Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Exploer being Hijacked


  • Please log in to reply
12 replies to this topic

#1 jaw20

jaw20

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 13 September 2013 - 01:55 PM

Hi, I'm on a friends computer and he said it was running slow and IE was acting weird so first thing I did was run malwarebytes. A flash scan with malwarebytes and found a lot of trojans, malware, backdoors, and ransomware which caused a rundll error. I will paste the Mbam log here
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.13.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Phil :: MARTEL [administrator]
Protection: Disabled
9/13/2013 2:40:50 PM
MBAM-log-2013-09-13 (14-52-24).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 216751
Time elapsed: 36 second(s)
Memory Processes Detected: 2
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam.A) -> 968 -> No action taken.
C:\Windows\Installer\{B5CAD084-65D7-140B-E7C5-066FC79D9AC9}\syshost.exe (Backdoor.Agent) -> 2464 -> No action taken.
Memory Modules Detected: 2
C:\Program Files (x86)\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\uc.dll (PUP.Optional.UnFriendChecker) -> No action taken.
Registry Keys Detected: 22
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{09942569-D515-42BE-9F5A-A439B20F91AB} (PUP.Optional.UnFriendChecker) -> No action taken.
HKCR\TypeLib\{8CF8DDF2-1606-4631-A49B-DCDE99581986} (PUP.Optional.UnFriendChecker) -> No action taken.
HKCR\Interface\{90FAA58D-5C5D-4161-BAAA-404D9BC3CAC2} (PUP.Optional.UnFriendChecker) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB} (PUP.Optional.UnFriendChecker) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{09942569-D515-42BE-9F5A-A439B20F91AB} (PUP.Optional.UnFriendChecker) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09942569-D515-42BE-9F5A-A439B20F91AB} (PUP.Optional.UnFriendChecker) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uc@uc.com (PUP.Optional.UnFriendChecker) -> No action taken.
HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> No action taken.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> No action taken.
Registry Values Detected: 2
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 4222 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Backdoor.Agent) -> Data: C:\Windows\Installer\{B5CAD084-65D7-140B-E7C5-066FC79D9AC9}\syshost.exe -> No action taken.
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Folders Detected: 19
C:\Users\BackUp\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> No action taken.
C:\Users\Phil\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> No action taken.
C:\Program Files (x86)\Unfriend Checker (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\FF (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\FF\chrome (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\FF\chrome\content (PUP.Optional.UnFriendChecker) -> No action taken.
C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> No action taken.
C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\BackUp\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\BackUp\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\Phil\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\Phil\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Phil\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\Phil\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> No action taken.
Files Detected: 29
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Phil\AppData\Local\Temp\anajbio.exe (Exploit.Drop.GS) -> No action taken.
C:\Users\Phil\AppData\Roaming\asdsada.bat (Malware.Trace) -> No action taken.
C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> No action taken.
C:\Users\BackUp\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> No action taken.
C:\Users\BackUp\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> No action taken.
C:\Users\Phil\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> No action taken.
C:\Users\Phil\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\r.log (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\chrome.crx (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\uc.dll (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\Uninstall.exe (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\FF\chrome.manifest (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\FF\install.rdf (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\FF\chrome\content\icon.png (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\FF\chrome\content\main.js (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Program Files (x86)\Unfriend Checker\FF\chrome\content\overlay.xul (PUP.Optional.UnFriendChecker) -> No action taken.
C:\Windows\Installer\{B5CAD084-65D7-140B-E7C5-066FC79D9AC9}\syshost.exe (Backdoor.Agent) -> No action taken.
C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1033.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\BackUp\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\BackUp\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\Phil\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> No action taken.
C:\Users\Phil\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> No action taken.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Phil\AppData\Local\Temp\Iminent\Log\Iminent.MSI.log (PUP.Optional.Iminent.A) -> No action taken.
(end)

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, based on type of log in topic. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:06 AM

Posted 13 September 2013 - 02:12 PM

Hello, yes you do have all these things on here..I want you to consider this first.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 13 September 2013 - 02:25 PM

This isn't my computer so I don't think I can wipe it yet. I just wanted to see if there was any other rootkits,or malware that could be detected and removed. Also i will disconnect it from the internet and do everything from a usb drive. I want to clean the system.


Edited by jaw20, 13 September 2013 - 03:03 PM.


#4 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 13 September 2013 - 02:58 PM

I found a Zero Access Rootkit after further investigation, what should I do?



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:06 AM

Posted 13 September 2013 - 03:37 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Download Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 13 September 2013 - 04:36 PM

Apparently something enabled test mode on the laptop allowing unsigned drivers to be installed. I am doing the scans with Mbar now.



#7 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 13 September 2013 - 04:40 PM

