockedFile.Multi.Generic (1)
21:50:34.0045 2604 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:50:34.0045 2604 Bonjour Service - ok
21:50:34.0092 2604 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:50:34.0092 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5
21:50:34.0092 2604 bowser ( LockedFile.Multi.Generic ) - warning
21:50:34.0092 2604 bowser - detected LockedFile.Multi.Generic (1)
21:50:34.0107 2604 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:50:34.0107 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8
21:50:34.0107 2604 BrFiltLo ( LockedFile.Multi.Generic ) - warning
21:50:34.0107 2604 BrFiltLo - detected LockedFile.Multi.Generic (1)
21:50:34.0123 2604 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:50:34.0123 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6
21:50:34.0123 2604 BrFiltUp ( LockedFile.Multi.Generic ) - warning
21:50:34.0123 2604 BrFiltUp - detected LockedFile.Multi.Generic (1)
21:50:34.0139 2604 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:50:34.0139 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bridge.sys. md5: 5C2F352A4E961D72518261257AAE204B
21:50:34.0139 2604 BridgeMP ( LockedFile.Multi.Generic ) - warning
21:50:34.0139 2604 BridgeMP - detected LockedFile.Multi.Generic (1)
21:50:34.0170 2604 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:50:34.0201 2604 Browser - ok
21:50:34.0217 2604 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:50:34.0217 2604 Suspicious file (NoAccess): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD
21:50:34.0217 2604 Brserid ( LockedFile.Multi.Generic ) - warning
21:50:34.0217 2604 Brserid - detected LockedFile.Multi.Generic (1)
21:50:34.0232 2604 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:50:34.0232 2604 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42
21:50:34.0232 2604 BrSerWdm ( LockedFile.Multi.Generic ) - warning
21:50:34.0232 2604 BrSerWdm - detected LockedFile.Multi.Generic (1)
21:50:34.0248 2604 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:50:34.0248 2604 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524
21:50:34.0248 2604 BrUsbMdm ( LockedFile.Multi.Generic ) - warning
21:50:34.0248 2604 BrUsbMdm - detected LockedFile.Multi.Generic (1)
21:50:34.0263 2604 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:50:34.0263 2604 Suspicious file (NoAccess): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF
21:50:34.0263 2604 BrUsbSer ( LockedFile.Multi.Generic ) - warning
21:50:34.0263 2604 BrUsbSer - detected LockedFile.Multi.Generic (1)
21:50:34.0279 2604 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:50:34.0279 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8
21:50:34.0279 2604 BTHMODEM ( LockedFile.Multi.Generic ) - warning
21:50:34.0279 2604 BTHMODEM - detected LockedFile.Multi.Generic (1)
21:50:34.0310 2604 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:50:34.0357 2604 bthserv - ok
21:50:34.0357 2604 catchme - ok
21:50:34.0388 2604 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:50:34.0388 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A
21:50:34.0388 2604 cdfs ( LockedFile.Multi.Generic ) - warning
21:50:34.0388 2604 cdfs - detected LockedFile.Multi.Generic (1)
21:50:34.0419 2604 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:50:34.0419 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416
21:50:34.0419 2604 cdrom ( LockedFile.Multi.Generic ) - warning
21:50:34.0419 2604 cdrom - detected LockedFile.Multi.Generic (1)
21:50:34.0451 2604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:50:34.0497 2604 CertPropSvc - ok
21:50:34.0513 2604 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:50:34.0513 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF
21:50:34.0513 2604 circlass ( LockedFile.Multi.Generic ) - warning
21:50:34.0513 2604 circlass - detected LockedFile.Multi.Generic (1)
21:50:34.0544 2604 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:50:34.0560 2604 CLFS - ok
21:50:34.0622 2604 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:34.0638 2604 clr_optimization_v2.0.50727_32 - ok
21:50:34.0700 2604 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:50:34.0700 2604 clr_optimization_v2.0.50727_64 - ok
21:50:34.0763 2604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:50:34.0778 2604 clr_optimization_v4.0.30319_32 - ok
21:50:34.0794 2604 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:50:34.0794 2604 clr_optimization_v4.0.30319_64 - ok
21:50:34.0809 2604 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:50:34.0809 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33
21:50:34.0809 2604 CmBatt ( LockedFile.Multi.Generic ) - warning
21:50:34.0809 2604 CmBatt - detected LockedFile.Multi.Generic (1)
21:50:34.0841 2604 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:50:34.0841 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD
21:50:34.0841 2604 cmdide ( LockedFile.Multi.Generic ) - warning
21:50:34.0841 2604 cmdide - detected LockedFile.Multi.Generic (1)
21:50:34.0872 2604 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:50:34.0872 2604 Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: 9AC4F97C2D3E93367E2148EA940CD2CD
21:50:34.0887 2604 CNG ( LockedFile.Multi.Generic ) - warning
21:50:34.0887 2604 CNG - detected LockedFile.Multi.Generic (1)
21:50:34.0887 2604 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:50:34.0887 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14
21:50:34.0887 2604 Compbatt ( LockedFile.Multi.Generic ) - warning
21:50:34.0887 2604 Compbatt - detected LockedFile.Multi.Generic (1)
21:50:34.0903 2604 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:50:34.0903 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8
21:50:34.0919 2604 CompositeBus ( LockedFile.Multi.Generic ) - warning
21:50:34.0919 2604 CompositeBus - detected LockedFile.Multi.Generic (1)
21:50:34.0919 2604 COMSysApp - ok
21:50:34.0934 2604 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:50:34.0934 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597
21:50:34.0934 2604 crcdisk ( LockedFile.Multi.Generic ) - warning
21:50:34.0934 2604 crcdisk - detected LockedFile.Multi.Generic (1)
21:50:34.0965 2604 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:50:35.0012 2604 CryptSvc - ok
21:50:35.0043 2604 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:50:35.0043 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\csc.sys. md5: 54DA3DFD29ED9F1619B6F53F3CE55E49
21:50:35.0059 2604 CSC ( LockedFile.Multi.Generic ) - warning
21:50:35.0059 2604 CSC - detected LockedFile.Multi.Generic (1)
21:50:35.0075 2604 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:50:35.0106 2604 CscService - ok
21:50:35.0184 2604 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
21:50:35.0199 2604 DAUpdaterSvc - ok
21:50:35.0231 2604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:50:35.0262 2604 DcomLaunch - ok
21:50:35.0293 2604 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:50:35.0340 2604 defragsvc - ok
21:50:35.0387 2604 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:50:35.0387 2604 Suspicious file (NoAccess): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4
21:50:35.0387 2604 DfsC ( LockedFile.Multi.Generic ) - warning
21:50:35.0387 2604 DfsC - detected LockedFile.Multi.Generic (1)
21:50:35.0402 2604 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:50:35.0449 2604 Dhcp - ok
21:50:35.0465 2604 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:50:35.0465 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3
21:50:35.0465 2604 discache ( LockedFile.Multi.Generic ) - warning
21:50:35.0465 2604 discache - detected LockedFile.Multi.Generic (1)
21:50:35.0480 2604 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:50:35.0480 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C
21:50:35.0496 2604 Disk ( LockedFile.Multi.Generic ) - warning
21:50:35.0496 2604 Disk - detected LockedFile.Multi.Generic (1)
21:50:35.0527 2604 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:50:35.0543 2604 Dnscache - ok
21:50:35.0589 2604 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:50:35.0621 2604 dot3svc - ok
21:50:35.0652 2604 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:50:35.0683 2604 DPS - ok
21:50:35.0714 2604 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:50:35.0714 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754
21:50:35.0730 2604 drmkaud ( LockedFile.Multi.Generic ) - warning
21:50:35.0730 2604 drmkaud - detected LockedFile.Multi.Generic (1)
21:50:35.0792 2604 [ E603B2BBCAB828088AB43F016188B259 ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
21:50:35.0808 2604 DvmMDES ( UnsignedFile.Multi.Generic ) - warning
21:50:35.0808 2604 DvmMDES - detected UnsignedFile.Multi.Generic (1)
21:50:35.0823 2604 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:50:35.0823 2604 Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: F5BEE30450E18E6B83A5012C100616FD
21:50:35.0823 2604 DXGKrnl ( LockedFile.Multi.Generic ) - warning
21:50:35.0823 2604 DXGKrnl - detected LockedFile.Multi.Generic (1)
21:50:35.0870 2604 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:50:35.0901 2604 EapHost - ok
21:50:35.0964 2604 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:50:35.0964 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F
21:50:35.0964 2604 ebdrv ( LockedFile.Multi.Generic ) - warning
21:50:35.0964 2604 ebdrv - detected LockedFile.Multi.Generic (1)
21:50:35.0995 2604 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:50:36.0026 2604 EFS - ok
21:50:36.0089 2604 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:50:36.0104 2604 ehRecvr - ok
21:50:36.0135 2604 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:50:36.0151 2604 ehSched - ok
21:50:36.0198 2604 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:50:36.0198 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184
21:50:36.0198 2604 elxstor ( LockedFile.Multi.Generic ) - warning
21:50:36.0198 2604 elxstor - detected LockedFile.Multi.Generic (1)
21:50:36.0229 2604 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:50:36.0229 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B
21:50:36.0229 2604 ErrDev ( LockedFile.Multi.Generic ) - warning
21:50:36.0229 2604 ErrDev - detected LockedFile.Multi.Generic (1)
21:50:36.0260 2604 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:50:36.0291 2604 EventSystem - ok
21:50:36.0307 2604 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:50:36.0307 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B
21:50:36.0323 2604 exfat ( LockedFile.Multi.Generic ) - warning
21:50:36.0323 2604 exfat - detected LockedFile.Multi.Generic (1)
21:50:36.0338 2604 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:50:36.0338 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D
21:50:36.0338 2604 fastfat ( LockedFile.Multi.Generic ) - warning
21:50:36.0338 2604 fastfat - detected LockedFile.Multi.Generic (1)
21:50:36.0369 2604 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:50:36.0416 2604 Fax - ok
21:50:36.0432 2604 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:50:36.0432 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB
21:50:36.0432 2604 fdc ( LockedFile.Multi.Generic ) - warning
21:50:36.0432 2604 fdc - detected LockedFile.Multi.Generic (1)
21:50:36.0463 2604 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:50:36.0510 2604 fdPHost - ok
21:50:36.0541 2604 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:50:36.0572 2604 FDResPub - ok
21:50:36.0603 2604 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:50:36.0603 2604 FileInfo - ok
21:50:36.0619 2604 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:50:36.0619 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47
21:50:36.0619 2604 Filetrace ( LockedFile.Multi.Generic ) - warning
21:50:36.0619 2604 Filetrace - detected LockedFile.Multi.Generic (1)
21:50:36.0635 2604 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:50:36.0635 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5
21:50:36.0635 2604 flpydisk ( LockedFile.Multi.Generic ) - warning
21:50:36.0635 2604 flpydisk - detected LockedFile.Multi.Generic (1)
21:50:36.0666 2604 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:50:36.0666 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741
