Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update & MSE Not Working. PC is infected.


  • This topic is locked This topic is locked
23 replies to this topic

#1 ankit_768

ankit_768

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 29 June 2012 - 04:16 PM

Hi guys,

Just got to know I am infected. Am I Infected?

2 days back, I was watching a movie when suddenly my laptop restarted without even asking me. While restarting, it updated some registries. Once restarted, my Microsoft Security Essentials's Real Protection is turned off. When i try to turn it on, I get timeout message. Also my Windows Update is not working. After checking in services.msc, both Windows Update & BITS service are not present. Also, when creating a new User account, a folder in C:\Users is not getting created.

These are the issues. I have noticed till now. There may be many more issues.

I also ran the MBAM and removed whatever infections it found(see log I posted in the topic whose link I have provided above.)

Please help me to get my PC back to normal.

Thanks
-Ankit



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by ankit at 2:27:01 on 2012-06-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.91.1033.18.2997.834 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\ChgService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\ZTE Dialer\bin\MonServiceUDisk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\ankit\AppData\Roaming\Izowteo\ehlatu.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\MMX353G 3G USB Manager\USB Modem.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.in/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [{28B081F3-491F-2F70-A604-EE20A60A1B68}] C:\Users\ankit\AppData\Roaming\Izowteo\ehlatu.exe
mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\ankit\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send URL to Virustotal - C:\Program Files (x86)\VTExplorer\VTExplorer.htm
IE: {800CDA62-DC8A-4e66-AA3A-2067EC19EB2A} - C:\Program Files (x86)\VTExplorer\VTExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://invpn.informatica.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://supportapj.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{2E680493-0A2A-4045-B945-ADB3CE76B209} : NameServer = 202.148.202.4 202.148.200.3
TCP: Interfaces\{773E9BED-CB3D-4BA6-8C1E-2C2D6561B559}\84F4354554C414 : DhcpNameServer = 172.31.1.6
TCP: Interfaces\{773E9BED-CB3D-4BA6-8C1E-2C2D6561B559}\F40554E4F54584 : DhcpNameServer = 172.31.1.6
TCP: Interfaces\{773E9BED-CB3D-4BA6-8C1E-2C2D6561B559}\F40554E4F5D4353696 : DhcpNameServer = 172.31.1.6
TCP: Interfaces\{773E9BED-CB3D-4BA6-8C1E-2C2D6561B559}\F40756E6143636563737 : DhcpNameServer = 172.31.1.6
TCP: Interfaces\{8D26F3E4-CCF6-4F05-A9E5-6DFE9B78050A} : NameServer = 220.226.100.40 220.226.6.104
TCP: Interfaces\{974EEB19-5E4F-4402-971E-B4B974D99C19} : DhcpNameServer = 192.168.1.1 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [FAStartup]
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {800CDA62-DC8A-4e66-AA3A-2067EC19EB2A} - C:\Program Files (x86)\VTExplorer\VTExplorer.htm
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ankit\AppData\Roaming\Mozilla\Firefox\Profiles\z9ty1bir.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Users\ankit\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-10 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2011-5-8 135168]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-2-10 60928]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-6-24 65856]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
R2 UDisk Monitor;UDisk Monitor;C:\Program Files\ZTE Dialer\bin\MonServiceUDisk.exe [2011-6-4 403456]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;C:\Windows\system32\DRIVERS\cmnsusbser.sys --> C:\Windows\system32\DRIVERS\cmnsusbser.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 syshost32;syshost32;C:\Windows\Installer\{76898107-9226-0825-1544-D8F4F509B690}\syshost.exe [2012-6-27 418304]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\169C.tmp --> C:\Windows\system32\169C.tmp [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\zteusbser.sys --> C:\Windows\system32\DRIVERS\zteusbser.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-29 18:34:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-28 21:54:13 -------- d-----w- C:\Windows\System32\catroot2
2012-06-28 21:38:47 381816 ----a-w- C:\Windows\System32\PsExec.exe
2012-06-28 21:30:58 -------- d-----w- C:\Windows\SysWow64\catroot2.bak
2012-06-28 18:34:41 -------- d-----w- C:\85ab172fa23bffdbb08957cb7825
2012-06-26 16:13:14 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{869D9846-B619-40BA-AA4E-1A18583E2E1A}\mpengine.dll
2012-06-26 16:12:31 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-26 16:12:31 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-25 20:56:27 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-25 20:56:21 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-25 20:56:15 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-25 20:56:15 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-25 16:34:57 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-21 15:23:14 114688 ----a-w- C:\ProgramData\ChgService.exe
2012-06-21 15:23:13 -------- d-----w- C:\Program Files (x86)\MMX353G 3G USB Manager
2012-06-13 07:18:09 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6B389CF-CC0F-47FE-8EA2-C3B2D9791FC1}\gapaengine.dll
2012-06-12 18:31:48 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-12 18:31:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 18:31:47 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 18:31:46 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 18:31:46 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 18:31:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 18:29:18 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-12 18:29:15 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-12 18:29:14 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-12 18:25:49 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-12 18:25:46 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 18:23:35 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 18:21:42 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-12 18:20:26 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 18:20:25 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 18:20:24 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 18:20:24 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-04 10:26:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 2:27:45.88 ===============

Attached Files


Edited by etavares, 04 July 2012 - 05:59 AM.
paste DDS log


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 04 July 2012 - 06:06 AM

Hello, ankit_768.

My name is etavares and I will be helping you with this log. Unfortunately, MBAM just scanned and did not remove anything in the previous thread.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
















Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 05 July 2012 - 04:49 AM

Thanks etavares for the reply.

I will run this tool when I will reach home & let u know about it.

In past 5 days, I tried installing Avast Free Antivirus. It installed successfully but its service is not starting. Similarly, Microsoft Security Essentials Service is also not starting.

As you mentioned in your post that Trojan has been identified, is this .exe file specifically made for this trojan? Which trojan is this? Will my Windows Update Service & Antivirus Services can be restored?


Thanks
-Ankit

#4 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 05 July 2012 - 10:58 AM

Here is my ComboFix log:-

ComboFix 12-07-05.02 - ankit 05-07-2012  20:52:21.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.2997.1747 [GMT 5.5:30]
Running from: c:\users\ankit\Desktop\etavaresCF.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ChgService.exe
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-05 to 2012-07-05  )))))))))))))))))))))))))))))))
.
.
2012-07-05 15:37 . 2012-07-05 15:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-04 18:37 . 2012-07-04 18:37	--------	d-----w-	c:\users\ankit\C Programs
2012-07-04 15:32 . 2012-06-28 12:52	355856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-04 15:32 . 2012-06-28 12:52	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-04 15:32 . 2012-06-28 12:52	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-07-04 15:31 . 2012-06-28 12:52	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-04 15:31 . 2012-06-28 12:52	958912	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-04 15:31 . 2012-06-28 12:52	71064	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-07-04 15:31 . 2012-06-28 12:51	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-04 15:31 . 2012-06-28 12:52	41224	----a-w-	c:\windows\avastSS.scr
2012-07-04 15:31 . 2012-06-28 12:51	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-07-04 15:31 . 2012-07-04 15:31	--------	d-----w-	c:\programdata\AVAST Software
2012-07-04 15:31 . 2012-07-04 15:31	--------	d-----w-	c:\program files\AVAST Software
2012-06-30 18:43 . 2012-06-30 18:43	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-06-30 18:42 . 2012-01-10 08:27	637848	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-30 18:42 . 2012-06-30 18:42	--------	d-----w-	c:\program files (x86)\Java
2012-06-30 17:11 . 2012-06-30 17:11	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-06-30 17:11 . 2012-06-14 22:20	624608	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-30 17:11 . 2012-06-14 22:20	43488	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-30 17:11 . 2012-06-14 22:20	157608	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-30 17:11 . 2012-06-14 22:20	113120	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-30 17:11 . 2012-06-14 22:19	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-06-30 17:11 . 2012-06-14 22:19	1998168	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-06-30 17:11 . 2012-06-14 22:19	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-30 17:11 . 2012-06-14 22:19	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-30 06:10 . 2012-06-30 06:10	--------	d-----w-	c:\windows\SysWow64\wbem\Performance
2012-06-30 06:09 . 2008-05-08 05:03	303616	----a-w-	C:\SetACL.exe
2012-06-30 05:57 . 2004-06-11 23:33	290304	----a-w-	C:\subinacl.exe
2012-06-28 21:54 . 2012-07-02 18:08	--------	d-----w-	c:\windows\system32\catroot2
2012-06-28 21:40 . 2012-06-30 06:14	181064	----a-w-	c:\windows\PSEXESVC.EXE
2012-06-28 21:38 . 2010-04-27 05:34	381816	----a-w-	c:\windows\system32\PsExec.exe
2012-06-28 21:30 . 2012-06-28 21:38	--------	d-----w-	c:\windows\SysWow64\catroot2.bak
2012-06-28 18:34 . 2012-06-28 18:34	--------	d-----w-	C:\85ab172fa23bffdbb08957cb7825
2012-06-26 16:12 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-06-26 16:12 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-06-25 20:56 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-25 20:56 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-25 20:56 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-25 20:56 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-25 20:56 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-25 20:56 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-25 20:56 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-25 20:56 . 2012-06-02 09:49	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-25 20:56 . 2012-06-02 09:45	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-21 15:23 . 2012-06-21 15:23	--------	d-----w-	c:\program files (x86)\MMX353G 3G USB Manager
2012-06-12 18:31 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-12 18:31 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-12 18:31 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-12 18:31 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-12 18:31 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-12 18:31 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-12 18:29 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-12 18:29 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 18:29 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 18:25 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-12 18:25 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-12 18:23 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-12 18:21 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-12 18:20 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-12 18:20 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-12 18:20 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-12 18:20 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 18:04 . 2012-05-21 18:04	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2009-11-08 65216]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-04-25 3298712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
.
c:\users\ankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 11:01	140552	----a-w-	c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli FAPassSync
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 sejnvxxl;sejnvxxl;c:\windows\system32\drivers\sejnvxxl.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-06-28 71064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-24 238848]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-08-13 58584]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 151040]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\169C.tmp [2011-05-12 6144]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2009-12-30 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-01-21 18944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-07-23 18792]
S0 syshost32;syshost32;syshost32 [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-09 202752]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\SysWOW64\ChgService.exe [2010-04-15 135168]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-28 146568]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-06-24 65856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-10-13 23912]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2010-02-25 126080]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-20 320040]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - de121f633872f609
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\Limdla.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23	85232	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-01 8095776]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-09-07 3181136]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"combofix"="c:\etavarescf\CF25568.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.in/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send URL to Virustotal - c:\program files (x86)\VTExplorer\VTExplorer.htm
IE: {{800CDA62-DC8A-4e66-AA3A-2067EC19EB2A} - c:\program files (x86)\VTExplorer\VTExplorer.htm
TCP: Interfaces\{8D26F3E4-CCF6-4F05-A9E5-6DFE9B78050A}: NameServer = 220.226.100.40 220.226.6.104
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://invpn.informatica.com/CACHE/stc/1/binaries/vpnweb.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\ankit\AppData\Roaming\Mozilla\Firefox\Profiles\z9ty1bir.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-{28B081F3-491F-2F70-A604-EE20A60A1B68} - c:\users\ankit\AppData\Roaming\Izowteo\ehlatu.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\169C.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\de121f633872f609]
"ImagePath"="\SystemRoot\System32\Drivers\de121f633872f609.sys"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\syshost32]
"ImagePath"="\"c:\windows\Installer\{76898107-9226-0825-1544-D8F4F509B690}\syshost.exe\" /service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
   04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A2F122DA-055F-4DF7-8F24-7354DBDBA85B}"=hex:51,66,7a,6c,4c,1d,38,12,b4,21,e2,
   a6,6d,4b,99,08,f0,32,30,14,de,85,ec,4f
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0b,d6,84,6b,a4,47,cd,01
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
.
**************************************************************************
.
Completion time: 2012-07-05  21:17:38 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-05 15:47
.
Pre-Run: 19,000,483,840 bytes free
Post-Run: 18,641,002,496 bytes free
.
- - End Of File - - 67FC3A421588CEE536E836955E813F12


I have observed no changes on my system after running ComboFix. Still I am facing same problems.

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 05 July 2012 - 08:33 PM

Hello, ankit_768.

This was the file that is of most concern:
C:\Users\ankit\AppData\Roaming\Izowteo\ehlatu.exe (Trojan.ZbotR.Gen) -> No action taken.

It does appear to have been removed as we removed the orphaned entry in the last post.

After this, we may be able to start the services you are having issues with, but there are some steps here to help us diagnose if you can't start them.





Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

Driver::
sejnvxxl
syshost32
File::
c:\windows\system32\drivers\sejnvxxl.sys
c:\windows\Tasks\Limdla.job
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_LOCAL_MACHINE\software\McAfee]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



Step 4


Reboot after that and let me know if you can start an antivirus at this point.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 05 July 2012 - 11:36 PM

I have run both ComboFix with the .txt file you provided and also ran the FSS. ESET scan is going on.

I am posting the logs of ComboFix & FSS here. Will post the results of ESET scan later. At this point of time, I am not able to start my Avast Antivirus service.

ComboFix Log :-

ComboFix 12-07-05.02 - ankit 06-07-2012   9:38.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.2997.1677 [GMT 5.5:30]
Running from: e:\softwares\etavaresCF.exe
Command switches used :: e:\softwares\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\sejnvxxl.sys"
"c:\windows\Tasks\Limdla.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\ankit\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\Tasks\Limdla.job
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_sejnvxxl
-------\Service_syshost32
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-06 to 2012-07-06  )))))))))))))))))))))))))))))))
.
.
2012-07-06 04:18 . 2012-07-06 04:18	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2012-07-06 04:18 . 2012-07-06 04:18	--------	d-----w-	c:\users\TEMP.ankit-PC\AppData\Local\temp
2012-07-06 04:18 . 2012-07-06 04:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-04 18:37 . 2012-07-04 18:37	--------	d-----w-	c:\users\ankit\C Programs
2012-07-04 15:32 . 2012-06-28 12:52	355856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-04 15:32 . 2012-06-28 12:52	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-04 15:32 . 2012-06-28 12:52	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-07-04 15:31 . 2012-06-28 12:52	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-04 15:31 . 2012-06-28 12:52	958912	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-04 15:31 . 2012-06-28 12:52	71064	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-07-04 15:31 . 2012-06-28 12:51	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-04 15:31 . 2012-06-28 12:52	41224	----a-w-	c:\windows\avastSS.scr
2012-07-04 15:31 . 2012-06-28 12:51	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-07-04 15:31 . 2012-07-04 15:31	--------	d-----w-	c:\programdata\AVAST Software
2012-07-04 15:31 . 2012-07-04 15:31	--------	d-----w-	c:\program files\AVAST Software
2012-06-30 18:43 . 2012-06-30 18:43	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-06-30 18:42 . 2012-01-10 08:27	637848	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-30 18:42 . 2012-06-30 18:42	--------	d-----w-	c:\program files (x86)\Java
2012-06-30 17:11 . 2012-06-30 17:11	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-06-30 17:11 . 2012-06-14 22:20	624608	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-30 17:11 . 2012-06-14 22:20	43488	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-30 17:11 . 2012-06-14 22:20	157608	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-30 17:11 . 2012-06-14 22:20	113120	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-30 17:11 . 2012-06-14 22:19	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-06-30 17:11 . 2012-06-14 22:19	1998168	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-06-30 17:11 . 2012-06-14 22:19	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-30 17:11 . 2012-06-14 22:19	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-30 06:10 . 2012-06-30 06:10	--------	d-----w-	c:\windows\SysWow64\wbem\Performance
2012-06-30 06:09 . 2008-05-08 05:03	303616	----a-w-	C:\SetACL.exe
2012-06-30 05:57 . 2004-06-11 23:33	290304	----a-w-	C:\subinacl.exe
2012-06-28 21:54 . 2012-07-02 18:08	--------	d-----w-	c:\windows\system32\catroot2
2012-06-28 21:40 . 2012-06-30 06:14	181064	----a-w-	c:\windows\PSEXESVC.EXE
2012-06-28 21:38 . 2010-04-27 05:34	381816	----a-w-	c:\windows\system32\PsExec.exe
2012-06-28 21:30 . 2012-06-28 21:38	--------	d-----w-	c:\windows\SysWow64\catroot2.bak
2012-06-28 18:34 . 2012-06-28 18:34	--------	d-----w-	C:\85ab172fa23bffdbb08957cb7825
2012-06-26 16:12 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-06-26 16:12 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-06-25 20:56 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-25 20:56 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-25 20:56 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-25 20:56 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-25 20:56 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-25 20:56 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-25 20:56 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-25 20:56 . 2012-06-02 09:49	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-25 20:56 . 2012-06-02 09:45	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-21 15:23 . 2012-06-21 15:23	--------	d-----w-	c:\program files (x86)\MMX353G 3G USB Manager
2012-06-12 18:31 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-12 18:31 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-12 18:31 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-12 18:31 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-12 18:31 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-12 18:31 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-12 18:29 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-12 18:29 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 18:29 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 18:25 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-12 18:25 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-12 18:23 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-12 18:21 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-12 18:20 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-12 18:20 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-12 18:20 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-12 18:20 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 18:04 . 2012-05-21 18:04	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-05_15.40.35   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-05 15:42	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-06 04:22	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-06 04:20	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-05 15:40	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-17 14:01 . 2012-07-05 15:52	47194              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-06 03:56	44468              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-26 16:31 . 2012-07-06 03:56	32492              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1932034162-1429423559-2159203037-1000_UserData.bin
- 2010-02-17 14:00 . 2012-07-05 15:18	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-17 14:00 . 2012-07-06 03:55	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-17 14:00 . 2012-07-05 15:18	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-17 14:00 . 2012-07-06 03:55	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-05 15:18	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-06 03:55	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-28 14:31 . 2012-07-05 15:49	3420              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-05 15:39 . 2012-07-05 15:39	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-06 04:20 . 2012-07-06 04:20	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-06 04:20 . 2012-07-06 04:20	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-05 15:39 . 2012-07-05 15:39	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-07-05 15:40	180224              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-06 04:20	180224              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-26 14:58 . 2012-07-05 19:09	531694              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:36 . 2012-07-06 04:01	631778              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-05 15:23	631778              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-05 15:23	111870              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-06 04:01	111870              c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-06 04:19	394480              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-05 15:38	394480              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-02-27 18:37 . 2012-07-06 04:19	15017720              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1932034162-1429423559-2159203037-1000-8192.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2009-11-08 65216]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-04-25 3298712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
"FAStartup"="" [BU]
.
c:\users\ankit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2009-06-24 11:01	140552	----a-w-	c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli FAPassSync
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-06-28 71064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-24 238848]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-08-13 58584]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 151040]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\169C.tmp [2011-05-12 6144]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2009-12-30 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-01-21 18944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-07-23 18792]
S0 syshost32;syshost32;syshost32 [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-09 202752]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\SysWOW64\ChgService.exe [2010-04-15 135168]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-28 146568]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-06-24 65856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-10-13 23912]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2010-02-25 126080]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-20 320040]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - de121f633872f609
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23	85232	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-01 8095776]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"combofix"="c:\etavarescf\CF12336.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.in/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send URL to Virustotal - c:\program files (x86)\VTExplorer\VTExplorer.htm
IE: {{800CDA62-DC8A-4e66-AA3A-2067EC19EB2A} - c:\program files (x86)\VTExplorer\VTExplorer.htm
TCP: Interfaces\{8D26F3E4-CCF6-4F05-A9E5-6DFE9B78050A}: NameServer = 220.226.100.40 220.226.6.104
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://invpn.informatica.com/CACHE/stc/1/binaries/vpnweb.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\ankit\AppData\Roaming\Mozilla\Firefox\Profiles\z9ty1bir.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=mcafee&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\169C.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\de121f633872f609]
"ImagePath"="\SystemRoot\System32\Drivers\de121f633872f609.sys"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\syshost32]
"ImagePath"="\"c:\windows\Installer\{76898107-9226-0825-1544-D8F4F509B690}\syshost.exe\" /service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
e:\softwares\FSS.exe
.
**************************************************************************
.
Completion time: 2012-07-06  09:56:03 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-06 04:26
ComboFix2.txt  2012-07-05 15:47
.
Pre-Run: 18,580,377,600 bytes free
Post-Run: 18,874,400,768 bytes free
.
- - End Of File - - E7E4B9F2296D9EC22FE92A396028EA8B


FSS Log:-

Farbar Service Scanner Version: 02-07-2012
Ran by ankit (administrator) on 06-07-2012 at 09:59:17
Running from "E:\Softwares"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy: 
============================


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


#7 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 06 July 2012 - 11:21 AM

Here is my ESET Online scan results:-

C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8M628QR3\video-reward-center_com[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Y4ND1UB\video-rewardz_com[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Y4ND1UB\video-rewardz_com[2].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9Y4ND1UB\video-rewardz_com[3].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AVVVVGQD\channel-reward-central_com[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJR96WQG\videorewardspot_com[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IOPQ3QLN\channel-reward-central_com[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L06DJXKV\video-reward-center_com[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQJ7B3X5\video-reward-center_com[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VS8YRTIX\channel-reward-central_com[2].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XF5UGTHF\channel-reward-central_com[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XF5UGTHF\video-rewardz_com[1].htm	HTML/ScrInject.B.Gen virus	deleted - quarantined
C:\Users\ankit\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\5622acff-41a4c2fd	Java/Exploit.Agent.NCP trojan	cleaned by deleting - quarantined


Same issues still present.

Edited by ankit_768, 06 July 2012 - 11:22 AM.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 06 July 2012 - 03:25 PM

At this point, please re-run GMER as before. IT showed a rootkit that Combofix didn't report. I want to see if it is still there. Also, do you have a spare USB pendrive we can use?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 07 July 2012 - 01:25 AM

I have attached the GMER log. It seems that rootkit is still present. How to remove this?