17:00:19.0208 0x0b9c  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
17:00:19.0536 0x0b9c  ============================================================
17:00:19.0536 0x0b9c  Current date / time: 2013/09/13 17:00:19.0536
17:00:19.0536 0x0b9c  SystemInfo:
17:00:19.0536 0x0b9c  
17:00:19.0536 0x0b9c  OS Version: 6.1.7601 ServicePack: 1.0
17:00:19.0536 0x0b9c  Product type: Workstation
17:00:19.0536 0x0b9c  ComputerName: MARTEL
17:00:19.0536 0x0b9c  UserName: Phil
17:00:19.0536 0x0b9c  Windows directory: C:\Windows
17:00:19.0536 0x0b9c  System windows directory: C:\Windows
17:00:19.0536 0x0b9c  Running under WOW64
17:00:19.0536 0x0b9c  Processor architecture: Intel x64
17:00:19.0536 0x0b9c  Number of processors: 2
17:00:19.0536 0x0b9c  Page size: 0x1000
17:00:19.0536 0x0b9c  Boot type: Normal boot
17:00:19.0536 0x0b9c  ============================================================
17:00:19.0536 0x0b9c  BG loaded
17:00:20.0363 0x0b9c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:00:20.0378 0x0b9c  Drive \Device\Harddisk1\DR1 - Size: 0x76C00000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:00:20.0378 0x0b9c  ============================================================
17:00:20.0378 0x0b9c  \Device\Harddisk0\DR0:
17:00:20.0378 0x0b9c  MBR partitions:
17:00:20.0378 0x0b9c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:00:20.0378 0x0b9c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x389B0000
17:00:20.0378 0x0b9c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38A14000, BlocksNum 0x1971800
17:00:20.0378 0x0b9c  \Device\Harddisk1\DR1:
17:00:20.0378 0x0b9c  MBR partitions:
17:00:20.0378 0x0b9c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x600, BlocksNum 0x3B5A00
17:00:20.0378 0x0b9c  ============================================================
17:00:20.0472 0x0b9c  C: <-> \Device\Harddisk0\DR0\Partition2
17:00:20.0550 0x0b9c  D: <-> \Device\Harddisk0\DR0\Partition3
17:00:20.0550 0x0b9c  ============================================================
17:00:20.0550 0x0b9c  Initialize success
17:00:20.0550 0x0b9c  ============================================================
17:01:27.0282 0x0d5c  ============================================================
17:01:27.0282 0x0d5c  Scan started
17:01:27.0282 0x0d5c  Mode: Manual; 
17:01:27.0282 0x0d5c  ============================================================
17:01:29.0497 0x0d5c  ================ Scan system memory ========================
17:01:29.0497 0x0d5c  System memory - ok
17:01:29.0497 0x0d5c  ================ Scan services =============================
17:01:29.0684 0x0d5c  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:01:29.0684 0x0d5c  1394ohci - ok
17:01:29.0700 0x0d5c  Suspicious service (NoAccess): 2086ff6c7ae7d629
17:01:29.0747 0x0d5c  [ 6FD975989548A46FF816436D535BA190 ] 2086ff6c7ae7d629 C:\Windows\System32\Drivers\2086ff6c7ae7d629.sys
17:01:29.0747 0x0d5c  Suspicious file (NoAccess): C:\Windows\System32\Drivers\2086ff6c7ae7d629.sys. md5: 6FD975989548A46FF816436D535BA190
17:01:29.0887 0x0d5c  2086ff6c7ae7d629 ( Rootkit.Win32.Necurs.gen ) - infected
17:01:29.0887 0x0d5c  2086ff6c7ae7d629 - detected Rootkit.Win32.Necurs.gen (0)
17:01:29.0918 0x0d5c  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
17:01:29.0918 0x0d5c  Accelerometer - ok
17:01:29.0981 0x0d5c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:01:29.0996 0x0d5c  ACPI - ok
17:01:30.0012 0x0d5c  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:01:30.0027 0x0d5c  AcpiPmi - ok
17:01:30.0137 0x0d5c  [ BF3818B441955E4D438EC72F06F1FE61 ] AdobeActiveFileMonitor11.0 C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
17:01:30.0152 0x0d5c  AdobeActiveFileMonitor11.0 - ok
17:01:30.0277 0x0d5c  [ 7BBAF543CABE8A8D275BC7F6C66C1959 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:01:30.0293 0x0d5c  AdobeFlashPlayerUpdateSvc - ok
17:01:30.0324 0x0d5c  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:01:30.0355 0x0d5c  adp94xx - ok
17:01:30.0386 0x0d5c  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:01:30.0386 0x0d5c  adpahci - ok
17:01:30.0417 0x0d5c  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:01:30.0417 0x0d5c  adpu320 - ok
17:01:30.0449 0x0d5c  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:01:30.0449 0x0d5c  AeLookupSvc - ok
17:01:30.0542 0x0d5c  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
17:01:30.0558 0x0d5c  AESTFilters - ok
17:01:30.0605 0x0d5c  [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
17:01:30.0605 0x0d5c  Afc - ok
17:01:30.0636 0x0d5c  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:01:30.0651 0x0d5c  AFD - ok
17:01:30.0729 0x0d5c  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
17:01:30.0729 0x0d5c  AgereModemAudio - ok
17:01:30.0776 0x0d5c  [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
17:01:30.0792 0x0d5c  AgereSoftModem - ok
17:01:30.0839 0x0d5c  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:01:30.0839 0x0d5c  agp440 - ok
17:01:30.0885 0x0d5c  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:01:30.0885 0x0d5c  ALG - ok
17:01:30.0917 0x0d5c  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:01:30.0917 0x0d5c  aliide - ok
17:01:30.0932 0x0d5c  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:01:30.0932 0x0d5c  amdide - ok
17:01:30.0963 0x0d5c  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:01:30.0963 0x0d5c  AmdK8 - ok
17:01:30.0979 0x0d5c  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:01:30.0979 0x0d5c  AmdPPM - ok
17:01:31.0026 0x0d5c  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:01:31.0026 0x0d5c  amdsata - ok
17:01:31.0073 0x0d5c  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:01:31.0073 0x0d5c  amdsbs - ok
17:01:31.0088 0x0d5c  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:01:31.0088 0x0d5c  amdxata - ok
17:01:31.0151 0x0d5c  [ 2E2B1A491CB78C7D8C8A265C004B1F79 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:01:31.0197 0x0d5c  AntiVirSchedulerService - ok
17:01:31.0244 0x0d5c  [ AAE3238C2A0B2CF17851B3D06C8EA8C0 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:01:31.0244 0x0d5c  AntiVirService - ok
17:01:31.0275 0x0d5c  [ 35AEA74A23D2441ED9068D0D967E2ED2 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:01:31.0307 0x0d5c  AntiVirWebService - ok
17:01:31.0369 0x0d5c  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:01:31.0385 0x0d5c  AppID - ok
17:01:31.0400 0x0d5c  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:01:31.0400 0x0d5c  AppIDSvc - ok
17:01:31.0447 0x0d5c  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:01:31.0447 0x0d5c  Appinfo - ok
17:01:31.0478 0x0d5c  aqhurguz - ok
17:01:31.0509 0x0d5c  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:01:31.0525 0x0d5c  arc - ok
17:01:31.0525 0x0d5c  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:01:31.0541 0x0d5c  arcsas - ok
17:01:31.0572 0x0d5c  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:01:31.0572 0x0d5c  AsyncMac - ok
17:01:31.0619 0x0d5c  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:01:31.0619 0x0d5c  atapi - ok
17:01:31.0790 0x0d5c  [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag        C:\Windows\system32\drivers\atikmdag.sys
17:01:31.0946 0x0d5c  atikmdag - ok
17:01:32.0024 0x0d5c  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:01:32.0024 0x0d5c  AudioEndpointBuilder - ok
17:01:32.0071 0x0d5c  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:01:32.0071 0x0d5c  AudioSrv - ok
17:01:32.0165 0x0d5c  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:01:32.0165 0x0d5c  avgntflt - ok
17:01:32.0243 0x0d5c  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:01:32.0243 0x0d5c  avipbb - ok
17:01:32.0336 0x0d5c  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:01:32.0336 0x0d5c  avkmgr - ok
17:01:32.0601 0x0d5c  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:01:32.0617 0x0d5c  AxInstSV - ok
17:01:32.0648 0x0d5c  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:01:32.0648 0x0d5c  b06bdrv - ok
17:01:32.0695 0x0d5c  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:01:32.0695 0x0d5c  b57nd60a - ok
17:01:32.0773 0x0d5c  [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:01:32.0789 0x0d5c  BBSvc - ok
17:01:32.0851 0x0d5c  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:01:32.0851 0x0d5c  BBUpdate - ok
17:01:32.0898 0x0d5c  [ E1A8F4E38CCFCBCC44A6A0AFE800B6BD ] bcm             C:\Windows\system32\DRIVERS\drxvi314_64.sys
17:01:32.0898 0x0d5c  bcm - ok
17:01:32.0929 0x0d5c  [ D789CCF166315F33FDD31E8486EFBF8D ] bcmbusctr       C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
17:01:32.0929 0x0d5c  bcmbusctr - ok
17:01:32.0960 0x0d5c  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:01:32.0960 0x0d5c  BDESVC - ok
17:01:32.0991 0x0d5c  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:01:32.0991 0x0d5c  Beep - ok
17:01:33.0054 0x0d5c  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:01:33.0101 0x0d5c  BITS - ok
17:01:33.0132 0x0d5c  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:01:33.0132 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3
17:01:33.0132 0x0d5c  blbdrive ( LockedFile.Multi.Generic ) - warning
17:01:33.0132 0x0d5c  blbdrive - detected LockedFile.Multi.Generic (1)
17:01:33.0179 0x0d5c  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:01:33.0179 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5
17:01:33.0179 0x0d5c  bowser ( LockedFile.Multi.Generic ) - warning
17:01:33.0179 0x0d5c  bowser - detected LockedFile.Multi.Generic (1)
17:01:33.0210 0x0d5c  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:01:33.0210 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8
17:01:33.0210 0x0d5c  BrFiltLo ( LockedFile.Multi.Generic ) - warning
17:01:33.0210 0x0d5c  BrFiltLo - detected LockedFile.Multi.Generic (1)
17:01:33.0225 0x0d5c  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:01:33.0225 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6
17:01:33.0225 0x0d5c  BrFiltUp ( LockedFile.Multi.Generic ) - warning
17:01:33.0225 0x0d5c  BrFiltUp - detected LockedFile.Multi.Generic (1)
17:01:33.0272 0x0d5c  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
17:01:33.0272 0x0d5c  Browser - ok
17:01:33.0303 0x0d5c  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:01:33.0319 0x0d5c  Suspicious file (NoAccess): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD
17:01:33.0319 0x0d5c  Brserid ( LockedFile.Multi.Generic ) - warning
17:01:33.0319 0x0d5c  Brserid - detected LockedFile.Multi.Generic (1)
17:01:33.0335 0x0d5c  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:01:33.0335 0x0d5c  BrSerWdm - ok
17:01:33.0350 0x0d5c  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:01:33.0366 0x0d5c  BrUsbMdm - ok
17:01:33.0366 0x0d5c  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:01:33.0366 0x0d5c  BrUsbSer - ok
17:01:33.0413 0x0d5c  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:01:33.0413 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\BthEnum.sys. md5: CF98190A94F62E405C8CB255018B2315
17:01:33.0413 0x0d5c  BthEnum ( LockedFile.Multi.Generic ) - warning
17:01:33.0413 0x0d5c  BthEnum - detected LockedFile.Multi.Generic (1)
17:01:33.0428 0x0d5c  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:01:33.0428 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8
17:01:33.0428 0x0d5c  BTHMODEM ( LockedFile.Multi.Generic ) - warning
17:01:33.0428 0x0d5c  BTHMODEM - detected LockedFile.Multi.Generic (1)
17:01:33.0459 0x0d5c  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:01:33.0459 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\bthpan.sys. md5: 02DD601B708DD0667E1331FA8518E9FF
17:01:33.0459 0x0d5c  BthPan ( LockedFile.Multi.Generic ) - warning
17:01:33.0459 0x0d5c  BthPan - detected LockedFile.Multi.Generic (1)
17:01:33.0491 0x0d5c  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:01:33.0491 0x0d5c  Suspicious file (NoAccess): C:\Windows\System32\Drivers\BTHport.sys. md5: 64C198198501F7560EE41D8D1EFA7952
17:01:33.0491 0x0d5c  BTHPORT ( LockedFile.Multi.Generic ) - warning
17:01:33.0491 0x0d5c  BTHPORT - detected LockedFile.Multi.Generic (1)
17:01:33.0522 0x0d5c  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:01:33.0522 0x0d5c  bthserv - ok
17:01:33.0553 0x0d5c  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:01:33.0553 0x0d5c  Suspicious file (NoAccess): C:\Windows\System32\Drivers\BTHUSB.sys. md5: F188B7394D81010767B6DF3178519A37
17:01:33.0553 0x0d5c  BTHUSB ( LockedFile.Multi.Generic ) - warning
17:01:33.0553 0x0d5c  BTHUSB - detected LockedFile.Multi.Generic (1)
17:01:33.0584 0x0d5c  [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64     C:\Windows\system32\drivers\BVRPMPR5a64.SYS
17:01:33.0584 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\BVRPMPR5a64.SYS. md5: 9887CA12F407D7FBC7F48F3678F5F0B6
17:01:33.0584 0x0d5c  BVRPMPR5a64 ( LockedFile.Multi.Generic ) - warning
17:01:33.0584 0x0d5c  BVRPMPR5a64 - detected LockedFile.Multi.Generic (1)
17:01:33.0615 0x0d5c  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:01:33.0615 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A
17:01:33.0615 0x0d5c  cdfs ( LockedFile.Multi.Generic ) - warning
17:01:33.0615 0x0d5c  cdfs - detected LockedFile.Multi.Generic (1)
17:01:33.0678 0x0d5c  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:01:33.0678 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416
17:01:33.0693 0x0d5c  cdrom ( LockedFile.Multi.Generic ) - warning
17:01:33.0693 0x0d5c  cdrom - detected LockedFile.Multi.Generic (1)
17:01:33.0771 0x0d5c  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:01:33.0771 0x0d5c  CertPropSvc - ok
17:01:33.0787 0x0d5c  chhuzakl - ok
17:01:33.0818 0x0d5c  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:01:33.0818 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF
17:01:33.0818 0x0d5c  circlass ( LockedFile.Multi.Generic ) - warning
17:01:33.0818 0x0d5c  circlass - detected LockedFile.Multi.Generic (1)
17:01:33.0865 0x0d5c  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:01:33.0865 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206
17:01:33.0865 0x0d5c  CLFS ( LockedFile.Multi.Generic ) - warning
17:01:33.0865 0x0d5c  CLFS - detected LockedFile.Multi.Generic (1)
17:01:33.0927 0x0d5c  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:33.0927 0x0d5c  clr_optimization_v2.0.50727_32 - ok
17:01:33.0959 0x0d5c  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:01:33.0959 0x0d5c  clr_optimization_v2.0.50727_64 - ok
17:01:34.0068 0x0d5c  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:01:34.0083 0x0d5c  clr_optimization_v4.0.30319_32 - ok
17:01:34.0115 0x0d5c  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:01:34.0115 0x0d5c  clr_optimization_v4.0.30319_64 - ok
17:01:34.0146 0x0d5c  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:01:34.0146 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33
17:01:34.0146 0x0d5c  CmBatt ( LockedFile.Multi.Generic ) - warning
17:01:34.0146 0x0d5c  CmBatt - detected LockedFile.Multi.Generic (1)
17:01:34.0177 0x0d5c  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:01:34.0177 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD
17:01:34.0177 0x0d5c  cmdide ( LockedFile.Multi.Generic ) - warning
17:01:34.0177 0x0d5c  cmdide - detected LockedFile.Multi.Generic (1)
17:01:34.0224 0x0d5c  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:01:34.0224 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: 9AC4F97C2D3E93367E2148EA940CD2CD
17:01:34.0224 0x0d5c  CNG ( LockedFile.Multi.Generic ) - warning
17:01:34.0224 0x0d5c  CNG - detected LockedFile.Multi.Generic (1)
17:01:34.0286 0x0d5c  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:01:34.0302 0x0d5c  Com4QLBEx - ok
17:01:34.0333 0x0d5c  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:01:34.0333 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14
17:01:34.0333 0x0d5c  Compbatt ( LockedFile.Multi.Generic ) - warning
17:01:34.0333 0x0d5c  Compbatt - detected LockedFile.Multi.Generic (1)
17:01:34.0380 0x0d5c  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:01:34.0380 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8
17:01:34.0380 0x0d5c  CompositeBus ( LockedFile.Multi.Generic ) - warning
17:01:34.0380 0x0d5c  CompositeBus - detected LockedFile.Multi.Generic (1)
17:01:34.0380 0x0d5c  COMSysApp - ok
17:01:34.0411 0x0d5c  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:01:34.0411 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597
17:01:34.0411 0x0d5c  crcdisk ( LockedFile.Multi.Generic ) - warning
17:01:34.0411 0x0d5c  crcdisk - detected LockedFile.Multi.Generic (1)
17:01:34.0458 0x0d5c  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:01:34.0458 0x0d5c  CryptSvc - ok
17:01:34.0489 0x0d5c  [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
17:01:34.0489 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\dc3d.sys. md5: 7AF9DAC504FBD047CBC3E64AE52C92BF
17:01:34.0489 0x0d5c  dc3d ( LockedFile.Multi.Generic ) - warning
17:01:34.0489 0x0d5c  dc3d - detected LockedFile.Multi.Generic (1)
17:01:34.0551 0x0d5c  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:01:34.0551 0x0d5c  DcomLaunch - ok
17:01:34.0598 0x0d5c  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:01:34.0614 0x0d5c  defragsvc - ok
17:01:34.0661 0x0d5c  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:01:34.0661 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4
17:01:34.0661 0x0d5c  DfsC ( LockedFile.Multi.Generic ) - warning
17:01:34.0661 0x0d5c  DfsC - detected LockedFile.Multi.Generic (1)
17:01:34.0723 0x0d5c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:01:34.0723 0x0d5c  Dhcp - ok
17:01:34.0754 0x0d5c  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:01:34.0754 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3
17:01:34.0754 0x0d5c  discache ( LockedFile.Multi.Generic ) - warning
17:01:34.0754 0x0d5c  discache - detected LockedFile.Multi.Generic (1)
17:01:34.0801 0x0d5c  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:01:34.0801 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C
17:01:34.0801 0x0d5c  Disk ( LockedFile.Multi.Generic ) - warning
17:01:34.0801 0x0d5c  Disk - detected LockedFile.Multi.Generic (1)
17:01:34.0848 0x0d5c  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:01:34.0863 0x0d5c  Dnscache - ok
17:01:34.0926 0x0d5c  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:01:34.0926 0x0d5c  dot3svc - ok
17:01:34.0973 0x0d5c  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:01:34.0973 0x0d5c  DPS - ok
17:01:35.0004 0x0d5c  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:01:35.0004 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754
17:01:35.0004 0x0d5c  drmkaud ( LockedFile.Multi.Generic ) - warning
17:01:35.0004 0x0d5c  drmkaud - detected LockedFile.Multi.Generic (1)
17:01:35.0035 0x0d5c  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:01:35.0035 0x0d5c  Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: F5BEE30450E18E6B83A5012C100616FD
17:01:35.0051 0x0d5c  DXGKrnl ( LockedFile.Multi.Generic ) - warning
17:01:35.0051 0x0d5c  DXGKrnl - detected LockedFile.Multi.Generic (1)
17:01:35.0082 0x0d5c  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:01:35.0082 0x0d5c  EapHost - ok
17:01:35.0160 0x0d5c  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:01:35.0160 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F
17:01:35.0160 0x0d5c  ebdrv ( LockedFile.Multi.Generic ) - warning
17:01:35.0160 0x0d5c  ebdrv - detected LockedFile.Multi.Generic (1)
17:01:35.0191 0x0d5c  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:01:35.0191 0x0d5c  EFS - ok
17:01:35.0222 0x0d5c  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:01:35.0253 0x0d5c  ehRecvr - ok
17:01:35.0269 0x0d5c  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:01:35.0269 0x0d5c  ehSched - ok
17:01:35.0300 0x0d5c  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:01:35.0300 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184
17:01:35.0316 0x0d5c  elxstor ( LockedFile.Multi.Generic ) - warning
17:01:35.0316 0x0d5c  elxstor - detected LockedFile.Multi.Generic (1)
17:01:35.0347 0x0d5c  [ 524C79054636D2E5751169005006460B ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
17:01:35.0347 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\enecir.sys. md5: 524C79054636D2E5751169005006460B
17:01:35.0347 0x0d5c  enecir ( LockedFile.Multi.Generic ) - warning
17:01:35.0347 0x0d5c  enecir - detected LockedFile.Multi.Generic (1)
17:01:35.0394 0x0d5c  [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
17:01:35.0409 0x0d5c  EPSON_PM_RPCV4_01 - ok
17:01:35.0441 0x0d5c  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:01:35.0441 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B
17:01:35.0441 0x0d5c  ErrDev ( LockedFile.Multi.Generic ) - warning
17:01:35.0441 0x0d5c  ErrDev - detected LockedFile.Multi.Generic (1)
17:01:35.0472 0x0d5c  eurrcsno - ok
17:01:35.0503 0x0d5c  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:01:35.0519 0x0d5c  EventSystem - ok
17:01:35.0565 0x0d5c  [ 477BC304201197F4057090BD60AF1739 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
17:01:35.0565 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ewusbnet.sys. md5: 477BC304201197F4057090BD60AF1739
17:01:35.0565 0x0d5c  ewusbnet ( LockedFile.Multi.Generic ) - warning
17:01:35.0565 0x0d5c  ewusbnet - detected LockedFile.Multi.Generic (1)
17:01:35.0581 0x0d5c  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:01:35.0581 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B
17:01:35.0581 0x0d5c  exfat ( LockedFile.Multi.Generic ) - warning
17:01:35.0581 0x0d5c  exfat - detected LockedFile.Multi.Generic (1)
17:01:35.0597 0x0d5c  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:01:35.0597 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D
17:01:35.0597 0x0d5c  fastfat ( LockedFile.Multi.Generic ) - warning
17:01:35.0597 0x0d5c  fastfat - detected LockedFile.Multi.Generic (1)
17:01:35.0659 0x0d5c  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:01:35.0675 0x0d5c  Fax - ok
17:01:35.0690 0x0d5c  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:01:35.0690 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB
17:01:35.0690 0x0d5c  fdc ( LockedFile.Multi.Generic ) - warning
17:01:35.0690 0x0d5c  fdc - detected LockedFile.Multi.Generic (1)