21:50:36.0666 2604 FltMgr ( LockedFile.Multi.Generic ) - warning
21:50:36.0666 2604 FltMgr - detected LockedFile.Multi.Generic (1)
21:50:36.0713 2604 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:50:36.0744 2604 FontCache - ok
21:50:36.0791 2604 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:50:36.0806 2604 FontCache3.0.0.0 - ok
21:50:36.0822 2604 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:50:36.0822 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC
21:50:36.0822 2604 FsDepends ( LockedFile.Multi.Generic ) - warning
21:50:36.0822 2604 FsDepends - detected LockedFile.Multi.Generic (1)
21:50:36.0853 2604 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:50:36.0853 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B
21:50:36.0853 2604 Fs_Rec ( LockedFile.Multi.Generic ) - warning
21:50:36.0853 2604 Fs_Rec - detected LockedFile.Multi.Generic (1)
21:50:36.0884 2604 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:50:36.0884 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED
21:50:36.0884 2604 fvevol ( LockedFile.Multi.Generic ) - warning
21:50:36.0884 2604 fvevol - detected LockedFile.Multi.Generic (1)
21:50:36.0900 2604 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:50:36.0900 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6
21:50:36.0900 2604 gagp30kx ( LockedFile.Multi.Generic ) - warning
21:50:36.0900 2604 gagp30kx - detected LockedFile.Multi.Generic (1)
21:50:36.0947 2604 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:50:36.0978 2604 gpsvc - ok
21:50:37.0056 2604 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:50:37.0056 2604 gupdate - ok
21:50:37.0087 2604 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:50:37.0103 2604 gupdatem - ok
21:50:37.0118 2604 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:50:37.0118 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0
21:50:37.0118 2604 hcw85cir ( LockedFile.Multi.Generic ) - warning
21:50:37.0118 2604 hcw85cir - detected LockedFile.Multi.Generic (1)
21:50:37.0149 2604 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:50:37.0149 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410F6F415B2A5A9037224C41DA8BF12
21:50:37.0165 2604 HdAudAddService ( LockedFile.Multi.Generic ) - warning
21:50:37.0165 2604 HdAudAddService - detected LockedFile.Multi.Generic (1)
21:50:37.0196 2604 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:50:37.0196 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB
21:50:37.0196 2604 HDAudBus ( LockedFile.Multi.Generic ) - warning
21:50:37.0196 2604 HDAudBus - detected LockedFile.Multi.Generic (1)
21:50:37.0212 2604 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:50:37.0212 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F
21:50:37.0212 2604 HidBatt ( LockedFile.Multi.Generic ) - warning
21:50:37.0212 2604 HidBatt - detected LockedFile.Multi.Generic (1)
21:50:37.0227 2604 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:50:37.0227 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104
21:50:37.0243 2604 HidBth ( LockedFile.Multi.Generic ) - warning
21:50:37.0243 2604 HidBth - detected LockedFile.Multi.Generic (1)
21:50:37.0259 2604 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:50:37.0259 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825
21:50:37.0259 2604 HidIr ( LockedFile.Multi.Generic ) - warning
21:50:37.0259 2604 HidIr - detected LockedFile.Multi.Generic (1)
21:50:37.0290 2604 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:50:37.0321 2604 hidserv - ok
21:50:37.0352 2604 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:50:37.0352 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536
21:50:37.0368 2604 HidUsb ( LockedFile.Multi.Generic ) - warning
21:50:37.0368 2604 HidUsb - detected LockedFile.Multi.Generic (1)
21:50:37.0383 2604 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:50:37.0430 2604 hkmsvc - ok
21:50:37.0477 2604 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:50:37.0493 2604 HomeGroupListener - ok
21:50:37.0524 2604 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:50:37.0539 2604 HomeGroupProvider - ok
21:50:37.0571 2604 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:50:37.0571 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC
21:50:37.0571 2604 HpSAMD ( LockedFile.Multi.Generic ) - warning
21:50:37.0571 2604 HpSAMD - detected LockedFile.Multi.Generic (1)
21:50:37.0602 2604 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:50:37.0602 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28
21:50:37.0602 2604 HTTP ( LockedFile.Multi.Generic ) - warning
21:50:37.0602 2604 HTTP - detected LockedFile.Multi.Generic (1)
21:50:37.0633 2604 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:50:37.0633 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392
21:50:37.0633 2604 hwpolicy ( LockedFile.Multi.Generic ) - warning
21:50:37.0633 2604 hwpolicy - detected LockedFile.Multi.Generic (1)
21:50:37.0664 2604 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:50:37.0664 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3
21:50:37.0664 2604 i8042prt ( LockedFile.Multi.Generic ) - warning
21:50:37.0664 2604 i8042prt - detected LockedFile.Multi.Generic (1)
21:50:37.0695 2604 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:50:37.0695 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366
21:50:37.0695 2604 iaStorV ( LockedFile.Multi.Generic ) - warning
21:50:37.0695 2604 iaStorV - detected LockedFile.Multi.Generic (1)
21:50:37.0727 2604 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:50:37.0742 2604 idsvc - ok
21:50:37.0758 2604 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:50:37.0758 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21
21:50:37.0758 2604 iirsp ( LockedFile.Multi.Generic ) - warning
21:50:37.0758 2604 iirsp - detected LockedFile.Multi.Generic (1)
21:50:37.0789 2604 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:50:37.0820 2604 IKEEXT - ok
21:50:37.0867 2604 [ 5BA1779E2C84FDE2A5E201FFF9C42C9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:50:37.0867 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 5BA1779E2C84FDE2A5E201FFF9C42C9C
21:50:37.0883 2604 IntcAzAudAddService ( LockedFile.Multi.Generic ) - warning
21:50:37.0883 2604 IntcAzAudAddService - detected LockedFile.Multi.Generic (1)
21:50:37.0883 2604 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:50:37.0883 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA
21:50:37.0898 2604 intelide ( LockedFile.Multi.Generic ) - warning
21:50:37.0898 2604 intelide - detected LockedFile.Multi.Generic (1)
21:50:37.0898 2604 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:50:37.0898 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1
21:50:37.0898 2604 intelppm ( LockedFile.Multi.Generic ) - warning
21:50:37.0898 2604 intelppm - detected LockedFile.Multi.Generic (1)
21:50:37.0929 2604 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:50:37.0961 2604 IPBusEnum - ok
21:50:37.0992 2604 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:37.0992 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6
21:50:37.0992 2604 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
21:50:37.0992 2604 IpFilterDriver - detected LockedFile.Multi.Generic (1)
21:50:38.0007 2604 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:50:38.0007 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A
21:50:38.0007 2604 IPMIDRV ( LockedFile.Multi.Generic ) - warning
21:50:38.0007 2604 IPMIDRV - detected LockedFile.Multi.Generic (1)
21:50:38.0023 2604 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:50:38.0023 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0
21:50:38.0023 2604 IPNAT ( LockedFile.Multi.Generic ) - warning
21:50:38.0023 2604 IPNAT - detected LockedFile.Multi.Generic (1)
21:50:38.0039 2604 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:50:38.0039 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9
21:50:38.0039 2604 IRENUM ( LockedFile.Multi.Generic ) - warning
21:50:38.0039 2604 IRENUM - detected LockedFile.Multi.Generic (1)
21:50:38.0085 2604 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:50:38.0085 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38
21:50:38.0085 2604 isapnp ( LockedFile.Multi.Generic ) - warning
21:50:38.0085 2604 isapnp - detected LockedFile.Multi.Generic (1)
21:50:38.0101 2604 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:50:38.0101 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD
21:50:38.0101 2604 iScsiPrt ( LockedFile.Multi.Generic ) - warning
21:50:38.0101 2604 iScsiPrt - detected LockedFile.Multi.Generic (1)
21:50:38.0117 2604 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:50:38.0132 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5
21:50:38.0132 2604 kbdclass ( LockedFile.Multi.Generic ) - warning
21:50:38.0132 2604 kbdclass - detected LockedFile.Multi.Generic (1)
21:50:38.0148 2604 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:50:38.0148 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484
21:50:38.0163 2604 kbdhid ( LockedFile.Multi.Generic ) - warning
21:50:38.0163 2604 kbdhid - detected LockedFile.Multi.Generic (1)
21:50:38.0179 2604 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:50:38.0195 2604 KeyIso - ok
21:50:38.0273 2604 [ F8D454FBA97DC28F02931C588BAFE4CF ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
21:50:38.0273 2604 Kodak AiO Network Discovery Service - ok
21:50:38.0304 2604 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:50:38.0304 2604 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4
21:50:38.0319 2604 KSecDD ( LockedFile.Multi.Generic ) - warning
21:50:38.0319 2604 KSecDD - detected LockedFile.Multi.Generic (1)
21:50:38.0351 2604 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:50:38.0351 2604 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07
21:50:38.0351 2604 KSecPkg ( LockedFile.Multi.Generic ) - warning
21:50:38.0351 2604 KSecPkg - detected LockedFile.Multi.Generic (1)
21:50:38.0366 2604 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:50:38.0366 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4
21:50:38.0366 2604 ksthunk ( LockedFile.Multi.Generic ) - warning
21:50:38.0366 2604 ksthunk - detected LockedFile.Multi.Generic (1)
21:50:38.0397 2604 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:50:38.0444 2604 KtmRm - ok
21:50:38.0507 2604 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:50:38.0522 2604 LanmanServer - ok
21:50:38.0569 2604 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:50:38.0600 2604 LanmanWorkstation - ok
21:50:38.0616 2604 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:50:38.0616 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827
21:50:38.0616 2604 lltdio ( LockedFile.Multi.Generic ) - warning
21:50:38.0616 2604 lltdio - detected LockedFile.Multi.Generic (1)
21:50:38.0647 2604 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:50:38.0694 2604 lltdsvc - ok
21:50:38.0725 2604 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:50:38.0741 2604 lmhosts - ok
21:50:38.0772 2604 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:50:38.0772 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6
21:50:38.0772 2604 LSI_FC ( LockedFile.Multi.Generic ) - warning
21:50:38.0772 2604 LSI_FC - detected LockedFile.Multi.Generic (1)
21:50:38.0787 2604 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:50:38.0787 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810
21:50:38.0803 2604 LSI_SAS ( LockedFile.Multi.Generic ) - warning
21:50:38.0803 2604 LSI_SAS - detected LockedFile.Multi.Generic (1)
21:50:38.0803 2604 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:50:38.0803 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93
21:50:38.0819 2604 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
21:50:38.0819 2604 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
21:50:38.0834 2604 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:50:38.0834 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A
21:50:38.0834 2604 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
21:50:38.0834 2604 LSI_SCSI - detected LockedFile.Multi.Generic (1)
21:50:38.0865 2604 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:50:38.0865 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E
21:50:38.0865 2604 luafv ( LockedFile.Multi.Generic ) - warning