I do have a USB pen drive which we can use.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-07 11:52:40
Windows 6.1.7601 Service Pack 1 
Running: 46nmzikr.exe


---- Services - GMER 1.0.15 ----

Service  System32\Drivers\de121f633872f609.sys (*** hidden *** )                                    [BOOT] de121f633872f609                                                              <-- ROOTKIT !!!
Service  C:\Windows\Installer\{76898107-9226-0825-1544-D8F4F509B690}\syshost.exe (*** hidden *** )  [AUTO] syshost32                                                                     <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@ImagePath                          \SystemRoot\System32\Drivers\de121f633872f609.sys
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@Group                              Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@ErrorControl                       0
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@Type                               1
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@Start                              0
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@Tag                                1
Reg      HKLM\SYSTEM\CurrentControlSet\services\de121f633872f609@DisplayName                        syshost.exe
Reg      HKLM\SYSTEM\CurrentControlSet\services\syshost32@Type                                      16
Reg      HKLM\SYSTEM\CurrentControlSet\services\syshost32@Start                                     2
Reg      HKLM\SYSTEM\CurrentControlSet\services\syshost32@ErrorControl                              0
Reg      HKLM\SYSTEM\CurrentControlSet\services\syshost32@ImagePath                                 "C:\Windows\Installer\{76898107-9226-0825-1544-D8F4F509B690}\syshost.exe" /service
Reg      HKLM\SYSTEM\CurrentControlSet\services\syshost32@WOW64                                     1
Reg      HKLM\SYSTEM\CurrentControlSet\services\syshost32@ObjectName                                LocalSystem
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@ImagePath                              \SystemRoot\System32\Drivers\de121f633872f609.sys
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@Group                                  Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@ErrorControl                           0
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@Type                                   1
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@Start                                  0
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@Tag                                    1
Reg      HKLM\SYSTEM\ControlSet002\services\de121f633872f609@DisplayName                            syshost.exe
Reg      HKLM\SYSTEM\ControlSet002\services\syshost32@Type                                          16
Reg      HKLM\SYSTEM\ControlSet002\services\syshost32@Start                                         2
Reg      HKLM\SYSTEM\ControlSet002\services\syshost32@ErrorControl                                  0
Reg      HKLM\SYSTEM\ControlSet002\services\syshost32@ImagePath                                     "C:\Windows\Installer\{76898107-9226-0825-1544-D8F4F509B690}\syshost.exe" /service
Reg      HKLM\SYSTEM\ControlSet002\services\syshost32@WOW64                                         1
Reg      HKLM\SYSTEM\ControlSet002\services\syshost32@ObjectName                                    LocalSystem

---- Files - GMER 1.0.15 ----

File     C:\Windows\temp\TMP00000269F0219B7B239457CD                                                524288 bytes

---- EOF - GMER 1.0.15 ----



#10 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 07 July 2012 - 01:48 AM

I saw the creation time of both the files listed as rootkit. The creation time is same when my laptop shut down & rebooted messing up registry entries.

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 07 July 2012 - 05:32 AM

Hello, ankit_768.

We'll start with one last automated approach for ease. If this doesn't work, we'll use your USB drive to create a bootable Linux drive and delete the rootkit that way.