17:01:35.0706 0x0d5c  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:01:35.0706 0x0d5c  fdPHost - ok
17:01:35.0721 0x0d5c  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:01:35.0721 0x0d5c  FDResPub - ok
17:01:35.0737 0x0d5c  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:01:35.0737 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930
17:01:35.0737 0x0d5c  FileInfo ( LockedFile.Multi.Generic ) - warning
17:01:35.0737 0x0d5c  FileInfo - detected LockedFile.Multi.Generic (1)
17:01:35.0753 0x0d5c  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:01:35.0753 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47
17:01:35.0753 0x0d5c  Filetrace ( LockedFile.Multi.Generic ) - warning
17:01:35.0753 0x0d5c  Filetrace - detected LockedFile.Multi.Generic (1)
17:01:35.0784 0x0d5c  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:01:35.0784 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5
17:01:35.0784 0x0d5c  flpydisk ( LockedFile.Multi.Generic ) - warning
17:01:35.0784 0x0d5c  flpydisk - detected LockedFile.Multi.Generic (1)
17:01:35.0831 0x0d5c  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:01:35.0831 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741
17:01:35.0831 0x0d5c  FltMgr ( LockedFile.Multi.Generic ) - warning
17:01:35.0831 0x0d5c  FltMgr - detected LockedFile.Multi.Generic (1)
17:01:35.0893 0x0d5c  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:01:35.0940 0x0d5c  FontCache - ok
17:01:36.0018 0x0d5c  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:01:36.0018 0x0d5c  FontCache3.0.0.0 - ok
17:01:36.0080 0x0d5c  [ 07AF7870ABF051EBBAE8A8A92FF34ABE ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
17:01:36.0080 0x0d5c  FreeAgentGoNext Service - ok
17:01:36.0096 0x0d5c  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:01:36.0096 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC
17:01:36.0096 0x0d5c  FsDepends ( LockedFile.Multi.Generic ) - warning
17:01:36.0096 0x0d5c  FsDepends - detected LockedFile.Multi.Generic (1)
17:01:36.0158 0x0d5c  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:01:36.0158 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fssfltr.sys. md5: 6C06701BF1DB05405804D7EB610991CE
17:01:36.0158 0x0d5c  fssfltr ( LockedFile.Multi.Generic ) - warning
17:01:36.0158 0x0d5c  fssfltr - detected LockedFile.Multi.Generic (1)
17:01:36.0267 0x0d5c  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:01:36.0314 0x0d5c  fsssvc - ok
17:01:36.0345 0x0d5c  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:01:36.0345 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B
17:01:36.0345 0x0d5c  Fs_Rec ( LockedFile.Multi.Generic ) - warning
17:01:36.0345 0x0d5c  Fs_Rec - detected LockedFile.Multi.Generic (1)
17:01:36.0408 0x0d5c  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:01:36.0408 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED
17:01:36.0408 0x0d5c  fvevol ( LockedFile.Multi.Generic ) - warning
17:01:36.0408 0x0d5c  fvevol - detected LockedFile.Multi.Generic (1)
17:01:36.0455 0x0d5c  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:01:36.0455 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6
17:01:36.0455 0x0d5c  gagp30kx ( LockedFile.Multi.Generic ) - warning
17:01:36.0455 0x0d5c  gagp30kx - detected LockedFile.Multi.Generic (1)
17:01:36.0501 0x0d5c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:01:36.0517 0x0d5c  gpsvc - ok
17:01:36.0564 0x0d5c  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:01:36.0564 0x0d5c  gupdate - ok
17:01:36.0626 0x0d5c  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:01:36.0626 0x0d5c  gupdatem - ok
17:01:36.0642 0x0d5c  gupnnhou - ok
17:01:36.0704 0x0d5c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:01:36.0720 0x0d5c  gusvc - ok
17:01:36.0720 0x0d5c  gziqeqey - ok
17:01:36.0751 0x0d5c  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:01:36.0751 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0
17:01:36.0751 0x0d5c  hcw85cir ( LockedFile.Multi.Generic ) - warning
17:01:36.0751 0x0d5c  hcw85cir - detected LockedFile.Multi.Generic (1)
17:01:36.0798 0x0d5c  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:01:36.0798 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A
17:01:36.0798 0x0d5c  HdAudAddService ( LockedFile.Multi.Generic ) - warning
17:01:36.0798 0x0d5c  HdAudAddService - detected LockedFile.Multi.Generic (1)
17:01:36.0813 0x0d5c  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:01:36.0813 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB
17:01:36.0813 0x0d5c  HDAudBus ( LockedFile.Multi.Generic ) - warning
17:01:36.0813 0x0d5c  HDAudBus - detected LockedFile.Multi.Generic (1)
17:01:36.0829 0x0d5c  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:01:36.0829 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F
17:01:36.0829 0x0d5c  HidBatt ( LockedFile.Multi.Generic ) - warning
17:01:36.0829 0x0d5c  HidBatt - detected LockedFile.Multi.Generic (1)
17:01:36.0860 0x0d5c  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:01:36.0860 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104
17:01:36.0860 0x0d5c  HidBth ( LockedFile.Multi.Generic ) - warning
17:01:36.0860 0x0d5c  HidBth - detected LockedFile.Multi.Generic (1)
17:01:36.0891 0x0d5c  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:01:36.0891 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825
17:01:36.0891 0x0d5c  HidIr ( LockedFile.Multi.Generic ) - warning
17:01:36.0891 0x0d5c  HidIr - detected LockedFile.Multi.Generic (1)
17:01:36.0907 0x0d5c  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:01:36.0923 0x0d5c  hidserv - ok
17:01:36.0969 0x0d5c  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:01:36.0969 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536
17:01:36.0969 0x0d5c  HidUsb ( LockedFile.Multi.Generic ) - warning
17:01:36.0969 0x0d5c  HidUsb - detected LockedFile.Multi.Generic (1)
17:01:37.0001 0x0d5c  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:01:37.0016 0x0d5c  hkmsvc - ok
17:01:37.0063 0x0d5c  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:01:37.0079 0x0d5c  HomeGroupListener - ok
17:01:37.0125 0x0d5c  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:01:37.0141 0x0d5c  HomeGroupProvider - ok
17:01:37.0172 0x0d5c  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
17:01:37.0172 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hpdskflt.sys. md5: 4E0BEC0F78096FFD6D3314B497FC49D3
17:01:37.0188 0x0d5c  hpdskflt ( LockedFile.Multi.Generic ) - warning
17:01:37.0188 0x0d5c  hpdskflt - detected LockedFile.Multi.Generic (1)
17:01:37.0203 0x0d5c  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:01:37.0203 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HpqKbFiltr.sys. md5: 9AF482D058BE59CC28BCE52E7C4B747C
17:01:37.0203 0x0d5c  HpqKbFiltr ( LockedFile.Multi.Generic ) - warning
17:01:37.0203 0x0d5c  HpqKbFiltr - detected LockedFile.Multi.Generic (1)
17:01:37.0250 0x0d5c  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:01:37.0266 0x0d5c  hpqwmiex - ok
17:01:37.0313 0x0d5c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:01:37.0313 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC
17:01:37.0313 0x0d5c  HpSAMD ( LockedFile.Multi.Generic ) - warning
17:01:37.0313 0x0d5c  HpSAMD - detected LockedFile.Multi.Generic (1)
17:01:37.0359 0x0d5c  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
17:01:37.0375 0x0d5c  hpsrv - ok
17:01:37.0437 0x0d5c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:01:37.0437 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28
17:01:37.0437 0x0d5c  HTTP ( LockedFile.Multi.Generic ) - warning
17:01:37.0437 0x0d5c  HTTP - detected LockedFile.Multi.Generic (1)
17:01:37.0500 0x0d5c  [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:01:37.0500 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ewusbmdm.sys. md5: 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB
17:01:37.0500 0x0d5c  hwdatacard ( LockedFile.Multi.Generic ) - warning
17:01:37.0500 0x0d5c  hwdatacard - detected LockedFile.Multi.Generic (1)
17:01:37.0547 0x0d5c  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:01:37.0547 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392
17:01:37.0547 0x0d5c  hwpolicy ( LockedFile.Multi.Generic ) - warning
17:01:37.0547 0x0d5c  hwpolicy - detected LockedFile.Multi.Generic (1)
17:01:37.0578 0x0d5c  [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
17:01:37.0578 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ewusbdev.sys. md5: B45B3647BA32749B94FA689175EC8C26
17:01:37.0578 0x0d5c  hwusbdev ( LockedFile.Multi.Generic ) - warning
17:01:37.0578 0x0d5c  hwusbdev - detected LockedFile.Multi.Generic (1)
17:01:37.0656 0x0d5c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:01:37.0656 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3
17:01:37.0656 0x0d5c  i8042prt ( LockedFile.Multi.Generic ) - warning
17:01:37.0656 0x0d5c  i8042prt - detected LockedFile.Multi.Generic (1)
17:01:37.0734 0x0d5c  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:01:37.0734 0x0d5c  IAANTMON - ok
17:01:37.0781 0x0d5c  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:01:37.0781 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 1D004CB1DA6323B1F55CAEF7F94B61D9
17:01:37.0796 0x0d5c  iaStor ( LockedFile.Multi.Generic ) - warning
17:01:37.0796 0x0d5c  iaStor - detected LockedFile.Multi.Generic (1)
17:01:37.0843 0x0d5c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:01:37.0843 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366
17:01:37.0843 0x0d5c  iaStorV ( LockedFile.Multi.Generic ) - warning
17:01:37.0843 0x0d5c  iaStorV - detected LockedFile.Multi.Generic (1)
17:01:37.0905 0x0d5c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:01:37.0937 0x0d5c  idsvc - ok
17:01:38.0108 0x0d5c  [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:01:38.0108 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: 3C3F27002ABC69C5AFE29CBE6CF7ADDF
17:01:38.0124 0x0d5c  igfx ( LockedFile.Multi.Generic ) - warning
17:01:38.0124 0x0d5c  igfx - detected LockedFile.Multi.Generic (1)
17:01:38.0139 0x0d5c  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:01:38.0139 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21
17:01:38.0139 0x0d5c  iirsp ( LockedFile.Multi.Generic ) - warning
17:01:38.0139 0x0d5c  iirsp - detected LockedFile.Multi.Generic (1)
17:01:38.0202 0x0d5c  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:01:38.0249 0x0d5c  IKEEXT - ok
17:01:38.0295 0x0d5c  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
17:01:38.0295 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\IntcHdmi.sys. md5: 88A20FA54C73DED4E8DAC764E9130AE9
17:01:38.0295 0x0d5c  IntcHdmiAddService ( LockedFile.Multi.Generic ) - warning
17:01:38.0295 0x0d5c  IntcHdmiAddService - detected LockedFile.Multi.Generic (1)
17:01:38.0342 0x0d5c  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:01:38.0342 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA
17:01:38.0342 0x0d5c  intelide ( LockedFile.Multi.Generic ) - warning
17:01:38.0342 0x0d5c  intelide - detected LockedFile.Multi.Generic (1)
17:01:38.0358 0x0d5c  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:01:38.0358 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1
17:01:38.0358 0x0d5c  intelppm ( LockedFile.Multi.Generic ) - warning
17:01:38.0358 0x0d5c  intelppm - detected LockedFile.Multi.Generic (1)
17:01:38.0405 0x0d5c  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:01:38.0405 0x0d5c  IPBusEnum - ok
17:01:38.0451 0x0d5c  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:38.0451 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6
17:01:38.0451 0x0d5c  IpFilterDriver ( LockedFile.Multi.Generic ) - warning
17:01:38.0451 0x0d5c  IpFilterDriver - detected LockedFile.Multi.Generic (1)
17:01:38.0498 0x0d5c  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:01:38.0498 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A
17:01:38.0498 0x0d5c  IPMIDRV ( LockedFile.Multi.Generic ) - warning
17:01:38.0498 0x0d5c  IPMIDRV - detected LockedFile.Multi.Generic (1)
17:01:38.0545 0x0d5c  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:01:38.0545 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0
17:01:38.0545 0x0d5c  IPNAT ( LockedFile.Multi.Generic ) - warning
17:01:38.0545 0x0d5c  IPNAT - detected LockedFile.Multi.Generic (1)
17:01:38.0576 0x0d5c  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:01:38.0576 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9
17:01:38.0576 0x0d5c  IRENUM ( LockedFile.Multi.Generic ) - warning
17:01:38.0576 0x0d5c  IRENUM - detected LockedFile.Multi.Generic (1)
17:01:38.0592 0x0d5c  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:01:38.0592 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38
17:01:38.0592 0x0d5c  isapnp ( LockedFile.Multi.Generic ) - warning
17:01:38.0592 0x0d5c  isapnp - detected LockedFile.Multi.Generic (1)
17:01:38.0654 0x0d5c  [ CDA1AC2FFC8603859702A2C7DF5BBD36 ] iscFlash        C:\SwSetup\sp46590\iscflashx64.sys
17:01:38.0654 0x0d5c  Suspicious file (NoAccess): C:\SwSetup\sp46590\iscflashx64.sys. md5: CDA1AC2FFC8603859702A2C7DF5BBD36
17:01:38.0654 0x0d5c  iscFlash ( LockedFile.Multi.Generic ) - warning
17:01:38.0654 0x0d5c  iscFlash - detected LockedFile.Multi.Generic (1)
17:01:38.0685 0x0d5c  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:01:38.0701 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD
17:01:38.0701 0x0d5c  iScsiPrt ( LockedFile.Multi.Generic ) - warning
17:01:38.0701 0x0d5c  iScsiPrt - detected LockedFile.Multi.Generic (1)
17:01:38.0717 0x0d5c  jwyikjrg - ok
17:01:38.0732 0x0d5c  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:01:38.0732 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5
17:01:38.0732 0x0d5c  kbdclass ( LockedFile.Multi.Generic ) - warning
17:01:38.0732 0x0d5c  kbdclass - detected LockedFile.Multi.Generic (1)
17:01:38.0763 0x0d5c  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:01:38.0763 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484
17:01:38.0763 0x0d5c  kbdhid ( LockedFile.Multi.Generic ) - warning
17:01:38.0763 0x0d5c  kbdhid - detected LockedFile.Multi.Generic (1)
17:01:38.0763 0x0d5c  keplxxsv - ok
17:01:38.0779 0x0d5c  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:01:38.0779 0x0d5c  KeyIso - ok
17:01:38.0779 0x0d5c  kkuaiyeg - ok
17:01:38.0810 0x0d5c  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:01:38.0810 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4
17:01:38.0810 0x0d5c  KSecDD ( LockedFile.Multi.Generic ) - warning
17:01:38.0810 0x0d5c  KSecDD - detected LockedFile.Multi.Generic (1)
17:01:38.0841 0x0d5c  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:01:38.0841 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07
17:01:38.0841 0x0d5c  KSecPkg ( LockedFile.Multi.Generic ) - warning
17:01:38.0841 0x0d5c  KSecPkg - detected LockedFile.Multi.Generic (1)
17:01:38.0873 0x0d5c  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:01:38.0873 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4
17:01:38.0873 0x0d5c  ksthunk ( LockedFile.Multi.Generic ) - warning
17:01:38.0873 0x0d5c  ksthunk - detected LockedFile.Multi.Generic (1)
17:01:38.0919 0x0d5c  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:01:38.0919 0x0d5c  KtmRm - ok
17:01:38.0966 0x0d5c  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:01:38.0982 0x0d5c  LanmanServer - ok
17:01:39.0013 0x0d5c  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:01:39.0013 0x0d5c  LanmanWorkstation - ok
17:01:39.0091 0x0d5c  [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:01:39.0091 0x0d5c  LightScribeService - ok
17:01:39.0107 0x0d5c  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:01:39.0107 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827
17:01:39.0107 0x0d5c  lltdio ( LockedFile.Multi.Generic ) - warning
17:01:39.0107 0x0d5c  lltdio - detected LockedFile.Multi.Generic (1)
17:01:39.0138 0x0d5c  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:01:39.0153 0x0d5c  lltdsvc - ok
17:01:39.0169 0x0d5c  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:01:39.0169 0x0d5c  lmhosts - ok
17:01:39.0216 0x0d5c  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:01:39.0216 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6
17:01:39.0216 0x0d5c  LSI_FC ( LockedFile.Multi.Generic ) - warning
17:01:39.0216 0x0d5c  LSI_FC - detected LockedFile.Multi.Generic (1)
17:01:39.0231 0x0d5c  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:01:39.0231 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810
17:01:39.0231 0x0d5c  LSI_SAS ( LockedFile.Multi.Generic ) - warning
17:01:39.0231 0x0d5c  LSI_SAS - detected LockedFile.Multi.Generic (1)
17:01:39.0247 0x0d5c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:01:39.0247 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93
17:01:39.0247 0x0d5c  LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
17:01:39.0247 0x0d5c  LSI_SAS2 - detected LockedFile.Multi.Generic (1)
17:01:39.0278 0x0d5c  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:01:39.0278 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A
17:01:39.0278 0x0d5c  LSI_SCSI ( LockedFile.Multi.Generic ) - warning
17:01:39.0278 0x0d5c  LSI_SCSI - detected LockedFile.Multi.Generic (1)
17:01:39.0294 0x0d5c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:01:39.0294 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E
17:01:39.0294 0x0d5c  luafv ( LockedFile.Multi.Generic ) - warning
17:01:39.0294 0x0d5c  luafv - detected LockedFile.Multi.Generic (1)
17:01:39.0341 0x0d5c  [ E7ABE896777D1486B7F0632CBE3B1065 ] Maxtor Sync Services C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
17:01:39.0341 0x0d5c  Maxtor Sync Services - ok
17:01:39.0403 0x0d5c  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:01:39.0403 0x0d5c  MBAMProtector - ok
17:01:39.0450 0x0d5c  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:01:39.0450 0x0d5c  MBAMScheduler - ok
17:01:39.0481 0x0d5c  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:01:39.0497 0x0d5c  MBAMService - ok
17:01:39.0606 0x0d5c  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
17:01:39.0606 0x0d5c  McComponentHostService - ok
17:01:39.0668 0x0d5c  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:01:39.0668 0x0d5c  Mcx2Svc - ok
17:01:39.0715 0x0d5c  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:01:39.0715 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4
17:01:39.0715 0x0d5c  megasas ( LockedFile.Multi.Generic ) - warning
17:01:39.0715 0x0d5c  megasas - detected LockedFile.Multi.Generic (1)
17:01:39.0762 0x0d5c  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:01:39.0762 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3
17:01:39.0762 0x0d5c  MegaSR ( LockedFile.Multi.Generic ) - warning
17:01:39.0762 0x0d5c  MegaSR - detected LockedFile.Multi.Generic (1)
17:01:39.0777 0x0d5c  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:01:39.0793 0x0d5c  MMCSS - ok
17:01:39.0824 0x0d5c  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:01:39.0824 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137
17:01:39.0824 0x0d5c  Modem ( LockedFile.Multi.Generic ) - warning
17:01:39.0824 0x0d5c  Modem - detected LockedFile.Multi.Generic (1)
17:01:39.0824 0x0d5c  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:01:39.0824 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA
17:01:39.0840 0x0d5c  monitor ( LockedFile.Multi.Generic ) - warning
17:01:39.0840 0x0d5c  monitor - detected LockedFile.Multi.Generic (1)
17:01:39.0871 0x0d5c  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:01:39.0871 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99
17:01:39.0871 0x0d5c  mouclass ( LockedFile.Multi.Generic ) - warning
17:01:39.0871 0x0d5c  mouclass - detected LockedFile.Multi.Generic (1)
17:01:39.0918 0x0d5c  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:01:39.0918 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6
17:01:39.0918 0x0d5c  mouhid ( LockedFile.Multi.Generic ) - warning
17:01:39.0918 0x0d5c  mouhid - detected LockedFile.Multi.Generic (1)
17:01:39.0965 0x0d5c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:01:39.0965 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA
17:01:39.0965 0x0d5c  mountmgr ( LockedFile.Multi.Generic ) - warning
17:01:39.0965 0x0d5c  mountmgr - detected LockedFile.Multi.Generic (1)
17:01:40.0011 0x0d5c  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:01:40.0011 0x0d5c  MozillaMaintenance - ok
17:01:40.0027 0x0d5c  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:01:40.0027 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58
17:01:40.0027 0x0d5c  mpio ( LockedFile.Multi.Generic ) - warning
17:01:40.0027 0x0d5c  mpio - detected LockedFile.Multi.Generic (1)
17:01:40.0043 0x0d5c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:01:40.0043 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F
17:01:40.0058 0x0d5c  mpsdrv ( LockedFile.Multi.Generic ) - warning
17:01:40.0058 0x0d5c  mpsdrv - detected LockedFile.Multi.Generic (1)
17:01:40.0089 0x0d5c  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:01:40.0089 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380
17:01:40.0089 0x0d5c  MRxDAV ( LockedFile.Multi.Generic ) - warning
17:01:40.0089 0x0d5c  MRxDAV - detected LockedFile.Multi.Generic (1)
17:01:40.0136 0x0d5c  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:40.0136 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC
17:01:40.0136 0x0d5c  mrxsmb ( LockedFile.Multi.Generic ) - warning
17:01:40.0136 0x0d5c  mrxsmb - detected LockedFile.Multi.Generic (1)
17:01:40.0183 0x0d5c  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:40.0183 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163
17:01:40.0183 0x0d5c  mrxsmb10 ( LockedFile.Multi.Generic ) - warning
17:01:40.0183 0x0d5c  mrxsmb10 - detected LockedFile.Multi.Generic (1)
17:01:40.0230 0x0d5c  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:40.0230 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C
17:01:40.0230 0x0d5c  mrxsmb20 ( LockedFile.Multi.Generic ) - warning
17:01:40.0230 0x0d5c  mrxsmb20 - detected LockedFile.Multi.Generic (1)
17:01:40.0292 0x0d5c  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:01:40.0292 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796
17:01:40.0292 0x0d5c  msahci ( LockedFile.Multi.Generic ) - warning
17:01:40.0292 0x0d5c  msahci - detected LockedFile.Multi.Generic (1)