21:50:38.0865 2604 luafv - detected LockedFile.Multi.Generic (1)
21:50:38.0912 2604 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:50:38.0912 2604 MBAMProtector - ok
21:50:38.0975 2604 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:50:38.0975 2604 MBAMScheduler - ok
21:50:39.0006 2604 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:50:39.0021 2604 MBAMService - ok
21:50:39.0037 2604 McComponentHostService - ok
21:50:39.0068 2604 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:50:39.0084 2604 Mcx2Svc - ok
21:50:39.0099 2604 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:50:39.0099 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4
21:50:39.0115 2604 megasas ( LockedFile.Multi.Generic ) - warning
21:50:39.0115 2604 megasas - detected LockedFile.Multi.Generic (1)
21:50:39.0115 2604 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:50:39.0115 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3
21:50:39.0131 2604 MegaSR ( LockedFile.Multi.Generic ) - warning
21:50:39.0131 2604 MegaSR - detected LockedFile.Multi.Generic (1)
21:50:39.0162 2604 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:50:39.0193 2604 MMCSS - ok
21:50:39.0224 2604 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:50:39.0224 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137
21:50:39.0224 2604 Modem ( LockedFile.Multi.Generic ) - warning
21:50:39.0224 2604 Modem - detected LockedFile.Multi.Generic (1)
21:50:39.0240 2604 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:50:39.0240 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA
21:50:39.0240 2604 monitor ( LockedFile.Multi.Generic ) - warning
21:50:39.0240 2604 monitor - detected LockedFile.Multi.Generic (1)
21:50:39.0255 2604 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:50:39.0255 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99
21:50:39.0255 2604 mouclass ( LockedFile.Multi.Generic ) - warning
21:50:39.0255 2604 mouclass - detected LockedFile.Multi.Generic (1)
21:50:39.0271 2604 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:50:39.0271 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6
21:50:39.0287 2604 mouhid ( LockedFile.Multi.Generic ) - warning
21:50:39.0287 2604 mouhid - detected LockedFile.Multi.Generic (1)
21:50:39.0318 2604 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:50:39.0318 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA
21:50:39.0318 2604 mountmgr ( LockedFile.Multi.Generic ) - warning
21:50:39.0318 2604 mountmgr - detected LockedFile.Multi.Generic (1)
21:50:39.0380 2604 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:50:39.0380 2604 MozillaMaintenance - ok
21:50:39.0411 2604 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:50:39.0411 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58
21:50:39.0411 2604 mpio ( LockedFile.Multi.Generic ) - warning
21:50:39.0411 2604 mpio - detected LockedFile.Multi.Generic (1)
21:50:39.0427 2604 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:50:39.0427 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F
21:50:39.0427 2604 mpsdrv ( LockedFile.Multi.Generic ) - warning
21:50:39.0427 2604 mpsdrv - detected LockedFile.Multi.Generic (1)
21:50:39.0489 2604 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:50:39.0521 2604 MpsSvc - ok
21:50:39.0567 2604 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:50:39.0567 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380
21:50:39.0567 2604 MRxDAV ( LockedFile.Multi.Generic ) - warning
21:50:39.0567 2604 MRxDAV - detected LockedFile.Multi.Generic (1)
21:50:39.0599 2604 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:50:39.0599 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC
21:50:39.0599 2604 mrxsmb ( LockedFile.Multi.Generic ) - warning
21:50:39.0599 2604 mrxsmb - detected LockedFile.Multi.Generic (1)
21:50:39.0630 2604 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:50:39.0630 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163
21:50:39.0630 2604 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
21:50:39.0630 2604 mrxsmb10 - detected LockedFile.Multi.Generic (1)
21:50:39.0645 2604 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:50:39.0645 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C
21:50:39.0645 2604 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
21:50:39.0645 2604 mrxsmb20 - detected LockedFile.Multi.Generic (1)
21:50:39.0692 2604 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:50:39.0692 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796
21:50:39.0692 2604 msahci ( LockedFile.Multi.Generic ) - warning
21:50:39.0692 2604 msahci - detected LockedFile.Multi.Generic (1)
21:50:39.0723 2604 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:50:39.0723 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900
21:50:39.0723 2604 msdsm ( LockedFile.Multi.Generic ) - warning
21:50:39.0723 2604 msdsm - detected LockedFile.Multi.Generic (1)
21:50:39.0755 2604 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:50:39.0755 2604 MSDTC - ok
21:50:39.0786 2604 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:50:39.0786 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96
21:50:39.0786 2604 Msfs ( LockedFile.Multi.Generic ) - warning
21:50:39.0786 2604 Msfs - detected LockedFile.Multi.Generic (1)
21:50:39.0801 2604 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:50:39.0801 2604 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326
21:50:39.0801 2604 mshidkmdf ( LockedFile.Multi.Generic ) - warning
21:50:39.0801 2604 mshidkmdf - detected LockedFile.Multi.Generic (1)
21:50:39.0817 2604 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:50:39.0817 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D
21:50:39.0817 2604 msisadrv ( LockedFile.Multi.Generic ) - warning
21:50:39.0817 2604 msisadrv - detected LockedFile.Multi.Generic (1)
21:50:39.0848 2604 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:50:39.0895 2604 MSiSCSI - ok
21:50:39.0895 2604 msiserver - ok
21:50:39.0926 2604 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:50:39.0926 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366
21:50:39.0926 2604 MSKSSRV ( LockedFile.Multi.Generic ) - warning
21:50:39.0926 2604 MSKSSRV - detected LockedFile.Multi.Generic (1)
21:50:39.0942 2604 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:50:39.0942 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3
21:50:39.0957 2604 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
21:50:39.0957 2604 MSPCLOCK - detected LockedFile.Multi.Generic (1)
21:50:39.0957 2604 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:50:39.0957 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0
21:50:39.0957 2604 MSPQM ( LockedFile.Multi.Generic ) - warning
21:50:39.0957 2604 MSPQM - detected LockedFile.Multi.Generic (1)
21:50:39.0989 2604 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:50:39.0989 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D
21:50:40.0004 2604 MsRPC ( LockedFile.Multi.Generic ) - warning
21:50:40.0004 2604 MsRPC - detected LockedFile.Multi.Generic (1)
21:50:40.0004 2604 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:50:40.0004 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288
21:50:40.0020 2604 mssmbios ( LockedFile.Multi.Generic ) - warning
21:50:40.0020 2604 mssmbios - detected LockedFile.Multi.Generic (1)
21:50:40.0051 2604 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:50:40.0051 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779
21:50:40.0051 2604 MSTEE ( LockedFile.Multi.Generic ) - warning
21:50:40.0051 2604 MSTEE - detected LockedFile.Multi.Generic (1)
21:50:40.0067 2604 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:50:40.0067 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD
21:50:40.0067 2604 MTConfig ( LockedFile.Multi.Generic ) - warning
21:50:40.0067 2604 MTConfig - detected LockedFile.Multi.Generic (1)
21:50:40.0098 2604 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:50:40.0098 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 2219A3D695405E7BA2186BA6B9EDE14A
21:50:40.0098 2604 MTsensor ( LockedFile.Multi.Generic ) - warning
21:50:40.0098 2604 MTsensor - detected LockedFile.Multi.Generic (1)
21:50:40.0129 2604 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:50:40.0129 2604 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8
21:50:40.0129 2604 Mup ( LockedFile.Multi.Generic ) - warning
21:50:40.0129 2604 Mup - detected LockedFile.Multi.Generic (1)
21:50:40.0160 2604 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:50:40.0191 2604 napagent - ok
21:50:40.0223 2604 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:50:40.0223 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33
21:50:40.0223 2604 NativeWifiP ( LockedFile.Multi.Generic ) - warning
21:50:40.0223 2604 NativeWifiP - detected LockedFile.Multi.Generic (1)
21:50:40.0254 2604 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:50:40.0254 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C
21:50:40.0269 2604 NDIS ( LockedFile.Multi.Generic ) - warning
21:50:40.0269 2604 NDIS - detected LockedFile.Multi.Generic (1)
21:50:40.0301 2604 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:50:40.0301 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC
21:50:40.0301 2604 NdisCap ( LockedFile.Multi.Generic ) - warning
21:50:40.0301 2604 NdisCap - detected LockedFile.Multi.Generic (1)
21:50:40.0316 2604 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:50:40.0316 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5
21:50:40.0316 2604 NdisTapi ( LockedFile.Multi.Generic ) - warning
21:50:40.0316 2604 NdisTapi - detected LockedFile.Multi.Generic (1)
21:50:40.0332 2604 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:50:40.0332 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356
21:50:40.0347 2604 Ndisuio ( LockedFile.Multi.Generic ) - warning
21:50:40.0347 2604 Ndisuio - detected LockedFile.Multi.Generic (1)
21:50:40.0363 2604 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:50:40.0363 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11
21:50:40.0379 2604 NdisWan ( LockedFile.Multi.Generic ) - warning
21:50:40.0379 2604 NdisWan - detected LockedFile.Multi.Generic (1)
21:50:40.0394 2604 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:50:40.0394 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879
21:50:40.0410 2604 NDProxy ( LockedFile.Multi.Generic ) - warning
21:50:40.0410 2604 NDProxy - detected LockedFile.Multi.Generic (1)
21:50:40.0410 2604 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:50:40.0425 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4
21:50:40.0425 2604 NetBIOS ( LockedFile.Multi.Generic ) - warning
21:50:40.0425 2604 NetBIOS - detected LockedFile.Multi.Generic (1)
21:50:40.0441 2604 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:50:40.0441 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068
21:50:40.0457 2604 NetBT ( LockedFile.Multi.Generic ) - warning
21:50:40.0457 2604 NetBT - detected LockedFile.Multi.Generic (1)
21:50:40.0457 2604 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:50:40.0472 2604 Netlogon - ok
21:50:40.0503 2604 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:50:40.0535 2604 Netman - ok
21:50:40.0550 2604 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:50:40.0597 2604 netprofm - ok
21:50:40.0613 2604 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:50:40.0628 2604 NetTcpPortSharing - ok
21:50:40.0659 2604 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:50:40.0659 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92
21:50:40.0659 2604 nfrd960 ( LockedFile.Multi.Generic ) - warning
21:50:40.0659 2604 nfrd960 - detected LockedFile.Multi.Generic (1)
21:50:40.0691 2604 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:50:40.0737 2604 NlaSvc - ok
21:50:40.0753 2604 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:50:40.0753 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7
21:50:40.0769 2604 Npfs ( LockedFile.Multi.Generic ) - warning
21:50:40.0769 2604 Npfs - detected LockedFile.Multi.Generic (1)
21:50:40.0800 2604 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:50:40.0831 2604 nsi - ok
21:50:40.0862 2604 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:50:40.0862 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001