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 07 July 2012 - 11:12 AM

Here are my TDSSKiller Log:-

21:25:28.0900 4472	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
21:25:28.0947 4472	============================================================
21:25:28.0947 4472	Current date / time: 2012/07/07 21:25:28.0947
21:25:28.0947 4472	SystemInfo:
21:25:28.0947 4472	
21:25:28.0947 4472	OS Version: 6.1.7601 ServicePack: 1.0
21:25:28.0947 4472	Product type: Workstation
21:25:28.0947 4472	ComputerName: ANKIT-PC
21:25:28.0947 4472	UserName: ankit
21:25:28.0947 4472	Windows directory: C:\Windows
21:25:28.0947 4472	System windows directory: C:\Windows
21:25:28.0947 4472	Running under WOW64
21:25:28.0947 4472	Processor architecture: Intel x64
21:25:28.0947 4472	Number of processors: 4
21:25:28.0947 4472	Page size: 0x1000
21:25:28.0947 4472	Boot type: Normal boot
21:25:28.0947 4472	============================================================
21:25:35.0047 4472	!crdlk
21:25:35.0062 4472	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
21:25:35.0093 4472	Drive \Device\Harddisk1\DR1 - Size: 0x77F00000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:25:35.0109 4472	============================================================
21:25:35.0109 4472	\Device\Harddisk0\DR0:
21:25:35.0109 4472	MBR partitions:
21:25:35.0109 4472	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x66000, BlocksNum 0x123F000
21:25:35.0109 4472	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12A5000, BlocksNum 0x12C4D800
21:25:35.0140 4472	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13EF3000, BlocksNum 0x8A03800
21:25:35.0156 4472	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1C8F7000, BlocksNum 0x8B37000
21:25:35.0156 4472	\Device\Harddisk1\DR1:
21:25:35.0156 4472	MBR partitions:
21:25:35.0156 4472	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3BF7E0
21:25:35.0156 4472	============================================================
21:25:35.0187 4472	C: <-> \Device\Harddisk0\DR0\Partition1
21:25:35.0234 4472	E: <-> \Device\Harddisk0\DR0\Partition2
21:25:35.0265 4472	F: <-> \Device\Harddisk0\DR0\Partition3
21:25:35.0265 4472	============================================================
21:25:35.0265 4472	Initialize success
21:25:35.0265 4472	============================================================
21:26:10.0310 4132	============================================================
21:26:10.0310 4132	Scan started
21:26:10.0310 4132	Mode: Manual; 
21:26:10.0310 4132	============================================================
21:26:12.0026 4132	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:26:12.0041 4132	1394ohci - ok
21:26:12.0104 4132	Acceler         (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
21:26:12.0119 4132	Acceler - ok
21:26:12.0197 4132	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:26:12.0213 4132	ACPI - ok
21:26:12.0291 4132	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:26:12.0291 4132	AcpiPmi - ok
21:26:12.0447 4132	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:26:12.0447 4132	AdobeARMservice - ok
21:26:12.0556 4132	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:26:12.0572 4132	adp94xx - ok
21:26:12.0650 4132	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:26:12.0650 4132	adpahci - ok
21:26:12.0712 4132	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:26:12.0712 4132	adpu320 - ok
21:26:12.0806 4132	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:26:12.0806 4132	AeLookupSvc - ok
21:26:12.0915 4132	AERTFilters     (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:26:12.0915 4132	AERTFilters - ok
21:26:13.0024 4132	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:26:13.0024 4132	AFD - ok
21:26:13.0086 4132	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:26:13.0086 4132	agp440 - ok
21:26:13.0133 4132	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:26:13.0133 4132	ALG - ok
21:26:13.0211 4132	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:26:13.0211 4132	aliide - ok
21:26:13.0289 4132	AMD External Events Utility (16d2883ea6296333435df0c8b7d164b8) C:\Windows\system32\atiesrxx.exe
21:26:13.0305 4132	AMD External Events Utility - ok
21:26:13.0414 4132	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:26:13.0430 4132	amdide - ok
21:26:13.0586 4132	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:26:13.0601 4132	AmdK8 - ok
21:26:13.0648 4132	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:26:13.0648 4132	AmdPPM - ok
21:26:13.0726 4132	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:26:13.0726 4132	amdsata - ok
21:26:13.0820 4132	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:26:13.0820 4132	amdsbs - ok
21:26:13.0866 4132	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:26:13.0866 4132	amdxata - ok
21:26:13.0944 4132	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:26:13.0960 4132	AppID - ok
21:26:14.0038 4132	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:26:14.0038 4132	AppIDSvc - ok
21:26:14.0116 4132	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:26:14.0132 4132	Appinfo - ok
21:26:14.0319 4132	Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:26:14.0319 4132	Apple Mobile Device - ok
21:26:14.0428 4132	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:26:14.0444 4132	arc - ok
21:26:14.0490 4132	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:26:14.0490 4132	arcsas - ok
21:26:14.0568 4132	aswFsBlk        (5d0fcd12a43e92409eb2ac88c6cf7d48) C:\Windows\system32\drivers\aswFsBlk.sys
21:26:14.0568 4132	aswFsBlk - ok
21:26:14.0631 4132	aswMonFlt       (d51d963c2357b02a862f99bc0802aabb) C:\Windows\system32\drivers\aswMonFlt.sys
21:26:14.0631 4132	aswMonFlt - ok
21:26:14.0678 4132	aswRdr          (f2a846c15ea4e35d0a8e53891abdf528) C:\Windows\System32\Drivers\aswrdr2.sys
21:26:14.0678 4132	aswRdr - ok
21:26:14.0771 4132	aswSnx          (87542057e699eed8d1a545c75cef4547) C:\Windows\system32\drivers\aswSnx.sys
21:26:14.0787 4132	aswSnx - ok
21:26:14.0849 4132	aswSP           (58143f82d886e10bafe33dc57eee53f9) C:\Windows\system32\drivers\aswSP.sys
21:26:14.0849 4132	aswSP - ok
21:26:14.0896 4132	aswTdi          (c944767bd5e69bf3f49a6562abd4eaea) C:\Windows\system32\drivers\aswTdi.sys
21:26:14.0896 4132	aswTdi - ok
21:26:14.0958 4132	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:26:14.0958 4132	AsyncMac - ok
21:26:15.0036 4132	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:26:15.0036 4132	atapi - ok
21:26:15.0161 4132	AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
21:26:15.0177 4132	AtiHDAudioService - ok
21:26:15.0255 4132	AtiHdmiService  (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
21:26:15.0255 4132	AtiHdmiService - ok
21:26:15.0614 4132	atikmdag        (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
21:26:15.0676 4132	atikmdag - ok
21:26:15.0879 4132	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:26:15.0894 4132	AudioEndpointBuilder - ok
21:26:15.0941 4132	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:26:15.0941 4132	AudioSrv - ok
21:26:16.0097 4132	avast! Antivirus (b31f785751157aa8e2a33ea1cb4dc5be) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:26:16.0097 4132	avast! Antivirus - ok
21:26:16.0191 4132	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:26:16.0206 4132	AxInstSV - ok
21:26:16.0316 4132	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:26:16.0331 4132	b06bdrv - ok
21:26:16.0409 4132	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:26:16.0425 4132	b57nd60a - ok
21:26:16.0518 4132	BCM42RLY        (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
21:26:16.0518 4132	BCM42RLY - ok
21:26:16.0784 4132	BCM43XX         (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:26:16.0815 4132	BCM43XX - ok
21:26:17.0002 4132	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:26:17.0002 4132	BDESVC - ok
21:26:17.0096 4132	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:26:17.0096 4132	Beep - ok
21:26:17.0267 4132	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:26:17.0283 4132	BFE - ok
21:26:17.0454 4132	BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
21:26:17.0470 4132	BingDesktopUpdate - ok
21:26:17.0642 4132	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:26:17.0673 4132	BITS - ok
21:26:17.0766 4132	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:26:17.0782 4132	blbdrive - ok
21:26:17.0907 4132	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:26:17.0907 4132	bowser - ok
21:26:17.0969 4132	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:26:17.0969 4132	BrFiltLo - ok
21:26:18.0032 4132	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:26:18.0032 4132	BrFiltUp - ok
21:26:18.0094 4132	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:26:18.0110 4132	BridgeMP - ok
21:26:18.0188 4132	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:26:18.0203 4132	Browser - ok
21:26:18.0266 4132	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:26:18.0281 4132	Brserid - ok
21:26:18.0344 4132	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:26:18.0344 4132	BrSerWdm - ok
21:26:18.0390 4132	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:26:18.0390 4132	BrUsbMdm - ok
21:26:18.0422 4132	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:26:18.0422 4132	BrUsbSer - ok
21:26:18.0500 4132	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:26:18.0500 4132	BthEnum - ok
21:26:18.0546 4132	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:26:18.0546 4132	BTHMODEM - ok
21:26:18.0609 4132	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:26:18.0609 4132	BthPan - ok
21:26:18.0702 4132	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:26:18.0718 4132	BTHPORT - ok
21:26:18.0812 4132	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:26:18.0812 4132	bthserv - ok
21:26:18.0858 4132	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:26:18.0858 4132	BTHUSB - ok
21:26:18.0921 4132	btusbflt        (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
21:26:18.0936 4132	btusbflt - ok
21:26:19.0014 4132	btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
21:26:19.0014 4132	btwaudio - ok
21:26:19.0092 4132	btwavdt         (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
21:26:19.0092 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\btwavdt.sys. md5: 82dc8b7c626e526681c1bebed2bc3ff9
21:26:19.0124 4132	btwavdt ( LockedFile.Multi.Generic ) - warning
21:26:19.0124 4132	btwavdt - detected LockedFile.Multi.Generic (1)
21:26:19.0248 4132	btwdins         (6dde1e97be4d50253dfb9090a6a62524) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:26:19.0264 4132	btwdins - ok
21:26:19.0326 4132	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:26:19.0326 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\btwl2cap.sys. md5: 6149301dc3f81d6f9667a3fbac410975
21:26:19.0342 4132	btwl2cap ( LockedFile.Multi.Generic ) - warning
21:26:19.0342 4132	btwl2cap - detected LockedFile.Multi.Generic (1)
21:26:19.0389 4132	btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
21:26:19.0389 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\btwrchid.sys. md5: 28e105ad3b79f440bf94780f507bf66a
21:26:19.0389 4132	btwrchid ( LockedFile.Multi.Generic ) - warning
21:26:19.0389 4132	btwrchid - detected LockedFile.Multi.Generic (1)
21:26:19.0467 4132	catchme - ok
21:26:19.0560 4132	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:26:19.0560 4132	cdfs - ok
21:26:19.0654 4132	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:26:19.0654 4132	cdrom - ok
21:26:19.0763 4132	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:26:19.0779 4132	CertPropSvc - ok
21:26:19.0935 4132	Change Modem Device Service (b57503792eca95712ca57afd30a0b4cb) C:\Windows\SysWOW64\ChgService.exe
21:26:19.0935 4132	Change Modem Device Service - ok
21:26:19.0997 4132	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:26:19.0997 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: d7cd5c4e1b71fa62050515314cfb52cf
21:26:20.0013 4132	circlass ( LockedFile.Multi.Generic ) - warning
21:26:20.0013 4132	circlass - detected LockedFile.Multi.Generic (1)
21:26:20.0106 4132	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:26:20.0106 4132	Suspicious file (NoAccess): C:\Windows\system32\CLFS.sys. md5: fe1ec06f2253f691fe36217c592a0206
21:26:20.0153 4132	CLFS ( LockedFile.Multi.Generic ) - warning
21:26:20.0153 4132	CLFS - detected LockedFile.Multi.Generic (1)
21:26:20.0262 4132	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:26:20.0262 4132	clr_optimization_v2.0.50727_32 - ok
21:26:20.0356 4132	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:26:20.0356 4132	clr_optimization_v2.0.50727_64 - ok
21:26:20.0481 4132	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:26:20.0559 4132	clr_optimization_v4.0.30319_32 - ok
21:26:20.0668 4132	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:26:20.0684 4132	clr_optimization_v4.0.30319_64 - ok
21:26:20.0762 4132	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:26:20.0762 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155d0bddf1190f84a663c284bd33
21:26:20.0793 4132	CmBatt ( LockedFile.Multi.Generic ) - warning
21:26:20.0793 4132	CmBatt - detected LockedFile.Multi.Generic (1)
21:26:20.0855 4132	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:26:20.0855 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\cmdide.sys. md5: e19d3f095812725d88f9001985b94edd
21:26:20.0871 4132	cmdide ( LockedFile.Multi.Generic ) - warning
21:26:20.0871 4132	cmdide - detected LockedFile.Multi.Generic (1)
21:26:20.0949 4132	cmnsusbser      (f34031dc6d1745154f54b04aff54f5d1) C:\Windows\system32\DRIVERS\cmnsusbser.sys
21:26:20.0949 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cmnsusbser.sys. md5: f34031dc6d1745154f54b04aff54f5d1
21:26:20.0964 4132	cmnsusbser ( LockedFile.Multi.Generic ) - warning
21:26:20.0964 4132	cmnsusbser - detected LockedFile.Multi.Generic (1)
21:26:21.0074 4132	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:26:21.0074 4132	Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: c4943b6c962e4b82197542447ad599f4
21:26:21.0089 4132	CNG ( LockedFile.Multi.Generic ) - warning
21:26:21.0089 4132	CNG - detected LockedFile.Multi.Generic (1)
21:26:21.0152 4132	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:26:21.0152 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102de219c3f61415f964c88e9085ad14
21:26:21.0167 4132	Compbatt ( LockedFile.Multi.Generic ) - warning
21:26:21.0167 4132	Compbatt - detected LockedFile.Multi.Generic (1)
21:26:21.0230 4132	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:26:21.0230 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03edb043586cceba243d689bdda370a8
21:26:21.0245 4132	CompositeBus ( LockedFile.Multi.Generic ) - warning
21:26:21.0245 4132	CompositeBus - detected LockedFile.Multi.Generic (1)
21:26:21.0292 4132	COMSysApp - ok
21:26:21.0339 4132	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:26:21.0339 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1c827878a998c18847245fe1f34ee597
21:26:21.0339 4132	crcdisk ( LockedFile.Multi.Generic ) - warning
21:26:21.0339 4132	crcdisk - detected LockedFile.Multi.Generic (1)
21:26:21.0448 4132	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:26:21.0464 4132	CryptSvc - ok
21:26:21.0573 4132	CtClsFlt        (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:26:21.0573 4132	CtClsFlt - ok
21:26:21.0698 4132	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:26:21.0713 4132	DcomLaunch - ok
21:26:21.0744 4132	Suspicious service (NoAccess): de121f633872f609
21:26:21.0791 4132	de121f633872f609 (00d28bd7f64d47093bb3b289edb37322) C:\Windows\System32\Drivers\de121f633872f609.sys
21:26:21.0791 4132	Suspicious file (NoAccess): C:\Windows\System32\Drivers\de121f633872f609.sys. md5: 00d28bd7f64d47093bb3b289edb37322
21:26:21.0807 4132	de121f633872f609 ( LockedService.Multi.Generic ) - warning
21:26:21.0807 4132	de121f633872f609 - detected LockedService.Multi.Generic (1)
21:26:21.0916 4132	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:26:21.0916 4132	defragsvc - ok
21:26:21.0994 4132	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:26:21.0994 4132	DfsC - ok
21:26:22.0088 4132	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:26:22.0103 4132	Dhcp - ok
21:26:22.0166 4132	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:26:22.0166 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 13096b05847ec78f0977f2c0f79e9ab3
21:26:22.0181 4132	discache ( LockedFile.Multi.Generic ) - warning
21:26:22.0181 4132	discache - detected LockedFile.Multi.Generic (1)
21:26:22.0259 4132	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:26:22.0259 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819eee8b5ea3784ec4af3b137a5244c
21:26:22.0259 4132	Disk ( LockedFile.Multi.Generic ) - warning
21:26:22.0259 4132	Disk - detected LockedFile.Multi.Generic (1)
21:26:22.0353 4132	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:26:22.0353 4132	Dnscache - ok
21:26:22.0509 4132	DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
21:26:22.0509 4132	DockLoginService - ok
21:26:22.0587 4132	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:26:22.0602 4132	dot3svc - ok
21:26:22.0680 4132	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:26:22.0680 4132	DPS - ok
21:26:22.0727 4132	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:26:22.0727 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: 9b19f34400d24df84c858a421c205754
21:26:22.0743 4132	drmkaud ( LockedFile.Multi.Generic ) - warning
21:26:22.0743 4132	drmkaud - detected LockedFile.Multi.Generic (1)
21:26:22.0852 4132	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:26:22.0852 4132	Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: f5bee30450e18e6b83a5012c100616fd
21:26:22.0868 4132	DXGKrnl ( LockedFile.Multi.Generic ) - warning
21:26:22.0868 4132	DXGKrnl - detected LockedFile.Multi.Generic (1)
21:26:22.0946 4132	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:26:22.0961 4132	EapHost - ok
21:26:23.0226 4132	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:26:23.0226 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: dc5d737f51be844d8c82c695eb17372f
21:26:23.0242 4132	ebdrv ( LockedFile.Multi.Generic ) - warning
21:26:23.0242 4132	ebdrv - detected LockedFile.Multi.Generic (1)
21:26:23.0398 4132	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:26:23.0398 4132	EFS - ok
21:26:23.0523 4132	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:26:23.0570 4132	ehRecvr - ok
21:26:23.0632 4132	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:26:23.0632 4132	ehSched - ok
21:26:23.0757 4132	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:26:23.0772 4132	elxstor - ok
21:26:23.0850 4132	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:26:23.0850 4132	ErrDev - ok
21:26:24.0006 4132	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:26:24.0022 4132	EventSystem - ok
21:26:24.0084 4132	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:26:24.0084 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: a510c654ec00c1e9bdd91eeb3a59823b
21:26:24.0116 4132	exfat ( LockedFile.Multi.Generic ) - warning
21:26:24.0116 4132	exfat - detected LockedFile.Multi.Generic (1)
21:26:24.0162 4132	FACAP           (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
21:26:24.0162 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\facap.sys. md5: 2c1d443e14f376e8331f52f135dca9ef
21:26:24.0178 4132	FACAP ( LockedFile.Multi.Generic ) - warning
21:26:24.0178 4132	FACAP - detected LockedFile.Multi.Generic (1)
21:26:24.0443 4132	FAService       (935867267a37317e5c1089019e1851b8) c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
21:26:24.0474 4132	FAService - ok
21:26:24.0599 4132	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:26:24.0599 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0adc83218b66a6db380c330836f3e36d
21:26:24.0599 4132	fastfat ( LockedFile.Multi.Generic ) - warning
21:26:24.0599 4132	fastfat - detected LockedFile.Multi.Generic (1)
21:26:24.0708 4132	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:26:24.0724 4132	Fax - ok
21:26:24.0771 4132	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:26:24.0771 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: d765d19cd8ef61f650c384f62fac00ab
21:26:24.0771 4132	fdc ( LockedFile.Multi.Generic ) - warning
21:26:24.0771 4132	fdc - detected LockedFile.Multi.Generic (1)
21:26:24.0849 4132	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:26:24.0849 4132	fdPHost - ok
21:26:24.0911 4132	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:26:24.0911 4132	FDResPub - ok
21:26:24.0958 4132	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:26:24.0958 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661be46b5f5f3fd454e2c3095b930
21:26:24.0974 4132	FileInfo ( LockedFile.Multi.Generic ) - warning
21:26:24.0974 4132	FileInfo - detected LockedFile.Multi.Generic (1)
21:26:25.0036 4132	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:26:25.0036 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5f671ab5bc87eea04ec38a6cd5962a47
21:26:25.0052 4132	Filetrace ( LockedFile.Multi.Generic ) - warning
21:26:25.0052 4132	Filetrace - detected LockedFile.Multi.Generic (1)
21:26:25.0098 4132	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:26:25.0098 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: c172a0f53008eaeb8ea33fe10e177af5
21:26:25.0098 4132	flpydisk ( LockedFile.Multi.Generic ) - warning
21:26:25.0098 4132	flpydisk - detected LockedFile.Multi.Generic (1)
21:26:25.0192 4132	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:26:25.0192 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: da6b67270fd9db3697b20fce94950741
21:26:25.0208 4132	FltMgr ( LockedFile.Multi.Generic ) - warning
21:26:25.0208 4132	FltMgr - detected LockedFile.Multi.Generic (1)
21:26:25.0348 4132	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:26:25.0379 4132	FontCache - ok
21:26:25.0473 4132	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:26:25.0488 4132	FontCache3.0.0.0 - ok
21:26:25.0566 4132	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:26:25.0566 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: d43703496149971890703b4b1b723eac
21:26:25.0582 4132	FsDepends ( LockedFile.Multi.Generic ) - warning
21:26:25.0582 4132	FsDepends - detected LockedFile.Multi.Generic (1)
21:26:25.0676 4132	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:26:25.0676 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fssfltr.sys. md5: 6c06701bf1db05405804d7eb610991ce
21:26:25.0722 4132	fssfltr ( LockedFile.Multi.Generic ) - warning
21:26:25.0722 4132	fssfltr - detected LockedFile.Multi.Generic (1)
21:26:25.0925 4132	fsssvc          (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:26:25.0956 4132	fsssvc - ok
21:26:26.0112 4132	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:26:26.0112 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6bd9295cc032dd3077c671fccf579a7b
21:26:26.0112 4132	Fs_Rec ( LockedFile.Multi.Generic ) - warning
21:26:26.0112 4132	Fs_Rec - detected LockedFile.Multi.Generic (1)
21:26:26.0206 4132	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:26:26.0206 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1f7b25b858fa27015169fe95e54108ed
21:26:26.0206 4132	fvevol ( LockedFile.Multi.Generic ) - warning
21:26:26.0206 4132	fvevol - detected LockedFile.Multi.Generic (1)
21:26:26.0284 4132	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:26:26.0284 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8c778d335c9d272cfd3298ab02abe3b6
21:26:26.0300 4132	gagp30kx ( LockedFile.Multi.Generic ) - warning
21:26:26.0300 4132	gagp30kx - detected LockedFile.Multi.Generic (1)
21:26:26.0378 4132	GDPkIcpt        (5e75c0d8710287102b30be5f0a12862a) C:\Windows\system32\drivers\PktIcpt.sys
21:26:26.0378 4132	GDPkIcpt - ok
21:26:26.0549 4132	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:26:26.0565 4132	gpsvc - ok
21:26:26.0612 4132	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:26:26.0612 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: f2523ef6460fc42405b12248338ab2f0
21:26:26.0612 4132	hcw85cir ( LockedFile.Multi.Generic ) - warning
21:26:26.0612 4132	hcw85cir - detected LockedFile.Multi.Generic (1)
21:26:26.0705 4132	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:26:26.0705 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410f6f415b2a5a9037224c41da8bf12
21:26:26.0705 4132	HdAudAddService ( LockedFile.Multi.Generic ) - warning
21:26:26.0705 4132	HdAudAddService - detected LockedFile.Multi.Generic (1)
21:26:26.0799 4132	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:26:26.0799 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97bfed39b6b79eb12cddbfeed51f56bb
21:26:26.0799 4132	HDAudBus ( LockedFile.Multi.Generic ) - warning
21:26:26.0799 4132	HDAudBus - detected LockedFile.Multi.Generic (1)
21:26:26.0877 4132	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:26:26.0877 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: b6ac71aaa2b10848f57fc49d55a651af
21:26:26.0892 4132	HECIx64 ( LockedFile.Multi.Generic ) - warning
21:26:26.0892 4132	HECIx64 - detected LockedFile.Multi.Generic (1)
21:26:26.0955 4132	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:26:26.0955 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78e86380454a7b10a5eb255dc44a355f
21:26:26.0955 4132	HidBatt ( LockedFile.Multi.Generic ) - warning
21:26:26.0955 4132	HidBatt - detected LockedFile.Multi.Generic (1)
21:26:27.0002 4132	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:26:27.0002 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7fd2a313f7afe5c4dab14798c48dd104
21:26:27.0017 4132	HidBth ( LockedFile.Multi.Generic ) - warning
21:26:27.0017 4132	HidBth - detected LockedFile.Multi.Generic (1)
21:26:27.0064 4132	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:26:27.0064 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0a77d29f311b88cfae3b13f9c1a73825
21:26:27.0080 4132	HidIr ( LockedFile.Multi.Generic ) - warning
21:26:27.0080 4132	HidIr - detected LockedFile.Multi.Generic (1)
21:26:27.0173 4132	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:26:27.0173 4132	hidserv - ok
21:26:27.0236 4132	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:26:27.0236 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\hidusb.sys. md5: 9592090a7e2b61cd582b612b6df70536
21:26:27.0251 4132	HidUsb ( LockedFile.Multi.Generic ) - warning
21:26:27.0251 4132	HidUsb - detected LockedFile.Multi.Generic (1)
21:26:27.0345 4132	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:26:27.0345 4132	hkmsvc - ok
21:26:27.0438 4132	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:26:27.0454 4132	HomeGroupListener - ok
21:26:27.0548 4132	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:26:27.0563 4132	HomeGroupProvider - ok
21:26:27.0641 4132	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:26:27.0641 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39d2abcd392f3d8a6dce7b60ae7b8efc
21:26:27.0657 4132	HpSAMD ( LockedFile.Multi.Generic ) - warning
21:26:27.0657 4132	HpSAMD - detected LockedFile.Multi.Generic (1)
21:26:27.0766 4132	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:26:27.0766 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0ea7de1acb728dd5a369fd742d6eee28
21:26:27.0782 4132	HTTP ( LockedFile.Multi.Generic ) - warning
21:26:27.0782 4132	HTTP - detected LockedFile.Multi.Generic (1)
21:26:27.0844 4132	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:26:27.0844 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: a5462bd6884960c9dc85ed49d34ff392
21:26:27.0844 4132	hwpolicy ( LockedFile.Multi.Generic ) - warning
21:26:27.0844 4132	hwpolicy - detected LockedFile.Multi.Generic (1)
21:26:27.0922 4132	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:26:27.0922 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\i8042prt.sys. md5: fa55c73d4affa7ee23ac4be53b4592d3
21:26:27.0953 4132	i8042prt ( LockedFile.Multi.Generic ) - warning
21:26:27.0953 4132	i8042prt - detected LockedFile.Multi.Generic (1)
21:26:28.0031 4132	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:26:28.0047 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: aaaf44db3bd0b9d1fb6969b23ecc8366
21:26:28.0047 4132	iaStorV ( LockedFile.Multi.Generic ) - warning
21:26:28.0047 4132	iaStorV - detected LockedFile.Multi.Generic (1)
21:26:28.0140 4132	IDMWFP          (2a63036283b36b3b68cdc6f85a7d53ed) C:\Windows\system32\DRIVERS\idmwfp.sys
21:26:28.0140 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\idmwfp.sys. md5: 2a63036283b36b3b68cdc6f85a7d53ed
21:26:28.0156 4132	IDMWFP ( LockedFile.Multi.Generic ) - warning
21:26:28.0156 4132	IDMWFP - detected LockedFile.Multi.Generic (1)
21:26:28.0312 4132	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:26:28.0328 4132	idsvc - ok
21:26:28.0421 4132	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:26:28.0421 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5c18831c61933628f5bb0ea2675b9d21
21:26:28.0437 4132	iirsp ( LockedFile.Multi.Generic ) - warning
21:26:28.0437 4132	iirsp - detected LockedFile.Multi.Generic (1)
21:26:28.0577 4132	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:26:28.0608 4132	IKEEXT - ok
21:26:28.0686 4132	Impcd           (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
21:26:28.0686 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Impcd.sys. md5: 4ff8a2082d78255d2eb169f986bcc981
21:26:28.0702 4132	Impcd ( LockedFile.Multi.Generic ) - warning
21:26:28.0702 4132	Impcd - detected LockedFile.Multi.Generic (1)
21:26:28.0796 4132	InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
21:26:28.0796 4132	InstallFilterService - ok
21:26:29.0014 4132	IntcAzAudAddService (a9638fa0fb0c5b86229c3fd809ce8cff) C:\Windows\system32\drivers\RTKVHD64.sys
21:26:29.0014 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\RTKVHD64.sys. md5: a9638fa0fb0c5b86229c3fd809ce8cff
21:26:29.0014 4132	IntcAzAudAddService ( LockedFile.Multi.Generic ) - warning
21:26:29.0014 4132	IntcAzAudAddService - detected LockedFile.Multi.Generic (1)
21:26:29.0186 4132	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:26:29.0186 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: f00f20e70c6ec3aa366910083a0518aa
21:26:29.0201 4132	intelide ( LockedFile.Multi.Generic ) - warning
21:26:29.0201 4132	intelide - detected LockedFile.Multi.Generic (1)
21:26:29.0264 4132	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:26:29.0264 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ada036632c664caa754079041cf1f8c1
21:26:29.0279 4132	intelppm ( LockedFile.Multi.Generic ) - warning
21:26:29.0279 4132	intelppm - detected LockedFile.Multi.Generic (1)
21:26:29.0373 4132	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:26:29.0373 4132	IPBusEnum - ok
21:26:29.0466 4132	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:26:29.0466 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: c9f0e1bd74365a8771590e9008d22ab6
21:26:29.0482 4132	IpFilterDriver ( LockedFile.Multi.Generic ) - warning
21:26:29.0482 4132	IpFilterDriver - detected LockedFile.Multi.Generic (1)
21:26:29.0654 4132	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:26:29.0685 4132	iphlpsvc - ok
21:26:29.0747 4132	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:26:29.0747 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0fc1aea580957aa8817b8f305d18ca3a
21:26:29.0763 4132	IPMIDRV ( LockedFile.Multi.Generic ) - warning
21:26:29.0763 4132	IPMIDRV - detected LockedFile.Multi.Generic (1)
21:26:29.0841 4132	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:26:29.0841 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: af9b39a7e7b6caa203b3862582e9f2d0
21:26:29.0856 4132	IPNAT ( LockedFile.Multi.Generic ) - warning
21:26:29.0856 4132	IPNAT - detected LockedFile.Multi.Generic (1)