17:01:40.0355 0x0d5c  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:01:40.0355 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900
17:01:40.0355 0x0d5c  msdsm ( LockedFile.Multi.Generic ) - warning
17:01:40.0355 0x0d5c  msdsm - detected LockedFile.Multi.Generic (1)
17:01:40.0386 0x0d5c  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:01:40.0386 0x0d5c  MSDTC - ok
17:01:40.0433 0x0d5c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:01:40.0433 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96
17:01:40.0433 0x0d5c  Msfs ( LockedFile.Multi.Generic ) - warning
17:01:40.0433 0x0d5c  Msfs - detected LockedFile.Multi.Generic (1)
17:01:40.0448 0x0d5c  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:01:40.0448 0x0d5c  Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326
17:01:40.0448 0x0d5c  mshidkmdf ( LockedFile.Multi.Generic ) - warning
17:01:40.0448 0x0d5c  mshidkmdf - detected LockedFile.Multi.Generic (1)
17:01:40.0479 0x0d5c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:01:40.0479 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D
17:01:40.0479 0x0d5c  msisadrv ( LockedFile.Multi.Generic ) - warning
17:01:40.0479 0x0d5c  msisadrv - detected LockedFile.Multi.Generic (1)
17:01:40.0526 0x0d5c  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:01:40.0526 0x0d5c  MSiSCSI - ok
17:01:40.0542 0x0d5c  msiserver - ok
17:01:40.0557 0x0d5c  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:01:40.0557 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366
17:01:40.0557 0x0d5c  MSKSSRV ( LockedFile.Multi.Generic ) - warning
17:01:40.0557 0x0d5c  MSKSSRV - detected LockedFile.Multi.Generic (1)
17:01:40.0573 0x0d5c  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:40.0573 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3
17:01:40.0573 0x0d5c  MSPCLOCK ( LockedFile.Multi.Generic ) - warning
17:01:40.0573 0x0d5c  MSPCLOCK - detected LockedFile.Multi.Generic (1)
17:01:40.0589 0x0d5c  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:01:40.0589 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0
17:01:40.0589 0x0d5c  MSPQM ( LockedFile.Multi.Generic ) - warning
17:01:40.0589 0x0d5c  MSPQM - detected LockedFile.Multi.Generic (1)
17:01:40.0635 0x0d5c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:01:40.0635 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D
17:01:40.0635 0x0d5c  MsRPC ( LockedFile.Multi.Generic ) - warning
17:01:40.0635 0x0d5c  MsRPC - detected LockedFile.Multi.Generic (1)
17:01:40.0651 0x0d5c  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:01:40.0651 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288
17:01:40.0651 0x0d5c  mssmbios ( LockedFile.Multi.Generic ) - warning
17:01:40.0651 0x0d5c  mssmbios - detected LockedFile.Multi.Generic (1)
17:01:40.0667 0x0d5c  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:01:40.0667 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779
17:01:40.0667 0x0d5c  MSTEE ( LockedFile.Multi.Generic ) - warning
17:01:40.0667 0x0d5c  MSTEE - detected LockedFile.Multi.Generic (1)
17:01:40.0698 0x0d5c  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:01:40.0698 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD
17:01:40.0698 0x0d5c  MTConfig ( LockedFile.Multi.Generic ) - warning
17:01:40.0698 0x0d5c  MTConfig - detected LockedFile.Multi.Generic (1)
17:01:40.0698 0x0d5c  muiqgdgp - ok
17:01:40.0729 0x0d5c  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:01:40.0729 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8
17:01:40.0729 0x0d5c  Mup ( LockedFile.Multi.Generic ) - warning
17:01:40.0729 0x0d5c  Mup - detected LockedFile.Multi.Generic (1)
17:01:40.0776 0x0d5c  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:01:40.0807 0x0d5c  napagent - ok
17:01:40.0838 0x0d5c  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:01:40.0838 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33
17:01:40.0838 0x0d5c  NativeWifiP ( LockedFile.Multi.Generic ) - warning
17:01:40.0838 0x0d5c  NativeWifiP - detected LockedFile.Multi.Generic (1)
17:01:40.0885 0x0d5c  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:01:40.0885 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C
17:01:40.0885 0x0d5c  NDIS ( LockedFile.Multi.Generic ) - warning
17:01:40.0885 0x0d5c  NDIS - detected LockedFile.Multi.Generic (1)
17:01:40.0916 0x0d5c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:01:40.0916 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC
17:01:40.0916 0x0d5c  NdisCap ( LockedFile.Multi.Generic ) - warning
17:01:40.0916 0x0d5c  NdisCap - detected LockedFile.Multi.Generic (1)
17:01:40.0932 0x0d5c  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:40.0932 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5
17:01:40.0932 0x0d5c  NdisTapi ( LockedFile.Multi.Generic ) - warning
17:01:40.0932 0x0d5c  NdisTapi - detected LockedFile.Multi.Generic (1)
17:01:40.0979 0x0d5c  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:40.0979 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356
17:01:40.0979 0x0d5c  Ndisuio ( LockedFile.Multi.Generic ) - warning
17:01:40.0979 0x0d5c  Ndisuio - detected LockedFile.Multi.Generic (1)
17:01:41.0025 0x0d5c  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:41.0025 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11
17:01:41.0025 0x0d5c  NdisWan ( LockedFile.Multi.Generic ) - warning
17:01:41.0025 0x0d5c  NdisWan - detected LockedFile.Multi.Generic (1)
17:01:41.0072 0x0d5c  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:01:41.0072 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879
17:01:41.0072 0x0d5c  NDProxy ( LockedFile.Multi.Generic ) - warning
17:01:41.0072 0x0d5c  NDProxy - detected LockedFile.Multi.Generic (1)
17:01:41.0088 0x0d5c  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:01:41.0088 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4
17:01:41.0088 0x0d5c  NetBIOS ( LockedFile.Multi.Generic ) - warning
17:01:41.0088 0x0d5c  NetBIOS - detected LockedFile.Multi.Generic (1)
17:01:41.0150 0x0d5c  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:01:41.0150 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068
17:01:41.0150 0x0d5c  NetBT ( LockedFile.Multi.Generic ) - warning
17:01:41.0150 0x0d5c  NetBT - detected LockedFile.Multi.Generic (1)
17:01:41.0166 0x0d5c  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:01:41.0166 0x0d5c  Netlogon - ok
17:01:41.0213 0x0d5c  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:01:41.0228 0x0d5c  Netman - ok
17:01:41.0244 0x0d5c  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:01:41.0259 0x0d5c  netprofm - ok
17:01:41.0291 0x0d5c  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:01:41.0291 0x0d5c  NetTcpPortSharing - ok
17:01:41.0447 0x0d5c  [ E72F4522801FFB8F0456924FB0017BFF ] NETw1v64        C:\Windows\system32\DRIVERS\NETw1v64.sys
17:01:41.0447 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NETw1v64.sys. md5: E72F4522801FFB8F0456924FB0017BFF
17:01:41.0462 0x0d5c  NETw1v64 ( LockedFile.Multi.Generic ) - warning
17:01:41.0462 0x0d5c  NETw1v64 - detected LockedFile.Multi.Generic (1)
17:01:41.0649 0x0d5c  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
17:01:41.0649 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NETw5s64.sys. md5: 39EDE676D17F37AF4573C2B33EC28ACA
17:01:41.0665 0x0d5c  NETw5s64 ( LockedFile.Multi.Generic ) - warning
17:01:41.0665 0x0d5c  NETw5s64 - detected LockedFile.Multi.Generic (1)
17:01:41.0821 0x0d5c  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
17:01:41.0821 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netw5v64.sys. md5: 64428DFDAF6E88366CB51F45A79C5F69
17:01:41.0837 0x0d5c  netw5v64 ( LockedFile.Multi.Generic ) - warning
17:01:41.0837 0x0d5c  netw5v64 - detected LockedFile.Multi.Generic (1)
17:01:41.0852 0x0d5c  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:01:41.0852 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92
17:01:41.0852 0x0d5c  nfrd960 ( LockedFile.Multi.Generic ) - warning
17:01:41.0852 0x0d5c  nfrd960 - detected LockedFile.Multi.Generic (1)
17:01:41.0899 0x0d5c  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:01:41.0899 0x0d5c  NlaSvc - ok
17:01:41.0915 0x0d5c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:01:41.0915 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7
17:01:41.0915 0x0d5c  Npfs ( LockedFile.Multi.Generic ) - warning
17:01:41.0915 0x0d5c  Npfs - detected LockedFile.Multi.Generic (1)
17:01:41.0930 0x0d5c  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:01:41.0930 0x0d5c  nsi - ok
17:01:41.0946 0x0d5c  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:01:41.0946 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001
17:01:41.0946 0x0d5c  nsiproxy ( LockedFile.Multi.Generic ) - warning
17:01:41.0946 0x0d5c  nsiproxy - detected LockedFile.Multi.Generic (1)
17:01:42.0024 0x0d5c  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:01:42.0024 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: A2F74975097F52A00745F9637451FDD8
17:01:42.0024 0x0d5c  Ntfs ( LockedFile.Multi.Generic ) - warning
17:01:42.0024 0x0d5c  Ntfs - detected LockedFile.Multi.Generic (1)
17:01:42.0071 0x0d5c  [ 317020D31F1696334679B9D0416EB62E ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
17:01:42.0071 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NuidFltr.sys. md5: 317020D31F1696334679B9D0416EB62E
17:01:42.0071 0x0d5c  NuidFltr ( LockedFile.Multi.Generic ) - warning
17:01:42.0071 0x0d5c  NuidFltr - detected LockedFile.Multi.Generic (1)
17:01:42.0086 0x0d5c  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:01:42.0086 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1
17:01:42.0086 0x0d5c  Null ( LockedFile.Multi.Generic ) - warning
17:01:42.0086 0x0d5c  Null - detected LockedFile.Multi.Generic (1)
17:01:42.0117 0x0d5c  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:01:42.0117 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD
17:01:42.0117 0x0d5c  nvraid ( LockedFile.Multi.Generic ) - warning
17:01:42.0117 0x0d5c  nvraid - detected LockedFile.Multi.Generic (1)
17:01:42.0164 0x0d5c  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:01:42.0164 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A
17:01:42.0164 0x0d5c  nvstor ( LockedFile.Multi.Generic ) - warning
17:01:42.0164 0x0d5c  nvstor - detected LockedFile.Multi.Generic (1)
17:01:42.0211 0x0d5c  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:01:42.0211 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05
17:01:42.0211 0x0d5c  nv_agp ( LockedFile.Multi.Generic ) - warning
17:01:42.0211 0x0d5c  nv_agp - detected LockedFile.Multi.Generic (1)
17:01:42.0258 0x0d5c  [ F79633A8B7DB75CB5FAD53B02985A414 ] NWADI           C:\Windows\system32\DRIVERS\NWADIenum.sys
17:01:42.0258 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NWADIenum.sys. md5: F79633A8B7DB75CB5FAD53B02985A414
17:01:42.0258 0x0d5c  NWADI ( LockedFile.Multi.Generic ) - warning
17:01:42.0258 0x0d5c  NWADI - detected LockedFile.Multi.Generic (1)
17:01:42.0367 0x0d5c  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:01:42.0398 0x0d5c  odserv - ok
17:01:42.0429 0x0d5c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:01:42.0429 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0
17:01:42.0429 0x0d5c  ohci1394 ( LockedFile.Multi.Generic ) - warning
17:01:42.0429 0x0d5c  ohci1394 - detected LockedFile.Multi.Generic (1)
17:01:42.0461 0x0d5c  ohsbledd - ok
17:01:42.0492 0x0d5c  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:01:42.0492 0x0d5c  ose - ok
17:01:42.0539 0x0d5c  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:01:42.0554 0x0d5c  p2pimsvc - ok
17:01:42.0585 0x0d5c  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:01:42.0617 0x0d5c  p2psvc - ok
17:01:42.0648 0x0d5c  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:01:42.0648 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887
17:01:42.0648 0x0d5c  Parport ( LockedFile.Multi.Generic ) - warning
17:01:42.0648 0x0d5c  Parport - detected LockedFile.Multi.Generic (1)
17:01:42.0679 0x0d5c  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:01:42.0679 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C
17:01:42.0679 0x0d5c  partmgr ( LockedFile.Multi.Generic ) - warning
17:01:42.0679 0x0d5c  partmgr - detected LockedFile.Multi.Generic (1)
17:01:42.0695 0x0d5c  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:01:42.0710 0x0d5c  PcaSvc - ok
17:01:42.0757 0x0d5c  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:01:42.0757 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3
17:01:42.0757 0x0d5c  pci ( LockedFile.Multi.Generic ) - warning
17:01:42.0757 0x0d5c  pci - detected LockedFile.Multi.Generic (1)
17:01:42.0773 0x0d5c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:01:42.0773 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA
17:01:42.0773 0x0d5c  pciide ( LockedFile.Multi.Generic ) - warning
17:01:42.0773 0x0d5c  pciide - detected LockedFile.Multi.Generic (1)
17:01:42.0788 0x0d5c  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:01:42.0788 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F
17:01:42.0788 0x0d5c  pcmcia ( LockedFile.Multi.Generic ) - warning
17:01:42.0788 0x0d5c  pcmcia - detected LockedFile.Multi.Generic (1)
17:01:42.0819 0x0d5c  PCTINDIS5X64 - ok
17:01:42.0835 0x0d5c  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:01:42.0835 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603
17:01:42.0835 0x0d5c  pcw ( LockedFile.Multi.Generic ) - warning
17:01:42.0835 0x0d5c  pcw - detected LockedFile.Multi.Generic (1)
17:01:42.0866 0x0d5c  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:01:42.0866 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E
17:01:42.0866 0x0d5c  PEAUTH ( LockedFile.Multi.Generic ) - warning
17:01:42.0866 0x0d5c  PEAUTH - detected LockedFile.Multi.Generic (1)
17:01:42.0913 0x0d5c  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:01:42.0929 0x0d5c  PerfHost - ok
17:01:43.0007 0x0d5c  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:01:43.0053 0x0d5c  pla - ok
17:01:43.0116 0x0d5c  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:01:43.0116 0x0d5c  PlugPlay - ok
17:01:43.0147 0x0d5c  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:01:43.0147 0x0d5c  PNRPAutoReg - ok
17:01:43.0178 0x0d5c  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:01:43.0194 0x0d5c  PNRPsvc - ok
17:01:43.0225 0x0d5c  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
17:01:43.0225 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\point64.sys. md5: 4F0878FD62D5F7444C5F1C4C66D9D293
17:01:43.0225 0x0d5c  Point64 ( LockedFile.Multi.Generic ) - warning
17:01:43.0225 0x0d5c  Point64 - detected LockedFile.Multi.Generic (1)
17:01:43.0241 0x0d5c  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:01:43.0256 0x0d5c  PolicyAgent - ok
17:01:43.0272 0x0d5c  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:01:43.0287 0x0d5c  Power - ok
17:01:43.0319 0x0d5c  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:01:43.0319 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9
17:01:43.0319 0x0d5c  PptpMiniport ( LockedFile.Multi.Generic ) - warning
17:01:43.0319 0x0d5c  PptpMiniport - detected LockedFile.Multi.Generic (1)
17:01:43.0350 0x0d5c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:01:43.0350 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF
17:01:43.0350 0x0d5c  Processor ( LockedFile.Multi.Generic ) - warning
17:01:43.0350 0x0d5c  Processor - detected LockedFile.Multi.Generic (1)
17:01:43.0381 0x0d5c  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:01:43.0381 0x0d5c  ProfSvc - ok
17:01:43.0397 0x0d5c  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:01:43.0397 0x0d5c  ProtectedStorage - ok
17:01:43.0428 0x0d5c  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:01:43.0428 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D
17:01:43.0428 0x0d5c  Psched ( LockedFile.Multi.Generic ) - warning
17:01:43.0428 0x0d5c  Psched - detected LockedFile.Multi.Generic (1)
17:01:43.0490 0x0d5c  [ 07D57B890DD5693A6AB660CBAE8F91B4 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
17:01:43.0490 0x0d5c  PxHlpa64 - ok
17:01:43.0506 0x0d5c  qclcclbm - ok
17:01:43.0568 0x0d5c  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:01:43.0568 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0
17:01:43.0568 0x0d5c  ql2300 ( LockedFile.Multi.Generic ) - warning
17:01:43.0568 0x0d5c  ql2300 - detected LockedFile.Multi.Generic (1)
17:01:43.0599 0x0d5c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:01:43.0599 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8
17:01:43.0599 0x0d5c  ql40xx ( LockedFile.Multi.Generic ) - warning
17:01:43.0599 0x0d5c  ql40xx - detected LockedFile.Multi.Generic (1)
17:01:43.0599 0x0d5c  qtssiide - ok
17:01:43.0631 0x0d5c  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:01:43.0646 0x0d5c  QWAVE - ok
17:01:43.0662 0x0d5c  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:01:43.0662 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C
17:01:43.0662 0x0d5c  QWAVEdrv ( LockedFile.Multi.Generic ) - warning
17:01:43.0662 0x0d5c  QWAVEdrv - detected LockedFile.Multi.Generic (1)
17:01:43.0677 0x0d5c  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:01:43.0677 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704
17:01:43.0677 0x0d5c  RasAcd ( LockedFile.Multi.Generic ) - warning
17:01:43.0677 0x0d5c  RasAcd - detected LockedFile.Multi.Generic (1)
17:01:43.0709 0x0d5c  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:01:43.0709 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90
17:01:43.0709 0x0d5c  RasAgileVpn ( LockedFile.Multi.Generic ) - warning
17:01:43.0709 0x0d5c  RasAgileVpn - detected LockedFile.Multi.Generic (1)
17:01:43.0724 0x0d5c  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:01:43.0724 0x0d5c  RasAuto - ok
17:01:43.0771 0x0d5c  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:43.0771 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA
17:01:43.0771 0x0d5c  Rasl2tp ( LockedFile.Multi.Generic ) - warning
17:01:43.0771 0x0d5c  Rasl2tp - detected LockedFile.Multi.Generic (1)
17:01:43.0787 0x0d5c  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:01:43.0818 0x0d5c  RasMan - ok
17:01:43.0833 0x0d5c  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:43.0833 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25
17:01:43.0833 0x0d5c  RasPppoe ( LockedFile.Multi.Generic ) - warning
17:01:43.0833 0x0d5c  RasPppoe - detected LockedFile.Multi.Generic (1)
17:01:43.0865 0x0d5c  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:01:43.0865 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB
17:01:43.0865 0x0d5c  RasSstp ( LockedFile.Multi.Generic ) - warning
17:01:43.0865 0x0d5c  RasSstp - detected LockedFile.Multi.Generic (1)
17:01:43.0911 0x0d5c  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:01:43.0911 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F
17:01:43.0911 0x0d5c  rdbss ( LockedFile.Multi.Generic ) - warning
17:01:43.0911 0x0d5c  rdbss - detected LockedFile.Multi.Generic (1)
17:01:43.0943 0x0d5c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:01:43.0943 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D
17:01:43.0943 0x0d5c  rdpbus ( LockedFile.Multi.Generic ) - warning
17:01:43.0943 0x0d5c  rdpbus - detected LockedFile.Multi.Generic (1)
17:01:43.0974 0x0d5c  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:43.0974 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24
17:01:43.0974 0x0d5c  RDPCDD ( LockedFile.Multi.Generic ) - warning
17:01:43.0974 0x0d5c  RDPCDD - detected LockedFile.Multi.Generic (1)
17:01:43.0989 0x0d5c  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:01:43.0989 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365
17:01:43.0989 0x0d5c  RDPENCDD ( LockedFile.Multi.Generic ) - warning
17:01:43.0989 0x0d5c  RDPENCDD - detected LockedFile.Multi.Generic (1)
17:01:44.0021 0x0d5c  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:01:44.0021 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A
17:01:44.0021 0x0d5c  RDPREFMP ( LockedFile.Multi.Generic ) - warning
17:01:44.0021 0x0d5c  RDPREFMP - detected LockedFile.Multi.Generic (1)
17:01:44.0052 0x0d5c  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:01:44.0052 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A
17:01:44.0052 0x0d5c  RDPWD ( LockedFile.Multi.Generic ) - warning
17:01:44.0052 0x0d5c  RDPWD - detected LockedFile.Multi.Generic (1)
17:01:44.0099 0x0d5c  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:01:44.0099 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520
17:01:44.0114 0x0d5c  rdyboost ( LockedFile.Multi.Generic ) - warning
17:01:44.0114 0x0d5c  rdyboost - detected LockedFile.Multi.Generic (1)
17:01:44.0177 0x0d5c  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
17:01:44.0177 0x0d5c  RealNetworks Downloader Resolver Service - ok
17:01:44.0223 0x0d5c  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:01:44.0223 0x0d5c  RemoteAccess - ok
17:01:44.0255 0x0d5c  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:01:44.0270 0x0d5c  RemoteRegistry - ok
17:01:44.0301 0x0d5c  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:01:44.0301 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3DD798846E2C28102B922C56E71B7932
17:01:44.0301 0x0d5c  RFCOMM ( LockedFile.Multi.Generic ) - warning
17:01:44.0301 0x0d5c  RFCOMM - detected LockedFile.Multi.Generic (1)
17:01:44.0364 0x0d5c  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:01:44.0364 0x0d5c  RichVideo - ok
17:01:44.0411 0x0d5c  [ 0DE22421179D5A8440B68517DDF2B051 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:01:44.0411 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys. md5: 0DE22421179D5A8440B68517DDF2B051
17:01:44.0411 0x0d5c  RimVSerPort ( LockedFile.Multi.Generic ) - warning
17:01:44.0411 0x0d5c  RimVSerPort - detected LockedFile.Multi.Generic (1)
17:01:44.0442 0x0d5c  rmpvcpxv - ok
17:01:44.0457 0x0d5c  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
17:01:44.0457 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\Drivers\RootMdm.sys. md5: 388D3DD1A6457280F3BADBA9F3ACD6B1
17:01:44.0457 0x0d5c  ROOTMODEM ( LockedFile.Multi.Generic ) - warning
17:01:44.0457 0x0d5c  ROOTMODEM - detected LockedFile.Multi.Generic (1)
17:01:44.0473 0x0d5c  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:01:44.0489 0x0d5c  RpcEptMapper - ok