21:50:40.0862 2604 nsiproxy ( LockedFile.Multi.Generic ) - warning
21:50:40.0862 2604 nsiproxy - detected LockedFile.Multi.Generic (1)
21:50:40.0909 2604 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:50:40.0909 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: A2F74975097F52A00745F9637451FDD8
21:50:40.0909 2604 Ntfs ( LockedFile.Multi.Generic ) - warning
21:50:40.0909 2604 Ntfs - detected LockedFile.Multi.Generic (1)
21:50:40.0925 2604 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:50:40.0925 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1
21:50:40.0925 2604 Null ( LockedFile.Multi.Generic ) - warning
21:50:40.0925 2604 Null - detected LockedFile.Multi.Generic (1)
21:50:40.0956 2604 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:50:40.0956 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD
21:50:40.0956 2604 nvraid ( LockedFile.Multi.Generic ) - warning
21:50:40.0956 2604 nvraid - detected LockedFile.Multi.Generic (1)
21:50:40.0971 2604 [ 5266D03C0628FAE9C35F40EEC078FC88 ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys
21:50:40.0971 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvrd64.sys. md5: 5266D03C0628FAE9C35F40EEC078FC88
21:50:40.0987 2604 nvrd64 ( LockedFile.Multi.Generic ) - warning
21:50:40.0987 2604 nvrd64 - detected LockedFile.Multi.Generic (1)
21:50:41.0003 2604 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
21:50:41.0003 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvsmu.sys. md5: E58D81FB8616D0CB55C1E36AA0B213C9
21:50:41.0003 2604 nvsmu ( LockedFile.Multi.Generic ) - warning
21:50:41.0003 2604 nvsmu - detected LockedFile.Multi.Generic (1)
21:50:41.0018 2604 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:50:41.0018 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A
21:50:41.0018 2604 nvstor ( LockedFile.Multi.Generic ) - warning
21:50:41.0018 2604 nvstor - detected LockedFile.Multi.Generic (1)
21:50:41.0049 2604 [ 2A718473EDE7032A508A8F44C633657F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
21:50:41.0049 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvstor64.sys. md5: 2A718473EDE7032A508A8F44C633657F
21:50:41.0049 2604 nvstor64 ( LockedFile.Multi.Generic ) - warning
21:50:41.0049 2604 nvstor64 - detected LockedFile.Multi.Generic (1)
21:50:41.0081 2604 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:50:41.0081 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05
21:50:41.0096 2604 nv_agp ( LockedFile.Multi.Generic ) - warning
21:50:41.0096 2604 nv_agp - detected LockedFile.Multi.Generic (1)
21:50:41.0112 2604 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:50:41.0112 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0
21:50:41.0112 2604 ohci1394 ( LockedFile.Multi.Generic ) - warning
21:50:41.0112 2604 ohci1394 - detected LockedFile.Multi.Generic (1)
21:50:41.0143 2604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:50:41.0174 2604 p2pimsvc - ok
21:50:41.0205 2604 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:50:41.0221 2604 p2psvc - ok
21:50:41.0237 2604 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:50:41.0237 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887
21:50:41.0252 2604 Parport ( LockedFile.Multi.Generic ) - warning
21:50:41.0252 2604 Parport - detected LockedFile.Multi.Generic (1)
21:50:41.0268 2604 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:50:41.0268 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C
21:50:41.0268 2604 partmgr ( LockedFile.Multi.Generic ) - warning
21:50:41.0268 2604 partmgr - detected LockedFile.Multi.Generic (1)
21:50:41.0299 2604 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:50:41.0330 2604 PcaSvc - ok
21:50:41.0361 2604 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:50:41.0361 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3
21:50:41.0377 2604 pci ( LockedFile.Multi.Generic ) - warning
21:50:41.0377 2604 pci - detected LockedFile.Multi.Generic (1)
21:50:41.0393 2604 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:50:41.0393 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA
21:50:41.0393 2604 pciide ( LockedFile.Multi.Generic ) - warning
21:50:41.0393 2604 pciide - detected LockedFile.Multi.Generic (1)
21:50:41.0408 2604 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:50:41.0408 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F
21:50:41.0408 2604 pcmcia ( LockedFile.Multi.Generic ) - warning
21:50:41.0408 2604 pcmcia - detected LockedFile.Multi.Generic (1)
21:50:41.0439 2604 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:50:41.0439 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603
21:50:41.0439 2604 pcw ( LockedFile.Multi.Generic ) - warning
21:50:41.0439 2604 pcw - detected LockedFile.Multi.Generic (1)
21:50:41.0455 2604 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:50:41.0455 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E
21:50:41.0471 2604 PEAUTH ( LockedFile.Multi.Generic ) - warning
21:50:41.0471 2604 PEAUTH - detected LockedFile.Multi.Generic (1)
21:50:41.0502 2604 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:50:41.0533 2604 PeerDistSvc - ok
21:50:41.0595 2604 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:50:41.0611 2604 PerfHost - ok
21:50:41.0673 2604 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:50:41.0720 2604 pla - ok
21:50:41.0767 2604 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:50:41.0783 2604 PlugPlay - ok
21:50:41.0798 2604 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:50:41.0814 2604 PNRPAutoReg - ok
21:50:41.0829 2604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:50:41.0845 2604 PNRPsvc - ok
21:50:41.0876 2604 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:50:41.0923 2604 PolicyAgent - ok
21:50:41.0954 2604 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:50:42.0001 2604 Power - ok
21:50:42.0032 2604 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:50:42.0032 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9
21:50:42.0032 2604 PptpMiniport ( LockedFile.Multi.Generic ) - warning
21:50:42.0032 2604 PptpMiniport - detected LockedFile.Multi.Generic (1)
21:50:42.0048 2604 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:50:42.0048 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF
21:50:42.0048 2604 Processor ( LockedFile.Multi.Generic ) - warning
21:50:42.0048 2604 Processor - detected LockedFile.Multi.Generic (1)
21:50:42.0079 2604 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:50:42.0079 2604 ProfSvc - ok
21:50:42.0095 2604 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:50:42.0110 2604 ProtectedStorage - ok
21:50:42.0141 2604 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:50:42.0141 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D
21:50:42.0141 2604 Psched ( LockedFile.Multi.Generic ) - warning
21:50:42.0141 2604 Psched - detected LockedFile.Multi.Generic (1)
21:50:42.0188 2604 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:50:42.0188 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0
21:50:42.0188 2604 ql2300 ( LockedFile.Multi.Generic ) - warning
21:50:42.0188 2604 ql2300 - detected LockedFile.Multi.Generic (1)
21:50:42.0204 2604 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:50:42.0204 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8
21:50:42.0204 2604 ql40xx ( LockedFile.Multi.Generic ) - warning
21:50:42.0204 2604 ql40xx - detected LockedFile.Multi.Generic (1)
21:50:42.0235 2604 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:50:42.0251 2604 QWAVE - ok
21:50:42.0266 2604 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:50:42.0266 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C
21:50:42.0266 2604 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
21:50:42.0266 2604 QWAVEdrv - detected LockedFile.Multi.Generic (1)
21:50:42.0313 2604 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
21:50:42.0329 2604 RapiMgr - ok
21:50:42.0344 2604 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:50:42.0344 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704
21:50:42.0344 2604 RasAcd ( LockedFile.Multi.Generic ) - warning
21:50:42.0344 2604 RasAcd - detected LockedFile.Multi.Generic (1)
21:50:42.0376 2604 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:50:42.0376 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90
21:50:42.0391 2604 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
21:50:42.0391 2604 RasAgileVpn - detected LockedFile.Multi.Generic (1)
21:50:42.0391 2604 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:50:42.0438 2604 RasAuto - ok
21:50:42.0469 2604 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:50:42.0469 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA
21:50:42.0469 2604 Rasl2tp ( LockedFile.Multi.Generic ) - warning
21:50:42.0469 2604 Rasl2tp - detected LockedFile.Multi.Generic (1)
21:50:42.0500 2604 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:50:42.0547 2604 RasMan - ok
21:50:42.0563 2604 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:50:42.0563 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25
21:50:42.0563 2604 RasPppoe ( LockedFile.Multi.Generic ) - warning
21:50:42.0563 2604 RasPppoe - detected LockedFile.Multi.Generic (1)
21:50:42.0578 2604 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:50:42.0578 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB
21:50:42.0578 2604 RasSstp ( LockedFile.Multi.Generic ) - warning
21:50:42.0578 2604 RasSstp - detected LockedFile.Multi.Generic (1)
21:50:42.0610 2604 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:50:42.0610 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F
21:50:42.0610 2604 rdbss ( LockedFile.Multi.Generic ) - warning
21:50:42.0610 2604 rdbss - detected LockedFile.Multi.Generic (1)
21:50:42.0641 2604 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:50:42.0641 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D
21:50:42.0641 2604 rdpbus ( LockedFile.Multi.Generic ) - warning
21:50:42.0641 2604 rdpbus - detected LockedFile.Multi.Generic (1)
21:50:42.0656 2604 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:50:42.0656 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24
21:50:42.0656 2604 RDPCDD ( LockedFile.Multi.Generic ) - warning
21:50:42.0656 2604 RDPCDD - detected LockedFile.Multi.Generic (1)
21:50:42.0703 2604 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:50:42.0703 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpdr.sys. md5: 1B6163C503398B23FF8B939C67747683
21:50:42.0703 2604 RDPDR ( LockedFile.Multi.Generic ) - warning
21:50:42.0703 2604 RDPDR - detected LockedFile.Multi.Generic (1)
21:50:42.0719 2604 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:50:42.0719 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365
21:50:42.0719 2604 RDPENCDD ( LockedFile.Multi.Generic ) - warning
21:50:42.0719 2604 RDPENCDD - detected LockedFile.Multi.Generic (1)
21:50:42.0734 2604 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:50:42.0734 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A
21:50:42.0750 2604 RDPREFMP ( LockedFile.Multi.Generic ) - warning
21:50:42.0750 2604 RDPREFMP - detected LockedFile.Multi.Generic (1)
21:50:42.0812 2604 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:50:42.0812 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpvideominiport.sys. md5: 70CBA1A0C98600A2AA1863479B35CB90
21:50:42.0812 2604 RdpVideoMiniport ( LockedFile.Multi.Generic ) - warning
21:50:42.0812 2604 RdpVideoMiniport - detected LockedFile.Multi.Generic (1)
21:50:42.0844 2604 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:50:42.0844 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A
21:50:42.0844 2604 RDPWD ( LockedFile.Multi.Generic ) - warning
21:50:42.0844 2604 RDPWD - detected LockedFile.Multi.Generic (1)
21:50:42.0875 2604 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:50:42.0875 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520
21:50:42.0890 2604 rdyboost ( LockedFile.Multi.Generic ) - warning
21:50:42.0890 2604 rdyboost - detected LockedFile.Multi.Generic (1)
21:50:42.0922 2604 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:50:42.0953 2604 RemoteAccess - ok
21:50:42.0984 2604 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:50:43.0031 2604 RemoteRegistry - ok
21:50:43.0046 2604 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:50:43.0109 2604 RpcEptMapper - ok