21:26:29.0903 4132	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:26:29.0903 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3abf5e7213eb28966d55d58b515d5ce9
21:26:29.0903 4132	IRENUM ( LockedFile.Multi.Generic ) - warning
21:26:29.0903 4132	IRENUM - detected LockedFile.Multi.Generic (1)
21:26:29.0966 4132	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:26:29.0966 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2f7b28dc3e1183e5eb418df55c204f38
21:26:29.0981 4132	isapnp ( LockedFile.Multi.Generic ) - warning
21:26:29.0981 4132	isapnp - detected LockedFile.Multi.Generic (1)
21:26:30.0044 4132	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:26:30.0044 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: d931d7309deb2317035b07c9f9e6b0bd
21:26:30.0059 4132	iScsiPrt ( LockedFile.Multi.Generic ) - warning
21:26:30.0059 4132	iScsiPrt - detected LockedFile.Multi.Generic (1)
21:26:30.0153 4132	k57nd60a        (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:26:30.0153 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\k57nd60a.sys. md5: d85f3f18e44f7447b5f1ba5c85baeb7c
21:26:30.0184 4132	k57nd60a ( LockedFile.Multi.Generic ) - warning
21:26:30.0184 4132	k57nd60a - detected LockedFile.Multi.Generic (1)
21:26:30.0231 4132	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:26:30.0231 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdclass.sys. md5: bc02336f1cba7dcc7d1213bb588a68a5
21:26:30.0246 4132	kbdclass ( LockedFile.Multi.Generic ) - warning
21:26:30.0246 4132	kbdclass - detected LockedFile.Multi.Generic (1)
21:26:30.0309 4132	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:26:30.0309 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705eff5b42a9db58548eec3b26bb484
21:26:30.0324 4132	kbdhid ( LockedFile.Multi.Generic ) - warning
21:26:30.0324 4132	kbdhid - detected LockedFile.Multi.Generic (1)
21:26:30.0402 4132	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:26:30.0402 4132	KeyIso - ok
21:26:30.0449 4132	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:26:30.0449 4132	Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: da1e991a61cfdd755a589e206b97644b
21:26:30.0465 4132	KSecDD ( LockedFile.Multi.Generic ) - warning
21:26:30.0465 4132	KSecDD - detected LockedFile.Multi.Generic (1)
21:26:30.0496 4132	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:26:30.0496 4132	Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 7e33198d956943a4f11a5474c1e9106f
21:26:30.0512 4132	KSecPkg ( LockedFile.Multi.Generic ) - warning
21:26:30.0512 4132	KSecPkg - detected LockedFile.Multi.Generic (1)
21:26:30.0543 4132	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:26:30.0558 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281e78cb31a43e969f06b57347c4
21:26:30.0558 4132	ksthunk ( LockedFile.Multi.Generic ) - warning
21:26:30.0558 4132	ksthunk - detected LockedFile.Multi.Generic (1)
21:26:30.0683 4132	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:26:30.0699 4132	KtmRm - ok
21:26:30.0808 4132	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:26:30.0824 4132	LanmanServer - ok
21:26:30.0902 4132	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:26:30.0902 4132	LanmanWorkstation - ok
21:26:30.0980 4132	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:26:30.0980 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831cf8ad2979a04c423779465827
21:26:30.0995 4132	lltdio ( LockedFile.Multi.Generic ) - warning
21:26:30.0995 4132	lltdio - detected LockedFile.Multi.Generic (1)
21:26:31.0073 4132	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:26:31.0089 4132	lltdsvc - ok
21:26:31.0182 4132	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:26:31.0182 4132	lmhosts - ok
21:26:31.0292 4132	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:26:31.0292 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1a93e54eb0ece102495a51266dcdb6a6
21:26:31.0292 4132	LSI_FC ( LockedFile.Multi.Generic ) - warning
21:26:31.0292 4132	LSI_FC - detected LockedFile.Multi.Generic (1)
21:26:31.0338 4132	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:26:31.0338 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184a9fdc8bdbff857175875ee810
21:26:31.0354 4132	LSI_SAS ( LockedFile.Multi.Generic ) - warning
21:26:31.0354 4132	LSI_SAS - detected LockedFile.Multi.Generic (1)
21:26:31.0385 4132	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:26:31.0385 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30f5c0de1ee8b5bc9306c1f0e4a75f93
21:26:31.0401 4132	LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
21:26:31.0401 4132	LSI_SAS2 - detected LockedFile.Multi.Generic (1)
21:26:31.0432 4132	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:26:31.0432 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504eacaff0d3c8aed161c4b0d369d4a
21:26:31.0448 4132	LSI_SCSI ( LockedFile.Multi.Generic ) - warning
21:26:31.0448 4132	LSI_SCSI - detected LockedFile.Multi.Generic (1)
21:26:31.0526 4132	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:26:31.0526 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43d0f98e1d56ccddb0d5254cff7b356e
21:26:31.0541 4132	luafv ( LockedFile.Multi.Generic ) - warning
21:26:31.0541 4132	luafv - detected LockedFile.Multi.Generic (1)
21:26:31.0650 4132	mcdbus          (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
21:26:31.0650 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mcdbus.sys. md5: 79d51e7f5926e8ce1b3ebecebae28cff
21:26:31.0682 4132	mcdbus ( LockedFile.Multi.Generic ) - warning
21:26:31.0682 4132	mcdbus - detected LockedFile.Multi.Generic (1)
21:26:31.0713 4132	McPvDrv - ok
21:26:31.0806 4132	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:26:31.0822 4132	Mcx2Svc - ok
21:26:31.0869 4132	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:26:31.0869 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: a55805f747c6edb6a9080d7c633bd0f4
21:26:31.0884 4132	megasas ( LockedFile.Multi.Generic ) - warning
21:26:31.0884 4132	megasas - detected LockedFile.Multi.Generic (1)
21:26:31.0947 4132	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:26:31.0947 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: baf74ce0072480c3b6b7c13b2a94d6b3
21:26:31.0962 4132	MegaSR ( LockedFile.Multi.Generic ) - warning
21:26:31.0962 4132	MegaSR - detected LockedFile.Multi.Generic (1)
21:26:32.0040 4132	MEMSWEEP2       (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\169C.tmp
21:26:32.0040 4132	MEMSWEEP2 - ok
21:26:32.0196 4132	Microsoft SharePoint Workspace Audit Service - ok
21:26:32.0290 4132	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:26:32.0290 4132	MMCSS - ok
21:26:32.0337 4132	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:26:32.0337 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800ba92f7010378b09f9ed9270f07137
21:26:32.0352 4132	Modem ( LockedFile.Multi.Generic ) - warning
21:26:32.0352 4132	Modem - detected LockedFile.Multi.Generic (1)
21:26:32.0415 4132	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:26:32.0430 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: b03d591dc7da45ece20b3b467e6aadaa
21:26:32.0430 4132	monitor ( LockedFile.Multi.Generic ) - warning
21:26:32.0430 4132	monitor - detected LockedFile.Multi.Generic (1)
21:26:32.0524 4132	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:26:32.0524 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\mouclass.sys. md5: 7d27ea49f3c1f687d357e77a470aea99
21:26:32.0524 4132	mouclass ( LockedFile.Multi.Generic ) - warning
21:26:32.0524 4132	mouclass - detected LockedFile.Multi.Generic (1)
21:26:32.0586 4132	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:26:32.0586 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: d3bf052c40b0c4166d9fd86a4288c1e6
21:26:32.0602 4132	mouhid ( LockedFile.Multi.Generic ) - warning
21:26:32.0602 4132	mouhid - detected LockedFile.Multi.Generic (1)
21:26:32.0711 4132	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:26:32.0711 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32e7a3d591d671a6df2db515a5cbe0fa
21:26:32.0711 4132	mountmgr ( LockedFile.Multi.Generic ) - warning
21:26:32.0711 4132	mountmgr - detected LockedFile.Multi.Generic (1)
21:26:32.0867 4132	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:26:32.0867 4132	MozillaMaintenance - ok
21:26:33.0070 4132	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:26:33.0070 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: a44b420d30bd56e145d6a2bc8768ec58
21:26:33.0070 4132	mpio ( LockedFile.Multi.Generic ) - warning
21:26:33.0070 4132	mpio - detected LockedFile.Multi.Generic (1)
21:26:33.0148 4132	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:26:33.0148 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6c38c9e45ae0ea2fa5e551f2ed5e978f
21:26:33.0148 4132	mpsdrv ( LockedFile.Multi.Generic ) - warning
21:26:33.0148 4132	mpsdrv - detected LockedFile.Multi.Generic (1)
21:26:33.0600 4132	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:26:33.0632 4132	MpsSvc - ok
21:26:33.0725 4132	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:26:33.0725 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: dc722758b8261e1abafd31a3c0a66380
21:26:33.0741 4132	MRxDAV ( LockedFile.Multi.Generic ) - warning
21:26:33.0741 4132	MRxDAV - detected LockedFile.Multi.Generic (1)
21:26:33.0834 4132	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:26:33.0834 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: a5d9106a73dc88564c825d317cac68ac
21:26:33.0834 4132	mrxsmb ( LockedFile.Multi.Generic ) - warning
21:26:33.0834 4132	mrxsmb - detected LockedFile.Multi.Generic (1)
21:26:33.0928 4132	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:26:33.0928 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: d711b3c1d5f42c0c2415687be09fc163
21:26:33.0928 4132	mrxsmb10 ( LockedFile.Multi.Generic ) - warning
21:26:33.0928 4132	mrxsmb10 - detected LockedFile.Multi.Generic (1)
21:26:34.0006 4132	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:26:34.0006 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423e9d355c8d303e76b8cfbd8a5c30c
21:26:34.0022 4132	mrxsmb20 ( LockedFile.Multi.Generic ) - warning
21:26:34.0022 4132	mrxsmb20 - detected LockedFile.Multi.Generic (1)
21:26:34.0084 4132	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:26:34.0084 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: c25f0bafa182cbca2dd3c851c2e75796
21:26:34.0100 4132	msahci ( LockedFile.Multi.Generic ) - warning
21:26:34.0100 4132	msahci - detected LockedFile.Multi.Generic (1)
21:26:34.0162 4132	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:26:34.0162 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: db801a638d011b9633829eb6f663c900
21:26:34.0178 4132	msdsm ( LockedFile.Multi.Generic ) - warning
21:26:34.0178 4132	msdsm - detected LockedFile.Multi.Generic (1)
21:26:34.0240 4132	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:26:34.0240 4132	MSDTC - ok
21:26:34.0334 4132	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:26:34.0334 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: aa3fb40e17ce1388fa1bedab50ea8f96
21:26:34.0349 4132	Msfs ( LockedFile.Multi.Generic ) - warning
21:26:34.0349 4132	Msfs - detected LockedFile.Multi.Generic (1)
21:26:34.0412 4132	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:26:34.0412 4132	Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: f9d215a46a8b9753f61767fa72a20326
21:26:34.0412 4132	mshidkmdf ( LockedFile.Multi.Generic ) - warning
21:26:34.0412 4132	mshidkmdf - detected LockedFile.Multi.Generic (1)
21:26:34.0474 4132	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:26:34.0474 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: d916874bbd4f8b07bfb7fa9b3ccae29d
21:26:34.0490 4132	msisadrv ( LockedFile.Multi.Generic ) - warning
21:26:34.0490 4132	msisadrv - detected LockedFile.Multi.Generic (1)
21:26:34.0583 4132	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:26:34.0599 4132	MSiSCSI - ok
21:26:34.0630 4132	msiserver - ok
21:26:34.0708 4132	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:26:34.0708 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49ccf2c4fea34ffad8b1b59d49439366
21:26:34.0708 4132	MSKSSRV ( LockedFile.Multi.Generic ) - warning
21:26:34.0708 4132	MSKSSRV - detected LockedFile.Multi.Generic (1)
21:26:34.0770 4132	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:26:34.0770 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: bdd71ace35a232104ddd349ee70e1ab3
21:26:34.0786 4132	MSPCLOCK ( LockedFile.Multi.Generic ) - warning
21:26:34.0786 4132	MSPCLOCK - detected LockedFile.Multi.Generic (1)
21:26:34.0817 4132	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:26:34.0817 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ed981241db27c3383d72092b618a1d0
21:26:34.0833 4132	MSPQM ( LockedFile.Multi.Generic ) - warning
21:26:34.0833 4132	MSPQM - detected LockedFile.Multi.Generic (1)
21:26:34.0911 4132	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:26:34.0911 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759a9eeb0fa9ed79da1fb7d4ef78866d
21:26:34.0911 4132	MsRPC ( LockedFile.Multi.Generic ) - warning
21:26:34.0911 4132	MsRPC - detected LockedFile.Multi.Generic (1)
21:26:34.0958 4132	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:26:34.0958 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0eed230e37515a0eaee3c2e1bc97b288
21:26:34.0973 4132	mssmbios ( LockedFile.Multi.Generic ) - warning
21:26:34.0973 4132	mssmbios - detected LockedFile.Multi.Generic (1)
21:26:35.0004 4132	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:26:35.0004 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2e66f9ecb30b4221a318c92ac2250779
21:26:35.0020 4132	MSTEE ( LockedFile.Multi.Generic ) - warning
21:26:35.0020 4132	MSTEE - detected LockedFile.Multi.Generic (1)
21:26:35.0051 4132	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:26:35.0051 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7ea404308934e675bffde8edf0757bcd
21:26:35.0067 4132	MTConfig ( LockedFile.Multi.Generic ) - warning
21:26:35.0067 4132	MTConfig - detected LockedFile.Multi.Generic (1)
21:26:35.0114 4132	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:26:35.0114 4132	Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: f9a18612fd3526fe473c1bda678d61c8
21:26:35.0129 4132	Mup ( LockedFile.Multi.Generic ) - warning
21:26:35.0129 4132	Mup - detected LockedFile.Multi.Generic (1)
21:26:35.0223 4132	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:26:35.0238 4132	napagent - ok
21:26:35.0332 4132	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:26:35.0332 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1ea3749c4114db3e3161156ffffa6b33
21:26:35.0363 4132	NativeWifiP ( LockedFile.Multi.Generic ) - warning
21:26:35.0363 4132	NativeWifiP - detected LockedFile.Multi.Generic (1)
21:26:35.0488 4132	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:26:35.0488 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79b47fd40d9a817e932f9d26fac0a81c
21:26:35.0519 4132	NDIS ( LockedFile.Multi.Generic ) - warning
21:26:35.0519 4132	NDIS - detected LockedFile.Multi.Generic (1)
21:26:35.0550 4132	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:26:35.0566 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9f9a1f53aad7da4d6fef5bb73ab811ac
21:26:35.0582 4132	NdisCap ( LockedFile.Multi.Generic ) - warning
21:26:35.0582 4132	NdisCap - detected LockedFile.Multi.Generic (1)
21:26:35.0644 4132	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:26:35.0644 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639c932d9fef22b31268fe25a1b6e5
21:26:35.0660 4132	NdisTapi ( LockedFile.Multi.Generic ) - warning
21:26:35.0660 4132	NdisTapi - detected LockedFile.Multi.Generic (1)
21:26:35.0738 4132	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:26:35.0738 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185f9fb2cc61e573e676aa5402356
21:26:35.0753 4132	Ndisuio ( LockedFile.Multi.Generic ) - warning
21:26:35.0753 4132	Ndisuio - detected LockedFile.Multi.Generic (1)
21:26:35.0816 4132	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:26:35.0816 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53f7305169863f0a2bddc49e116c2e11
21:26:35.0847 4132	NdisWan ( LockedFile.Multi.Generic ) - warning
21:26:35.0847 4132	NdisWan - detected LockedFile.Multi.Generic (1)
21:26:35.0909 4132	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:26:35.0909 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015c0d8e0e0421b4cfd48cffe2825879
21:26:35.0925 4132	NDProxy ( LockedFile.Multi.Generic ) - warning
21:26:35.0925 4132	NDProxy - detected LockedFile.Multi.Generic (1)
21:26:35.0956 4132	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:26:35.0956 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743d9f5d2b1048062b14b1d84501c4
21:26:35.0972 4132	NetBIOS ( LockedFile.Multi.Generic ) - warning
21:26:35.0972 4132	NetBIOS - detected LockedFile.Multi.Generic (1)
21:26:36.0050 4132	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:26:36.0050 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594d1089c523423b32a4229263f068
21:26:36.0096 4132	NetBT ( LockedFile.Multi.Generic ) - warning
21:26:36.0096 4132	NetBT - detected LockedFile.Multi.Generic (1)
21:26:36.0159 4132	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:26:36.0159 4132	Netlogon - ok
21:26:36.0252 4132	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:26:36.0268 4132	Netman - ok
21:26:36.0362 4132	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:26:36.0377 4132	netprofm - ok
21:26:36.0486 4132	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:26:36.0486 4132	NetTcpPortSharing - ok
21:26:36.0596 4132	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:26:36.0596 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813be4d166cdab78ddba990da92
21:26:36.0627 4132	nfrd960 ( LockedFile.Multi.Generic ) - warning
21:26:36.0627 4132	nfrd960 - detected LockedFile.Multi.Generic (1)
21:26:36.0720 4132	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:26:36.0736 4132	NlaSvc - ok
21:26:36.0892 4132	nlsX86cc        (3e28b6b2d0a3880efb21a2ead1ae539e) C:\Windows\SysWOW64\NLSSRV32.EXE
21:26:36.0908 4132	nlsX86cc - ok
21:26:36.0970 4132	nmwcdcx64       (f9691bfb0fb9ff500ba6d41fb92e97de) C:\Windows\system32\drivers\ccdcmbox64.sys
21:26:36.0970 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\ccdcmbox64.sys. md5: f9691bfb0fb9ff500ba6d41fb92e97de
21:26:36.0986 4132	nmwcdcx64 ( LockedFile.Multi.Generic ) - warning
21:26:36.0986 4132	nmwcdcx64 - detected LockedFile.Multi.Generic (1)
21:26:37.0064 4132	nmwcdx64        (6ec32c9af7d148e96d7b4f77290afecb) C:\Windows\system32\drivers\ccdcmbx64.sys
21:26:37.0079 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\ccdcmbx64.sys. md5: 6ec32c9af7d148e96d7b4f77290afecb
21:26:37.0110 4132	nmwcdx64 ( LockedFile.Multi.Generic ) - warning
21:26:37.0110 4132	nmwcdx64 - detected LockedFile.Multi.Generic (1)
21:26:37.0188 4132	NPF             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
21:26:37.0188 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\npf.sys. md5: 351533acc2a069b94e80bbfc177e8fdf
21:26:37.0204 4132	NPF ( LockedFile.Multi.Generic ) - warning
21:26:37.0204 4132	NPF - detected LockedFile.Multi.Generic (1)
21:26:37.0282 4132	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:26:37.0282 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1e4c4ab5c9b8dd13179bbdc75a2a01f7
21:26:37.0298 4132	Npfs ( LockedFile.Multi.Generic ) - warning
21:26:37.0298 4132	Npfs - detected LockedFile.Multi.Generic (1)
21:26:37.0360 4132	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:26:37.0360 4132	nsi - ok
21:26:37.0391 4132	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:26:37.0391 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: e7f5ae18af4168178a642a9247c63001
21:26:37.0407 4132	nsiproxy ( LockedFile.Multi.Generic ) - warning
21:26:37.0407 4132	nsiproxy - detected LockedFile.Multi.Generic (1)
21:26:37.0641 4132	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:26:37.0641 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: a2f74975097f52a00745f9637451fdd8
21:26:37.0656 4132	Ntfs ( LockedFile.Multi.Generic ) - warning
21:26:37.0656 4132	Ntfs - detected LockedFile.Multi.Generic (1)
21:26:37.0766 4132	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:26:37.0766 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589f75fa8724ff3d16aed75c1
21:26:37.0781 4132	Null ( LockedFile.Multi.Generic ) - warning
21:26:37.0781 4132	Null - detected LockedFile.Multi.Generic (1)
21:26:37.0859 4132	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:26:37.0859 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0a92cb65770442ed0dc44834632f66ad
21:26:37.0875 4132	nvraid ( LockedFile.Multi.Generic ) - warning
21:26:37.0875 4132	nvraid - detected LockedFile.Multi.Generic (1)
21:26:37.0922 4132	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:26:37.0922 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: dab0e87525c10052bf65f06152f37e4a
21:26:37.0937 4132	nvstor ( LockedFile.Multi.Generic ) - warning
21:26:37.0937 4132	nvstor - detected LockedFile.Multi.Generic (1)
21:26:38.0000 4132	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:26:38.0000 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270d7cd42d6e3979f6dd0146650f0e05
21:26:38.0015 4132	nv_agp ( LockedFile.Multi.Generic ) - warning
21:26:38.0015 4132	nv_agp - detected LockedFile.Multi.Generic (1)
21:26:38.0062 4132	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:26:38.0062 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478e4b22ce21b41fa1bfc0b8b8a0
21:26:38.0062 4132	ohci1394 ( LockedFile.Multi.Generic ) - warning
21:26:38.0062 4132	ohci1394 - detected LockedFile.Multi.Generic (1)
21:26:38.0202 4132	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:26:38.0202 4132	ose - ok
21:26:38.0592 4132	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:26:38.0702 4132	osppsvc - ok
21:26:38.0889 4132	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:26:38.0920 4132	p2pimsvc - ok
21:26:38.0982 4132	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:26:39.0014 4132	p2psvc - ok
21:26:39.0076 4132	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:26:39.0076 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431c29c35be1dbc43f52cc273887
21:26:39.0092 4132	Parport ( LockedFile.Multi.Generic ) - warning
21:26:39.0092 4132	Parport - detected LockedFile.Multi.Generic (1)
21:26:39.0170 4132	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:26:39.0170 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: e9766131eeade40a27dc27d2d68fba9c
21:26:39.0185 4132	partmgr ( LockedFile.Multi.Generic ) - warning
21:26:39.0185 4132	partmgr - detected LockedFile.Multi.Generic (1)
21:26:39.0263 4132	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:26:39.0279 4132	PcaSvc - ok
21:26:39.0341 4132	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:26:39.0341 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pccsmcfdx64.sys. md5: bc0018c2d29f655188a0ed3fa94fdb24
21:26:39.0357 4132	pccsmcfd ( LockedFile.Multi.Generic ) - warning
21:26:39.0357 4132	pccsmcfd - detected LockedFile.Multi.Generic (1)
21:26:39.0466 4132	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:26:39.0466 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575c0571d1462a0f70bde6bd6ee6b3
21:26:39.0466 4132	pci ( LockedFile.Multi.Generic ) - warning
21:26:39.0466 4132	pci - detected LockedFile.Multi.Generic (1)
21:26:39.0528 4132	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:26:39.0528 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: b5b8b5ef2e5cb34df8dcf8831e3534fa
21:26:39.0544 4132	pciide ( LockedFile.Multi.Generic ) - warning
21:26:39.0544 4132	pciide - detected LockedFile.Multi.Generic (1)
21:26:39.0591 4132	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:26:39.0591 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: b2e81d4e87ce48589f98cb8c05b01f2f
21:26:39.0591 4132	pcmcia ( LockedFile.Multi.Generic ) - warning
21:26:39.0591 4132	pcmcia - detected LockedFile.Multi.Generic (1)
21:26:39.0653 4132	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:26:39.0653 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: d6b9c2e1a11a3a4b26a182ffef18f603
21:26:39.0653 4132	pcw ( LockedFile.Multi.Generic ) - warning
21:26:39.0653 4132	pcw - detected LockedFile.Multi.Generic (1)
21:26:39.0778 4132	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:26:39.0778 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769c3356b3be5d1c732c97b9a80d6e
21:26:39.0794 4132	PEAUTH ( LockedFile.Multi.Generic ) - warning
21:26:39.0794 4132	PEAUTH - detected LockedFile.Multi.Generic (1)
21:26:39.0996 4132	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:26:40.0012 4132	PerfHost - ok
21:26:40.0199 4132	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:26:40.0230 4132	pla - ok
21:26:40.0340 4132	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:26:40.0355 4132	PlugPlay - ok
21:26:40.0449 4132	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:26:40.0449 4132	PNRPAutoReg - ok
21:26:40.0542 4132	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:26:40.0542 4132	PNRPsvc - ok
21:26:40.0620 4132	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:26:40.0636 4132	PolicyAgent - ok
21:26:40.0714 4132	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:26:40.0730 4132	Power - ok
21:26:40.0823 4132	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:26:40.0823 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: f92a2c41117a11a00be01ca01a7fcde9
21:26:40.0854 4132	PptpMiniport ( LockedFile.Multi.Generic ) - warning
21:26:40.0854 4132	PptpMiniport - detected LockedFile.Multi.Generic (1)
21:26:40.0932 4132	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:26:40.0932 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0d922e23c041efb1c3fac2a6f943c9bf
21:26:40.0948 4132	Processor ( LockedFile.Multi.Generic ) - warning
21:26:40.0948 4132	Processor - detected LockedFile.Multi.Generic (1)
21:26:41.0026 4132	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:26:41.0042 4132	ProfSvc - ok
21:26:41.0104 4132	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:26:41.0104 4132	ProtectedStorage - ok
21:26:41.0198 4132	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:26:41.0198 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557cf5a2556bd58e26384169d72438d
21:26:41.0213 4132	Psched ( LockedFile.Multi.Generic ) - warning
21:26:41.0213 4132	Psched - detected LockedFile.Multi.Generic (1)
21:26:41.0307 4132	PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:26:41.0307 4132	Suspicious file (NoAccess): C:\Windows\system32\Drivers\PxHlpa64.sys. md5: 4712cc14e720ecccc0aa16949d18aaf1
21:26:41.0322 4132	PxHlpa64 ( LockedFile.Multi.Generic ) - warning
21:26:41.0322 4132	PxHlpa64 - detected LockedFile.Multi.Generic (1)
21:26:41.0447 4132	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:26:41.0447 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: a53a15a11ebfd21077463ee2c7afeef0
21:26:41.0463 4132	ql2300 ( LockedFile.Multi.Generic ) - warning
21:26:41.0463 4132	ql2300 - detected LockedFile.Multi.Generic (1)
21:26:41.0603 4132	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:26:41.0603 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4f6d12b51de1aaeff7dc58c4d75423c8
21:26:41.0619 4132	ql40xx ( LockedFile.Multi.Generic ) - warning
21:26:41.0619 4132	ql40xx - detected LockedFile.Multi.Generic (1)
21:26:41.0712 4132	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:26:41.0728 4132	QWAVE - ok
21:26:41.0775 4132	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:26:41.0775 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707bb36430888d9ce9d705398adb6c
21:26:41.0790 4132	QWAVEdrv ( LockedFile.Multi.Generic ) - warning
21:26:41.0790 4132	QWAVEdrv - detected LockedFile.Multi.Generic (1)
21:26:41.0822 4132	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:26:41.0822 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5a0da8ad5762fa2d91678a8a01311704
21:26:41.0837 4132	RasAcd ( LockedFile.Multi.Generic ) - warning
21:26:41.0837 4132	RasAcd - detected LockedFile.Multi.Generic (1)
21:26:41.0915 4132	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:26:41.0915 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ecff9b22276b73f43a99a15a6094e90
21:26:41.0931 4132	RasAgileVpn ( LockedFile.Multi.Generic ) - warning
21:26:41.0931 4132	RasAgileVpn - detected LockedFile.Multi.Generic (1)
21:26:42.0009 4132	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:26:42.0009 4132	RasAuto - ok
21:26:42.0071 4132	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:26:42.0071 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800ae33e6f1c32fb1b97c490ca
21:26:42.0087 4132	Rasl2tp ( LockedFile.Multi.Generic ) - warning
21:26:42.0087 4132	Rasl2tp - detected LockedFile.Multi.Generic (1)
21:26:42.0196 4132	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:26:42.0212 4132	RasMan - ok
21:26:42.0290 4132	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:26:42.0290 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855c9b1cd4756c5e9a2aa58a15f58c25
21:26:42.0305 4132	RasPppoe ( LockedFile.Multi.Generic ) - warning
21:26:42.0305 4132	RasPppoe - detected LockedFile.Multi.Generic (1)
21:26:42.0352 4132	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:26:42.0352 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: e8b1e447b008d07ff47d016c2b0eeecb
21:26:42.0352 4132	RasSstp ( LockedFile.Multi.Generic ) - warning
21:26:42.0352 4132	RasSstp - detected LockedFile.Multi.Generic (1)
21:26:42.0430 4132	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:26:42.0430 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77f665941019a1594d887a74f301fa2f
21:26:42.0446 4132	rdbss ( LockedFile.Multi.Generic ) - warning
21:26:42.0446 4132	rdbss - detected LockedFile.Multi.Generic (1)
21:26:42.0477 4132	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:26:42.0477 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302da2a0539f2cf54d7c6cc30c1f2d8d
21:26:42.0492 4132	rdpbus ( LockedFile.Multi.Generic ) - warning
21:26:42.0492 4132	rdpbus - detected LockedFile.Multi.Generic (1)
21:26:42.0524 4132	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:26:42.0524 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: cea6cc257fc9b7715f1c2b4849286d24
21:26:42.0555 4132	RDPCDD ( LockedFile.Multi.Generic ) - warning
21:26:42.0555 4132	RDPCDD - detected LockedFile.Multi.Generic (1)
21:26:42.0602 4132	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:26:42.0602 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: bb5971a4f00659529a5c44831af22365
21:26:42.0617 4132	RDPENCDD ( LockedFile.Multi.Generic ) - warning
21:26:42.0617 4132	RDPENCDD - detected LockedFile.Multi.Generic (1)
21:26:42.0664 4132	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:26:42.0664 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216f3fa57533d98e1f74ded70113177a
21:26:42.0680 4132	RDPREFMP ( LockedFile.Multi.Generic ) - warning
21:26:42.0680 4132	RDPREFMP - detected LockedFile.Multi.Generic (1)
21:26:42.0758 4132	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:26:42.0758 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: e61608aa35e98999af9aaeeea6114b0a
21:26:42.0758 4132	RDPWD ( LockedFile.Multi.Generic ) - warning
21:26:42.0758 4132	RDPWD - detected LockedFile.Multi.Generic (1)
21:26:42.0867 4132	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:26:42.0867 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ed295fa0121c241bfef24764fc4520
21:26:42.0898 4132	rdyboost ( LockedFile.Multi.Generic ) - warning
21:26:42.0898 4132	rdyboost - detected LockedFile.Multi.Generic (1)
21:26:42.0976 4132	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:26:42.0976 4132	RemoteAccess - ok
21:26:43.0054 4132	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:26:43.0070 4132	RemoteRegistry - ok
21:26:43.0148 4132	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:26:43.0148 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3dd798846e2c28102b922c56e71b7932
21:26:43.0179 4132	RFCOMM ( LockedFile.Multi.Generic ) - warning
21:26:43.0179 4132	RFCOMM - detected LockedFile.Multi.Generic (1)
21:26:43.0288 4132	rpcapd          (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
21:26:43.0304 4132	rpcapd - ok
21:26:43.0350 4132	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:26:43.0366 4132	RpcEptMapper - ok
21:26:43.0413 4132	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:26:43.0413 4132	RpcLocator - ok
21:26:43.0538 4132	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
21:26:43.0538 4132	RpcSs - ok
21:26:43.0616 4132	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:26:43.0616 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: ddc86e4f8e7456261e637e3552e804ff
21:26:43.0647 4132	rspndr ( LockedFile.Multi.Generic ) - warning
21:26:43.0647 4132	rspndr - detected LockedFile.Multi.Generic (1)
21:26:43.0725 4132	RSUSBSTOR       (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
21:26:43.0725 4132	Suspicious file (NoAccess): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 502b316947ea887cddd325d4745eb7d0
21:26:43.0740 4132	RSUSBSTOR ( LockedFile.Multi.Generic ) - warning
21:26:43.0740 4132	RSUSBSTOR - detected LockedFile.Multi.Generic (1)
21:26:43.0803 4132	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:26:43.0803 4132	SamSs - ok
21:26:43.0881 4132	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:26:43.0881 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: ac03af3329579fffb455aa2daabbe22b
21:26:43.0896 4132	sbp2port ( LockedFile.Multi.Generic ) - warning
21:26:43.0896 4132	sbp2port - detected LockedFile.Multi.Generic (1)
21:26:43.0974 4132	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:26:43.0990 4132	SCardSvr - ok
21:26:44.0052 4132	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:26:44.0052 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253f38d0d7074c02ff8deb9836c97d2b
21:26:44.0068 4132	scfilter ( LockedFile.Multi.Generic ) - warning
21:26:44.0068 4132	scfilter - detected LockedFile.Multi.Generic (1)
21:26:44.0208 4132	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:26:44.0240 4132	Schedule - ok
21:26:44.0318 4132	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:26:44.0318 4132	SCPolicySvc - ok
21:26:44.0396 4132	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:26:44.0411 4132	SDRSVC - ok
21:26:44.0598 4132	SeaPort         (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:26:44.0598 4132	SeaPort - ok
21:26:44.0676 4132	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:26:44.0676 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3ea8a16169c26afbeb544e0e48421186
21:26:44.0708 4132	secdrv ( LockedFile.Multi.Generic ) - warning
21:26:44.0708 4132	secdrv - detected LockedFile.Multi.Generic (1)
21:26:44.0786 4132	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:26:44.0786 4132	seclogon - ok
21:26:44.0864 4132	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:26:44.0864 4132	SENS - ok
21:26:44.0942 4132	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:26:44.0942 4132	SensrSvc - ok
21:26:45.0004 4132	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:26:45.0004 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: cb624c0035412af0debec78c41f5ca1b
21:26:45.0020 4132	Serenum ( LockedFile.Multi.Generic ) - warning
21:26:45.0020 4132	Serenum - detected LockedFile.Multi.Generic (1)
21:26:45.0082 4132	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:26:45.0082 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: c1d8e28b2c2adfaec4ba89e9fda69bd6
21:26:45.0098 4132	Serial ( LockedFile.Multi.Generic ) - warning
21:26:45.0098 4132	Serial - detected LockedFile.Multi.Generic (1)
21:26:45.0160 4132	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:26:45.0160 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1c545a7d0691cc4a027396535691c3e3
21:26:45.0176 4132	sermouse ( LockedFile.Multi.Generic ) - warning
21:26:45.0176 4132	sermouse - detected LockedFile.Multi.Generic (1)
21:26:45.0363 4132	ServiceLayer    (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
21:26:45.0394 4132	ServiceLayer - ok
21:26:45.0503 4132	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:26:45.0519 4132	SessionEnv - ok
21:26:45.0581 4132	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:26:45.0581 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: a554811bcd09279536440c964ae35bbf
21:26:45.0597 4132	sffdisk ( LockedFile.Multi.Generic ) - warning
21:26:45.0597 4132	sffdisk - detected LockedFile.Multi.Generic (1)
21:26:45.0628 4132	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:26:45.0628 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: ff414f0baefeba59bc6c04b3db0b87bf
21:26:45.0644 4132	sffp_mmc ( LockedFile.Multi.Generic ) - warning
21:26:45.0644 4132	sffp_mmc - detected LockedFile.Multi.Generic (1)
21:26:45.0675 4132	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:26:45.0675 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: dd85b78243a19b59f0637dcf284da63c
21:26:45.0675 4132	sffp_sd ( LockedFile.Multi.Generic ) - warning
21:26:45.0675 4132	sffp_sd - detected LockedFile.Multi.Generic (1)
21:26:45.0722 4132	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:26:45.0722 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: a9d601643a1647211a1ee2ec4e433ff4
21:26:45.0737 4132	sfloppy ( LockedFile.Multi.Generic ) - warning
21:26:45.0737 4132	sfloppy - detected LockedFile.Multi.Generic (1)
21:26:45.0846 4132	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:26:45.0862 4132	SharedAccess - ok
21:26:45.0956 4132	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:26:45.0971 4132	ShellHWDetection - ok
21:26:46.0034 4132	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:26:46.0034 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843caf1e5fde1ffd5ff768f23a51e2e1
21:26:46.0049 4132	SiSRaid2 ( LockedFile.Multi.Generic ) - warning
21:26:46.0049 4132	SiSRaid2 - detected LockedFile.Multi.Generic (1)
21:26:46.0080 4132	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:26:46.0080 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6a6c106d42e9ffff8b9fcb4f754f6da4
21:26:46.0096 4132	SiSRaid4 ( LockedFile.Multi.Generic ) - warning
21:26:46.0096 4132	SiSRaid4 - detected LockedFile.Multi.Generic (1)
21:26:46.0158 4132	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:26:46.0158 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260a7b8654e024dc30bf8a7c5baa4
21:26:46.0190 4132	Smb ( LockedFile.Multi.Generic ) - warning
21:26:46.0190 4132	Smb - detected LockedFile.Multi.Generic (1)
21:26:46.0299 4132	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:26:46.0299 4132	SNMPTRAP - ok
21:26:46.0377 4132	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:26:46.0377 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: b9e31e5cacdfe584f34f730a677803f9
21:26:46.0377 4132	spldr ( LockedFile.Multi.Generic ) - warning
21:26:46.0377 4132	spldr - detected LockedFile.Multi.Generic (1)
21:26:46.0455 4132	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:26:46.0470 4132	Spooler - ok
21:26:46.0736 4132	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:26:46.0829 4132	sppsvc - ok
21:26:47.0001 4132	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:26:47.0001 4132	sppuinotify - ok
21:26:47.0126 4132	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:26:47.0126 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441fba48bff01fdb9d5969ebc1838f0b
21:26:47.0157 4132	srv ( LockedFile.Multi.Generic ) - warning
21:26:47.0157 4132	srv - detected LockedFile.Multi.Generic (1)
21:26:47.0235 4132	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:26:47.0235 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: b4adebbf5e3677cce9651e0f01f7cc28
21:26:47.0250 4132	srv2 ( LockedFile.Multi.Generic ) - warning
21:26:47.0250 4132	srv2 - detected LockedFile.Multi.Generic (1)
21:26:47.0297 4132	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:26:47.0297 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27e461f0be5bff5fc737328f749538c3
21:26:47.0297 4132	srvnet ( LockedFile.Multi.Generic ) - warning
21:26:47.0297 4132	srvnet - detected LockedFile.Multi.Generic (1)
21:26:47.0360 4132	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:26:47.0375 4132	SSDPSRV - ok
21:26:47.0438 4132	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:26:47.0438 4132	SstpSvc - ok
21:26:47.0516 4132	stdflt          (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
21:26:47.0516 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stdflt.sys. md5: c48e0745d33897c7a73394214f2b9b4f
21:26:47.0516 4132	stdflt ( LockedFile.Multi.Generic ) - warning
21:26:47.0516 4132	stdflt - detected LockedFile.Multi.Generic (1)
21:26:47.0640 4132	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:26:47.0640 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: f3817967ed533d08327dc73bc4d5542a
21:26:47.0640 4132	stexstor ( LockedFile.Multi.Generic ) - warning
21:26:47.0640 4132	stexstor - detected LockedFile.Multi.Generic (1)
21:26:47.0765 4132	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:26:47.0796 4132	stisvc - ok
21:26:47.0874 4132	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:26:47.0874 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: d01ec09b6711a5f8e7e6564a4d0fbc90
21:26:47.0906 4132	swenum ( LockedFile.Multi.Generic ) - warning
21:26:47.0906 4132	swenum - detected LockedFile.Multi.Generic (1)
21:26:47.0999 4132	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:26:48.0015 4132	swprv - ok
21:26:48.0108 4132	SynTP           (5aeec2bb8065b563adbc88ca22588953) C:\Windows\system32\DRIVERS\SynTP.sys
21:26:48.0108 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 5aeec2bb8065b563adbc88ca22588953
21:26:48.0124 4132	SynTP ( LockedFile.Multi.Generic ) - warning
21:26:48.0124 4132	SynTP - detected LockedFile.Multi.Generic (1)
21:26:48.0140 4132	Suspicious service (NoAccess): syshost32
21:26:48.0264 4132	syshost32       (b3a697a7f2485ef1cd19cb3d2181cd2f) C:\Windows\Installer\{76898107-9226-0825-1544-D8F4F509B690}\syshost.exe
21:26:48.0264 4132	Suspicious file (NoAccess): C:\Windows\Installer\{76898107-9226-0825-1544-D8F4F509B690}\syshost.exe. md5: b3a697a7f2485ef1cd19cb3d2181cd2f
21:26:48.0280 4132	syshost32 ( LockedService.Multi.Generic ) - warning
21:26:48.0280 4132	syshost32 - detected LockedService.Multi.Generic (1)
21:26:48.0467 4132	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:26:48.0545 4132	SysMain - ok
21:26:48.0686 4132	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:26:48.0686 4132	TabletInputService - ok
21:26:48.0748 4132	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:26:48.0764 4132	TapiSrv - ok
21:26:48.0857 4132	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:26:48.0857 4132	TBS - ok
21:26:49.0091 4132	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:26:49.0091 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: acb82bda8f46c84f465c1afa517dc4b9
21:26:49.0138 4132	Tcpip ( LockedFile.Multi.Generic ) - warning
21:26:49.0138 4132	Tcpip - detected LockedFile.Multi.Generic (1)
21:26:49.0356 4132	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:26:49.0356 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: acb82bda8f46c84f465c1afa517dc4b9
21:26:49.0388 4132	TCPIP6 ( LockedFile.Multi.Generic ) - warning
21:26:49.0388 4132	TCPIP6 - detected LockedFile.Multi.Generic (1)
21:26:49.0544 4132	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:26:49.0544 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: df687e3d8836bfb04fcc0615bf15a519
21:26:49.0544 4132	tcpipreg ( LockedFile.Multi.Generic ) - warning
21:26:49.0544 4132	tcpipreg - detected LockedFile.Multi.Generic (1)
21:26:49.0684 4132	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:26:49.0684 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371d21011695b16333a3934340c4e7c
21:26:49.0700 4132	TDPIPE ( LockedFile.Multi.Generic ) - warning
21:26:49.0700 4132	TDPIPE - detected LockedFile.Multi.Generic (1)
21:26:49.0762 4132	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:26:49.0762 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51c5eceb1cdee2468a1748be550cfbc8
21:26:49.0778 4132	TDTCP ( LockedFile.Multi.Generic ) - warning
21:26:49.0778 4132	TDTCP - detected LockedFile.Multi.Generic (1)
21:26:49.0887 4132	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:26:49.0887 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: ddad5a7ab24d8b65f8d724f5c20fd806
21:26:49.0887 4132	tdx ( LockedFile.Multi.Generic ) - warning
21:26:49.0887 4132	tdx - detected LockedFile.Multi.Generic (1)
21:26:50.0183 4132	TeamViewer7     (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:26:50.0214 4132	TeamViewer7 - ok
21:26:50.0386 4132	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:26:50.0386 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561e7e1f06895d78de991e01dd0fb6e5
21:26:50.0402 4132	TermDD ( LockedFile.Multi.Generic ) - warning
21:26:50.0402 4132	TermDD - detected LockedFile.Multi.Generic (1)
21:26:50.0495 4132	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:26:50.0526 4132	TermService - ok
21:26:50.0620 4132	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:26:50.0620 4132	Themes - ok
21:26:50.0714 4132	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:26:50.0729 4132	THREADORDER - ok
21:26:50.0807 4132	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:26:50.0823 4132	TrkWks - ok
21:26:50.0901 4132	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:26:50.0916 4132	TrustedInstaller - ok
21:26:50.0994 4132	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:26:50.0994 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: ce18b2cdfc837c99e5fae9ca6cba5d30
21:26:50.0994 4132	tssecsrv ( LockedFile.Multi.Generic ) - warning
21:26:50.0994 4132	tssecsrv - detected LockedFile.Multi.Generic (1)
21:26:51.0088 4132	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:26:51.0088 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: d11c783e3ef9a3c52c0ebe83cc5000e9
21:26:51.0104 4132	TsUsbFlt ( LockedFile.Multi.Generic ) - warning
21:26:51.0104 4132	TsUsbFlt - detected LockedFile.Multi.Generic (1)
21:26:51.0182 4132	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:26:51.0182 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566a8daafa27af944f5d705eaa64894
21:26:51.0197 4132	tunnel ( LockedFile.Multi.Generic ) - warning
21:26:51.0197 4132	tunnel - detected LockedFile.Multi.Generic (1)
21:26:51.0260 4132	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:26:51.0260 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: b4dd609bd7e282bfc683cec7eaaaad67
21:26:51.0275 4132	uagp35 ( LockedFile.Multi.Generic ) - warning
21:26:51.0275 4132	uagp35 - detected LockedFile.Multi.Generic (1)
21:26:51.0369 4132	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:26:51.0369 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: ff4232a1a64012baa1fd97c7b67df593
21:26:51.0384 4132	udfs ( LockedFile.Multi.Generic ) - warning
21:26:51.0384 4132	udfs - detected LockedFile.Multi.Generic (1)
21:26:51.0556 4132	UDisk Monitor   (4fbe6a983ff6c02561b7d4ce470ef8bd) C:\Program Files\ZTE Dialer\bin\MonServiceUDisk.exe
21:26:51.0572 4132	UDisk Monitor - ok
21:26:51.0681 4132	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:26:51.0681 4132	UI0Detect - ok
21:26:51.0759 4132	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:26:51.0759 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4bfe1bc28391222894cbf1e7d0e42320
21:26:51.0774 4132	uliagpkx ( LockedFile.Multi.Generic ) - warning
21:26:51.0774 4132	uliagpkx - detected LockedFile.Multi.Generic (1)
21:26:51.0852 4132	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:26:51.0852 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\umbus.sys. md5: dc54a574663a895c8763af0fa1ff7561
21:26:51.0868 4132	umbus ( LockedFile.Multi.Generic ) - warning
21:26:51.0868 4132	umbus - detected LockedFile.Multi.Generic (1)
21:26:51.0930 4132	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:26:51.0930 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: b2e8e8cb557b156da5493bbddcc1474d
21:26:51.0946 4132	UmPass ( LockedFile.Multi.Generic ) - warning
21:26:51.0946 4132	UmPass - detected LockedFile.Multi.Generic (1)
21:26:52.0055 4132	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:26:52.0071 4132	upnphost - ok
21:26:52.0149 4132	upperdev        (1d6f13de33143d7ae9278b1002fbef4a) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
21:26:52.0149 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys. md5: 1d6f13de33143d7ae9278b1002fbef4a
21:26:52.0164 4132	upperdev ( LockedFile.Multi.Generic ) - warning
21:26:52.0164 4132	upperdev - detected LockedFile.Multi.Generic (1)
21:26:52.0242 4132	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:26:52.0242 4132	Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbaapl64.sys. md5: aa33fc47ed58c34e6e9261e4f850b7eb
21:26:52.0242 4132	USBAAPL64 ( LockedFile.Multi.Generic ) - warning
21:26:52.0242 4132	USBAAPL64 - detected LockedFile.Multi.Generic (1)
21:26:52.0305 4132	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:26:52.0305 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6f1a3157a1c89435352ceb543cdb359c
21:26:52.0320 4132	usbccgp ( LockedFile.Multi.Generic ) - warning
21:26:52.0320 4132	usbccgp - detected LockedFile.Multi.Generic (1)
21:26:52.0398 4132	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:26:52.0398 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: af0892a803fdda7492f595368e3b68e7
21:26:52.0414 4132	usbcir ( LockedFile.Multi.Generic ) - warning
21:26:52.0414 4132	usbcir - detected LockedFile.Multi.Generic (1)
21:26:52.0461 4132	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:26:52.0461 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: c025055fe7b87701eb042095df1a2d7b
21:26:52.0461 4132	usbehci ( LockedFile.Multi.Generic ) - warning
21:26:52.0461 4132	usbehci - detected LockedFile.Multi.Generic (1)
21:26:52.0554 4132	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:26:52.0554 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287c6c9410b111b68b52ca298f7b8c24
21:26:52.0586 4132	usbhub ( LockedFile.Multi.Generic ) - warning
21:26:52.0586 4132	usbhub - detected LockedFile.Multi.Generic (1)
21:26:52.0648 4132	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:26:52.0648 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840fc418b4cbd632d3d0a667a725c31
21:26:52.0648 4132	usbohci ( LockedFile.Multi.Generic ) - warning
21:26:52.0648 4132	usbohci - detected LockedFile.Multi.Generic (1)
21:26:52.0742 4132	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:26:52.0742 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188f58fb384e75c4063d29413cee3d
21:26:52.0742 4132	usbprint ( LockedFile.Multi.Generic ) - warning
21:26:52.0742 4132	usbprint - detected LockedFile.Multi.Generic (1)
21:26:52.0820 4132	usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
21:26:52.0820 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbser.sys. md5: 0f0c72a657c622286013788b886968ad
21:26:52.0851 4132	usbser ( LockedFile.Multi.Generic ) - warning
21:26:52.0851 4132	usbser - detected LockedFile.Multi.Generic (1)
21:26:52.0898 4132	UsbserFilt      (a700b43e25b51d17b9f8d389f183d72a) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
21:26:52.0898 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys. md5: a700b43e25b51d17b9f8d389f183d72a
21:26:52.0913 4132	UsbserFilt ( LockedFile.Multi.Generic ) - warning
21:26:52.0913 4132	UsbserFilt - detected LockedFile.Multi.Generic (1)
21:26:52.0976 4132	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:26:52.0976 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: fed648b01349a3c8395a5169db5fb7d6
21:26:52.0991 4132	USBSTOR ( LockedFile.Multi.Generic ) - warning
21:26:52.0991 4132	USBSTOR - detected LockedFile.Multi.Generic (1)
21:26:53.0022 4132	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:26:53.0022 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069a34518bcf9c1fd9e74b3f6db7cd
21:26:53.0038 4132	usbuhci ( LockedFile.Multi.Generic ) - warning
21:26:53.0038 4132	usbuhci - detected LockedFile.Multi.Generic (1)
21:26:53.0132 4132	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:26:53.0132 4132	Suspicious file (NoAccess): C:\Windows\System32\Drivers\usbvideo.sys. md5: 454800c2bc7f3927ce030141ee4f4c50
21:26:53.0147 4132	usbvideo ( LockedFile.Multi.Generic ) - warning
21:26:53.0147 4132	usbvideo - detected LockedFile.Multi.Generic (1)
21:26:53.0210 4132	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:26:53.0210 4132	UxSms - ok
21:26:53.0288 4132	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:26:53.0288 4132	VaultSvc - ok
21:26:53.0350 4132	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:26:53.0350 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: c5c876ccfc083ff3b128f933823e87bd
21:26:53.0366 4132	vdrvroot ( LockedFile.Multi.Generic ) - warning
21:26:53.0366 4132	vdrvroot - detected LockedFile.Multi.Generic (1)
21:26:53.0459 4132	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:26:53.0506 4132	vds - ok
21:26:53.0584 4132	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:26:53.0584 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: da4da3f5e02943c2dc8c6ed875de68dd
21:26:53.0615 4132	vga ( LockedFile.Multi.Generic ) - warning
21:26:53.0615 4132	vga - detected LockedFile.Multi.Generic (1)
21:26:53.0678 4132	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:26:53.0678 4132	Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53e92a310193cb3c03bea963de7d9cfc
21:26:53.0693 4132	VgaSave ( LockedFile.Multi.Generic ) - warning
21:26:53.0693 4132	VgaSave - detected LockedFile.Multi.Generic (1)
21:26:53.0756 4132	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:26:53.0756 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2ce2df28c83aeaf30084e1b1eb253cbb
21:26:53.0771 4132	vhdmp ( LockedFile.Multi.Generic ) - warning
21:26:53.0771 4132	vhdmp - detected LockedFile.Multi.Generic (1)
21:26:53.0849 4132	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:26:53.0849 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: e5689d93ffe4e5d66c0178761240dd54
21:26:53.0849 4132	viaide ( LockedFile.Multi.Generic ) - warning
21:26:53.0849 4132	viaide - detected LockedFile.Multi.Generic (1)
21:26:53.0896 4132	VMnetAdapter - ok
21:26:53.0974 4132	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:26:53.0974 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: d2aafd421940f640b407aefaaebd91b0
21:26:53.0974 4132	volmgr ( LockedFile.Multi.Generic ) - warning
21:26:53.0974 4132	volmgr - detected LockedFile.Multi.Generic (1)
21:26:54.0068 4132	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:26:54.0068 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: a255814907c89be58b79ef2f189b843b
21:26:54.0068 4132	volmgrx ( LockedFile.Multi.Generic ) - warning
21:26:54.0068 4132	volmgrx - detected LockedFile.Multi.Generic (1)
21:26:54.0146 4132	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:26:54.0146 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0d08d2f3b3ff84e433346669b5e0f639
21:26:54.0146 4132	volsnap ( LockedFile.Multi.Generic ) - warning
21:26:54.0146 4132	volsnap - detected LockedFile.Multi.Generic (1)
21:26:54.0192 4132	vpnva - ok
21:26:54.0255 4132	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:26:54.0255 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5e2016ea6ebaca03c04feac5f330d997
21:26:54.0255 4132	vsmraid ( LockedFile.Multi.Generic ) - warning
21:26:54.0255 4132	vsmraid - detected LockedFile.Multi.Generic (1)
21:26:54.0442 4132	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:26:54.0489 4132	VSS - ok
21:26:54.0614 4132	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:26:54.0614 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36d4720b72b5c5d9cb2b9c29e9df67a1
21:26:54.0614 4132	vwifibus ( LockedFile.Multi.Generic ) - warning
21:26:54.0614 4132	vwifibus - detected LockedFile.Multi.Generic (1)
21:26:54.0676 4132	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:26:54.0676 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6a3d66263414ff0d6fa754c646612f3f
21:26:54.0692 4132	vwififlt ( LockedFile.Multi.Generic ) - warning
21:26:54.0692 4132	vwififlt - detected LockedFile.Multi.Generic (1)
21:26:54.0770 4132	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:26:54.0770 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6a638fc4bfddc4d9b186c28c91bd1a01
21:26:54.0770 4132	vwifimp ( LockedFile.Multi.Generic ) - warning
21:26:54.0770 4132	vwifimp - detected LockedFile.Multi.Generic (1)
21:26:54.0848 4132	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:26:54.0879 4132	W32Time - ok
21:26:54.0941 4132	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:26:54.0941 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4e9440f4f152a7b944cb1663d3935a3e
21:26:54.0957 4132	WacomPen ( LockedFile.Multi.Generic ) - warning
21:26:54.0957 4132	WacomPen - detected LockedFile.Multi.Generic (1)
21:26:55.0035 4132	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:26:55.0035 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
21:26:55.0050 4132	WANARP ( LockedFile.Multi.Generic ) - warning
21:26:55.0050 4132	WANARP - detected LockedFile.Multi.Generic (1)
21:26:55.0082 4132	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:26:55.0082 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
21:26:55.0097 4132	Wanarpv6 ( LockedFile.Multi.Generic ) - warning
21:26:55.0097 4132	Wanarpv6 - detected LockedFile.Multi.Generic (1)
21:26:55.0284 4132	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:26:55.0316 4132	WatAdminSvc - ok
21:26:55.0456 4132	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:26:55.0534 4132	wbengine - ok
21:26:55.0690 4132	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:26:55.0706 4132	WbioSrvc - ok
21:26:55.0799 4132	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:26:55.0830 4132	wcncsvc - ok
21:26:55.0877 4132	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:26:55.0877 4132	WcsPlugInService - ok
21:26:55.0971 4132	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:26:55.0971 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889e16ff12ba0f235467d6091b17dc
21:26:55.0986 4132	Wd ( LockedFile.Multi.Generic ) - warning
21:26:55.0986 4132	Wd - detected LockedFile.Multi.Generic (1)
21:26:56.0080 4132	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:26:56.0080 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441bd2d7b4f98134c3a4f9fa570fd250
21:26:56.0096 4132	Wdf01000 ( LockedFile.Multi.Generic ) - warning
21:26:56.0096 4132	Wdf01000 - detected LockedFile.Multi.Generic (1)
21:26:56.0142 4132	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:26:56.0142 4132	WdiServiceHost - ok
21:26:56.0189 4132	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:26:56.0189 4132	WdiSystemHost - ok
21:26:56.0267 4132	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:26:56.0283 4132	WebClient - ok
21:26:56.0361 4132	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:26:56.0392 4132	Wecsvc - ok
21:26:56.0470 4132	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:26:56.0470 4132	wercplsupport - ok
21:26:56.0532 4132	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:26:56.0532 4132	WerSvc - ok
21:26:56.0595 4132	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:26:56.0595 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611b23304bf067451a9fdee01fbdd725
21:26:56.0610 4132	WfpLwf ( LockedFile.Multi.Generic ) - warning
21:26:56.0610 4132	WfpLwf - detected LockedFile.Multi.Generic (1)
21:26:56.0688 4132	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:26:56.0688 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wimfltr.sys. md5: b14ef15bd757fa488f9c970eee9c0d35
21:26:56.0704 4132	WimFltr ( LockedFile.Multi.Generic ) - warning
21:26:56.0704 4132	WimFltr - detected LockedFile.Multi.Generic (1)
21:26:56.0751 4132	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:26:56.0751 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ecaec3e4529a7153b3136ceb49f0ec
21:26:56.0766 4132	WIMMount ( LockedFile.Multi.Generic ) - warning
21:26:56.0766 4132	WIMMount - detected LockedFile.Multi.Generic (1)
21:26:56.0876 4132	WinDefend - ok
21:26:56.0954 4132	WinHttpAutoProxySvc - ok
21:26:57.0094 4132	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:26:57.0094 4132	Winmgmt - ok
21:26:57.0297 4132	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:26:57.0344 4132	WinRM - ok
21:26:57.0562 4132	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:26:57.0578 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: fe88b288356e7b47b74b13372add906d
21:26:57.0593 4132	WinUsb ( LockedFile.Multi.Generic ) - warning
21:26:57.0593 4132	WinUsb - detected LockedFile.Multi.Generic (1)
21:26:57.0734 4132	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:26:57.0765 4132	Wlansvc - ok
21:26:57.0858 4132	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:26:57.0874 4132	wlcrasvc - ok
21:26:58.0108 4132	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:26:58.0155 4132	wlidsvc - ok
21:26:58.0217 4132	wltrysvc        (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
21:26:58.0217 4132	wltrysvc - ok
21:26:58.0373 4132	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:26:58.0373 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: f6ff8944478594d0e414d3f048f0d778
21:26:58.0404 4132	WmiAcpi ( LockedFile.Multi.Generic ) - warning
21:26:58.0404 4132	WmiAcpi - detected LockedFile.Multi.Generic (1)
21:26:58.0529 4132	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:26:58.0529 4132	wmiApSrv - ok
21:26:58.0592 4132	WMPNetworkSvc - ok
21:26:58.0654 4132	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:26:58.0670 4132	WPCSvc - ok
21:26:58.0748 4132	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:26:58.0748 4132	WPDBusEnum - ok
21:26:58.0794 4132	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:26:58.0794 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6bcc1d7d2fd2453957c5479a32364e52
21:26:58.0810 4132	ws2ifsl ( LockedFile.Multi.Generic ) - warning
21:26:58.0810 4132	ws2ifsl - detected LockedFile.Multi.Generic (1)
21:26:58.0935 4132	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:26:58.0950 4132	wscsvc - ok
21:26:58.0982 4132	WSearch - ok
21:26:59.0247 4132	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:26:59.0325 4132	wuauserv - ok
21:26:59.0481 4132	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:26:59.0481 4132	Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: d3381dc54c34d79b22cee0d65ba91b7c
21:26:59.0496 4132	WudfPf ( LockedFile.Multi.Generic ) - warning
21:26:59.0496 4132	WudfPf - detected LockedFile.Multi.Generic (1)
21:26:59.0574 4132	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:26:59.0574 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: cf8d590be3373029d57af80914190682
21:26:59.0590 4132	WUDFRd ( LockedFile.Multi.Generic ) - warning
21:26:59.0590 4132	WUDFRd - detected LockedFile.Multi.Generic (1)
21:26:59.0684 4132	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:26:59.0684 4132	wudfsvc - ok
21:26:59.0793 4132	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:26:59.0793 4132	WwanSvc - ok
21:26:59.0902 4132	ztemtusbser     (706214ce01bb9a85e93c4e59636430f5) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
21:26:59.0902 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys. md5: 706214ce01bb9a85e93c4e59636430f5
21:26:59.0902 4132	ztemtusbser ( LockedFile.Multi.Generic ) - warning
21:26:59.0902 4132	ztemtusbser - detected LockedFile.Multi.Generic (1)
21:26:59.0996 4132	zteusbser       (f27d8df26e3825ae969d33a327331234) C:\Windows\system32\DRIVERS\zteusbser.sys
21:26:59.0996 4132	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\zteusbser.sys. md5: f27d8df26e3825ae969d33a327331234
21:27:00.0011 4132	zteusbser ( LockedFile.Multi.Generic ) - warning
21:27:00.0011 4132	zteusbser - detected LockedFile.Multi.Generic (1)
21:27:00.0089 4132	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:27:00.0370 4132	\Device\Harddisk0\DR0 - ok
21:27:00.0370 4132	MBR (0x1B8)     (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR1
21:27:00.0386 4132	\Device\Harddisk1\DR1 - ok
21:27:00.0386 4132	Boot (0x1200)   (1b81b8636ba68126533dab8bd91078ea) \Device\Harddisk0\DR0\Partition0
21:27:00.0386 4132	\Device\Harddisk0\DR0\Partition0 - ok
21:27:00.0401 4132	Boot (0x1200)   (37f677ef2cd6d0a03a32b5ca520a8984) \Device\Harddisk0\DR0\Partition1
21:27:00.0417 4132	\Device\Harddisk0\DR0\Partition1 - ok
21:27:00.0432 4132	Boot (0x1200)   (f872044cf12a515f27d19069da638ef7) \Device\Harddisk0\DR0\Partition2
21:27:00.0432 4132	\Device\Harddisk0\DR0\Partition2 - ok
21:27:00.0464 4132	Boot (0x1200)   (55e51e76cb13a9c633b900b2468dfa64) \Device\Harddisk0\DR0\Partition3
21:27:00.0464 4132	\Device\Harddisk0\DR0\Partition3 - ok
21:27:00.0479 4132	Boot (0x1200)   (dbc6f4b04e638ac2b319c9331b3f8591) \Device\Harddisk1\DR1\Partition0
21:27:00.0479 4132	\Device\Harddisk1\DR1\Partition0 - ok
21:27:00.0479 4132	============================================================
21:27:00.0479 4132	Scan finished
21:27:00.0479 4132	============================================================
21:27:00.0495 4176	Detected object count: 223
21:27:00.0495 4176	Actual detected object count: 223
21:28:55.0694 4176	btwavdt ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0694 4176	btwavdt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0694 4176	btwl2cap ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0694 4176	btwl2cap ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0694 4176	btwrchid ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0694 4176	btwrchid ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0694 4176	circlass ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0694 4176	circlass ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0709 4176	CLFS ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0709 4176	CLFS ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0709 4176	CmBatt ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0709 4176	CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0709 4176	cmdide ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0709 4176	cmdide ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0709 4176	cmnsusbser ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0709 4176	cmnsusbser ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0709 4176	CNG ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0709 4176	CNG ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0709 4176	Compbatt ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0709 4176	Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0709 4176	CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0709 4176	CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0725 4176	crcdisk ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0725 4176	crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0725 4176	de121f633872f609 ( LockedService.Multi.Generic ) - skipped by user
21:28:55.0725 4176	de121f633872f609 ( LockedService.Multi.Generic ) - User select action: Skip 
21:28:55.0725 4176	discache ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0725 4176	discache ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0725 4176	Disk ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0725 4176	Disk ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0725 4176	drmkaud ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0725 4176	drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0725 4176	DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0725 4176	DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0741 4176	ebdrv ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0741 4176	ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0741 4176	exfat ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0741 4176	exfat ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0741 4176	FACAP ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0741 4176	FACAP ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0741 4176	fastfat ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0741 4176	fastfat ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0741 4176	fdc ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0741 4176	fdc ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0741 4176	FileInfo ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0741 4176	FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0741 4176	Filetrace ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0741 4176	Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0756 4176	flpydisk ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0756 4176	flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0756 4176	FltMgr ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0756 4176	FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0756 4176	FsDepends ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0756 4176	FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0756 4176	fssfltr ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0756 4176	fssfltr ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0756 4176	Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0756 4176	Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0756 4176	fvevol ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0756 4176	fvevol ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0756 4176	gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0756 4176	gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0772 4176	hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0772 4176	hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0772 4176	HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0772 4176	HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0772 4176	HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0772 4176	HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0772 4176	HECIx64 ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0772 4176	HECIx64 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0772 4176	HidBatt ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0772 4176	HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0772 4176	HidBth ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0772 4176	HidBth ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0787 4176	HidIr ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0787 4176	HidIr ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0787 4176	HidUsb ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0787 4176	HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0787 4176	HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0787 4176	HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0787 4176	HTTP ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0787 4176	HTTP ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0787 4176	hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0787 4176	hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0787 4176	i8042prt ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0787 4176	i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0787 4176	iaStorV ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0787 4176	iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0803 4176	IDMWFP ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0803 4176	IDMWFP ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0803 4176	iirsp ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0803 4176	iirsp ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0803 4176	Impcd ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0803 4176	Impcd ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0803 4176	IntcAzAudAddService ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0803 4176	IntcAzAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0803 4176	intelide ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0803 4176	intelide ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0803 4176	intelppm ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0803 4176	intelppm ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0819 4176	IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0819 4176	IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0819 4176	IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0819 4176	IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0819 4176	IPNAT ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0819 4176	IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0819 4176	IRENUM ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0819 4176	IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0819 4176	isapnp ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0819 4176	isapnp ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0819 4176	iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0819 4176	iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0819 4176	k57nd60a ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0834 4176	k57nd60a ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0834 4176	kbdclass ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0834 4176	kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0834 4176	kbdhid ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0834 4176	kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0834 4176	KSecDD ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0834 4176	KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0834 4176	KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0834 4176	KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0834 4176	ksthunk ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0834 4176	ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0834 4176	lltdio ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0834 4176	lltdio ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0850 4176	LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0850 4176	LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0850 4176	LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0850 4176	LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0850 4176	LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0850 4176	LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0850 4176	LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0850 4176	LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0850 4176	luafv ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0850 4176	luafv ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0850 4176	mcdbus ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0850 4176	mcdbus ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0865 4176	megasas ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0865 4176	megasas ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0865 4176	MegaSR ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0865 4176	MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0865 4176	Modem ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0865 4176	Modem ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0865 4176	monitor ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0865 4176	monitor ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0865 4176	mouclass ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0865 4176	mouclass ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0865 4176	mouhid ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0865 4176	mouhid ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0865 4176	mountmgr ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0865 4176	mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0881 4176	mpio ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0881 4176	mpio ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0881 4176	mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0881 4176	mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0881 4176	MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0881 4176	MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0881 4176	mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0881 4176	mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0881 4176	mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0881 4176	mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0881 4176	mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0881 4176	mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0881 4176	msahci ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0881 4176	msahci ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0897 4176	msdsm ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0897 4176	msdsm ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0897 4176	Msfs ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0897 4176	Msfs ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0897 4176	mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0897 4176	mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0897 4176	msisadrv ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0897 4176	msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0897 4176	MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0897 4176	MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0897 4176	MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0897 4176	MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0912 4176	MSPQM ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0912 4176	MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0912 4176	MsRPC ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0912 4176	MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0912 4176	mssmbios ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0912 4176	mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0912 4176	MSTEE ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0912 4176	MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0912 4176	MTConfig ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0912 4176	MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0912 4176	Mup ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0912 4176	Mup ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0912 4176	NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0928 4176	NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0928 4176	NDIS ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0928 4176	NDIS ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0928 4176	NdisCap ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0928 4176	NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0928 4176	NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0928 4176	NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0928 4176	Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0928 4176	Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0928 4176	NdisWan ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0928 4176	NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0928 4176	NDProxy ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0928 4176	NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0943 4176	NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0943 4176	NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0943 4176	NetBT ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0943 4176	NetBT ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0943 4176	nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0943 4176	nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0943 4176	nmwcdcx64 ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0943 4176	nmwcdcx64 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0943 4176	nmwcdx64 ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0943 4176	nmwcdx64 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0943 4176	NPF ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0943 4176	NPF ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0959 4176	Npfs ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0959 4176	Npfs ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0959 4176	nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0959 4176	nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0959 4176	Ntfs ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0959 4176	Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0959 4176	Null ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0959 4176	Null ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0959 4176	nvraid ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0959 4176	nvraid ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0959 4176	nvstor ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0959 4176	nvstor ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0959 4176	nv_agp ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0959 4176	nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0975 4176	ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0975 4176	ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0975 4176	Parport ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0975 4176	Parport ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0975 4176	partmgr ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0975 4176	partmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0975 4176	pccsmcfd ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0975 4176	pccsmcfd ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0975 4176	pci ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0975 4176	pci ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0975 4176	pciide ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0975 4176	pciide ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0975 4176	pcmcia ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0975 4176	pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0990 4176	pcw ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0990 4176	pcw ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0990 4176	PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0990 4176	PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0990 4176	PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0990 4176	PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0990 4176	Processor ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0990 4176	Processor ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0990 4176	Psched ( LockedFile.Multi.Generic ) - skipped by user
21:28:55.0990 4176	Psched ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:55.0990 4176	PxHlpa64 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0006 4176	PxHlpa64 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0006 4176	ql2300 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0006 4176	ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0006 4176	ql40xx ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0006 4176	ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0006 4176	QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0006 4176	QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0006 4176	RasAcd ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0006 4176	RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0006 4176	RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0006 4176	RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0006 4176	Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0006 4176	Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0021 4176	RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0021 4176	RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0021 4176	RasSstp ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0021 4176	RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0021 4176	rdbss ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0021 4176	rdbss ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0021 4176	rdpbus ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0021 4176	rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0021 4176	RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0021 4176	RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0021 4176	RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0021 4176	RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0021 4176	RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0021 4176	RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0037 4176	RDPWD ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0037 4176	RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0037 4176	rdyboost ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0037 4176	rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0037 4176	RFCOMM ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0037 4176	RFCOMM ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0037 4176	rspndr ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0037 4176	rspndr ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0037 4176	RSUSBSTOR ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0037 4176	RSUSBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0037 4176	sbp2port ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0037 4176	sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0053 4176	scfilter ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0053 4176	scfilter ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0053 4176	secdrv ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0053 4176	secdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0053 4176	Serenum ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0053 4176	Serenum ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0053 4176	Serial ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0053 4176	Serial ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0053 4176	sermouse ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0053 4176	sermouse ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0053 4176	sffdisk ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0053 4176	sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0068 4176	sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0068 4176	sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0068 4176	sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0068 4176	sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0068 4176	sfloppy ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0068 4176	sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0068 4176	SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0068 4176	SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0068 4176	SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0068 4176	SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0068 4176	Smb ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0068 4176	Smb ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0068 4176	spldr ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0068 4176	spldr ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0084 4176	srv ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0084 4176	srv ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0084 4176	srv2 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0084 4176	srv2 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0084 4176	srvnet ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0084 4176	srvnet ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0084 4176	stdflt ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0084 4176	stdflt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0084 4176	stexstor ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0084 4176	stexstor ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0084 4176	swenum ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0084 4176	swenum ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0099 4176	SynTP ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0099 4176	SynTP ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0099 4176	syshost32 ( LockedService.Multi.Generic ) - skipped by user
21:28:56.0099 4176	syshost32 ( LockedService.Multi.Generic ) - User select action: Skip 
21:28:56.0099 4176	Tcpip ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0099 4176	Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0099 4176	TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0099 4176	TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0099 4176	tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0099 4176	tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0099 4176	TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0099 4176	TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0099 4176	TDTCP ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0099 4176	TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0115 4176	tdx ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0115 4176	tdx ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0115 4176	TermDD ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0115 4176	TermDD ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0115 4176	tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0115 4176	tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0115 4176	TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0115 4176	TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0115 4176	tunnel ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0115 4176	tunnel ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0115 4176	uagp35 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0115 4176	uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0131 4176	udfs ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0131 4176	udfs ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0131 4176	uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0131 4176	uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0131 4176	umbus ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0131 4176	umbus ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0131 4176	UmPass ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0131 4176	UmPass ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0131 4176	upperdev ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0131 4176	upperdev ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0131 4176	USBAAPL64 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0131 4176	USBAAPL64 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0146 4176	usbccgp ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0146 4176	usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0146 4176	usbcir ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0146 4176	usbcir ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0146 4176	usbehci ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0146 4176	usbehci ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0146 4176	usbhub ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0146 4176	usbhub ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0146 4176	usbohci ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0146 4176	usbohci ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0146 4176	usbprint ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0146 4176	usbprint ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0162 4176	usbser ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0162 4176	usbser ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0162 4176	UsbserFilt ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0162 4176	UsbserFilt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0162 4176	USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0162 4176	USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0162 4176	usbuhci ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0162 4176	usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0162 4176	usbvideo ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0162 4176	usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0162 4176	vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0162 4176	vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0162 4176	vga ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0162 4176	vga ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0177 4176	VgaSave ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0177 4176	VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0177 4176	vhdmp ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0177 4176	vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0177 4176	viaide ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0177 4176	viaide ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0177 4176	volmgr ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0177 4176	volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0177 4176	volmgrx ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0177 4176	volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0177 4176	volsnap ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0177 4176	volsnap ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0193 4176	vsmraid ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0193 4176	vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0193 4176	vwifibus ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0193 4176	vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0193 4176	vwififlt ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0193 4176	vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0193 4176	vwifimp ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0193 4176	vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0193 4176	WacomPen ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0193 4176	WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0193 4176	WANARP ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0193 4176	WANARP ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0209 4176	Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0209 4176	Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0209 4176	Wd ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0209 4176	Wd ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0209 4176	Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0209 4176	Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0209 4176	WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0209 4176	WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0209 4176	WimFltr ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0209 4176	WimFltr ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0209 4176	WIMMount ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0209 4176	WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0209 4176	WinUsb ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0209 4176	WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0224 4176	WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0224 4176	WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0224 4176	ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0224 4176	ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0224 4176	WudfPf ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0224 4176	WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0224 4176	WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0224 4176	WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0224 4176	ztemtusbser ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0224 4176	ztemtusbser ( LockedFile.Multi.Generic ) - User select action: Skip 
21:28:56.0224 4176	zteusbser ( LockedFile.Multi.Generic ) - skipped by user
21:28:56.0224 4176	zteusbser ( LockedFile.Multi.Generic ) - User select action: Skip 
21:32:55.0683 1932	Deinitialize success


As you can see in this log, no threat was malicious. But on looking carefully, both the rootkits found above by GMER are listed in this log(but as suspicious). Since you told me to skip all suspicious entries, I skipped these as well. Should we try another rootkit remover?

Thanks
-Ankit

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 08 July 2012 - 05:36 AM

OK, that's good. Please re-run TDSSKiller and cure or delete these two:
syshost32
de121f633872f609



Then reboot and post the TDSSKiller log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 ankit_768

ankit_768
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 08 July 2012 - 05:53 AM

After deleting those 2 entry, here is my TDSSKiller Log:-

16:17:43.0100 5424	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
16:17:45.0128 5424	============================================================
16:17:45.0128 5424	Current date / time: 2012/07/08 16:17:45.0128
16:17:45.0128 5424	SystemInfo:
16:17:45.0128 5424	
16:17:45.0128 5424	OS Version: 6.1.7601 ServicePack: 1.0
16:17:45.0128 5424	Product type: Workstation
16:17:45.0128 5424	ComputerName: ANKIT-PC
16:17:45.0128 5424	UserName: ankit
16:17:45.0128 5424	Windows directory: C:\Windows
16:17:45.0128 5424	System windows directory: C:\Windows
16:17:45.0128 5424	Running under WOW64
16:17:45.0128 5424	Processor architecture: Intel x64
16:17:45.0128 5424	Number of processors: 4
16:17:45.0128 5424	Page size: 0x1000
16:17:45.0128 5424	Boot type: Normal boot
16:17:45.0128 5424	============================================================
16:17:46.0844 5424	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:17:46.0859 5424	============================================================
16:17:46.0859 5424	\Device\Harddisk0\DR0:
16:17:46.0859 5424	MBR partitions:
16:17:46.0859 5424	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x66000, BlocksNum 0x123F000
16:17:46.0859 5424	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12A5000, BlocksNum 0x12C4D800
16:17:46.0875 5424	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13EF3000, BlocksNum 0x8A03800
16:17:46.0906 5424	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1C8F7000, BlocksNum 0x8B37000
16:17:46.0906 5424	============================================================
16:17:46.0937 5424	C: <-> \Device\Harddisk0\DR0\Partition1
16:17:46.0984 5424	E: <-> \Device\Harddisk0\DR0\Partition2
16:17:47.0015 5424	F: <-> \Device\Harddisk0\DR0\Partition3
16:17:47.0015 5424	============================================================
16:17:47.0015 5424	Initialize success
16:17:47.0015 5424	============================================================
16:17:49.0527 5500	============================================================
16:17:49.0527 5500	Scan started
16:17:49.0527 5500	Mode: Manual; 
16:17:49.0527 5500	============================================================
16:17:51.0992 5500	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:17:52.0007 5500	1394ohci - ok
16:17:52.0101 5500	Acceler         (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
16:17:52.0101 5500	Acceler - ok
16:17:52.0210 5500	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:17:52.0241 5500	ACPI - ok
16:17:52.0304 5500	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:17:52.0304 5500	AcpiPmi - ok
16:17:52.0553 5500	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:17:52.0584 5500	AdobeARMservice - ok
16:17:53.0630 5500	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:17:53.0739 5500	adp94xx - ok
16:17:54.0550 5500	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:17:54.0628 5500	adpahci - ok
16:17:54.0940 5500	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:17:54.0971 5500	adpu320 - ok
16:17:55.0221 5500	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:17:55.0236 5500	AeLookupSvc - ok
16:17:55.0486 5500	AERTFilters     (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:17:55.0517 5500	AERTFilters - ok
16:17:56.0282 5500	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:17:56.0297 5500	AFD - ok
16:17:56.0391 5500	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:17:56.0391 5500	agp440 - ok
16:17:56.0422 5500	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:17:56.0422 5500	ALG - ok
16:17:56.0469 5500	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:17:56.0469 5500	aliide - ok
16:17:56.0906 5500	AMD External Events Utility (16d2883ea6296333435df0c8b7d164b8) C:\Windows\system32\atiesrxx.exe
16:17:56.0906 5500	AMD External Events Utility - ok
16:17:56.0952 5500	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:17:56.0952 5500	amdide - ok
16:17:57.0077 5500	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:17:57.0077 5500	AmdK8 - ok
16:17:57.0140 5500	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:17:57.0155 5500	AmdPPM - ok
16:17:57.0405 5500	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:17:57.0436 5500	amdsata - ok
16:17:57.0561 5500	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:17:57.0561 5500	amdsbs - ok
16:17:57.0576 5500	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:17:57.0592 5500	amdxata - ok
16:17:57.0764 5500	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:17:57.0779 5500	AppID - ok
16:17:57.0842 5500	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:17:57.0842 5500	AppIDSvc - ok
16:17:58.0029 5500	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:17:58.0029 5500	Appinfo - ok
16:17:58.0356 5500	Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:17:58.0372 5500	Apple Mobile Device - ok
16:17:58.0684 5500	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:17:58.0684 5500	arc - ok
16:17:58.0840 5500	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:17:58.0871 5500	arcsas - ok
16:17:58.0965 5500	aswFsBlk        (5d0fcd12a43e92409eb2ac88c6cf7d48) C:\Windows\system32\drivers\aswFsBlk.sys
16:17:58.0965 5500	aswFsBlk - ok
16:17:59.0027 5500	aswMonFlt       (d51d963c2357b02a862f99bc0802aabb) C:\Windows\system32\drivers\aswMonFlt.sys
16:17:59.0027 5500	aswMonFlt - ok
16:17:59.0168 5500	aswRdr          (f2a846c15ea4e35d0a8e53891abdf528) C:\Windows\System32\Drivers\aswrdr2.sys
16:17:59.0168 5500	aswRdr - ok
16:17:59.0324 5500	aswSnx          (87542057e699eed8d1a545c75cef4547) C:\Windows\system32\drivers\aswSnx.sys
16:17:59.0339 5500	aswSnx - ok
16:17:59.0402 5500	aswSP           (58143f82d886e10bafe33dc57eee53f9) C:\Windows\system32\drivers\aswSP.sys
16:17:59.0417 5500	aswSP - ok
16:17:59.0526 5500	aswTdi          (c944767bd5e69bf3f49a6562abd4eaea) C:\Windows\system32\drivers\aswTdi.sys
16:17:59.0526 5500	aswTdi - ok
16:17:59.0604 5500	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:17:59.0604 5500	AsyncMac - ok
16:17:59.0698 5500	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:17:59.0698 5500	atapi - ok
16:17:59.0885 5500	AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
16:17:59.0885 5500	AtiHDAudioService - ok
16:18:00.0057 5500	AtiHdmiService  (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
16:18:00.0057 5500	AtiHdmiService - ok
16:18:02.0038 5500	atikmdag        (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
16:18:02.0210 5500	atikmdag - ok
16:18:02.0631 5500	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:18:02.0647 5500	AudioEndpointBuilder - ok
16:18:02.0662 5500	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:18:02.0662 5500	AudioSrv - ok
16:18:02.0771 5500	avast! Antivirus (b31f785751157aa8e2a33ea1cb4dc5be) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:18:02.0771 5500	avast! Antivirus - ok
16:18:02.0881 5500	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:18:02.0896 5500	AxInstSV - ok
16:18:02.0974 5500	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:18:03.0021 5500	b06bdrv - ok
16:18:03.0083 5500	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:18:03.0099 5500	b57nd60a - ok
16:18:03.0146 5500	BCM42RLY        (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
16:18:03.0146 5500	BCM42RLY - ok
16:18:03.0333 5500	BCM43XX         (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:18:03.0364 5500	BCM43XX - ok
16:18:03.0520 5500	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:18:03.0520 5500	BDESVC - ok
16:18:03.0551 5500	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:18:03.0551 5500	Beep - ok
16:18:03.0661 5500	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:18:03.0707 5500	BFE - ok
16:18:03.0832 5500	BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
16:18:03.0832 5500	BingDesktopUpdate - ok
16:18:03.0895 5500	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:18:03.0910 5500	BITS - ok
16:18:03.0973 5500	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:18:03.0973 5500	blbdrive - ok
16:18:04.0035 5500	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:18:04.0035 5500	bowser - ok
16:18:04.0051 5500	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:18:04.0051 5500	BrFiltLo - ok
16:18:04.0066 5500	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:18:04.0082 5500	BrFiltUp - ok
16:18:04.0129 5500	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:18:04.0129 5500	BridgeMP - ok
16:18:04.0160 5500	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:18:04.0160 5500	Browser - ok
16:18:04.0191 5500	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:18:04.0207 5500	Brserid - ok
16:18:04.0238 5500	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:18:04.0238 5500	BrSerWdm - ok
16:18:04.0253 5500	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:18:04.0269 5500	BrUsbMdm - ok
16:18:04.0269 5500	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:18:04.0285 5500	BrUsbSer - ok
16:18:04.0331 5500	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:18:04.0347 5500	BthEnum - ok
16:18:04.0363 5500	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:18:04.0363 5500	BTHMODEM - ok
16:18:04.0394 5500	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:18:04.0409 5500	BthPan - ok
16:18:04.0441 5500	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
16:18:04.0472 5500	BTHPORT - ok
16:18:04.0503 5500	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:18:04.0503 5500	bthserv - ok
16:18:04.0519 5500	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
16:18:04.0519 5500	BTHUSB - ok
16:18:04.0581 5500	btusbflt        (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
16:18:04.0581 5500	btusbflt - ok
16:18:04.0612 5500	btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
16:18:04.0612 5500	btwaudio - ok
16:18:04.0675 5500	btwavdt         (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
16:18:04.0675 5500	btwavdt - ok
16:18:04.0768 5500	btwdins         (6dde1e97be4d50253dfb9090a6a62524) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:18:04.0768 5500	btwdins - ok
16:18:04.0815 5500	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:18:04.0815 5500	btwl2cap - ok
16:18:04.0846 5500	btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
16:18:04.0846 5500	btwrchid - ok
16:18:04.0893 5500	catchme - ok
16:18:04.0924 5500	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:18:04.0924 5500	cdfs - ok
16:18:04.0987 5500	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:18:05.0002 5500	cdrom - ok
16:18:05.0049 5500	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:18:05.0049 5500	CertPropSvc - ok
16:18:05.0221 5500	Change Modem Device Service (b57503792eca95712ca57afd30a0b4cb) C:\Windows\SysWOW64\ChgService.exe
16:18:05.0221 5500	Change Modem Device Service - ok
16:18:05.0252 5500	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:18:05.0252 5500	circlass - ok
16:18:05.0314 5500	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:18:05.0330 5500	CLFS - ok
16:18:05.0377 5500	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:18:05.0392 5500	clr_optimization_v2.0.50727_32 - ok
16:18:05.0455 5500	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:18:05.0470 5500	clr_optimization_v2.0.50727_64 - ok
16:18:05.0611 5500	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:18:05.0673 5500	clr_optimization_v4.0.30319_32 - ok
16:18:05.0735 5500	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:18:05.0735 5500	clr_optimization_v4.0.30319_64 - ok
16:18:05.0798 5500	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:18:05.0798 5500	CmBatt - ok
16:18:05.0845 5500	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:18:05.0845 5500	cmdide - ok
16:18:05.0907 5500	cmnsusbser      (f34031dc6d1745154f54b04aff54f5d1) C:\Windows\system32\DRIVERS\cmnsusbser.sys
16:18:05.0923 5500	cmnsusbser - ok
16:18:05.0985 5500	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:18:06.0001 5500	CNG - ok
16:18:06.0047 5500	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:18:06.0047 5500	Compbatt - ok
16:18:06.0094 5500	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:18:06.0094 5500	CompositeBus - ok
16:18:06.0110 5500	COMSysApp - ok
16:18:06.0188 5500	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:18:06.0188 5500	crcdisk - ok
16:18:06.0235 5500	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:18:06.0250 5500	CryptSvc - ok
16:18:06.0297 5500	CtClsFlt        (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:18:06.0313 5500	CtClsFlt - ok
16:18:06.0391 5500	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:18:06.0406 5500	DcomLaunch - ok
16:18:06.0437 5500	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:18:06.0453 5500	defragsvc - ok
16:18:06.0500 5500	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:18:06.0500 5500	DfsC - ok
16:18:06.0562 5500	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:18:06.0578 5500	Dhcp - ok
16:18:06.0609 5500	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:18:06.0609 5500	discache - ok
16:18:06.0640 5500	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:18:06.0640 5500	Disk - ok
16:18:06.0718 5500	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:18:06.0718 5500	Dnscache - ok
16:18:06.0859 5500	DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
16:18:06.0859 5500	DockLoginService - ok
16:18:06.0905 5500	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:18:06.0921 5500	dot3svc - ok
16:18:06.0968 5500	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:18:06.0968 5500	DPS - ok
16:18:07.0030 5500	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:18:07.0030 5500	drmkaud - ok
16:18:07.0124 5500	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:18:07.0155 5500	DXGKrnl - ok
16:18:07.0202 5500	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:18:07.0202 5500	EapHost - ok
16:18:07.0451 5500	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:18:07.0545 5500	ebdrv - ok
16:18:07.0685 5500	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:18:07.0685 5500	EFS - ok
16:18:07.0810 5500	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:18:07.0826 5500	ehRecvr - ok
16:18:07.0857 5500	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:18:07.0857 5500	ehSched - ok
16:18:07.0904 5500	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:18:07.0919 5500	elxstor - ok
16:18:07.0966 5500	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:18:07.0966 5500	ErrDev - ok
16:18:08.0044 5500	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:18:08.0044 5500	EventSystem - ok
16:18:08.0091 5500	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:18:08.0091 5500	exfat - ok
16:18:08.0153 5500	FACAP           (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
16:18:08.0169 5500	FACAP - ok
16:18:08.0403 5500	FAService       (935867267a37317e5c1089019e1851b8) c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
16:18:08.0434 5500	FAService - ok
16:18:08.0559 5500	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:18:08.0575 5500	fastfat - ok
16:18:08.0653 5500	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:18:08.0668 5500	Fax - ok
16:18:08.0684 5500	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:18:08.0684 5500	fdc - ok
16:18:08.0746 5500	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:18:08.0746 5500	fdPHost - ok
16:18:08.0762 5500	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:18:08.0762 5500	FDResPub - ok
16:18:08.0777 5500	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:18:08.0793 5500	FileInfo - ok
16:18:08.0809 5500	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:18:08.0809 5500	Filetrace - ok
16:18:08.0824 5500	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:18:08.0824 5500	flpydisk - ok
16:18:08.0871 5500	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:18:08.0902 5500	FltMgr - ok
16:18:08.0996 5500	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:18:09.0011 5500	FontCache - ok
16:18:09.0089 5500	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:18:09.0105 5500	FontCache3.0.0.0 - ok
16:18:09.0136 5500	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:18:09.0136 5500	FsDepends - ok
16:18:09.0214 5500	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:18:09.0214 5500	fssfltr - ok
16:18:09.0401 5500	fsssvc          (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:18:09.0464 5500	fsssvc - ok
16:18:09.0557 5500	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:18:09.0557 5500	Fs_Rec - ok
16:18:09.0620 5500	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:18:09.0635 5500	fvevol - ok
16:18:09.0667 5500	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:18:09.0682 5500	gagp30kx - ok
16:18:09.0745 5500	GDPkIcpt        (5e75c0d8710287102b30be5f0a12862a) C:\Windows\system32\drivers\PktIcpt.sys
16:18:09.0745 5500	GDPkIcpt - ok
16:18:09.0823 5500	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:18:09.0838 5500	gpsvc - ok
16:18:09.0869 5500	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:18:09.0869 5500	hcw85cir - ok
16:18:09.0947 5500	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:18:09.0963 5500	HdAudAddService - ok
16:18:10.0010 5500	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:18:10.0010 5500	HDAudBus - ok
16:18:10.0057 5500	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:18:10.0072 5500	HECIx64 - ok
16:18:10.0088 5500	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:18:10.0088 5500	HidBatt - ok
16:18:10.0103 5500	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:18:10.0119 5500	HidBth - ok
16:18:10.0135 5500	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:18:10.0135 5500	HidIr - ok
16:18:10.0150 5500	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:18:10.0166 5500	hidserv - ok
16:18:10.0181 5500	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:18:10.0181 5500	HidUsb - ok
16:18:10.0228 5500	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:18:10.0244 5500	hkmsvc - ok
16:18:10.0291 5500	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:18:10.0306 5500	HomeGroupListener - ok
16:18:10.0353 5500	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:18:10.0353 5500	HomeGroupProvider - ok
16:18:10.0369 5500	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:18:10.0384 5500	HpSAMD - ok
16:18:10.0462 5500	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:18:10.0493 5500	HTTP - ok
16:18:10.0540 5500	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:18:10.0540 5500	hwpolicy - ok
16:18:10.0587 5500	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:18:10.0603 5500	i8042prt - ok
16:18:10.0665 5500	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:18:10.0681 5500	iaStorV - ok
16:18:10.0759 5500	IDMWFP          (2a63036283b36b3b68cdc6f85a7d53ed) C:\Windows\system32\DRIVERS\idmwfp.sys
16:18:10.0759 5500	IDMWFP - ok
16:18:10.0883 5500	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:18:10.0946 5500	idsvc - ok
16:18:10.0961 5500	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:18:10.0977 5500	iirsp - ok
16:18:11.0071 5500	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:18:11.0117 5500	IKEEXT - ok
16:18:11.0180 5500	Impcd           (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
16:18:11.0180 5500	Impcd - ok
16:18:11.0258 5500	InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
16:18:11.0258 5500	InstallFilterService - ok
16:18:11.0398 5500	IntcAzAudAddService (a9638fa0fb0c5b86229c3fd809ce8cff) C:\Windows\system32\drivers\RTKVHD64.sys
16:18:11.0414 5500	IntcAzAudAddService - ok
16:18:11.0539 5500	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:18:11.0554 5500	intelide - ok
16:18:11.0601 5500	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:18:11.0601 5500	intelppm - ok
16:18:11.0648 5500	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:18:11.0663 5500	IPBusEnum - ok
16:18:11.0726 5500	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:18:11.0726 5500	IpFilterDriver - ok
16:18:11.0819 5500	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:18:11.0835 5500	iphlpsvc - ok
16:18:11.0882 5500	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:18:11.0897 5500	IPMIDRV - ok
16:18:11.0944 5500	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:18:11.0944 5500	IPNAT - ok
16:18:11.0991 5500	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:18:11.0991 5500	IRENUM - ok
16:18:12.0007 5500	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:18:12.0007 5500	isapnp - ok
16:18:12.0038 5500	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:18:12.0053 5500	iScsiPrt - ok
16:18:12.0116 5500	k57nd60a        (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:18:12.0147 5500	k57nd60a - ok
16:18:12.0178 5500	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:18:12.0178 5500	kbdclass - ok
16:18:12.0225 5500	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:18:12.0225 5500	kbdhid - ok
16:18:12.0272 5500	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:12.0272 5500	KeyIso - ok
16:18:12.0287 5500	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:18:12.0303 5500	KSecDD - ok
16:18:12.0319 5500	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:18:12.0319 5500	KSecPkg - ok
16:18:12.0334 5500	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:18:12.0350 5500	ksthunk - ok
16:18:12.0412 5500	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:18:12.0443 5500	KtmRm - ok
16:18:12.0506 5500	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:18:12.0506 5500	LanmanServer - ok
16:18:12.0553 5500	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:18:12.0568 5500	LanmanWorkstation - ok
16:18:12.0615 5500	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:18:12.0615 5500	lltdio - ok
16:18:12.0662 5500	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:18:12.0677 5500	lltdsvc - ok
16:18:12.0693 5500	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:18:12.0709 5500	lmhosts - ok
16:18:12.0755 5500	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:18:12.0755 5500	LSI_FC - ok
16:18:12.0771 5500	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:18:12.0771 5500	LSI_SAS - ok
16:18:12.0787 5500	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:18:12.0802 5500	LSI_SAS2 - ok
16:18:12.0818 5500	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:18:12.0818 5500	LSI_SCSI - ok
16:18:12.0849 5500	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:18:12.0849 5500	luafv - ok
16:18:12.0927 5500	mcdbus          (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
16:18:12.0943 5500	mcdbus - ok
16:18:12.0958 5500	McPvDrv - ok
16:18:12.0989 5500	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:18:13.0005 5500	Mcx2Svc - ok
16:18:13.0021 5500	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:18:13.0021 5500	megasas - ok
16:18:13.0052 5500	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:18:13.0067 5500	MegaSR - ok
16:18:13.0145 5500	MEMSWEEP2       (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\169C.tmp
16:18:13.0145 5500	MEMSWEEP2 - ok
16:18:13.0270 5500	Microsoft SharePoint Workspace Audit Service - ok
16:18:13.0317 5500	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:18:13.0317 5500	MMCSS - ok
16:18:13.0333 5500	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:18:13.0333 5500	Modem - ok
16:18:13.0379 5500	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:18:13.0379 5500	monitor - ok
16:18:13.0457 5500	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:18:13.0457 5500	mouclass - ok
16:18:13.0504 5500	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:18:13.0520 5500	mouhid - ok
16:18:13.0598 5500	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:18:13.0598 5500	mountmgr - ok
16:18:13.0723 5500	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:18:13.0738 5500	MozillaMaintenance - ok
16:18:13.0769 5500	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:18:13.0785 5500	mpio - ok
16:18:13.0801 5500	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:18:13.0816 5500	mpsdrv - ok
16:18:13.0941 5500	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:18:13.0957 5500	MpsSvc - ok
16:18:14.0003 5500	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:18:14.0019 5500	MRxDAV - ok
16:18:14.0050 5500	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:18:14.0066 5500	mrxsmb - ok
16:18:14.0128 5500	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:18:14.0144 5500	mrxsmb10 - ok
16:18:14.0159 5500	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:18:14.0159 5500	mrxsmb20 - ok
16:18:14.0175 5500	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:18:14.0175 5500	msahci - ok
16:18:14.0206 5500	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:18:14.0222 5500	msdsm - ok
16:18:14.0253 5500	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:18:14.0253 5500	MSDTC - ok
16:18:14.0315 5500	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:18:14.0315 5500	Msfs - ok
16:18:14.0331 5500	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:18:14.0331 5500	mshidkmdf - ok
16:18:14.0347 5500	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:18:14.0362 5500	msisadrv - ok
16:18:14.0409 5500	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:18:14.0425 5500	MSiSCSI - ok
16:18:14.0440 5500	msiserver - ok
16:18:14.0456 5500	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:18:14.0456 5500	MSKSSRV - ok
16:18:14.0471 5500	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:18:14.0471 5500	MSPCLOCK - ok
16:18:14.0487 5500	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:18:14.0487 5500	MSPQM - ok
16:18:14.0534 5500	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:18:14.0549 5500	MsRPC - ok
16:18:14.0581 5500	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:18:14.0581 5500	mssmbios - ok
16:18:14.0596 5500	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:18:14.0596 5500	MSTEE - ok
16:18:14.0612 5500	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:18:14.0612 5500	MTConfig - ok
16:18:14.0627 5500	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:18:14.0643 5500	Mup - ok
16:18:14.0705 5500	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:18:14.0705 5500	napagent - ok
16:18:14.0783 5500	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:18:14.0783 5500	NativeWifiP - ok
16:18:14.0893 5500	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:18:14.0924 5500	NDIS - ok
16:18:14.0955 5500	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:18:14.0955 5500	NdisCap - ok
16:18:14.0986 5500	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:18:15.0002 5500	NdisTapi - ok
16:18:15.0033 5500	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:18:15.0049 5500	Ndisuio - ok
16:18:15.0080 5500	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:18:15.0095 5500	NdisWan - ok
16:18:15.0142 5500	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:18:15.0158 5500	NDProxy - ok
16:18:15.0189 5500	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:18:15.0189 5500	NetBIOS - ok
16:18:15.0220 5500	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:18:15.0236 5500	NetBT - ok
16:18:15.0267 5500	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:15.0283 5500	Netlogon - ok
16:18:15.0345 5500	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:18:15.0361 5500	Netman - ok
16:18:15.0423 5500	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:18:15.0423 5500	netprofm - ok
16:18:15.0501 5500	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:18:15.0517 5500	NetTcpPortSharing - ok
16:18:15.0532 5500	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:18:15.0532 5500	nfrd960 - ok
16:18:15.0579 5500	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:18:15.0579 5500	NlaSvc - ok
16:18:15.0704 5500	nlsX86cc        (3e28b6b2d0a3880efb21a2ead1ae539e) C:\Windows\SysWOW64\NLSSRV32.EXE
16:18:15.0704 5500	nlsX86cc - ok
16:18:15.0766 5500	nmwcdcx64       (f9691bfb0fb9ff500ba6d41fb92e97de) C:\Windows\system32\drivers\ccdcmbox64.sys
16:18:15.0766 5500	nmwcdcx64 - ok
16:18:15.0813 5500	nmwcdx64        (6ec32c9af7d148e96d7b4f77290afecb) C:\Windows\system32\drivers\ccdcmbx64.sys
16:18:15.0829 5500	nmwcdx64 - ok
16:18:15.0891 5500	NPF             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
16:18:15.0891 5500	NPF - ok
16:18:15.0922 5500	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:18:15.0922 5500	Npfs - ok
16:18:15.0938 5500	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:18:15.0953 5500	nsi - ok
16:18:15.0953 5500	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:18:15.0969 5500	nsiproxy - ok
16:18:16.0078 5500	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:18:16.0141 5500	Ntfs - ok
16:18:16.0234 5500	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:18:16.0234 5500	Null - ok
16:18:16.0297 5500	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:18:16.0297 5500	nvraid - ok
16:18:16.0328 5500	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:18:16.0343 5500	nvstor - ok
16:18:16.0390 5500	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:18:16.0390 5500	nv_agp - ok
16:18:16.0437 5500	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:18:16.0437 5500	ohci1394 - ok
16:18:16.0546 5500	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:18:16.0562 5500	ose - ok
16:18:16.0936 5500	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:18:17.0061 5500	osppsvc - ok
16:18:17.0170 5500	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:18:17.0186 5500	p2pimsvc - ok
16:18:17.0233 5500	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:18:17.0264 5500	p2psvc - ok
16:18:17.0311 5500	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:18:17.0311 5500	Parport - ok
16:18:17.0357 5500	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:18:17.0357 5500	partmgr - ok
16:18:17.0389 5500	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:18:17.0389 5500	PcaSvc - ok
16:18:17.0451 5500	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:18:17.0467 5500	pccsmcfd - ok
16:18:17.0513 5500	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:18:17.0513 5500	pci - ok
16:18:17.0545 5500	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:18:17.0545 5500	pciide - ok
16:18:17.0560 5500	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:18:17.0576 5500	pcmcia - ok
16:18:17.0607 5500	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:18:17.0607 5500	pcw - ok
16:18:17.0654 5500	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:18:17.0685 5500	PEAUTH - ok
16:18:17.0747 5500	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:18:17.0747 5500	PerfHost - ok
16:18:17.0857 5500	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:18:17.0919 5500	pla - ok
16:18:17.0997 5500	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:18:18.0028 5500	PlugPlay - ok
16:18:18.0059 5500	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:18:18.0059 5500	PNRPAutoReg - ok
16:18:18.0091 5500	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:18:18.0106 5500	PNRPsvc - ok
16:18:18.0169 5500	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:18:18.0169 5500	PolicyAgent - ok
16:18:18.0200 5500	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:18:18.0215 5500	Power - ok
16:18:18.0293 5500	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:18:18.0293 5500	PptpMiniport - ok
16:18:18.0325 5500	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:18:18.0325 5500	Processor - ok
16:18:18.0371 5500	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:18:18.0387 5500	ProfSvc - ok
16:18:18.0418 5500	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:18.0434 5500	ProtectedStorage - ok
16:18:18.0496 5500	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:18:18.0496 5500	Psched - ok
16:18:18.0559 5500	PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:18:18.0559 5500	PxHlpa64 - ok
16:18:18.0668 5500	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:18:18.0715 5500	ql2300 - ok
16:18:18.0808 5500	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:18:18.0808 5500	ql40xx - ok
16:18:18.0855 5500	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:18:18.0871 5500	QWAVE - ok
16:18:18.0886 5500	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:18:18.0902 5500	QWAVEdrv - ok
16:18:18.0917 5500	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:18:18.0917 5500	RasAcd - ok
16:18:18.0964 5500	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:18:18.0964 5500	RasAgileVpn - ok
16:18:18.0995 5500	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:18:19.0011 5500	RasAuto - ok
16:18:19.0058 5500	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:18:19.0058 5500	Rasl2tp - ok
16:18:19.0120 5500	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:18:19.0120 5500	RasMan - ok
16:18:19.0151 5500	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:18:19.0151 5500	RasPppoe - ok
16:18:19.0167 5500	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:18:19.0167 5500	RasSstp - ok
16:18:19.0198 5500	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:18:19.0214 5500	rdbss - ok
16:18:19.0245 5500	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:18:19.0245 5500	rdpbus - ok
16:18:19.0261 5500	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:18:19.0261 5500	RDPCDD - ok
16:18:19.0307 5500	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:18:19.0307 5500	RDPENCDD - ok
16:18:19.0323 5500	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:18:19.0323 5500	RDPREFMP - ok
16:18:19.0370 5500	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:18:19.0385 5500	RDPWD - ok
16:18:19.0432 5500	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:18:19.0448 5500	rdyboost - ok
16:18:19.0510 5500	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:18:19.0510 5500	RemoteAccess - ok
16:18:19.0557 5500	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:18:19.0573 5500	RemoteRegistry - ok
16:18:19.0619 5500	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:18:19.0635 5500	RFCOMM - ok
16:18:19.0729 5500	rpcapd          (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
16:18:19.0744 5500	rpcapd - ok
16:18:19.0760 5500	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:18:19.0775 5500	RpcEptMapper - ok
16:18:19.0791 5500	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:18:19.0791 5500	RpcLocator - ok
16:18:19.0869 5500	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
16:18:19.0885 5500	RpcSs - ok
16:18:19.0916 5500	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:18:19.0931 5500	rspndr - ok
16:18:19.0994 5500	RSUSBSTOR       (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
16:18:20.0009 5500	RSUSBSTOR - ok
16:18:20.0041 5500	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:20.0041 5500	SamSs - ok
16:18:20.0087 5500	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:18:20.0103 5500	sbp2port - ok
16:18:20.0119 5500	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:18:20.0134 5500	SCardSvr - ok
16:18:20.0181 5500	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:18:20.0197 5500	scfilter - ok
16:18:20.0275 5500	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:18:20.0321 5500	Schedule - ok
16:18:20.0368 5500	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:18:20.0368 5500	SCPolicySvc - ok
16:18:20.0384 5500	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:18:20.0415 5500	SDRSVC - ok
16:18:20.0571 5500	SeaPort         (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:18:20.0571 5500	SeaPort - ok
16:18:20.0649 5500	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:18:20.0665 5500	secdrv - ok
16:18:20.0696 5500	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:18:20.0711 5500	seclogon - ok
16:18:20.0727 5500	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:18:20.0743 5500	SENS - ok
16:18:20.0758 5500	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:18:20.0758 5500	SensrSvc - ok
16:18:20.0774 5500	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:18:20.0789 5500	Serenum - ok
16:18:20.0821 5500	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:18:20.0836 5500	Serial - ok
16:18:20.0867 5500	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:18:20.0883 5500	sermouse - ok
16:18:20.0992 5500	ServiceLayer    (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
16:18:21.0039 5500	ServiceLayer - ok
16:18:21.0086 5500	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:18:21.0117 5500	SessionEnv - ok
16:18:21.0148 5500	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:18:21.0164 5500	sffdisk - ok
16:18:21.0164 5500	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:18:21.0179 5500	sffp_mmc - ok
16:18:21.0179 5500	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:18:21.0195 5500	sffp_sd - ok
16:18:21.0211 5500	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:18:21.0211 5500	sfloppy - ok
16:18:21.0289 5500	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:18:21.0289 5500	SharedAccess - ok
16:18:21.0351 5500	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:18:21.0367 5500	ShellHWDetection - ok
16:18:21.0398 5500	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:18:21.0398 5500	SiSRaid2 - ok
16:18:21.0413 5500	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:18:21.0429 5500	SiSRaid4 - ok
16:18:21.0491 5500	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:18:21.0507 5500	Smb - ok
16:18:21.0569 5500	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:18:21.0569 5500	SNMPTRAP - ok
16:18:21.0585 5500	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:18:21.0585 5500	spldr - ok
16:18:21.0632 5500	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:18:21.0647 5500	Spooler - ok
16:18:21.0850 5500	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:18:21.0897 5500	sppsvc - ok
16:18:21.0991 5500	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:18:22.0006 5500	sppuinotify - ok
16:18:22.0084 5500	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:18:22.0115 5500	srv - ok
16:18:22.0178 5500	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:18:22.0193 5500	srv2 - ok
16:18:22.0209 5500	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:18:22.0225 5500	srvnet - ok
16:18:22.0256 5500	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:18:22.0271 5500	SSDPSRV - ok
16:18:22.0287 5500	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:18:22.0287 5500	SstpSvc - ok
16:18:22.0334 5500	stdflt          (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
16:18:22.0334 5500	stdflt - ok
16:18:22.0365 5500	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:18:22.0365 5500	stexstor - ok
16:18:22.0427 5500	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:18:22.0459 5500	stisvc - ok
16:18:22.0505 5500	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:18:22.0505 5500	swenum - ok
16:18:22.0552 5500	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:18:22.0568 5500	swprv - ok
16:18:22.0615 5500	SynTP           (5aeec2bb8065b563adbc88ca22588953) C:\Windows\system32\DRIVERS\SynTP.sys
16:18:22.0630 5500	SynTP - ok
16:18:22.0755 5500	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:18:22.0771 5500	SysMain - ok
16:18:22.0895 5500	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:18:22.0911 5500	TabletInputService - ok
16:18:22.0942 5500	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:18:22.0958 5500	TapiSrv - ok
16:18:22.0989 5500	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:18:23.0005 5500	TBS - ok
16:18:23.0176 5500	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:18:23.0223 5500	Tcpip - ok
16:18:23.0441 5500	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:18:23.0457 5500	TCPIP6 - ok
16:18:23.0566 5500	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:18:23.0566 5500	tcpipreg - ok
16:18:23.0597 5500	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:18:23.0613 5500	TDPIPE - ok
16:18:23.0644 5500	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:18:23.0644 5500	TDTCP - ok
16:18:23.0691 5500	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:18:23.0707 5500	tdx - ok
16:18:23.0972 5500	TeamViewer7     (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:18:24.0003 5500	TeamViewer7 - ok
16:18:24.0081 5500	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:18:24.0081 5500	TermDD - ok
16:18:24.0128 5500	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:18:24.0175 5500	TermService - ok
16:18:24.0190 5500	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:18:24.0206 5500	Themes - ok
16:18:24.0221 5500	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:18:24.0221 5500	THREADORDER - ok
16:18:24.0253 5500	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:18:24.0253 5500	TrkWks - ok
16:18:24.0315 5500	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:18:24.0331 5500	TrustedInstaller - ok
16:18:24.0362 5500	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:18:24.0377 5500	tssecsrv - ok
16:18:24.0424 5500	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:18:24.0424 5500	TsUsbFlt - ok
16:18:24.0487 5500	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:18:24.0487 5500	tunnel - ok
16:18:24.0518 5500	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:18:24.0518 5500	uagp35 - ok
16:18:24.0549 5500	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:18:24.0565 5500	udfs - ok
16:18:24.0705 5500	UDisk Monitor   (4fbe6a983ff6c02561b7d4ce470ef8bd) C:\Program Files\ZTE Dialer\bin\MonServiceUDisk.exe
16:18:24.0705 5500	UDisk Monitor - ok
16:18:24.0752 5500	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:18:24.0767 5500	UI0Detect - ok
16:18:24.0799 5500	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:18:24.0814 5500	uliagpkx - ok
16:18:24.0861 5500	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:18:24.0861 5500	umbus - ok
16:18:24.0877 5500	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:18:24.0892 5500	UmPass - ok
16:18:24.0970 5500	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:18:24.0986 5500	upnphost - ok
16:18:25.0033 5500	upperdev        (1d6f13de33143d7ae9278b1002fbef4a) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:18:25.0048 5500	upperdev - ok
16:18:25.0095 5500	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:18:25.0095 5500	USBAAPL64 - ok
16:18:25.0142 5500	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:18:25.0142 5500	usbccgp - ok
16:18:25.0189 5500	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:18:25.0189 5500	usbcir - ok
16:18:25.0220 5500	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:18:25.0220 5500	usbehci - ok
16:18:25.0282 5500	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:18:25.0298 5500	usbhub - ok
16:18:25.0329 5500	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:18:25.0329 5500	usbohci - ok
16:18:25.0376 5500	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:18:25.0376 5500	usbprint - ok
16:18:25.0438 5500	usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
16:18:25.0438 5500	usbser - ok
16:18:25.0485 5500	UsbserFilt      (a700b43e25b51d17b9f8d389f183d72a) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
16:18:25.0485 5500	UsbserFilt - ok
16:18:25.0532 5500	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:18:25.0532 5500	USBSTOR - ok
16:18:25.0547 5500	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:18:25.0563 5500	usbuhci - ok
16:18:25.0579 5500	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:18:25.0594 5500	usbvideo - ok
16:18:25.0625 5500	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:18:25.0625 5500	UxSms - ok
16:18:25.0672 5500	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:18:25.0672 5500	VaultSvc - ok
16:18:25.0719 5500	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:18:25.0735 5500	vdrvroot - ok
16:18:25.0797 5500	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:18:25.0828 5500	vds - ok
16:18:25.0859 5500	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:18:25.0859 5500	vga - ok
16:18:25.0891 5500	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:18:25.0891 5500	VgaSave - ok
16:18:25.0937 5500	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:18:25.0953 5500	vhdmp - ok
16:18:25.0969 5500	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:18:25.0984 5500	viaide - ok
16:18:26.0000 5500	VMnetAdapter - ok
16:18:26.0031 5500	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:18:26.0047 5500	volmgr - ok
16:18:26.0093 5500	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:18:26.0109 5500	volmgrx - ok
16:18:26.0140 5500	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:18:26.0156 5500	volsnap - ok
16:18:26.0187 5500	vpnva - ok
16:18:26.0218 5500	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:18:26.0234 5500	vsmraid - ok
16:18:26.0359 5500	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:18:26.0405 5500	VSS - ok
16:18:26.0515 5500	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:18:26.0515 5500	vwifibus - ok
16:18:26.0530 5500	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:18:26.0530 5500	vwififlt - ok
16:18:26.0577 5500	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:18:26.0577 5500	vwifimp - ok
16:18:26.0608 5500	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:18:26.0639 5500	W32Time - ok
16:18:26.0671 5500	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:18:26.0671 5500	WacomPen - ok
16:18:26.0733 5500	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:18:26.0733 5500	WANARP - ok
16:18:26.0764 5500	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:18:26.0764 5500	Wanarpv6 - ok
16:18:26.0905 5500	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:18:26.0936 5500	WatAdminSvc - ok
16:18:27.0061 5500	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:18:27.0107 5500	wbengine - ok
16:18:27.0217 5500	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:18:27.0232 5500	WbioSrvc - ok
16:18:27.0295 5500	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:18:27.0310 5500	wcncsvc - ok
16:18:27.0326 5500	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:18:27.0341 5500	WcsPlugInService - ok
16:18:27.0373 5500	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:18:27.0388 5500	Wd - ok
16:18:27.0435 5500	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:18:27.0466 5500	Wdf01000 - ok
16:18:27.0482 5500	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:18:27.0482 5500	WdiServiceHost - ok
16:18:27.0497 5500	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:18:27.0497 5500	WdiSystemHost - ok
16:18:27.0544 5500	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:18:27.0560 5500	WebClient - ok
16:18:27.0575 5500	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:18:27.0591 5500	Wecsvc - ok
16:18:27.0622 5500	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:18:27.0638 5500	wercplsupport - ok
16:18:27.0669 5500	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:18:27.0669 5500	WerSvc - ok
16:18:27.0763 5500	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:18:27.0763 5500	WfpLwf - ok
16:18:27.0825 5500	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:18:27.0856 5500	WimFltr - ok
16:18:27.0872 5500	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:18:27.0887 5500	WIMMount - ok
16:18:27.0950 5500	WinDefend - ok
16:18:27.0950 5500	WinHttpAutoProxySvc - ok
16:18:28.0012 5500	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:18:28.0028 5500	Winmgmt - ok
16:18:28.0168 5500	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:18:28.0231 5500	WinRM - ok
16:18:28.0402 5500	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:18:28.0402 5500	WinUsb - ok
16:18:28.0480 5500	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:18:28.0496 5500	Wlansvc - ok
16:18:28.0574 5500	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:18:28.0574 5500	wlcrasvc - ok
16:18:28.0777 5500	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:18:28.0808 5500	wlidsvc - ok
16:18:28.0839 5500	wltrysvc        (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
16:18:28.0855 5500	wltrysvc - ok
16:18:28.0979 5500	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:18:28.0979 5500	WmiAcpi - ok
16:18:29.0026 5500	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:18:29.0042 5500	wmiApSrv - ok
16:18:29.0073 5500	WMPNetworkSvc - ok
16:18:29.0104 5500	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:18:29.0104 5500	WPCSvc - ok
16:18:29.0151 5500	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:18:29.0167 5500	WPDBusEnum - ok
16:18:29.0182 5500	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:18:29.0198 5500	ws2ifsl - ok
16:18:29.0291 5500	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:18:29.0291 5500	wscsvc - ok
16:18:29.0307 5500	WSearch - ok
16:18:29.0603 5500	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:18:29.0635 5500	wuauserv - ok
16:18:29.0806 5500	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:18:29.0806 5500	WudfPf - ok
16:18:29.0853 5500	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:18:29.0869 5500	WUDFRd - ok
16:18:29.0915 5500	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:18:29.0915 5500	wudfsvc - ok
16:18:29.0947 5500	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:18:29.0978 5500	WwanSvc - ok
16:18:30.0040 5500	ztemtusbser     (706214ce01bb9a85e93c4e59636430f5) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
16:18:30.0056 5500	ztemtusbser - ok
16:18:30.0118 5500	zteusbser       (f27d8df26e3825ae969d33a327331234) C:\Windows\system32\DRIVERS\zteusbser.sys
16:18:30.0118 5500	zteusbser - ok
16:18:30.0165 5500	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:18:30.0461 5500	\Device\Harddisk0\DR0 - ok
16:18:30.0461 5500	Boot (0x1200)   (1b81b8636ba68126533dab8bd91078ea) \Device\Harddisk0\DR0\Partition0
16:18:30.0477 5500	\Device\Harddisk0\DR0\Partition0 - ok
16:18:30.0493 5500	Boot (0x1200)   (37f677ef2cd6d0a03a32b5ca520a8984) \Device\Harddisk0\DR0\Partition1
16:18:30.0508 5500	\Device\Harddisk0\DR0\Partition1 - ok
16:18:30.0524 5500	Boot (0x1200)   (f872044cf12a515f27d19069da638ef7) \Device\Harddisk0\DR0\Partition2
16:18:30.0524 5500	\Device\Harddisk0\DR0\Partition2 - ok
16:18:30.0586 5500	Boot (0x1200)   (55e51e76cb13a9c633b900b2468dfa64) \Device\Harddisk0\DR0\Partition3
16:18:30.0586 5500	\Device\Harddisk0\DR0\Partition3 - ok
16:18:30.0586 5500	============================================================
16:18:30.0586 5500	Scan finished
16:18:30.0586 5500	============================================================
16:18:30.0602 5484	Detected object count: 0
16:18:30.0602 5484	Actual detected object count: 0

No threats found !! Earlier every file it scanned was marked as suspicious but not anymore. Also, I have started noticing changes on my system again. Antivirus service is again running now.

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 08 July 2012 - 07:03 AM

Hello, ankit_768.

Great! Is Windows Update now working?

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users