17:01:44.0504 0x0d5c  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:01:44.0504 0x0d5c  RpcLocator - ok
17:01:44.0551 0x0d5c  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:01:44.0567 0x0d5c  RpcSs - ok
17:01:44.0582 0x0d5c  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:01:44.0582 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF
17:01:44.0598 0x0d5c  rspndr ( LockedFile.Multi.Generic ) - warning
17:01:44.0598 0x0d5c  rspndr - detected LockedFile.Multi.Generic (1)
17:01:44.0598 0x0d5c  RSUSBSTOR - ok
17:01:44.0629 0x0d5c  [ 91296F0B2653281B2F11E0FCE56AA427 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:01:44.0629 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: 91296F0B2653281B2F11E0FCE56AA427
17:01:44.0629 0x0d5c  RTL8167 ( LockedFile.Multi.Generic ) - warning
17:01:44.0629 0x0d5c  RTL8167 - detected LockedFile.Multi.Generic (1)
17:01:44.0629 0x0d5c  RtsUIR - ok
17:01:44.0645 0x0d5c  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:01:44.0645 0x0d5c  SamSs - ok
17:01:44.0691 0x0d5c  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:01:44.0691 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B
17:01:44.0691 0x0d5c  sbp2port ( LockedFile.Multi.Generic ) - warning
17:01:44.0691 0x0d5c  sbp2port - detected LockedFile.Multi.Generic (1)
17:01:44.0723 0x0d5c  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:01:44.0723 0x0d5c  SCardSvr - ok
17:01:44.0785 0x0d5c  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:01:44.0785 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B
17:01:44.0785 0x0d5c  scfilter ( LockedFile.Multi.Generic ) - warning
17:01:44.0785 0x0d5c  scfilter - detected LockedFile.Multi.Generic (1)
17:01:44.0863 0x0d5c  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:01:44.0879 0x0d5c  Schedule - ok
17:01:44.0925 0x0d5c  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:01:44.0925 0x0d5c  SCPolicySvc - ok
17:01:44.0972 0x0d5c  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
17:01:44.0972 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\sdbus.sys. md5: 111E0EBC0AD79CB0FA014B907B231CF0
17:01:44.0972 0x0d5c  sdbus ( LockedFile.Multi.Generic ) - warning
17:01:44.0972 0x0d5c  sdbus - detected LockedFile.Multi.Generic (1)
17:01:45.0019 0x0d5c  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:01:45.0035 0x0d5c  SDRSVC - ok
17:01:45.0050 0x0d5c  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:01:45.0066 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186
17:01:45.0066 0x0d5c  secdrv ( LockedFile.Multi.Generic ) - warning
17:01:45.0066 0x0d5c  secdrv - detected LockedFile.Multi.Generic (1)
17:01:45.0066 0x0d5c  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:01:45.0081 0x0d5c  seclogon - ok
17:01:45.0081 0x0d5c  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:01:45.0097 0x0d5c  SENS - ok
17:01:45.0097 0x0d5c  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:01:45.0113 0x0d5c  SensrSvc - ok
17:01:45.0144 0x0d5c  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:01:45.0144 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B
17:01:45.0144 0x0d5c  Serenum ( LockedFile.Multi.Generic ) - warning
17:01:45.0144 0x0d5c  Serenum - detected LockedFile.Multi.Generic (1)
17:01:45.0159 0x0d5c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:01:45.0159 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6
17:01:45.0159 0x0d5c  Serial ( LockedFile.Multi.Generic ) - warning
17:01:45.0159 0x0d5c  Serial - detected LockedFile.Multi.Generic (1)
17:01:45.0175 0x0d5c  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:01:45.0175 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3
17:01:45.0175 0x0d5c  sermouse ( LockedFile.Multi.Generic ) - warning
17:01:45.0175 0x0d5c  sermouse - detected LockedFile.Multi.Generic (1)
17:01:45.0222 0x0d5c  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:01:45.0237 0x0d5c  SessionEnv - ok
17:01:45.0284 0x0d5c  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:01:45.0284 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF
17:01:45.0284 0x0d5c  sffdisk ( LockedFile.Multi.Generic ) - warning
17:01:45.0284 0x0d5c  sffdisk - detected LockedFile.Multi.Generic (1)
17:01:45.0300 0x0d5c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:01:45.0300 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF
17:01:45.0300 0x0d5c  sffp_mmc ( LockedFile.Multi.Generic ) - warning
17:01:45.0300 0x0d5c  sffp_mmc - detected LockedFile.Multi.Generic (1)
17:01:45.0331 0x0d5c  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:01:45.0331 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C
17:01:45.0331 0x0d5c  sffp_sd ( LockedFile.Multi.Generic ) - warning
17:01:45.0331 0x0d5c  sffp_sd - detected LockedFile.Multi.Generic (1)
17:01:45.0347 0x0d5c  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:01:45.0347 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4
17:01:45.0347 0x0d5c  sfloppy ( LockedFile.Multi.Generic ) - warning
17:01:45.0347 0x0d5c  sfloppy - detected LockedFile.Multi.Generic (1)
17:01:45.0409 0x0d5c  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:01:45.0409 0x0d5c  ShellHWDetection - ok
17:01:45.0440 0x0d5c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:01:45.0440 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1
17:01:45.0440 0x0d5c  SiSRaid2 ( LockedFile.Multi.Generic ) - warning
17:01:45.0440 0x0d5c  SiSRaid2 - detected LockedFile.Multi.Generic (1)
17:01:45.0456 0x0d5c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:01:45.0456 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4
17:01:45.0456 0x0d5c  SiSRaid4 ( LockedFile.Multi.Generic ) - warning
17:01:45.0456 0x0d5c  SiSRaid4 - detected LockedFile.Multi.Generic (1)
17:01:45.0471 0x0d5c  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:01:45.0471 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4
17:01:45.0487 0x0d5c  Smb ( LockedFile.Multi.Generic ) - warning
17:01:45.0487 0x0d5c  Smb - detected LockedFile.Multi.Generic (1)
17:01:45.0518 0x0d5c  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:01:45.0518 0x0d5c  SNMPTRAP - ok
17:01:45.0534 0x0d5c  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:01:45.0534 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9
17:01:45.0534 0x0d5c  spldr ( LockedFile.Multi.Generic ) - warning
17:01:45.0534 0x0d5c  spldr - detected LockedFile.Multi.Generic (1)
17:01:45.0565 0x0d5c  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
17:01:45.0565 0x0d5c  Spooler - ok
17:01:45.0690 0x0d5c  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:01:45.0783 0x0d5c  sppsvc - ok
17:01:45.0799 0x0d5c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:01:45.0799 0x0d5c  sppuinotify - ok
17:01:45.0846 0x0d5c  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:01:45.0846 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B
17:01:45.0846 0x0d5c  srv ( LockedFile.Multi.Generic ) - warning
17:01:45.0846 0x0d5c  srv - detected LockedFile.Multi.Generic (1)
17:01:45.0877 0x0d5c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:01:45.0877 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28
17:01:45.0877 0x0d5c  srv2 ( LockedFile.Multi.Generic ) - warning
17:01:45.0877 0x0d5c  srv2 - detected LockedFile.Multi.Generic (1)
17:01:45.0908 0x0d5c  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:01:45.0908 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VSTAZL6.SYS. md5: 0C4540311E11664B245A263E1154CEF8
17:01:45.0908 0x0d5c  SrvHsfHDA ( LockedFile.Multi.Generic ) - warning
17:01:45.0908 0x0d5c  SrvHsfHDA - detected LockedFile.Multi.Generic (1)
17:01:45.0955 0x0d5c  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:01:45.0955 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VSTDPV6.SYS. md5: 02071D207A9858FBE3A48CBFD59C4A04
17:01:45.0955 0x0d5c  SrvHsfV92 ( LockedFile.Multi.Generic ) - warning
17:01:45.0955 0x0d5c  SrvHsfV92 - detected LockedFile.Multi.Generic (1)
17:01:45.0971 0x0d5c  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:01:45.0971 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VSTCNXT6.SYS. md5: 18E40C245DBFAF36FD0134A7EF2DF396
17:01:45.0971 0x0d5c  SrvHsfWinac ( LockedFile.Multi.Generic ) - warning
17:01:45.0971 0x0d5c  SrvHsfWinac - detected LockedFile.Multi.Generic (1)
17:01:45.0986 0x0d5c  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:01:45.0986 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3
17:01:45.0986 0x0d5c  srvnet ( LockedFile.Multi.Generic ) - warning
17:01:46.0002 0x0d5c  srvnet - detected LockedFile.Multi.Generic (1)
17:01:46.0033 0x0d5c  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:01:46.0033 0x0d5c  SSDPSRV - ok
17:01:46.0033 0x0d5c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:01:46.0049 0x0d5c  SstpSvc - ok
17:01:46.0158 0x0d5c  [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
17:01:46.0158 0x0d5c  STacSV - ok
17:01:46.0189 0x0d5c  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:01:46.0189 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A
17:01:46.0189 0x0d5c  stexstor ( LockedFile.Multi.Generic ) - warning
17:01:46.0189 0x0d5c  stexstor - detected LockedFile.Multi.Generic (1)
17:01:46.0267 0x0d5c  [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
17:01:46.0267 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stwrt64.sys. md5: DFFBC024DFC7BB05B2129E05CBC7A201
17:01:46.0267 0x0d5c  STHDA ( LockedFile.Multi.Generic ) - warning
17:01:46.0267 0x0d5c  STHDA - detected LockedFile.Multi.Generic (1)
17:01:46.0298 0x0d5c  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:01:46.0298 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serscan.sys. md5: DECACB6921DED1A38642642685D77DAC
17:01:46.0298 0x0d5c  StillCam ( LockedFile.Multi.Generic ) - warning
17:01:46.0298 0x0d5c  StillCam - detected LockedFile.Multi.Generic (1)
17:01:46.0361 0x0d5c  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:01:46.0376 0x0d5c  stisvc - ok
17:01:46.0423 0x0d5c  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:01:46.0423 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90
17:01:46.0439 0x0d5c  swenum ( LockedFile.Multi.Generic ) - warning
17:01:46.0439 0x0d5c  swenum - detected LockedFile.Multi.Generic (1)
17:01:46.0485 0x0d5c  [ 7E6FA3AD57467B3AF471C3E1041E350C ] swmsflt         C:\Windows\System32\drivers\swmsflt.sys
17:01:46.0485 0x0d5c  Suspicious file (NoAccess): C:\Windows\System32\drivers\swmsflt.sys. md5: 7E6FA3AD57467B3AF471C3E1041E350C
17:01:46.0485 0x0d5c  swmsflt ( LockedFile.Multi.Generic ) - warning
17:01:46.0485 0x0d5c  swmsflt - detected LockedFile.Multi.Generic (1)
17:01:46.0501 0x0d5c  [ A8E9E76CC2F342F205273702969C84C9 ] swmx00          C:\Windows\system32\DRIVERS\swmx00.sys
17:01:46.0501 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\swmx00.sys. md5: A8E9E76CC2F342F205273702969C84C9
17:01:46.0501 0x0d5c  swmx00 ( LockedFile.Multi.Generic ) - warning
17:01:46.0501 0x0d5c  swmx00 - detected LockedFile.Multi.Generic (1)
17:01:46.0532 0x0d5c  [ B053610BB36D9BD1BFF7102727427600 ] SWNC5E00        C:\Windows\system32\DRIVERS\SWNC5E00.sys
17:01:46.0532 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SWNC5E00.sys. md5: B053610BB36D9BD1BFF7102727427600
17:01:46.0532 0x0d5c  SWNC5E00 ( LockedFile.Multi.Generic ) - warning
17:01:46.0532 0x0d5c  SWNC5E00 - detected LockedFile.Multi.Generic (1)
17:01:46.0563 0x0d5c  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:01:46.0579 0x0d5c  swprv - ok
17:01:46.0626 0x0d5c  [ 3A706A967295E16511E40842B1A2761D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:01:46.0626 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 3A706A967295E16511E40842B1A2761D
17:01:46.0626 0x0d5c  SynTP ( LockedFile.Multi.Generic ) - warning
17:01:46.0626 0x0d5c  SynTP - detected LockedFile.Multi.Generic (1)
17:01:46.0719 0x0d5c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:01:46.0735 0x0d5c  SysMain - ok
17:01:46.0782 0x0d5c  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:01:46.0782 0x0d5c  TabletInputService - ok
17:01:46.0797 0x0d5c  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:01:46.0797 0x0d5c  TapiSrv - ok
17:01:46.0813 0x0d5c  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:01:46.0813 0x0d5c  TBS - ok
17:01:46.0891 0x0d5c  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:01:46.0891 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
17:01:46.0907 0x0d5c  Tcpip ( LockedFile.Multi.Generic ) - warning
17:01:46.0907 0x0d5c  Tcpip - detected LockedFile.Multi.Generic (1)
17:01:46.0938 0x0d5c  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:01:46.0938 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
17:01:46.0953 0x0d5c  TCPIP6 ( LockedFile.Multi.Generic ) - warning
17:01:46.0953 0x0d5c  TCPIP6 - detected LockedFile.Multi.Generic (1)
17:01:46.0985 0x0d5c  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:01:46.0985 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519
17:01:46.0985 0x0d5c  tcpipreg ( LockedFile.Multi.Generic ) - warning
17:01:46.0985 0x0d5c  tcpipreg - detected LockedFile.Multi.Generic (1)
17:01:47.0016 0x0d5c  tcufdteg - ok
17:01:47.0047 0x0d5c  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:01:47.0047 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C
17:01:47.0047 0x0d5c  TDPIPE ( LockedFile.Multi.Generic ) - warning
17:01:47.0047 0x0d5c  TDPIPE - detected LockedFile.Multi.Generic (1)
17:01:47.0078 0x0d5c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:01:47.0078 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
17:01:47.0078 0x0d5c  TDTCP ( LockedFile.Multi.Generic ) - warning
17:01:47.0078 0x0d5c  TDTCP - detected LockedFile.Multi.Generic (1)
17:01:47.0125 0x0d5c  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:01:47.0125 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806
17:01:47.0125 0x0d5c  tdx ( LockedFile.Multi.Generic ) - warning
17:01:47.0125 0x0d5c  tdx - detected LockedFile.Multi.Generic (1)
17:01:47.0172 0x0d5c  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:01:47.0172 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5
17:01:47.0172 0x0d5c  TermDD ( LockedFile.Multi.Generic ) - warning
17:01:47.0172 0x0d5c  TermDD - detected LockedFile.Multi.Generic (1)
17:01:47.0187 0x0d5c  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:01:47.0219 0x0d5c  TermService - ok
17:01:47.0250 0x0d5c  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:01:47.0250 0x0d5c  Themes - ok
17:01:47.0281 0x0d5c  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:01:47.0281 0x0d5c  THREADORDER - ok
17:01:47.0281 0x0d5c  tidmeaes - ok
17:01:47.0312 0x0d5c  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:01:47.0312 0x0d5c  TrkWks - ok
17:01:47.0375 0x0d5c  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:01:47.0390 0x0d5c  TrustedInstaller - ok
17:01:47.0437 0x0d5c  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:01:47.0437 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30
17:01:47.0437 0x0d5c  tssecsrv ( LockedFile.Multi.Generic ) - warning
17:01:47.0437 0x0d5c  tssecsrv - detected LockedFile.Multi.Generic (1)
17:01:47.0499 0x0d5c  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:01:47.0499 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9
17:01:47.0499 0x0d5c  TsUsbFlt ( LockedFile.Multi.Generic ) - warning
17:01:47.0499 0x0d5c  TsUsbFlt - detected LockedFile.Multi.Generic (1)
17:01:47.0546 0x0d5c  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:01:47.0546 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894
17:01:47.0546 0x0d5c  tunnel ( LockedFile.Multi.Generic ) - warning
17:01:47.0546 0x0d5c  tunnel - detected LockedFile.Multi.Generic (1)
17:01:47.0562 0x0d5c  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:01:47.0562 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67
17:01:47.0562 0x0d5c  uagp35 ( LockedFile.Multi.Generic ) - warning
17:01:47.0562 0x0d5c  uagp35 - detected LockedFile.Multi.Generic (1)
17:01:47.0593 0x0d5c  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:01:47.0593 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593
17:01:47.0593 0x0d5c  udfs ( LockedFile.Multi.Generic ) - warning
17:01:47.0593 0x0d5c  udfs - detected LockedFile.Multi.Generic (1)
17:01:47.0609 0x0d5c  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:01:47.0609 0x0d5c  UI0Detect - ok
17:01:47.0655 0x0d5c  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:01:47.0655 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320
17:01:47.0655 0x0d5c  uliagpkx ( LockedFile.Multi.Generic ) - warning
17:01:47.0655 0x0d5c  uliagpkx - detected LockedFile.Multi.Generic (1)
17:01:47.0702 0x0d5c  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:01:47.0702 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561
17:01:47.0702 0x0d5c  umbus ( LockedFile.Multi.Generic ) - warning
17:01:47.0702 0x0d5c  umbus - detected LockedFile.Multi.Generic (1)
17:01:47.0733 0x0d5c  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:01:47.0733 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D
17:01:47.0733 0x0d5c  UmPass ( LockedFile.Multi.Generic ) - warning
17:01:47.0733 0x0d5c  UmPass - detected LockedFile.Multi.Generic (1)
17:01:47.0765 0x0d5c  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:01:47.0780 0x0d5c  upnphost - ok
17:01:47.0811 0x0d5c  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:01:47.0811 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C
17:01:47.0811 0x0d5c  usbccgp ( LockedFile.Multi.Generic ) - warning
17:01:47.0811 0x0d5c  usbccgp - detected LockedFile.Multi.Generic (1)
17:01:47.0827 0x0d5c  USBCCID - ok
17:01:47.0874 0x0d5c  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:01:47.0874 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
17:01:47.0874 0x0d5c  usbcir ( LockedFile.Multi.Generic ) - warning
17:01:47.0874 0x0d5c  usbcir - detected LockedFile.Multi.Generic (1)
17:01:47.0936 0x0d5c  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:01:47.0936 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B
17:01:47.0952 0x0d5c  usbehci ( LockedFile.Multi.Generic ) - warning
17:01:47.0952 0x0d5c  usbehci - detected LockedFile.Multi.Generic (1)
17:01:47.0983 0x0d5c  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:01:47.0983 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24
17:01:47.0983 0x0d5c  usbhub ( LockedFile.Multi.Generic ) - warning
17:01:47.0983 0x0d5c  usbhub - detected LockedFile.Multi.Generic (1)
17:01:48.0014 0x0d5c  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:01:48.0014 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31
17:01:48.0014 0x0d5c  usbohci ( LockedFile.Multi.Generic ) - warning
17:01:48.0014 0x0d5c  usbohci - detected LockedFile.Multi.Generic (1)
17:01:48.0045 0x0d5c  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:01:48.0045 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
17:01:48.0045 0x0d5c  usbprint ( LockedFile.Multi.Generic ) - warning
17:01:48.0045 0x0d5c  usbprint - detected LockedFile.Multi.Generic (1)
17:01:48.0077 0x0d5c  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:01:48.0077 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0
17:01:48.0077 0x0d5c  usbscan ( LockedFile.Multi.Generic ) - warning
17:01:48.0077 0x0d5c  usbscan - detected LockedFile.Multi.Generic (1)
17:01:48.0092 0x0d5c  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:01:48.0092 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6
17:01:48.0092 0x0d5c  USBSTOR ( LockedFile.Multi.Generic ) - warning
17:01:48.0092 0x0d5c  USBSTOR - detected LockedFile.Multi.Generic (1)
17:01:48.0108 0x0d5c  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:01:48.0108 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD
17:01:48.0108 0x0d5c  usbuhci ( LockedFile.Multi.Generic ) - warning
17:01:48.0108 0x0d5c  usbuhci - detected LockedFile.Multi.Generic (1)
17:01:48.0139 0x0d5c  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:01:48.0139 0x0d5c  Suspicious file (NoAccess): C:\Windows\System32\Drivers\usbvideo.sys. md5: 454800C2BC7F3927CE030141EE4F4C50
17:01:48.0139 0x0d5c  usbvideo ( LockedFile.Multi.Generic ) - warning
17:01:48.0139 0x0d5c  usbvideo - detected LockedFile.Multi.Generic (1)
17:01:48.0170 0x0d5c  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:01:48.0170 0x0d5c  UxSms - ok
17:01:48.0186 0x0d5c  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:01:48.0186 0x0d5c  VaultSvc - ok
17:01:48.0217 0x0d5c  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:01:48.0217 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
17:01:48.0217 0x0d5c  vdrvroot ( LockedFile.Multi.Generic ) - warning
17:01:48.0217 0x0d5c  vdrvroot - detected LockedFile.Multi.Generic (1)
17:01:48.0264 0x0d5c  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:01:48.0279 0x0d5c  vds - ok
17:01:48.0311 0x0d5c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:01:48.0311 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
17:01:48.0311 0x0d5c  vga ( LockedFile.Multi.Generic ) - warning
17:01:48.0311 0x0d5c  vga - detected LockedFile.Multi.Generic (1)
17:01:48.0326 0x0d5c  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:01:48.0326 0x0d5c  Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
17:01:48.0326 0x0d5c  VgaSave ( LockedFile.Multi.Generic ) - warning
17:01:48.0326 0x0d5c  VgaSave - detected LockedFile.Multi.Generic (1)
17:01:48.0357 0x0d5c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:01:48.0357 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
17:01:48.0357 0x0d5c  vhdmp ( LockedFile.Multi.Generic ) - warning
17:01:48.0357 0x0d5c  vhdmp - detected LockedFile.Multi.Generic (1)
17:01:48.0357 0x0d5c  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:01:48.0357 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
17:01:48.0373 0x0d5c  viaide ( LockedFile.Multi.Generic ) - warning
17:01:48.0373 0x0d5c  viaide - detected LockedFile.Multi.Generic (1)
17:01:48.0389 0x0d5c  [ A96AFA32F73C065B9AE9D1554CDD00FC ] VNA             C:\Windows\system32\DRIVERS\vna.sys
17:01:48.0404 0x0d5c  VNA - ok
17:01:48.0420 0x0d5c  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:01:48.0420 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
17:01:48.0420 0x0d5c  volmgr ( LockedFile.Multi.Generic ) - warning
17:01:48.0420 0x0d5c  volmgr - detected LockedFile.Multi.Generic (1)
17:01:48.0467 0x0d5c  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:01:48.0467 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
17:01:48.0467 0x0d5c  volmgrx ( LockedFile.Multi.Generic ) - warning
17:01:48.0467 0x0d5c  volmgrx - detected LockedFile.Multi.Generic (1)
17:01:48.0467 0x0d5c  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:01:48.0482 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
17:01:48.0482 0x0d5c  volsnap ( LockedFile.Multi.Generic ) - warning
17:01:48.0482 0x0d5c  volsnap - detected LockedFile.Multi.Generic (1)
17:01:48.0498 0x0d5c  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:01:48.0498 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
17:01:48.0498 0x0d5c  vsmraid ( LockedFile.Multi.Generic ) - warning
17:01:48.0498 0x0d5c  vsmraid - detected LockedFile.Multi.Generic (1)
17:01:48.0576 0x0d5c  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:01:48.0638 0x0d5c  VSS - ok
17:01:48.0669 0x0d5c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:01:48.0669 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
17:01:48.0669 0x0d5c  vwifibus ( LockedFile.Multi.Generic ) - warning
17:01:48.0669 0x0d5c  vwifibus - detected LockedFile.Multi.Generic (1)
17:01:48.0701 0x0d5c  [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:01:48.0701 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F
17:01:48.0701 0x0d5c  VWiFiFlt ( LockedFile.Multi.Generic ) - warning
17:01:48.0701 0x0d5c  VWiFiFlt - detected LockedFile.Multi.Generic (1)
17:01:48.0716 0x0d5c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:01:48.0716 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01
17:01:48.0716 0x0d5c  vwifimp ( LockedFile.Multi.Generic ) - warning
17:01:48.0716 0x0d5c  vwifimp - detected LockedFile.Multi.Generic (1)
17:01:48.0763 0x0d5c  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:01:48.0779 0x0d5c  W32Time - ok
17:01:48.0794 0x0d5c  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:01:48.0794 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
17:01:48.0794 0x0d5c  WacomPen ( LockedFile.Multi.Generic ) - warning
17:01:48.0794 0x0d5c  WacomPen - detected LockedFile.Multi.Generic (1)
17:01:48.0872 0x0d5c  [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater    C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
17:01:48.0872 0x0d5c  WajamUpdater - ok
17:01:48.0919 0x0d5c  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:01:48.0919 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
17:01:48.0919 0x0d5c  WANARP ( LockedFile.Multi.Generic ) - warning
17:01:48.0919 0x0d5c  WANARP - detected LockedFile.Multi.Generic (1)
17:01:48.0950 0x0d5c  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:01:48.0950 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
17:01:48.0950 0x0d5c  Wanarpv6 ( LockedFile.Multi.Generic ) - warning
17:01:48.0950 0x0d5c  Wanarpv6 - detected LockedFile.Multi.Generic (1)
17:01:49.0169 0x0d5c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:01:49.0215 0x0d5c  WatAdminSvc - ok
17:01:49.0356 0x0d5c  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:01:49.0403 0x0d5c  wbengine - ok
17:01:49.0434 0x0d5c  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:01:49.0434 0x0d5c  WbioSrvc - ok
17:01:49.0496 0x0d5c  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:01:49.0512 0x0d5c  wcncsvc - ok
17:01:49.0543 0x0d5c  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:01:49.0543 0x0d5c  WcsPlugInService - ok
17:01:49.0574 0x0d5c  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:01:49.0574 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
17:01:49.0574 0x0d5c  Wd ( LockedFile.Multi.Generic ) - warning
17:01:49.0574 0x0d5c  Wd - detected LockedFile.Multi.Generic (1)
17:01:49.0668 0x0d5c  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:01:49.0668 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
17:01:49.0668 0x0d5c  Wdf01000 ( LockedFile.Multi.Generic ) - warning
17:01:49.0668 0x0d5c  Wdf01000 - detected LockedFile.Multi.Generic (1)
17:01:49.0699 0x0d5c  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:01:49.0699 0x0d5c  WdiServiceHost - ok
17:01:49.0715 0x0d5c  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:01:49.0715 0x0d5c  WdiSystemHost - ok
17:01:49.0777 0x0d5c  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:01:49.0808 0x0d5c  WebClient - ok
17:01:49.0839 0x0d5c  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:01:49.0855 0x0d5c  Wecsvc - ok
17:01:49.0871 0x0d5c  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:01:49.0886 0x0d5c  wercplsupport - ok
17:01:49.0917 0x0d5c  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:01:49.0917 0x0d5c  WerSvc - ok
17:01:49.0949 0x0d5c  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:01:49.0949 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
17:01:49.0949 0x0d5c  WfpLwf ( LockedFile.Multi.Generic ) - warning
17:01:49.0949 0x0d5c  WfpLwf - detected LockedFile.Multi.Generic (1)
17:01:49.0980 0x0d5c  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:01:49.0980 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
17:01:49.0980 0x0d5c  WIMMount ( LockedFile.Multi.Generic ) - warning
17:01:49.0980 0x0d5c  WIMMount - detected LockedFile.Multi.Generic (1)
17:01:49.0980 0x0d5c  WinHttpAutoProxySvc - ok
17:01:50.0167 0x0d5c  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:01:50.0167 0x0d5c  Winmgmt - ok
17:01:50.0323 0x0d5c  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:01:50.0385 0x0d5c  WinRM - ok
17:01:50.0541 0x0d5c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:01:50.0557 0x0d5c  Wlansvc - ok
17:01:50.0666 0x0d5c  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:01:50.0666 0x0d5c  wlcrasvc - ok
17:01:50.0838 0x0d5c  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:01:50.0869 0x0d5c  wlidsvc - ok
17:01:50.0931 0x0d5c  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:01:50.0931 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
17:01:50.0931 0x0d5c  WmiAcpi ( LockedFile.Multi.Generic ) - warning
17:01:50.0931 0x0d5c  WmiAcpi - detected LockedFile.Multi.Generic (1)
17:01:50.0994 0x0d5c  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:01:50.0994 0x0d5c  wmiApSrv - ok
17:01:51.0009 0x0d5c  WMPNetworkSvc - ok
17:01:51.0041 0x0d5c  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:01:51.0041 0x0d5c  WPCSvc - ok
17:01:51.0087 0x0d5c  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:01:51.0103 0x0d5c  WPDBusEnum - ok
17:01:51.0103 0x0d5c  wplbcnkd - ok
17:01:51.0150 0x0d5c  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:01:51.0150 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
17:01:51.0150 0x0d5c  ws2ifsl ( LockedFile.Multi.Generic ) - warning
17:01:51.0150 0x0d5c  ws2ifsl - detected LockedFile.Multi.Generic (1)
17:01:51.0150 0x0d5c  WSearch - ok
17:01:51.0228 0x0d5c  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:01:51.0306 0x0d5c  wuauserv - ok
17:01:51.0321 0x0d5c  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:01:51.0321 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C
17:01:51.0321 0x0d5c  WudfPf ( LockedFile.Multi.Generic ) - warning
17:01:51.0321 0x0d5c  WudfPf - detected LockedFile.Multi.Generic (1)
17:01:51.0384 0x0d5c  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:01:51.0384 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682
17:01:51.0384 0x0d5c  WUDFRd ( LockedFile.Multi.Generic ) - warning
17:01:51.0384 0x0d5c  WUDFRd - detected LockedFile.Multi.Generic (1)
17:01:51.0415 0x0d5c  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:01:51.0415 0x0d5c  wudfsvc - ok
17:01:51.0446 0x0d5c  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:01:51.0446 0x0d5c  WwanSvc - ok
17:01:51.0446 0x0d5c  ylubgdvo - ok
17:01:51.0477 0x0d5c  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
17:01:51.0477 0x0d5c  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\yk62x64.sys. md5: B3EEACF62445E24FBB2CD4B0FB4DB026
17:01:51.0477 0x0d5c  yukonw7 ( LockedFile.Multi.Generic ) - warning
17:01:51.0477 0x0d5c  yukonw7 - detected LockedFile.Multi.Generic (1)
17:01:51.0493 0x0d5c  yuvtthml - ok
17:01:51.0555 0x0d5c  ================ Scan global ===============================
17:01:51.0571 0x0d5c  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:01:51.0618 0x0d5c  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:01:51.0633 0x0d5c  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:01:51.0665 0x0d5c  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:01:51.0711 0x0d5c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:01:51.0711 0x0d5c  [Global] - ok
17:01:51.0711 0x0d5c  ================ Scan MBR ==================================
17:01:51.0727 0x0d5c  [ E8C325877BBA86BD83929B8B5C0E0E4E ] \Device\Harddisk0\DR0
17:01:52.0008 0x0d5c  \Device\Harddisk0\DR0 - ok
17:01:52.0023 0x0d5c  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
17:01:52.0023 0x0d5c  \Device\Harddisk1\DR1 - ok
17:01:52.0039 0x0d5c  ================ Scan VBR ==================================
17:01:52.0039 0x0d5c  [ EC2E9BB8295CF5E15DD6708799250715 ] \Device\Harddisk0\DR0\Partition1
17:01:52.0039 0x0d5c  \Device\Harddisk0\DR0\Partition1 - ok
17:01:52.0055 0x0d5c  [ CD68B896137127AB8E51A1728ABB6F43 ] \Device\Harddisk0\DR0\Partition2
17:01:52.0055 0x0d5c  \Device\Harddisk0\DR0\Partition2 - ok
17:01:52.0070 0x0d5c  [ 213E05B7319BFDEEE85035611AD34963 ] \Device\Harddisk0\DR0\Partition3
17:01:52.0086 0x0d5c  \Device\Harddisk0\DR0\Partition3 - ok
17:01:52.0086 0x0d5c  [ 2A9F3607837EBD05A0DACBC1658DE2FB ] \Device\Harddisk1\DR1\Partition1
17:01:52.0086 0x0d5c  \Device\Harddisk1\DR1\Partition1 - ok
17:01:52.0086 0x0d5c  ============================================================
17:01:52.0086 0x0d5c  Scan finished
17:01:52.0086 0x0d5c  ============================================================
17:01:52.0101 0x09c4  Detected object count: 243
17:01:52.0101 0x09c4  Actual detected object count: 243
17:07:46.0690 0x09c4  C:\Windows\System32\Drivers\2086ff6c7ae7d629.sys - copied to quarantine
17:07:46.0706 0x09c4  HKLM\SYSTEM\ControlSet001\services\2086ff6c7ae7d629 - will be deleted on reboot
17:07:46.0721 0x09c4  HKLM\SYSTEM\ControlSet002\services\2086ff6c7ae7d629 - will be deleted on reboot
17:07:46.0877 0x09c4  C:\Windows\System32\Drivers\2086ff6c7ae7d629.sys - will be deleted on reboot
17:07:46.0877 0x09c4  2086ff6c7ae7d629 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
17:07:46.0893 0x09c4  blbdrive ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0893 0x09c4  blbdrive ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0893 0x09c4  bowser ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0893 0x09c4  bowser ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0893 0x09c4  BrFiltLo ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0893 0x09c4  BrFiltLo ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0908 0x09c4  BrFiltUp ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0908 0x09c4  BrFiltUp ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0908 0x09c4  Brserid ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0908 0x09c4  Brserid ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0908 0x09c4  BthEnum ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0908 0x09c4  BthEnum ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0908 0x09c4  BTHMODEM ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0908 0x09c4  BTHMODEM ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0924 0x09c4  BthPan ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0924 0x09c4  BthPan ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0924 0x09c4  BTHPORT ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0924 0x09c4  BTHPORT ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0924 0x09c4  BTHUSB ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0924 0x09c4  BTHUSB ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0924 0x09c4  BVRPMPR5a64 ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0924 0x09c4  BVRPMPR5a64 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0924 0x09c4  cdfs ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0924 0x09c4  cdfs ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0924 0x09c4  cdrom ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0924 0x09c4  cdrom ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0924 0x09c4  circlass ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0924 0x09c4  circlass ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0924 0x09c4  CLFS ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0924 0x09c4  CLFS ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0940 0x09c4  CmBatt ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0940 0x09c4  CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0940 0x09c4  cmdide ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0940 0x09c4  cmdide ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0940 0x09c4  CNG ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0940 0x09c4  CNG ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0940 0x09c4  Compbatt ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0940 0x09c4  Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0940 0x09c4  CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0940 0x09c4  CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0940 0x09c4  crcdisk ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0940 0x09c4  crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0940 0x09c4  dc3d ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0940 0x09c4  dc3d ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0940 0x09c4  DfsC ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0940 0x09c4  DfsC ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0955 0x09c4  discache ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0955 0x09c4  discache ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0955 0x09c4  Disk ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0955 0x09c4  Disk ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0955 0x09c4  drmkaud ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0955 0x09c4  drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0955 0x09c4  DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0955 0x09c4  DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0955 0x09c4  ebdrv ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0955 0x09c4  ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0955 0x09c4  elxstor ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0955 0x09c4  elxstor ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0955 0x09c4  enecir ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0955 0x09c4  enecir ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0955 0x09c4  ErrDev ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0955 0x09c4  ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0971 0x09c4  ewusbnet ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0971 0x09c4  ewusbnet ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0971 0x09c4  exfat ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0971 0x09c4  exfat ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0971 0x09c4  fastfat ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0971 0x09c4  fastfat ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0971 0x09c4  fdc ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0971 0x09c4  fdc ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0971 0x09c4  FileInfo ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0971 0x09c4  FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0971 0x09c4  Filetrace ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0971 0x09c4  Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0971 0x09c4  flpydisk ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0971 0x09c4  flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0971 0x09c4  FltMgr ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0971 0x09c4  FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0986 0x09c4  FsDepends ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0986 0x09c4  FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0986 0x09c4  fssfltr ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0986 0x09c4  fssfltr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0986 0x09c4  Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0986 0x09c4  Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0986 0x09c4  fvevol ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0986 0x09c4  fvevol ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0986 0x09c4  gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0986 0x09c4  gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0986 0x09c4  hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0986 0x09c4  hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0986 0x09c4  HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0986 0x09c4  HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:46.0986 0x09c4  HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
17:07:46.0986 0x09c4  HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0002 0x09c4  HidBatt ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0002 0x09c4  HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0002 0x09c4  HidBth ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0002 0x09c4  HidBth ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0002 0x09c4  HidIr ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0002 0x09c4  HidIr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0002 0x09c4  HidUsb ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0002 0x09c4  HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0002 0x09c4  hpdskflt ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0002 0x09c4  hpdskflt ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0002 0x09c4  HpqKbFiltr ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0002 0x09c4  HpqKbFiltr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0002 0x09c4  HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0002 0x09c4  HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0018 0x09c4  HTTP ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0018 0x09c4  HTTP ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0018 0x09c4  hwdatacard ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0018 0x09c4  hwdatacard ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0018 0x09c4  hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0018 0x09c4  hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0018 0x09c4  hwusbdev ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0018 0x09c4  hwusbdev ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0018 0x09c4  i8042prt ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0018 0x09c4  i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0018 0x09c4  iaStor ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0018 0x09c4  iaStor ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0018 0x09c4  iaStorV ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0018 0x09c4  iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0018 0x09c4  igfx ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0018 0x09c4  igfx ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0033 0x09c4  iirsp ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0033 0x09c4  iirsp ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0033 0x09c4  IntcHdmiAddService ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0033 0x09c4  IntcHdmiAddService ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0033 0x09c4  intelide ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0033 0x09c4  intelide ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0033 0x09c4  intelppm ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0033 0x09c4  intelppm ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0033 0x09c4  IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0033 0x09c4  IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0033 0x09c4  IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0033 0x09c4  IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0033 0x09c4  IPNAT ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0033 0x09c4  IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0033 0x09c4  IRENUM ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0033 0x09c4  IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0049 0x09c4  isapnp ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0049 0x09c4  isapnp ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0049 0x09c4  iscFlash ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0049 0x09c4  iscFlash ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0049 0x09c4  iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0049 0x09c4  iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0049 0x09c4  kbdclass ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0049 0x09c4  kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0049 0x09c4  kbdhid ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0049 0x09c4  kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0049 0x09c4  KSecDD ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0049 0x09c4  KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0049 0x09c4  KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0049 0x09c4  KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0049 0x09c4  ksthunk ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0049 0x09c4  ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0064 0x09c4  lltdio ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0064 0x09c4  lltdio ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0064 0x09c4  LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0064 0x09c4  LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0064 0x09c4  LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0064 0x09c4  LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0064 0x09c4  LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0064 0x09c4  LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0064 0x09c4  LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0064 0x09c4  LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0064 0x09c4  luafv ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0064 0x09c4  luafv ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0064 