21:50:43.0124 2604 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:50:43.0140 2604 RpcLocator - ok
21:50:43.0171 2604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
21:50:43.0202 2604 RpcSs - ok
21:50:43.0218 2604 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:50:43.0218 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF
21:50:43.0218 2604 rspndr ( LockedFile.Multi.Generic ) - warning
21:50:43.0218 2604 rspndr - detected LockedFile.Multi.Generic (1)
21:50:43.0249 2604 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:50:43.0249 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: B49DC435AE3695BAC5623DD94B05732D
21:50:43.0265 2604 RTL8167 ( LockedFile.Multi.Generic ) - warning
21:50:43.0265 2604 RTL8167 - detected LockedFile.Multi.Generic (1)
21:50:43.0296 2604 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:50:43.0296 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\vms3cap.sys. md5: E60C0A09F997826C7627B244195AB581
21:50:43.0296 2604 s3cap ( LockedFile.Multi.Generic ) - warning
21:50:43.0296 2604 s3cap - detected LockedFile.Multi.Generic (1)
21:50:43.0312 2604 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:50:43.0327 2604 SamSs - ok
21:50:43.0343 2604 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:50:43.0343 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B
21:50:43.0343 2604 sbp2port ( LockedFile.Multi.Generic ) - warning
21:50:43.0343 2604 sbp2port - detected LockedFile.Multi.Generic (1)
21:50:43.0374 2604 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:50:43.0421 2604 SCardSvr - ok
21:50:43.0436 2604 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:50:43.0436 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B
21:50:43.0436 2604 scfilter ( LockedFile.Multi.Generic ) - warning
21:50:43.0436 2604 scfilter - detected LockedFile.Multi.Generic (1)
21:50:43.0499 2604 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:50:43.0530 2604 Schedule - ok
21:50:43.0561 2604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:50:43.0577 2604 SCPolicySvc - ok
21:50:43.0592 2604 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:50:43.0608 2604 SDRSVC - ok
21:50:43.0624 2604 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:50:43.0624 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186
21:50:43.0624 2604 secdrv ( LockedFile.Multi.Generic ) - warning
21:50:43.0624 2604 secdrv - detected LockedFile.Multi.Generic (1)
21:50:43.0655 2604 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:50:43.0670 2604 seclogon - ok
21:50:43.0702 2604 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:50:43.0733 2604 SENS - ok
21:50:43.0748 2604 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:50:43.0764 2604 SensrSvc - ok
21:50:43.0780 2604 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:50:43.0780 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B
21:50:43.0780 2604 Serenum ( LockedFile.Multi.Generic ) - warning
21:50:43.0780 2604 Serenum - detected LockedFile.Multi.Generic (1)
21:50:43.0795 2604 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:50:43.0795 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6
21:50:43.0795 2604 Serial ( LockedFile.Multi.Generic ) - warning
21:50:43.0795 2604 Serial - detected LockedFile.Multi.Generic (1)
21:50:43.0811 2604 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:50:43.0811 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3
21:50:43.0811 2604 sermouse ( LockedFile.Multi.Generic ) - warning
21:50:43.0811 2604 sermouse - detected LockedFile.Multi.Generic (1)
21:50:43.0858 2604 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:50:43.0873 2604 SessionEnv - ok
21:50:43.0889 2604 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:50:43.0889 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF
21:50:43.0889 2604 sffdisk ( LockedFile.Multi.Generic ) - warning
21:50:43.0889 2604 sffdisk - detected LockedFile.Multi.Generic (1)
21:50:43.0904 2604 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:50:43.0904 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF
21:50:43.0904 2604 sffp_mmc ( LockedFile.Multi.Generic ) - warning
21:50:43.0904 2604 sffp_mmc - detected LockedFile.Multi.Generic (1)
21:50:43.0920 2604 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:50:43.0920 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C
21:50:43.0936 2604 sffp_sd ( LockedFile.Multi.Generic ) - warning
21:50:43.0936 2604 sffp_sd - detected LockedFile.Multi.Generic (1)
21:50:43.0967 2604 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:50:43.0967 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4
21:50:43.0967 2604 sfloppy ( LockedFile.Multi.Generic ) - warning
21:50:43.0967 2604 sfloppy - detected LockedFile.Multi.Generic (1)
21:50:43.0998 2604 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:50:44.0029 2604 SharedAccess - ok
21:50:44.0060 2604 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:50:44.0092 2604 ShellHWDetection - ok
21:50:44.0123 2604 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:50:44.0123 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1
21:50:44.0123 2604 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
21:50:44.0123 2604 SiSRaid2 - detected LockedFile.Multi.Generic (1)
21:50:44.0154 2604 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:50:44.0154 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4
21:50:44.0154 2604 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
21:50:44.0154 2604 SiSRaid4 - detected LockedFile.Multi.Generic (1)
21:50:44.0170 2604 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:50:44.0170 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4
21:50:44.0170 2604 Smb ( LockedFile.Multi.Generic ) - warning
21:50:44.0170 2604 Smb - detected LockedFile.Multi.Generic (1)
21:50:44.0216 2604 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:50:44.0248 2604 SNMPTRAP - ok
21:50:44.0279 2604 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
21:50:44.0294 2604 speedfan - ok
21:50:44.0310 2604 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:50:44.0310 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9
21:50:44.0310 2604 spldr ( LockedFile.Multi.Generic ) - warning
21:50:44.0310 2604 spldr - detected LockedFile.Multi.Generic (1)
21:50:44.0357 2604 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:50:44.0372 2604 Spooler - ok
21:50:44.0435 2604 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:50:44.0513 2604 sppsvc - ok
21:50:44.0544 2604 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:50:44.0591 2604 sppuinotify - ok
21:50:44.0622 2604 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:50:44.0622 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B
21:50:44.0622 2604 srv ( LockedFile.Multi.Generic ) - warning
21:50:44.0622 2604 srv - detected LockedFile.Multi.Generic (1)
21:50:44.0638 2604 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:50:44.0638 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28
21:50:44.0638 2604 srv2 ( LockedFile.Multi.Generic ) - warning
21:50:44.0638 2604 srv2 - detected LockedFile.Multi.Generic (1)
21:50:44.0653 2604 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:50:44.0653 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3
21:50:44.0653 2604 srvnet ( LockedFile.Multi.Generic ) - warning
21:50:44.0653 2604 srvnet - detected LockedFile.Multi.Generic (1)
21:50:44.0684 2604 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:50:44.0731 2604 SSDPSRV - ok
21:50:44.0762 2604 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:50:44.0794 2604 SstpSvc - ok
21:50:44.0825 2604 Steam Client Service - ok
21:50:44.0840 2604 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:50:44.0840 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A
21:50:44.0840 2604 stexstor ( LockedFile.Multi.Generic ) - warning
21:50:44.0840 2604 stexstor - detected LockedFile.Multi.Generic (1)
21:50:44.0872 2604 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:50:44.0903 2604 stisvc - ok
21:50:44.0918 2604 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:50:44.0918 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmstorfl.sys. md5: 7785DC213270D2FC066538DAF94087E7
21:50:44.0934 2604 storflt ( LockedFile.Multi.Generic ) - warning
21:50:44.0934 2604 storflt - detected LockedFile.Multi.Generic (1)
21:50:44.0950 2604 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:50:44.0950 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\storvsc.sys. md5: D34E4943D5AC096C8EDEEBFD80D76E23
21:50:44.0965 2604 storvsc ( LockedFile.Multi.Generic ) - warning
21:50:44.0965 2604 storvsc - detected LockedFile.Multi.Generic (1)
21:50:44.0981 2604 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:50:44.0981 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90
21:50:44.0996 2604 swenum ( LockedFile.Multi.Generic ) - warning
21:50:44.0996 2604 swenum - detected LockedFile.Multi.Generic (1)
21:50:45.0012 2604 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:50:45.0043 2604 swprv - ok
21:50:45.0059 2604 Synth3dVsc - ok
21:50:45.0121 2604 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:50:45.0168 2604 SysMain - ok
21:50:45.0199 2604 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:50:45.0215 2604 TabletInputService - ok
21:50:45.0230 2604 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:50:45.0262 2604 TapiSrv - ok
21:50:45.0308 2604 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:50:45.0324 2604 TBS - ok
21:50:45.0371 2604 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:50:45.0371 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
21:50:45.0402 2604 Tcpip ( LockedFile.Multi.Generic ) - warning
21:50:45.0402 2604 Tcpip - detected LockedFile.Multi.Generic (1)
21:50:45.0418 2604 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:50:45.0418 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
21:50:45.0433 2604 TCPIP6 ( LockedFile.Multi.Generic ) - warning
21:50:45.0433 2604 TCPIP6 - detected LockedFile.Multi.Generic (1)
21:50:45.0464 2604 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:50:45.0464 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519
21:50:45.0464 2604 tcpipreg ( LockedFile.Multi.Generic ) - warning
21:50:45.0464 2604 tcpipreg - detected LockedFile.Multi.Generic (1)
21:50:45.0496 2604 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:50:45.0496 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C
21:50:45.0496 2604 TDPIPE ( LockedFile.Multi.Generic ) - warning
21:50:45.0496 2604 TDPIPE - detected LockedFile.Multi.Generic (1)
21:50:45.0527 2604 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:50:45.0527 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
21:50:45.0527 2604 TDTCP ( LockedFile.Multi.Generic ) - warning
21:50:45.0527 2604 TDTCP - detected LockedFile.Multi.Generic (1)
21:50:45.0558 2604 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:50:45.0558 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806
21:50:45.0558 2604 tdx ( LockedFile.Multi.Generic ) - warning
21:50:45.0558 2604 tdx - detected LockedFile.Multi.Generic (1)
21:50:45.0574 2604 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:50:45.0574 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5
21:50:45.0574 2604 TermDD ( LockedFile.Multi.Generic ) - warning
21:50:45.0574 2604 TermDD - detected LockedFile.Multi.Generic (1)
21:50:45.0620 2604 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:50:45.0667 2604 TermService - ok
21:50:45.0683 2604 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:50:45.0698 2604 Themes - ok
21:50:45.0730 2604 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:50:45.0745 2604 THREADORDER - ok
21:50:45.0792 2604 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
21:50:45.0808 2604 TomTomHOMEService - ok
21:50:45.0839 2604 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:50:45.0886 2604 TrkWks - ok
21:50:45.0948 2604 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:50:45.0995 2604 TrustedInstaller - ok
21:50:46.0026 2604 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:50:46.0026 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30
21:50:46.0026 2604 tssecsrv ( LockedFile.Multi.Generic ) - warning
21:50:46.0026 2604 tssecsrv - detected LockedFile.Multi.Generic (1)