0x09c4  megasas ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0064 0x09c4  megasas ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0064 0x09c4  MegaSR ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0064 0x09c4  MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0080 0x09c4  Modem ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0080 0x09c4  Modem ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0080 0x09c4  monitor ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0080 0x09c4  monitor ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0080 0x09c4  mouclass ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0080 0x09c4  mouclass ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0080 0x09c4  mouhid ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0080 0x09c4  mouhid ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0080 0x09c4  mountmgr ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0080 0x09c4  mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0080 0x09c4  mpio ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0080 0x09c4  mpio ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0080 0x09c4  mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0080 0x09c4  mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0080 0x09c4  MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0080 0x09c4  MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0096 0x09c4  mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0096 0x09c4  mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0096 0x09c4  mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0096 0x09c4  mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0096 0x09c4  mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0096 0x09c4  mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0096 0x09c4  msahci ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0096 0x09c4  msahci ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0096 0x09c4  msdsm ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0096 0x09c4  msdsm ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0096 0x09c4  Msfs ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0096 0x09c4  Msfs ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0096 0x09c4  mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0096 0x09c4  mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0096 0x09c4  msisadrv ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0096 0x09c4  msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0111 0x09c4  MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0111 0x09c4  MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0111 0x09c4  MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0111 0x09c4  MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0111 0x09c4  MSPQM ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0111 0x09c4  MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0111 0x09c4  MsRPC ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0111 0x09c4  MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0111 0x09c4  mssmbios ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0111 0x09c4  mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0111 0x09c4  MSTEE ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0111 0x09c4  MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0111 0x09c4  MTConfig ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0111 0x09c4  MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0111 0x09c4  Mup ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0111 0x09c4  Mup ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0111 0x09c4  NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0111 0x09c4  NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0127 0x09c4  NDIS ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0127 0x09c4  NDIS ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0127 0x09c4  NdisCap ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0127 0x09c4  NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0127 0x09c4  NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0127 0x09c4  NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0127 0x09c4  Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0127 0x09c4  Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0127 0x09c4  NdisWan ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0127 0x09c4  NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0127 0x09c4  NDProxy ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0127 0x09c4  NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0127 0x09c4  NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0127 0x09c4  NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0127 0x09c4  NetBT ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0127 0x09c4  NetBT ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0142 0x09c4  NETw1v64 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0142 0x09c4  NETw1v64 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0142 0x09c4  NETw5s64 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0142 0x09c4  NETw5s64 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0142 0x09c4  netw5v64 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0142 0x09c4  netw5v64 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0142 0x09c4  nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0142 0x09c4  nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0142 0x09c4  Npfs ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0142 0x09c4  Npfs ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0142 0x09c4  nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0142 0x09c4  nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0142 0x09c4  Ntfs ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0142 0x09c4  Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0142 0x09c4  NuidFltr ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0142 0x09c4  NuidFltr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0158 0x09c4  Null ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0158 0x09c4  Null ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0158 0x09c4  nvraid ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0158 0x09c4  nvraid ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0158 0x09c4  nvstor ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0158 0x09c4  nvstor ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0158 0x09c4  nv_agp ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0158 0x09c4  nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0158 0x09c4  NWADI ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0158 0x09c4  NWADI ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0158 0x09c4  ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0158 0x09c4  ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0158 0x09c4  Parport ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0158 0x09c4  Parport ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0158 0x09c4  partmgr ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0158 0x09c4  partmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0174 0x09c4  pci ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0174 0x09c4  pci ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0174 0x09c4  pciide ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0174 0x09c4  pciide ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0174 0x09c4  pcmcia ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0174 0x09c4  pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0174 0x09c4  pcw ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0174 0x09c4  pcw ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0174 0x09c4  PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0174 0x09c4  PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0174 0x09c4  Point64 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0174 0x09c4  Point64 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0174 0x09c4  PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0174 0x09c4  PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0189 0x09c4  Processor ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0189 0x09c4  Processor ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0189 0x09c4  Psched ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0189 0x09c4  Psched ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0189 0x09c4  ql2300 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0189 0x09c4  ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0189 0x09c4  ql40xx ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0189 0x09c4  ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0189 0x09c4  QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0189 0x09c4  QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0189 0x09c4  RasAcd ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0189 0x09c4  RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0189 0x09c4  RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0189 0x09c4  RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0189 0x09c4  Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0189 0x09c4  Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0205 0x09c4  RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0205 0x09c4  RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0205 0x09c4  RasSstp ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0205 0x09c4  RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0205 0x09c4  rdbss ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0205 0x09c4  rdbss ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0205 0x09c4  rdpbus ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0205 0x09c4  rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0205 0x09c4  RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0205 0x09c4  RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0205 0x09c4  RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0205 0x09c4  RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0205 0x09c4  RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0205 0x09c4  RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0205 0x09c4  RDPWD ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0205 0x09c4  RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0220 0x09c4  rdyboost ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0220 0x09c4  rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0220 0x09c4  RFCOMM ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0220 0x09c4  RFCOMM ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0220 0x09c4  RimVSerPort ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0220 0x09c4  RimVSerPort ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0220 0x09c4  ROOTMODEM ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0220 0x09c4  ROOTMODEM ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0220 0x09c4  rspndr ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0220 0x09c4  rspndr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0220 0x09c4  RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0220 0x09c4  RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0220 0x09c4  sbp2port ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0220 0x09c4  sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0220 0x09c4  scfilter ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0220 0x09c4  scfilter ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0236 0x09c4  sdbus ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0236 0x09c4  sdbus ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0236 0x09c4  secdrv ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0236 0x09c4  secdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0236 0x09c4  Serenum ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0236 0x09c4  Serenum ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0236 0x09c4  Serial ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0236 0x09c4  Serial ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0236 0x09c4  sermouse ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0236 0x09c4  sermouse ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0236 0x09c4  sffdisk ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0236 0x09c4  sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0236 0x09c4  sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0236 0x09c4  sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0236 0x09c4  sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0236 0x09c4  sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0252 0x09c4  sfloppy ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0252 0x09c4  sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0252 0x09c4  SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0252 0x09c4  SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0252 0x09c4  SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0252 0x09c4  SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0252 0x09c4  Smb ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0252 0x09c4  Smb ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0252 0x09c4  spldr ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0252 0x09c4  spldr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0252 0x09c4  srv ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0252 0x09c4  srv ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0252 0x09c4  srv2 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0252 0x09c4  srv2 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0252 0x09c4  SrvHsfHDA ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0252 0x09c4  SrvHsfHDA ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0267 0x09c4  SrvHsfV92 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0267 0x09c4  SrvHsfV92 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0267 0x09c4  SrvHsfWinac ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0267 0x09c4  SrvHsfWinac ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0267 0x09c4  srvnet ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0267 0x09c4  srvnet ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0267 0x09c4  stexstor ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0267 0x09c4  stexstor ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0267 0x09c4  STHDA ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0267 0x09c4  STHDA ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0267 0x09c4  StillCam ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0267 0x09c4  StillCam ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0267 0x09c4  swenum ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0267 0x09c4  swenum ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0267 0x09c4  swmsflt ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0267 0x09c4  swmsflt ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0283 0x09c4  swmx00 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0283 0x09c4  swmx00 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0283 0x09c4  SWNC5E00 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0283 0x09c4  SWNC5E00 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0283 0x09c4  SynTP ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0283 0x09c4  SynTP ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0283 0x09c4  Tcpip ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0283 0x09c4  Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0283 0x09c4  TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0283 0x09c4  TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0283 0x09c4  tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0283 0x09c4  tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0283 0x09c4  TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0283 0x09c4  TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0283 0x09c4  TDTCP ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0283 0x09c4  TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0298 0x09c4  tdx ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0298 0x09c4  tdx ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0298 0x09c4  TermDD ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0298 0x09c4  TermDD ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0298 0x09c4  tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0298 0x09c4  tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0298 0x09c4  TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0298 0x09c4  TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0298 0x09c4  tunnel ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0298 0x09c4  tunnel ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0298 0x09c4  uagp35 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0298 0x09c4  uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0298 0x09c4  udfs ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0298 0x09c4  udfs ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0298 0x09c4  uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0298 0x09c4  uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0314 0x09c4  umbus ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0314 0x09c4  umbus ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0314 0x09c4  UmPass ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0314 0x09c4  UmPass ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0314 0x09c4  usbccgp ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0314 0x09c4  usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0314 0x09c4  usbcir ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0314 0x09c4  usbcir ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0314 0x09c4  usbehci ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0314 0x09c4  usbehci ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0314 0x09c4  usbhub ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0314 0x09c4  usbhub ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0314 0x09c4  usbohci ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0314 0x09c4  usbohci ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0314 0x09c4  usbprint ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0314 0x09c4  usbprint ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0330 0x09c4  usbscan ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0330 0x09c4  usbscan ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0330 0x09c4  USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0330 0x09c4  USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0330 0x09c4  usbuhci ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0330 0x09c4  usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0330 0x09c4  usbvideo ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0330 0x09c4  usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0330 0x09c4  vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0330 0x09c4  vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0330 0x09c4  vga ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0330 0x09c4  vga ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0330 0x09c4  VgaSave ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0330 0x09c4  VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0345 0x09c4  vhdmp ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0345 0x09c4  vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0345 0x09c4  viaide ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0345 0x09c4  viaide ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0345 0x09c4  volmgr ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0345 0x09c4  volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0345 0x09c4  volmgrx ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0345 0x09c4  volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0345 0x09c4  volsnap ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0345 0x09c4  volsnap ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0345 0x09c4  vsmraid ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0345 0x09c4  vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0345 0x09c4  vwifibus ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0345 0x09c4  vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0345 0x09c4  VWiFiFlt ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0345 0x09c4  VWiFiFlt ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0361 0x09c4  vwifimp ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0361 0x09c4  vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0361 0x09c4  WacomPen ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0361 0x09c4  WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0361 0x09c4  WANARP ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0361 0x09c4  WANARP ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0361 0x09c4  Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0361 0x09c4  Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0361 0x09c4  Wd ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0361 0x09c4  Wd ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0361 0x09c4  Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0361 0x09c4  Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0361 0x09c4  WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0361 0x09c4  WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0361 0x09c4  WIMMount ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0361 0x09c4  WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0376 0x09c4  WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0376 0x09c4  WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0376 0x09c4  ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0376 0x09c4  ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0376 0x09c4  WudfPf ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0376 0x09c4  WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0376 0x09c4  WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0376 0x09c4  WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:47.0376 0x09c4  yukonw7 ( LockedFile.Multi.Generic ) - skipped by user
17:07:47.0376 0x09c4  yukonw7 ( LockedFile.Multi.Generic ) - User select action: Skip 
17:07:59.0342 0x0b68  Deinitialize success



#8 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 13 September 2013 - 04:42 PM

Here is the first of 2 Mbar Logs

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
 
Database version: v2013.09.13.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Phil :: MARTEL [administrator]
 
9/13/2013 5:17:22 PM
mbar-log-2013-09-13 (17-17-22).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 276543
Time elapsed: 17 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 6
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Trojan.0Access) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} (Trojan.Zaccess) -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.
 
Registry Values Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\Users\Phil\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\n. -> No action taken.
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\n. -> No action taken.
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\n.) Good: (fastprox.dll) -> No action taken.
 
Folders Detected: 8
C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L (Backdoor.0Access) -> No action taken.
C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U (Backdoor.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\U (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\L (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\L (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b (Trojan.Siredef.C) -> No action taken.
 
Files Detected: 10
C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\@ (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\n (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\@ (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\n (Trojan.0Access) -> No action taken.
C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@ (Backdoor.0Access) -> No action taken.
C:\Windows\Installer\{B5CAD084-65D7-140B-E7C5-066FC79D9AC9}\syshost.exe (Rootkit.0Access) -> No action taken.
C:\Users\Phil\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@ (Backdoor.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\00000001.@ (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\80000000.@ (Trojan.Siredef.C) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\800000cb.@ (Trojan.Siredef.C) -> No action taken.
 
Physical Sectors Detected: 0
(No malicious items detected)


Here is the second Log from MBar

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 6340935680, free: 4716269568
 
Downloaded database version: v2013.09.13.10
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
     09/13/2013 17:17:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\63701483.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\2086ff6c7ae7d629.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\iertutil.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\urlmon.dll
\Windows\System32\msvcrt.dll
\Windows\System32\difxapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008ba7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000b9\
Lower Device Object: 0xfffffa8008ba6550
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800703c430
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800633b050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800703c430, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800703d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800703c430, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800703b320, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa800633b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2169E425
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 949682176
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 950091776  Numsec = 26679296
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008ba7790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005f96100, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008ba7790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008ba6550, DeviceName: \Device\000000b9\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4067D532
 
Partition information:
 
    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1536  Numsec = 3889664
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1992294400 bytes
Sector size: 512 bytes
 
Done!
Infected: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0} --> [Trojan.Vundo]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0} --> [Trojan.Vundo]
Infected: C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\n --> [Trojan.0Access]
Infected: C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\n --> [Trojan.0Access]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Trojan.0Access]
Infected: C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@ --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{B5CAD084-65D7-140B-E7C5-066FC79D9AC9}\syshost.exe --> [Rootkit.0Access]
Infected: C:\Users\Phil\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@ --> [Backdoor.0Access]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| --> [Trojan.Zaccess]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 --> [Trojan.Zaccess]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} --> [Trojan.Zaccess]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.Zaccess]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 --> [Trojan.Zaccess]
Infected: C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U --> [Backdoor.0Access]
Infected: C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\00000001.@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\80000000.@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\800000cb.@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b --> [Trojan.Siredef.C]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| --> [Trojan.0Access]
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:06 AM

Posted 13 September 2013 - 07:30 PM

That looks real good .. I would like to run these next. First is quick second can be a few hours.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

  • Do not reboot the computer, you will need to run the application again.
  • [/list]

    Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 14 September 2013 - 09:37 AM

Avira Blocked access to the host file for security reasons so thats why it couldn't check the host file.

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/14/2013 10:31:31 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Program Files\Java\jre6\bin\jusched.exe (PID: 2560) [FI]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Phil\Desktop\rkill\rkill-09-14-2013-10-31-41.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * ALERT: ZEROACCESS rootkit symptoms found!
 
     * C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\L\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\n [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\00000001.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\80000000.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$62c84f77987b450cf5fd00ddcaad417b\U\800000cb.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\L\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\n [ZA File]
     * C:\$Recycle.Bin\S-1-5-21-775351016-2260169485-2199204232-1001\$62c84f77987b450cf5fd00ddcaad417b\U\ [ZA Dir]
     * C:\Users\Phil\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\ [ZA Dir]
     * C:\Users\Phil\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@ [ZA File]
     * C:\Users\Phil\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\ [ZA Dir]
     * C:\Users\Phil\AppData\Local\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\ [ZA Dir]
     * C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\ [ZA Dir]
     * C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\@ [ZA File]
     * C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\L\ [ZA Dir]
     * C:\Windows\Installer\{62c84f77-987b-450c-f5fd-00ddcaad417b}\U\ [ZA Dir]
 
Checking Windows Service Integrity: 
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * BFE [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 
 * SharedAccess [Missing ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
 
Program finished at: 09/14/2013 10:32:25 AM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)


#11 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 14 September 2013 - 10:20 AM

The ESET scan log should be up in about 2-3 hours, and if I'm lucky one hour.



#12 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 14 September 2013 - 11:07 AM

C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
C:\Program Files (x86)\Wajam\IE\priam_bho.dll Win32/Wajam.A application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe Win32/Wajam.A application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Phil\AppData\Local\Temp\jar_cache137544764217943764.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Phil\AppData\Local\Temp\jar_cache2786729764528147635.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Phil\AppData\Local\Temp\jar_cache3294147273678012321.tmp Java/Exploit.CVE-2012-1723.FQ trojan cleaned by deleting - quarantined
C:\Users\Phil\AppData\Local\Temp\jar_cache4319720640144483884.tmp a variant of Java/Exploit.CVE-2012-1723.CF trojan cleaned by deleting - quarantined
C:\Users\Phil\AppData\Local\Temp\jar_cache4431318331408115048.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Phil\AppData\Local\Temp\jar_cache4555419450044179222.tmp Java/Exploit.CVE-2013-0422.G trojan cleaned by deleting - quarantined
C:\Users\Phil\AppData\Local\Temp\jar_cache485655209741502265.tmp multiple threats cleaned by deleting - quarantined
C:\Users\Phil\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Phil\AppData\LocalLow\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Phil\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\57796cee-27da3385 multiple threats cleaned by deleting - quarantined
C:\Users\Phil\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\ffa8bef-63ebaa49 multiple threats cleaned by deleting - quarantined
C:\Users\Phil\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\a51e3fe-59204708 a variant of Java/Exploit.CVE-2013-0422.W trojan cleaned by deleting - quarantined
C:\Users\Phil\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application deleted - quarantined
C:\Windows\Installer\{B5CAD084-65D7-140B-E7C5-066FC79D9AC9}\syshost.exe Win32/TrojanDownloader.Necurs.B trojan cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined


#13 jaw20

jaw20
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 14 September 2013 - 07:57 PM

After another scan with Mbam it found Trojan.Vundo.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users