21:50:46.0057 2604 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:50:46.0057 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9
21:50:46.0057 2604 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
21:50:46.0057 2604 TsUsbFlt - detected LockedFile.Multi.Generic (1)
21:50:46.0088 2604 tsusbhub - ok
21:50:46.0104 2604 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:50:46.0120 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894
21:50:46.0120 2604 tunnel ( LockedFile.Multi.Generic ) - warning
21:50:46.0120 2604 tunnel - detected LockedFile.Multi.Generic (1)
21:50:46.0135 2604 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:50:46.0135 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67
21:50:46.0135 2604 uagp35 ( LockedFile.Multi.Generic ) - warning
21:50:46.0135 2604 uagp35 - detected LockedFile.Multi.Generic (1)
21:50:46.0166 2604 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:50:46.0166 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593
21:50:46.0166 2604 udfs ( LockedFile.Multi.Generic ) - warning
21:50:46.0166 2604 udfs - detected LockedFile.Multi.Generic (1)
21:50:46.0182 2604 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:50:46.0198 2604 UI0Detect - ok
21:50:46.0229 2604 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:50:46.0229 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320
21:50:46.0229 2604 uliagpkx ( LockedFile.Multi.Generic ) - warning
21:50:46.0229 2604 uliagpkx - detected LockedFile.Multi.Generic (1)
21:50:46.0260 2604 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:50:46.0260 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561
21:50:46.0260 2604 umbus ( LockedFile.Multi.Generic ) - warning
21:50:46.0260 2604 umbus - detected LockedFile.Multi.Generic (1)
21:50:46.0276 2604 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:50:46.0276 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D
21:50:46.0276 2604 UmPass ( LockedFile.Multi.Generic ) - warning
21:50:46.0276 2604 UmPass - detected LockedFile.Multi.Generic (1)
21:50:46.0291 2604 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:50:46.0307 2604 UmRdpService - ok
21:50:46.0354 2604 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:50:46.0369 2604 upnphost - ok
21:50:46.0400 2604 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:50:46.0400 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C
21:50:46.0416 2604 usbccgp ( LockedFile.Multi.Generic ) - warning
21:50:46.0416 2604 usbccgp - detected LockedFile.Multi.Generic (1)
21:50:46.0432 2604 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:50:46.0432 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
21:50:46.0432 2604 usbcir ( LockedFile.Multi.Generic ) - warning
21:50:46.0432 2604 usbcir - detected LockedFile.Multi.Generic (1)
21:50:46.0447 2604 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:50:46.0447 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B
21:50:46.0447 2604 usbehci ( LockedFile.Multi.Generic ) - warning
21:50:46.0447 2604 usbehci - detected LockedFile.Multi.Generic (1)
21:50:46.0478 2604 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:50:46.0478 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24
21:50:46.0494 2604 usbhub ( LockedFile.Multi.Generic ) - warning
21:50:46.0494 2604 usbhub - detected LockedFile.Multi.Generic (1)
21:50:46.0510 2604 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:50:46.0510 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31
21:50:46.0510 2604 usbohci ( LockedFile.Multi.Generic ) - warning
21:50:46.0510 2604 usbohci - detected LockedFile.Multi.Generic (1)
21:50:46.0541 2604 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:50:46.0541 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
21:50:46.0541 2604 usbprint ( LockedFile.Multi.Generic ) - warning
21:50:46.0541 2604 usbprint - detected LockedFile.Multi.Generic (1)
21:50:46.0572 2604 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:50:46.0572 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0
21:50:46.0572 2604 usbscan ( LockedFile.Multi.Generic ) - warning
21:50:46.0572 2604 usbscan - detected LockedFile.Multi.Generic (1)
21:50:46.0588 2604 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:50:46.0588 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6
21:50:46.0588 2604 USBSTOR ( LockedFile.Multi.Generic ) - warning
21:50:46.0588 2604 USBSTOR - detected LockedFile.Multi.Generic (1)
21:50:46.0619 2604 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:50:46.0619 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD
21:50:46.0619 2604 usbuhci ( LockedFile.Multi.Generic ) - warning
21:50:46.0619 2604 usbuhci - detected LockedFile.Multi.Generic (1)
21:50:46.0650 2604 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
21:50:46.0650 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usb8023x.sys. md5: 70D05EE263568A742D14E1876DF80532
21:50:46.0650 2604 usb_rndisx ( LockedFile.Multi.Generic ) - warning
21:50:46.0650 2604 usb_rndisx - detected LockedFile.Multi.Generic (1)
21:50:46.0666 2604 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:50:46.0712 2604 UxSms - ok
21:50:46.0712 2604 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:50:46.0728 2604 VaultSvc - ok
21:50:46.0759 2604 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:50:46.0759 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
21:50:46.0759 2604 vdrvroot ( LockedFile.Multi.Generic ) - warning
21:50:46.0759 2604 vdrvroot - detected LockedFile.Multi.Generic (1)
21:50:46.0790 2604 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:50:46.0837 2604 vds - ok
21:50:46.0868 2604 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:50:46.0868 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
21:50:46.0868 2604 vga ( LockedFile.Multi.Generic ) - warning
21:50:46.0868 2604 vga - detected LockedFile.Multi.Generic (1)
21:50:46.0884 2604 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:50:46.0884 2604 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
21:50:46.0884 2604 VgaSave ( LockedFile.Multi.Generic ) - warning
21:50:46.0884 2604 VgaSave - detected LockedFile.Multi.Generic (1)
21:50:46.0915 2604 VGPU - ok
21:50:46.0931 2604 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:50:46.0931 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
21:50:46.0931 2604 vhdmp ( LockedFile.Multi.Generic ) - warning
21:50:46.0931 2604 vhdmp - detected LockedFile.Multi.Generic (1)
21:50:46.0962 2604 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:50:46.0962 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
21:50:46.0962 2604 viaide ( LockedFile.Multi.Generic ) - warning
21:50:46.0962 2604 viaide - detected LockedFile.Multi.Generic (1)
21:50:46.0978 2604 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:50:46.0978 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\vmbus.sys. md5: 86EA3E79AE350FEA5331A1303054005F
21:50:46.0993 2604 vmbus ( LockedFile.Multi.Generic ) - warning
21:50:46.0993 2604 vmbus - detected LockedFile.Multi.Generic (1)
21:50:47.0009 2604 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:50:47.0009 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\VMBusHID.sys. md5: 7DE90B48F210D29649380545DB45A187
21:50:47.0009 2604 VMBusHID ( LockedFile.Multi.Generic ) - warning
21:50:47.0009 2604 VMBusHID - detected LockedFile.Multi.Generic (1)
21:50:47.0024 2604 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:50:47.0024 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
21:50:47.0024 2604 volmgr ( LockedFile.Multi.Generic ) - warning
21:50:47.0024 2604 volmgr - detected LockedFile.Multi.Generic (1)
21:50:47.0071 2604 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:50:47.0071 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
21:50:47.0071 2604 volmgrx ( LockedFile.Multi.Generic ) - warning
21:50:47.0071 2604 volmgrx - detected LockedFile.Multi.Generic (1)
21:50:47.0087 2604 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:50:47.0087 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
21:50:47.0087 2604 volsnap ( LockedFile.Multi.Generic ) - warning
21:50:47.0087 2604 volsnap - detected LockedFile.Multi.Generic (1)
21:50:47.0134 2604 [ 7254B4F4A59F9D18B49CAF8AA0428631 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
21:50:47.0134 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: 7254B4F4A59F9D18B49CAF8AA0428631
21:50:47.0134 2604 vpcbus ( LockedFile.Multi.Generic ) - warning
21:50:47.0134 2604 vpcbus - detected LockedFile.Multi.Generic (1)
21:50:47.0165 2604 [ ED501CEBF6F571FCCE55887BDF4888EA ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:50:47.0165 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: ED501CEBF6F571FCCE55887BDF4888EA
21:50:47.0180 2604 vpcnfltr ( LockedFile.Multi.Generic ) - warning
21:50:47.0180 2604 vpcnfltr - detected LockedFile.Multi.Generic (1)
21:50:47.0212 2604 [ 2CE21FFD391FE21763DDC32B1CAABA7D ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
21:50:47.0212 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 2CE21FFD391FE21763DDC32B1CAABA7D
21:50:47.0212 2604 vpcusb ( LockedFile.Multi.Generic ) - warning
21:50:47.0212 2604 vpcusb - detected LockedFile.Multi.Generic (1)
21:50:47.0227 2604 [ C3F658CD063EA677FCCBB620167B44C8 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
21:50:47.0227 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\vpcvmm.sys. md5: C3F658CD063EA677FCCBB620167B44C8
21:50:47.0227 2604 vpcvmm ( LockedFile.Multi.Generic ) - warning
21:50:47.0227 2604 vpcvmm - detected LockedFile.Multi.Generic (1)
21:50:47.0243 2604 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:50:47.0243 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
21:50:47.0243 2604 vsmraid ( LockedFile.Multi.Generic ) - warning
21:50:47.0243 2604 vsmraid - detected LockedFile.Multi.Generic (1)
21:50:47.0305 2604 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:50:47.0352 2604 VSS - ok
21:50:47.0368 2604 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:50:47.0368 2604 Suspicious file (NoAccess): C:\Windows\System32\drivers\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
21:50:47.0368 2604 vwifibus ( LockedFile.Multi.Generic ) - warning
21:50:47.0368 2604 vwifibus - detected LockedFile.Multi.Generic (1)
21:50:47.0414 2604 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:50:47.0446 2604 W32Time - ok
21:50:47.0461 2604 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:50:47.0461 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
21:50:47.0461 2604 WacomPen ( LockedFile.Multi.Generic ) - warning
21:50:47.0461 2604 WacomPen - detected LockedFile.Multi.Generic (1)
21:50:47.0492 2604 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:50:47.0492 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
21:50:47.0492 2604 WANARP ( LockedFile.Multi.Generic ) - warning
21:50:47.0492 2604 WANARP - detected LockedFile.Multi.Generic (1)
21:50:47.0492 2604 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:50:47.0492 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
21:50:47.0508 2604 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
21:50:47.0508 2604 Wanarpv6 - detected LockedFile.Multi.Generic (1)
21:50:47.0555 2604 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:50:47.0570 2604 WatAdminSvc - ok
21:50:47.0617 2604 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:50:47.0664 2604 wbengine - ok
21:50:47.0695 2604 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:50:47.0711 2604 WbioSrvc - ok
21:50:47.0742 2604 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
21:50:47.0758 2604 WcesComm - ok
21:50:47.0789 2604 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:50:47.0820 2604 wcncsvc - ok
21:50:47.0836 2604 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:50:47.0867 2604 WcsPlugInService - ok
21:50:47.0898 2604 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:50:47.0898 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
21:50:47.0898 2604 Wd ( LockedFile.Multi.Generic ) - warning
21:50:47.0898 2604 Wd - detected LockedFile.Multi.Generic (1)
21:50:47.0929 2604 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:50:47.0929 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
21:50:47.0929 2604 Wdf01000 ( LockedFile.Multi.Generic ) - warning
21:50:47.0929 2604 Wdf01000 - detected LockedFile.Multi.Generic (1)
21:50:47.0945 2604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:50:47.0960 2604 WdiServiceHost - ok
21:50:47.0960 2604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:50:47.0976 2604 WdiSystemHost - ok
21:50:48.0007 2604 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:50:48.0038 2604 WebClient - ok
21:50:48.0070 2604 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:50:48.0101 2604 Wecsvc - ok
21:50:48.0132 2604 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:50:48.0148 2604 wercplsupport - ok
21:50:48.0179 2604 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:50:48.0210 2604 WerSvc - ok
21:50:48.0226 2604 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:50:48.0226 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
21:50:48.0226 2604 WfpLwf ( LockedFile.Multi.Generic ) - warning
21:50:48.0226 2604 WfpLwf - detected LockedFile.Multi.Generic (1)
21:50:48.0241 2604 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:50:48.0241 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
21:50:48.0241 2604 WIMMount ( LockedFile.Multi.Generic ) - warning
21:50:48.0241 2604 WIMMount - detected LockedFile.Multi.Generic (1)
21:50:48.0272 2604 WinDefend - ok
21:50:48.0288 2604 WinHttpAutoProxySvc - ok
21:50:48.0335 2604 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:50:48.0382 2604 Winmgmt - ok
21:50:48.0428 2604 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:50:48.0491 2604 WinRM - ok
21:50:48.0553 2604 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:50:48.0569 2604 Wlansvc - ok
21:50:48.0616 2604 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:50:48.0616 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
21:50:48.0616 2604 WmiAcpi ( LockedFile.Multi.Generic ) - warning
21:50:48.0616 2604 WmiAcpi - detected LockedFile.Multi.Generic (1)
21:50:48.0631 2604 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:50:48.0662 2604 wmiApSrv - ok
21:50:48.0678 2604 WMPNetworkSvc - ok
21:50:48.0694 2604 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:50:48.0709 2604 WPCSvc - ok
21:50:48.0725 2604 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:50:48.0725 2604 WPDBusEnum - ok
21:50:48.0756 2604 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:50:48.0756 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
21:50:48.0756 2604 ws2ifsl ( LockedFile.Multi.Generic ) - warning
21:50:48.0756 2604 ws2ifsl - detected LockedFile.Multi.Generic (1)
21:50:48.0787 2604 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:50:48.0818 2604 wscsvc - ok
21:50:48.0818 2604 WSearch - ok
21:50:48.0896 2604 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:50:48.0943 2604 wuauserv - ok
21:50:48.0974 2604 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:50:48.0974 2604 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C
21:50:48.0974 2604 WudfPf ( LockedFile.Multi.Generic ) - warning
21:50:48.0974 2604 WudfPf - detected LockedFile.Multi.Generic (1)
21:50:49.0006 2604 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:50:49.0006 2604 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682
21:50:49.0006 2604 WUDFRd ( LockedFile.Multi.Generic ) - warning
21:50:49.0006 2604 WUDFRd - detected LockedFile.Multi.Generic (1)
21:50:49.0037 2604 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:50:49.0068 2604 wudfsvc - ok
21:50:49.0099 2604 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:50:49.0115 2604 WwanSvc - ok
21:50:49.0130 2604 ================ Scan global ===============================
21:50:49.0162 2604 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:50:49.0208 2604 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:50:49.0208 2604 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:50:49.0240 2604 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:50:49.0255 2604 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:50:49.0255 2604 [Global] - ok
21:50:49.0255 2604 ================ Scan MBR ==================================
21:50:49.0255 2604 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:50:50.0238 2604 \Device\Harddisk0\DR0 - ok
21:50:50.0238 2604 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:50:50.0394 2604 \Device\Harddisk1\DR1 - ok
21:50:50.0394 2604 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
21:50:50.0534 2604 \Device\Harddisk2\DR2 - ok
21:50:50.0534 2604 ================ Scan VBR ==================================
21:50:50.0534 2604 [ A2E94D13C32AF0FAE7CD79A650AE99C2 ] \Device\Harddisk0\DR0\Partition1
21:50:50.0534 2604 \Device\Harddisk0\DR0\Partition1 - ok
21:50:50.0534 2604 [ 0266E121F5120423D28FE21294D24366 ] \Device\Harddisk1\DR1\Partition1
21:50:50.0534 2604 \Device\Harddisk1\DR1\Partition1 - ok
21:50:50.0534 2604 [ 16EE8B4923A6815ED0565BD58DA513E6 ] \Device\Harddisk2\DR2\Partition1
21:50:50.0550 2604 \Device\Harddisk2\DR2\Partition1 - ok
21:50:50.0550 2604 ============================================================
21:50:50.0550 2604 Scan finished
21:50:50.0550 2604 ============================================================
21:50:50.0550 2724 Detected object count: 234
21:50:50.0550 2724 Actual detected object count: 234
21:52:36.0973 2724 C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys - copied to quarantine
21:52:36.0989 2724 HKLM\SYSTEM\ControlSet001\services\4b67c937a5c89fb4 - will be deleted on reboot
21:52:37.0020 2724 HKLM\SYSTEM\ControlSet002\services\4b67c937a5c89fb4 - will be deleted on reboot
21:52:37.0301 2724 C:\Windows\System32\Drivers\4b67c937a5c89fb4.sys - will be deleted on reboot
21:52:37.0301 2724 4b67c937a5c89fb4 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
21:52:37.0301 2724 ANDModem ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 ANDModem ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0301 2724 AODDriver4.1 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 AODDriver4.1 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0301 2724 AppID ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 AppID ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0301 2724 arc ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 arc ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0301 2724 arcsas ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 arcsas ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0301 2724 AsIO ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 AsIO ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0301 2724 AsyncMac ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 AsyncMac ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0301 2724 atapi ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 atapi ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0301 2724 AtiHDAudioService ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 AtiHDAudioService ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0301 2724 Beep ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0301 2724 Beep ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 blbdrive ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 blbdrive ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 bowser ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 bowser ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 BrFiltLo ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 BrFiltLo ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 BrFiltUp ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 BrFiltUp ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 BridgeMP ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 BridgeMP ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 Brserid ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 Brserid ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 BrSerWdm ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 BrSerWdm ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 BrUsbMdm ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 BrUsbMdm ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 BrUsbSer ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 BrUsbSer ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 BTHMODEM ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 BTHMODEM ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 cdfs ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 cdfs ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0317 2724 cdrom ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0317 2724 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 circlass ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 circlass ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 CmBatt ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 cmdide ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 cmdide ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 CNG ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 CNG ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 Compbatt ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 crcdisk ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 CSC ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 CSC ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 DfsC ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 DfsC ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 discache ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 discache ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0332 2724 Disk ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0332 2724 Disk ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 drmkaud ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 ebdrv ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 elxstor ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 elxstor ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 ErrDev ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 exfat ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 exfat ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 fastfat ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 fdc ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 fdc ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 Filetrace ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0348 2724 FltMgr ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0348 2724 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 FsDepends ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 fvevol ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 HidBatt ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 HidBth ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 HidIr ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0363 2724 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0363 2724 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 HTTP ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 iirsp ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 IntcAzAudAddService ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 IntcAzAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 intelide ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 intelppm ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0379 2724 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0379 2724 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 isapnp ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 ksthunk ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 lltdio ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0395 2724 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0395 2724 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 luafv ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 megasas ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 Modem ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 monitor ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 mouclass ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 mouhid ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 mountmgr ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 mpio ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0410 2724 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0410 2724 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 msahci ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 msdsm ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 Msfs ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0426 2724 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0426 2724 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 MTsensor ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 MTsensor ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 Mup ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 NDIS ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0441 2724 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0441 2724 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 NetBT ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 NetBT ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 Npfs ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 Null ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 Null ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 nvraid ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 nvrd64 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 nvrd64 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0457 2724 nvsmu ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0457 2724 nvsmu ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 nvstor ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 nvstor64 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 nvstor64 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 Parport ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 partmgr ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 pci ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 pci ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 pciide ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 pcw ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 pcw ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0473 2724 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0473 2724 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 Processor ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 Psched ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 rdbss ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0488 2724 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0488 2724 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 RDPDR ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 RDPDR ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 RdpVideoMiniport ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 RdpVideoMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 rspndr ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 s3cap ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 s3cap ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0504 2724 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0504 2724 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 scfilter ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 secdrv ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 Serenum ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 Serial ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 sermouse ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0519 2724 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0519 2724 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 Smb ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 spldr ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 srv ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 srv ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 srv2 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 srvnet ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 stexstor ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 storflt ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 storflt ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 storvsc ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 storvsc ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 swenum ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0535 2724 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0535 2724 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 tdx ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 TermDD ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 tunnel ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 udfs ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0551 2724 umbus ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0551 2724 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 UmPass ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 usbcir ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 usbehci ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 usbhub ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 usbohci ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 usbprint ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 usbscan ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 usb_rndisx ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 usb_rndisx ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0566 2724 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0566 2724 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 vga ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 vga ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 viaide ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 vmbus ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 vmbus ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 VMBusHID ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 VMBusHID ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 volmgr ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 volsnap ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 vpcbus ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 vpcbus ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0582 2724 vpcnfltr ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0582 2724 vpcnfltr ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 vpcusb ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 vpcusb ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 vpcvmm ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 vpcvmm ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 WANARP ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 Wd ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0597 2724 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0597 2724 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0613 2724 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0613 2724 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0613 2724 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0613 2724 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:37.0613 2724 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
21:52:37.0613 2724 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
21:52:46.0505 0736 Deinitialize success

21:55:08.0993 3204 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:55:09.0399 3204 ============================================================
21:55:09.0399 3204 Current date / time: 2012/10/07 21:55:09.0399
21:55:09.0399 3204 SystemInfo:
21:55:09.0399 3204
21:55:09.0399 3204 OS Version: 6.1.7601 ServicePack: 1.0
21:55:09.0399 3204 Product type: Workstation
21:55:09.0399 3204 ComputerName: PHIL-PC
21:55:09.0399 3204 UserName: Phil
21:55:09.0399 3204 Windows directory: C:\Windows
21:55:09.0399 3204 System windows directory: C:\Windows
21:55:09.0399 3204 Running under WOW64
21:55:09.0399 3204 Processor architecture: Intel x64
21:55:09.0399 3204 Number of processors: 4
21:55:09.0399 3204 Page size: 0x1000
21:55:09.0399 3204 Boot type: Normal boot
21:55:09.0399 3204 ============================================================
21:55:11.0411 3204 BG loaded
21:55:12.0472 3204 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:55:12.0472 3204 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:55:12.0488 3204 Drive \Device\Harddisk2\DR2 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:55:12.0503 3204 ============================================================
21:55:12.0503 3204 \Device\Harddisk0\DR0:
21:55:12.0503 3204 MBR partitions:
21:55:12.0503 3204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
21:55:12.0503 3204 \Device\Harddisk1\DR1:
21:55:12.0503 3204 MBR partitions:
21:55:12.0503 3204 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
21:55:12.0503 3204 \Device\Harddisk2\DR2:
21:55:12.0503 3204 MBR partitions:
21:55:12.0503 3204 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
21:55:12.0503 3204 ============================================================
21:55:12.0581 3204 C: <-> \Device\Harddisk1\DR1\Partition1
21:55:12.0597 3204 E: <-> \Device\Harddisk0\DR0\Partition1
21:55:12.0597 3204 ============================================================
21:55:12.0597 3204 Initialize success
21:55:12.0597 3204 ============================================================
22:00:19.0080 2200 Deinitialize success

22:01:00.0418 4140 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:01:00.0846 4140 ============================================================
22:01:00.0846 4140 Current date / time: 2012/10/07 22:01:00.0846
22:01:00.0846 4140 SystemInfo:
22:01:00.0846 4140
22:01:00.0846 4140 OS Version: 6.1.7601 ServicePack: 1.0
22:01:00.0846 4140 Product type: Workstation
22:01:00.0846 4140 ComputerName: PHIL-PC
22:01:00.0846 4140 UserName: Phil
22:01:00.0846 4140 Windows directory: C:\Windows
22:01:00.0846 4140 System windows directory: C:\Windows
22:01:00.0846 4140 Running under WOW64
22:01:00.0846 4140 Processor architecture: Intel x64
22:01:00.0846 4140 Number of processors: 4
22:01:00.0846 4140 Page size: 0x1000
22:01:00.0846 4140 Boot type: Normal boot
22:01:00.0846 4140 ============================================================
22:01:01.0547 4140 BG loaded
22:01:01.0741 4140 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:01:01.0751 4140 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:01:01.0768 4140 Drive \Device\Harddisk2\DR2 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:01:01.0770 4140 ============================================================
22:01:01.0770 4140 \Device\Harddisk0\DR0:
22:01:01.0770 4140 MBR partitions:
22:01:01.0770 4140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
22:01:01.0770 4140 \Device\Harddisk1\DR1:
22:01:01.0770 4140 MBR partitions:
22:01:01.0770 4140 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
22:01:01.0770 4140 \Device\Harddisk2\DR2:
22:01:01.0772 4140 MBR partitions:
22:01:01.0772 4140 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
22:01:01.0772 4140 ============================================================
22:01:01.0809 4140 C: <-> \Device\Harddisk1\DR1\Partition1
22:01:01.0819 4140 E: <-> \Device\Harddisk0\DR0\Partition1
22:01:01.0819 4140 ============================================================
22:01:01.0819 4140 Initialize success
22:01:01.0819 4140 ============================================================
22:01:35.0759 4384 Deinitialize success

Farbar Service Scanner Version: 19-09-2012
Ran by Phil (administrator) on 08-10-2012 at 13:52:42
Running from "C:\Users\Phil\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by risefreeze, 08 October 2012 - 11:54 AM.

  • 0

#50
Essexboy
Posted 08 October 2012 - 12:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
MBAM and AVG are complimentary they both cover different areas

Could you do me a favour before we tidy up (again :lol: ) and zip the tdsskiller quarantine folder. Then attach it to your next post as I would like a copy of that file
  • 0

#51
risefreeze
Posted 08 October 2012 - 06:23 PM

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Np :happy:

Guess I'm the lucky one who got the newest strand
  • 0

#52
Essexboy
Posted 09 October 2012 - 07:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you .. I have now deleted the attachment as I do not want any one else to play with it

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#53
risefreeze
Posted 09 October 2012 - 11:44 PM

risefreeze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks again for the help, much appreciated :thumbsup:
  • 0

#54
Essexboy
Posted 10 October 2012 - 06:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure
  • 0

#55
Essexboy
Posted 12 October 2012 - 07:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP