Solved Partially removed System Check Virus Win 7, no Internet or safe mode

[Joyfulldreams]

When I woke up this morning and tried to wake up my laptop that runs Windows 7 from hibernate, it wouldn't wake when I tapped the power button, and instead just manually restarted it. I then got a BSOD that quickly vanished, but I recognized it as similar to a BSOD that I got about 4 times when I almost accidentally overheated my laptop a week or so earlier. I was worried that maybe I'd somehow overheated it overnight, and thought I'd be having hardware problems.

So when I got onto my computer to find all of my files and programs suddenly vanished and warnings and such about hardware issues, I kind of freaked out, until I realized it wanted me to buy it, got suspicious, and immediately restarted my computer into Safe Mode with Networking to open up Malwarebytes (which I use as my main anti-virus, along with McAfee to keep my web surfing safer), update it, and run it. However, in safe mode everything was the same and I couldn't even access Malwarebytes, and had no internet access.

I looked up on my sister's macbook and found that I had the System Check virus, and I proceeded to follow instructions given here: http://www.myantispyware.com/2012/01/02/how-to-remove-system-check-virus/.

I did the re-naming file thing along with the trick that they gave to give me access to all of my files. However, I couldn't move on after the Malwarebytes step due to having no internet AND Malwarebytes won't update past an 11-days-out-of-date version. I also tried running TDSSkiller but it yielded no real results. I managed to get Malwarebytes to run, but it keeps finding the same files every time I scan or nothing at all.

Current status of my computer:

I deleted several .exe files that were obviously associated with System Check (named Wwu25gohefjweo42io.exe or something like that) after renaming them and the system check has stopped bombarding me with errors and such, I have recovered all of my C:/ files and pretty much most of my programs and such work fine. Nothing is working slowly. My start menu is still empty, a lot of what was originally on my desktop is still missing, and I have no internet.

I have tried rebooting into Safe Mode and Safe Mode w/ Networking several times, but as it loads the necessary files the computer pauses and then just restarts. Whenever I start my computer in normal mode, right after the 'start' screen, it tries to run a hardware disk check or some such, and if I allow it, after it finishes my computer restarts and it starts all over again.

I'm using my sister's MacBook right now and using a flash drive to install the preliminary system scanners onto my laptop and then transferring the logs via the same drive onto this site.

I also think my infected computer is being attacked by the 'Windows 7 Antivirus 2012' Virus as it keeps popping up with 'A program running on this computer is trying to display a message', and I have had a similar problem with the same virus a few months ago...MBAM isn't helping and won't update. I think I probably have some TDSS issues.

 

[Joyfulldreams]

Mbam

Here is one of my most recent MBAM logs that actually yielded some results, although I doubt they were permanent:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Rebecca :: REBECCA-PC [administrator]

1/5/2012 12:26:59 PM
mbam-log-2012-01-05 (12-26-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212787
Time elapsed: 11 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "firefox.exe) Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is my GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-05 15:05:01
Windows 6.1.7600
Running: 6bybv1nl.exe


---- Services - GMER 1.0.15 ----

Service System32\Drivers\f1fd89874c5dc9ed.sys (*** hidden *** ) [BOOT] f1fd89874c5dc9ed <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

 

[Joyfulldreams]

Here are my DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Rebecca at 15:08:13 on 2012-01-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3005.1615 [GMT -8:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k NetworkService
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\windows\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\windows\System32\IgrsSvcs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\Explorer.EXE
C:\windows\system32\Wacom_Tablet.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\windows\system32\Wacom_Tablet.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Rebecca\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\windows\system32\config\systemprofile\AppData\Local\llc.exe
C:\windows\system32\UI0Detect.exe
C:\windows\system32\config\systemprofile\AppData\Local\llc.exe
C:\windows\system32\config\systemprofile\AppData\Local\llc.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\H6V76T~1.COM
C:\windows\system32\h6v76t3.com
C:\windows\system32\prevhost.exe
C:\windows\system32\prevhost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110722&user_guid=B1D4A0B552094CC9AFC2783D9CA01B2C&machine_id=d8a85fe37134c5c894feb59d264fb63d&browser=IE&os=win&os_version=6.1-x86-SP0
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\rebecca\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FtJthnNSvuydIr.exe] c:\programdata\FtJthnNSvuydIr.exe
dRun: [winupd] c:\windows\TEMP:winupd.exe
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
dRun: [7968a239e6bfab4.exe] "c:\windows\system32\config\systemprofile\appdata\local\7968a239e6bfab4.exe" /autorun
dRunOnce: [WLStart] "c:\program files\windows live\installer\wlstart.exe" /nosearch /nohomepage
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10g_ActiveX.exe -update activex
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D84E71A9-7BD1-4626-A699-C1E38AAF846B} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D84E71A9-7BD1-4626-A699-C1E38AAF846B}\54E474C45475F4F444 : DhcpNameServer = 209.18.47.61 209.18.47.62 24.29.99.22
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klartew - c:\windows\system32\config\systemprofile\appdata\local\klartew.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
Hosts: 94.63.240.131 www.google.com
Hosts: 94.63.240.132 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rebecca\appdata\roaming\mozilla\firefox\profiles\1st9cd76.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110722&user_guid=B1D4A0B552094CC9AFC2783D9CA01B2C&machine_id=d8a85fe37134c5c894feb59d264fb63d&browser=FF&os=win&os_version=6.1-x86-SP0&q=
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\rebecca\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\rebecca\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\rebecca\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: XUL Cache: {b8dfb75b-7677-4af9-8bd7-8a59252c07ff} - %profile%\extensions\{b8dfb75b-7677-4af9-8bd7-8a59252c07ff}
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: XUL Cache: {d0e069e9-5356-44c8-978d-bbded70f2bb8} - %profile%\extensions\{d0e069e9-5356-44c8-978d-bbded70f2bb8}
FF - Ext: XUL Cache: {021a4511-3e83-413b-8866-33aea6861b4a} - %profile%\extensions\{021a4511-3e83-413b-8866-33aea6861b4a}
FF - Ext: XUL Cache: {dfcc1bf1-a0cf-4ef9-92a2-1f30dda918b5} - %profile%\extensions\{dfcc1bf1-a0cf-4ef9-92a2-1f30dda918b5}
FF - Ext: XUL Cache: {4b151e38-c5e9-4a91-9b09-de0251ca8f38} - %profile%\extensions\{4b151e38-c5e9-4a91-9b09-de0251ca8f38}
.
============= SERVICES / DRIVERS ===============
.
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-12-9 54800]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2010-10-12 171872]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-10-12 163680]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-9-16 94880]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-2-9 1373480]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-12-9 21520]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-30 260648]
R3 usbsmi;Lenovo EasyCamera;c:\windows\system32\drivers\SMIksdrv.sys [2009-12-9 168704]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2009-12-9 11792]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-17 214664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-2-10 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-2-10 144704]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2009-12-9 63240]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2009-12-9 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2009-12-9 579400]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-2-10 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-17 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-17 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-17 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-17 40552]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 pwliqfow;pwliqfow;c:\users\rebecca\appdata\local\temp\pwliqfow.sys [2012-1-5 100864]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-9 1343400]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
.
=============== Created Last 30 ================
.
2012-01-05 09:26:23 111616 ----a-w- c:\windows\system32\h6v76t3.com
2011-12-30 15:25:59 -------- d-----w- c:\users\rebecca\appdata\local\HP
2011-12-17 23:07:48 -------- d-----w- c:\users\rebecca\appdata\local\WMTools Downloaded Files
2011-12-17 22:36:15 -------- d-----w- c:\program files\Movie Maker 2.6
.
==================== Find3M ====================
.
2012-01-05 17:49:20 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-26 01:26:44 111616 ----a-w- c:\windows\system32\h6v76t3.com_
2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:42:38 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:42:37 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:25:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-15 05:48:52 534528 ----a-w- c:\windows\system32\EncDec.dll
.
============= FINISH: 15:09:06.22 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2010 4:28:10 AM
System Uptime: 1/5/2012 2:13:08 PM (1 hours ago)
.
Motherboard: LENOVO | | NITU1
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 188 GiB total, 19.87 GiB free.
D: is FIXED (NTFS) - 30 GiB total, 29.536 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NetIO Legacy TDI Support Driver
Device ID: ROOT\LEGACY_TDX\0000
Manufacturer:
Name: NetIO Legacy TDI Support Driver
PNP Device ID: ROOT\LEGACY_TDX\0000
Service: tdx
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfehidk
Device ID: ROOT\LEGACY_MFEHIDK\0000
Manufacturer:
Name: McAfee Inc. mfehidk
PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
Service: mfehidk
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office system
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 9 Pro - English, FranÁais, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Creative Suite 4 Design Standard
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.0.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
Audacity 1.3.11 (Unicode)
Blender (remove only)
Bonjour
Broadcom 802.11 Wireless Driver
Broadcom Gigabit Integrated Controller
BufferChm
Business Contact Manager for Outlook 2007 SP1
Combined Community Codec Pack 2009-09-09
ComicRack v0.9.147
Conexant HD Audio
Connect
D1500
DeviceDiscovery
DIBS
Diskeeper 2009 Home
DivX Setup
DJ_SF_03_D1500_Software_Min
EasyCapture
Energy Management
Epson Copy Utility 3.4
Epson Event Manager
EPSON Perfection V30/V300 Photo Scanner Driver Update
EPSON Scan
Flv to Avi Converter 1.0
Free FLV Converter V 7.1.0
Google Chrome
Google Talk Plugin
GPBaseService2
HP Customer Participation Program 13.0
HP Deskjet D1500 Printer Driver Software 13.0 Rel. 3
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HyperCam 2
HyperCam Toolbar
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
IntelÆ Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Knoll Light Factory EZ Studio
kuler
LAME v3.98.2 for Audacity
Lenovo EasyCamera
Lenovo First Boot
Lenovo Idea Central
Lenovo Idea Notes
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.25)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nancy Drew: Shadow at the Water's Edge
PaintTool SAI Ver.1
Pando Media Booster
PC-Doctor for Windows
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
PhotoStage Slideshow Producer
Pinnacle Studio 14
Pinnacle Studio Ultimate Plugins
Pinnacle Video Driver
Pinnacle VideoSpin
Power2Go
Prism Video File Converter
Python 2.7.1
QuickTime
Realtek USB 2.0 Card Reader
Red Giant ToonIt Studio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Shop for HP Supplies
Skype Toolbars
Skypeô 5.0
SmartWebPrinting
SolutionCenter
Status
Suite Shared Configuration CS4
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VC80CRTRedist - 8.0.50727.6195
Veoh Giraffic Video Accelerator
Veoh Web Player
VideoPad Video Editor
VLC media player 1.0.5
Wacom Tablet
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
WinRAR archiver
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 9:42:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/30/2011 7:22:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAfee SiteAdvisor Service service.
12/30/2011 6:21:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletServiceWacom service.
12/29/2011 9:29:17 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{D84E71A9-7BD1-4626-A699-C1E38AAF846B} because another computer on the network has the same name. The server could not start.
1/5/2012 9:55:26 AM, Error: Microsoft-Windows-WMPNSS-Service [14356] - A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service.
1/5/2012 9:55:26 AM, Error: Microsoft-Windows-WMPNSS-Service [14348] - A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on.
1/5/2012 9:55:26 AM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0x80070505'. If possible, reinstall Windows Media Player.
1/5/2012 9:55:24 AM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: Access is denied.
1/5/2012 9:54:11 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: Access is denied.
1/5/2012 9:53:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82fc1b89, 0x80786580, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 010512-22354-01.
1/5/2012 3:03:49 PM, Error: Service Control Manager [7000] - The pwliqfow service failed to start due to the following error: A device attached to the system is not functioning.
1/5/2012 3:02:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2012 3:02:22 PM, Error: Service Control Manager [7000] - The NetIO Legacy TDI Support Driver service failed to start due to the following error: A device attached to the system is not functioning.
1/5/2012 3:02:11 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2012 3:02:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2012 2:19:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: Access is denied.
1/5/2012 2:19:55 PM, Error: Service Control Manager [7000] - The NetIO Legacy TDI Support Driver service failed to start due to the following error: Access is denied.
1/5/2012 2:15:51 PM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
1/5/2012 2:14:58 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: A device attached to the system is not functioning.
1/5/2012 2:14:50 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 2:13:52 PM, Error: Service Control Manager [7000] - The McAfee Inc. mfehidk service failed to start due to the following error: A device attached to the system is not functioning.
1/5/2012 2:13:50 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 2:13:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk tdx yduowol
1/5/2012 2:13:44 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2012 12:53:16 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
1/5/2012 11:59:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk tdx
1/5/2012 11:00:27 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2012 11:00:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/5/2012 11:00:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/5/2012 11:00:21 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv.dll Error Code: 21
1/5/2012 11:00:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/5/2012 11:00:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/5/2012 11:00:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache mfehidk spldr tdx Wanarpv6
1/5/2012 10:02:12 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: Access is denied.
1/5/2012 1:11:05 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
1/5/2012 1:11:05 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
1/5/2012 1:11:05 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
1/3/2012 4:06:39 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/3/2012 4:06:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect.
1/3/2012 4:06:19 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/3/2012 4:05:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/3/2012 4:05:26 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/3/2012 4:05:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/3/2012 4:04:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x004e007d, 0x00000002, 0x00000001, 0x83224829). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 010312-25365-01.
1/2/2012 9:13:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
1/2/2012 9:13:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/2/2012 7:24:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Joyfulldreams]

When I run TDSSKiller, it says "Initialization", and when that get's to 40%, an error "Can't load driver' always pops up, every time, without fail. I click OK and the program opens like I suppose it should.

I used to get some sort of scan when I tried it before, but now I press 'Start scan', and it only processes 4 items and comes up with nothing.

I did, however, run it several times before posting on the forum, and managed to get some logs from those tries. They tended to scan several hundred items and find several hundred 'medium threats' that have a default 'skip' action, so nothing really came of them...but here are the three logs that are most different:

FIRST

18:21:06.0893 7168 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:21:06.0915 7168 ============================================================
18:21:06.0915 7168 Current date / time: 2012/01/05 18:21:06.0915
18:21:06.0915 7168 SystemInfo:
18:21:06.0915 7168
18:21:06.0915 7168 OS Version: 6.1.7600 ServicePack: 0.0
18:21:06.0915 7168 Product type: Workstation
18:21:06.0915 7168 ComputerName: REBECCA-PC
18:21:06.0915 7168 UserName: Rebecca
18:21:06.0915 7168 Windows directory: C:\windows
18:21:06.0915 7168 System windows directory: C:\windows
18:21:06.0915 7168 Processor architecture: Intel x86
18:21:06.0915 7168 Number of processors: 2
18:21:06.0915 7168 Page size: 0x1000
18:21:06.0915 7168 Boot type: Normal boot
18:21:06.0915 7168 ============================================================
18:22:08.0799 7168 Raw registry subsystem init failed!
18:22:08.0801 7168 !crdlk
18:22:08.0952 7168 Initialize success
18:22:38.0839 7956 ============================================================
18:22:38.0839 7956 Scan started
18:22:38.0839 7956 Mode: Manual;
18:22:38.0839 7956 ============================================================
18:22:38.0847 7956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:22:39.0882 7956 \Device\Harddisk0\DR0 - ok
18:22:39.0894 7956 Boot (0x1200) (6a9859e29c460d04956380340e36ecfb) \Device\Harddisk0\DR0\Partition0
18:22:39.0895 7956 \Device\Harddisk0\DR0\Partition0 - ok
18:22:39.0918 7956 Boot (0x1200) (b19277422edb57508603871b3b9facd5) \Device\Harddisk0\DR0\Partition1
18:22:39.0920 7956 \Device\Harddisk0\DR0\Partition1 - ok
18:22:39.0958 7956 Boot (0x1200) (68bfb177d49be22e2ddce6c6625c0060) \Device\Harddisk0\DR0\Partition2
18:22:39.0960 7956 \Device\Harddisk0\DR0\Partition2 - ok
18:22:39.0966 7956 ============================================================
18:22:39.0966 7956 Scan finished
18:22:39.0966 7956 ============================================================
18:22:39.0991 7948 Detected object count: 0
18:22:39.0991 7948 Actual detected object count: 0
18:22:55.0507 6648 ============================================================
18:22:55.0507 6648 Scan started
18:22:55.0507 6648 Mode: Manual;
18:22:55.0507 6648 ============================================================
18:22:55.0508 6648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:22:56.0582 6648 \Device\Harddisk0\DR0 - ok
18:22:56.0588 6648 Boot (0x1200) (6a9859e29c460d04956380340e36ecfb) \Device\Harddisk0\DR0\Partition0
18:22:56.0590 6648 \Device\Harddisk0\DR0\Partition0 - ok
18:22:56.0608 6648 Boot (0x1200) (b19277422edb57508603871b3b9facd5) \Device\Harddisk0\DR0\Partition1
18:22:56.0609 6648 \Device\Harddisk0\DR0\Partition1 - ok
18:22:56.0636 6648 Boot (0x1200) (68bfb177d49be22e2ddce6c6625c0060) \Device\Harddisk0\DR0\Partition2
18:22:56.0637 6648 \Device\Harddisk0\DR0\Partition2 - ok
18:22:56.0643 6648 ============================================================
18:22:56.0643 6648 Scan finished
18:22:56.0643 6648 ============================================================
18:22:56.0658 4464 Detected object count: 0
18:22:56.0658 4464 Actual detected object count: 0
18:24:08.0184 7832 ============================================================
18:24:08.0184 7832 Scan started
18:24:08.0184 7832 Mode: Manual;
18:24:08.0184 7832 ============================================================
18:24:08.0191 7832 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:24:09.0230 7832 \Device\Harddisk0\DR0 - ok
18:24:09.0243 7832 Boot (0x1200) (6a9859e29c460d04956380340e36ecfb) \Device\Harddisk0\DR0\Partition0
18:24:09.0244 7832 \Device\Harddisk0\DR0\Partition0 - ok
18:24:09.0289 7832 Boot (0x1200) (b19277422edb57508603871b3b9facd5) \Device\Harddisk0\DR0\Partition1
18:24:09.0290 7832 \Device\Harddisk0\DR0\Partition1 - ok
18:24:09.0340 7832 Boot (0x1200) (68bfb177d49be22e2ddce6c6625c0060) \Device\Harddisk0\DR0\Partition2
18:24:09.0341 7832 \Device\Harddisk0\DR0\Partition2 - ok
18:24:09.0347 7832 ============================================================
18:24:09.0347 7832 Scan finished
18:24:09.0347 7832 ============================================================
18:24:09.0361 8000 Detected object count: 0
18:24:09.0362 8000 Actual detected object count: 0
18:24:16.0439 8068 ============================================================
18:24:16.0439 8068 Scan started
18:24:16.0439 8068 Mode: Manual;
18:24:16.0439 8068 ============================================================
18:24:16.0440 8068 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:24:17.0468 8068 \Device\Harddisk0\DR0 - ok
18:24:17.0476 8068 Boot (0x1200) (6a9859e29c460d04956380340e36ecfb) \Device\Harddisk0\DR0\Partition0
18:24:17.0477 8068 \Device\Harddisk0\DR0\Partition0 - ok
18:24:17.0494 8068 Boot (0x1200) (b19277422edb57508603871b3b9facd5) \Device\Harddisk0\DR0\Partition1
18:24:17.0495 8068 \Device\Harddisk0\DR0\Partition1 - ok
18:24:17.0522 8068 Boot (0x1200) (68bfb177d49be22e2ddce6c6625c0060) \Device\Harddisk0\DR0\Partition2
18:24:17.0524 8068 \Device\Harddisk0\DR0\Partition2 - ok
18:24:17.0525 8068 ============================================================
18:24:17.0525 8068 Scan finished
18:24:17.0525 8068 ============================================================
18:24:17.0548 8084 Detected object count: 0
18:24:17.0548 8084 Actual detected object count: 0
18:25:02.0699 4180 Deinitialize success

SECOND (THIS ONE IS VERY LONG)

14:40:58.0475 5636 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:40:58.0506 5636 ============================================================
14:40:58.0506 5636 Current date / time: 2012/01/05 14:40:58.0506
14:40:58.0506 5636 SystemInfo:
14:40:58.0506 5636
14:40:58.0506 5636 OS Version: 6.1.7600 ServicePack: 0.0
14:40:58.0506 5636 Product type: Workstation
14:40:58.0506 5636 ComputerName: REBECCA-PC
14:40:58.0506 5636 UserName: Rebecca
14:40:58.0506 5636 Windows directory: C:\windows
14:40:58.0506 5636 System windows directory: C:\windows
14:40:58.0506 5636 Processor architecture: Intel x86
14:40:58.0506 5636 Number of processors: 2
14:40:58.0506 5636 Page size: 0x1000
14:40:58.0506 5636 Boot type: Normal boot
14:40:58.0506 5636 ============================================================
14:41:02.0580 5636 !crdlk
14:41:02.0627 5636 Initialize success
14:42:00.0795 2152 ============================================================
14:42:00.0795 2152 Scan started
14:42:00.0795 2152 Mode: Manual;
14:42:00.0795 2152 ============================================================
14:42:01.0560 2152 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
14:42:01.0560 2152 1394ohci - ok
14:42:01.0653 2152 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
14:42:01.0669 2152 ACPI - ok
14:42:01.0731 2152 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
14:42:01.0731 2152 AcpiPmi - ok
14:42:01.0763 2152 ACPIVPC (87114efedeb94af49323ca61f344716d) C:\windows\system32\DRIVERS\AcpiVpc.sys
14:42:01.0763 2152 ACPIVPC - ok
14:42:01.0856 2152 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys
14:42:01.0856 2152 adfs - ok
14:42:01.0981 2152 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
14:42:01.0981 2152 adp94xx - ok
14:42:02.0028 2152 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
14:42:02.0043 2152 adpahci - ok
14:42:02.0090 2152 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
14:42:02.0106 2152 adpu320 - ok
14:42:02.0215 2152 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\windows\system32\drivers\Afc.sys
14:42:02.0215 2152 Afc - ok
14:42:02.0309 2152 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
14:42:02.0309 2152 AFD - ok
14:42:02.0355 2152 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
14:42:02.0371 2152 agp440 - ok
14:42:02.0418 2152 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
14:42:02.0418 2152 aic78xx - ok
14:42:02.0480 2152 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
14:42:02.0480 2152 aliide - ok
14:42:02.0527 2152 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
14:42:02.0527 2152 amdagp - ok
14:42:02.0574 2152 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
14:42:02.0574 2152 amdide - ok
14:42:02.0605 2152 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
14:42:02.0605 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\amdk8.sys. md5: 00dda200d71bac534bf56a9db5dfd666
14:42:02.0652 2152 AmdK8 ( LockedFile.Multi.Generic ) - warning
14:42:02.0652 2152 AmdK8 - detected LockedFile.Multi.Generic (1)
14:42:02.0683 2152 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
14:42:02.0683 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\amdppm.sys. md5: 3cbf30f5370fda40dd3e87df38ea53b6
14:42:02.0699 2152 AmdPPM ( LockedFile.Multi.Generic ) - warning
14:42:02.0699 2152 AmdPPM - detected LockedFile.Multi.Generic (1)
14:42:02.0745 2152 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
14:42:02.0745 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\amdsata.sys. md5: 19ce906b4cdc11fc4fef5745f33a63b6
14:42:02.0761 2152 amdsata ( LockedFile.Multi.Generic ) - warning
14:42:02.0761 2152 amdsata - detected LockedFile.Multi.Generic (1)
14:42:02.0808 2152 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
14:42:02.0808 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\amdsbs.sys. md5: ea43af0c423ff267355f74e7a53bdaba
14:42:02.0808 2152 amdsbs ( LockedFile.Multi.Generic ) - warning
14:42:02.0808 2152 amdsbs - detected LockedFile.Multi.Generic (1)
14:42:02.0870 2152 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
14:42:02.0870 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\amdxata.sys. md5: 869e67d66be326a5a9159fba8746fa70
14:42:02.0886 2152 amdxata ( LockedFile.Multi.Generic ) - warning
14:42:02.0886 2152 amdxata - detected LockedFile.Multi.Generic (1)
14:42:02.0933 2152 ApfiltrService (fd6d4bc1cf7d1fec5a17588007ecafb5) C:\windows\system32\DRIVERS\Apfiltr.sys
14:42:02.0933 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\Apfiltr.sys. md5: fd6d4bc1cf7d1fec5a17588007ecafb5
14:42:02.0948 2152 ApfiltrService ( LockedFile.Multi.Generic ) - warning
14:42:02.0948 2152 ApfiltrService - detected LockedFile.Multi.Generic (1)
14:42:02.0979 2152 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
14:42:02.0979 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\appid.sys. md5: feb834c02ce1e84b6a38f953ca067706
14:42:03.0011 2152 AppID ( LockedFile.Multi.Generic ) - warning
14:42:03.0011 2152 AppID - detected LockedFile.Multi.Generic (1)
14:42:03.0104 2152 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
14:42:03.0104 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\arc.sys. md5: 2932004f49677bd84dbc72edb754ffb3
14:42:03.0104 2152 arc ( LockedFile.Multi.Generic ) - warning
14:42:03.0104 2152 arc - detected LockedFile.Multi.Generic (1)
14:42:03.0151 2152 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
14:42:03.0151 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\arcsas.sys. md5: 5d6f36c46fd283ae1b57bd2e9feb0bc7
14:42:03.0167 2152 arcsas ( LockedFile.Multi.Generic ) - warning
14:42:03.0167 2152 arcsas - detected LockedFile.Multi.Generic (1)
14:42:03.0229 2152 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
14:42:03.0229 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\asyncmac.sys. md5: add2ade1c2b285ab8378d2daaf991481
14:42:03.0229 2152 AsyncMac ( LockedFile.Multi.Generic ) - warning
14:42:03.0229 2152 AsyncMac - detected LockedFile.Multi.Generic (1)
14:42:03.0276 2152 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
14:42:03.0276 2152 atapi - ok
14:42:03.0401 2152 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
14:42:03.0401 2152 b06bdrv - ok
14:42:03.0510 2152 b57nd60x (6f41a4c5745bb99f89406f57164f099e) C:\windows\system32\DRIVERS\b57nd60x.sys
14:42:03.0510 2152 b57nd60x - ok
14:42:03.0635 2152 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\windows\system32\DRIVERS\bcmwl6.sys
14:42:03.0635 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\bcmwl6.sys. md5: f9ce9b5e049efc66b8e6c73c18ee8438
14:42:03.0681 2152 BCM43XX ( LockedFile.Multi.Generic ) - warning
14:42:03.0681 2152 BCM43XX - detected LockedFile.Multi.Generic (1)
14:42:03.0853 2152 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
14:42:03.0853 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\Beep.sys. md5: 505506526a9d467307b3c393dedaf858
14:42:03.0869 2152 Beep ( LockedFile.Multi.Generic ) - warning
14:42:03.0869 2152 Beep - detected LockedFile.Multi.Generic (1)
14:42:03.0962 2152 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
14:42:03.0962 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\blbdrive.sys. md5: 2287078ed48fcfc477b05b20cf38f36f
14:42:04.0025 2152 blbdrive ( LockedFile.Multi.Generic ) - warning
14:42:04.0025 2152 blbdrive - detected LockedFile.Multi.Generic (1)
14:42:04.0103 2152 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
14:42:04.0103 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\bowser.sys. md5: 9a5c671b7fbae4865149bb11f59b91b2
14:42:04.0118 2152 bowser ( LockedFile.Multi.Generic ) - warning
14:42:04.0118 2152 bowser - detected LockedFile.Multi.Generic (1)
14:42:04.0165 2152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
14:42:04.0165 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\BrFiltLo.sys. md5: 9f9acc7f7ccde8a15c282d3f88b43309
14:42:04.0165 2152 BrFiltLo ( LockedFile.Multi.Generic ) - warning
14:42:04.0165 2152 BrFiltLo - detected LockedFile.Multi.Generic (1)
14:42:04.0212 2152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
14:42:04.0212 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\BrFiltUp.sys. md5: 56801ad62213a41f6497f96dee83755a
14:42:04.0212 2152 BrFiltUp ( LockedFile.Multi.Generic ) - warning
14:42:04.0212 2152 BrFiltUp - detected LockedFile.Multi.Generic (1)
14:42:04.0259 2152 Bridge0 (b35bb97b6dd9913093579f5c83962636) C:\windows\system32\drivers\WDBridge.sys
14:42:04.0259 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\WDBridge.sys. md5: b35bb97b6dd9913093579f5c83962636
14:42:04.0259 2152 Bridge0 ( LockedFile.Multi.Generic ) - warning
14:42:04.0259 2152 Bridge0 - detected LockedFile.Multi.Generic (1)
14:42:04.0337 2152 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
14:42:04.0337 2152 Suspicious file (NoAccess): C:\windows\System32\Drivers\Brserid.sys. md5: 845b8ce732e67f3b4133164868c666ea
14:42:04.0352 2152 Brserid ( LockedFile.Multi.Generic ) - warning
14:42:04.0352 2152 Brserid - detected LockedFile.Multi.Generic (1)
14:42:04.0399 2152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
14:42:04.0399 2152 Suspicious file (NoAccess): C:\windows\System32\Drivers\BrSerWdm.sys. md5: 203f0b1e73adadbbb7b7b1fabd901f6b
14:42:04.0415 2152 BrSerWdm ( LockedFile.Multi.Generic ) - warning
14:42:04.0415 2152 BrSerWdm - detected LockedFile.Multi.Generic (1)
14:42:04.0461 2152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
14:42:04.0461 2152 Suspicious file (NoAccess): C:\windows\System32\Drivers\BrUsbMdm.sys. md5: bd456606156ba17e60a04e18016ae54b
14:42:04.0477 2152 BrUsbMdm ( LockedFile.Multi.Generic ) - warning
14:42:04.0477 2152 BrUsbMdm - detected LockedFile.Multi.Generic (1)
14:42:04.0524 2152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
14:42:04.0524 2152 Suspicious file (NoAccess): C:\windows\System32\Drivers\BrUsbSer.sys. md5: af72ed54503f717a43268b3cc5faec2e
14:42:04.0539 2152 BrUsbSer ( LockedFile.Multi.Generic ) - warning
14:42:04.0539 2152 BrUsbSer - detected LockedFile.Multi.Generic (1)
14:42:04.0586 2152 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
14:42:04.0586 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\BthEnum.sys. md5: 2865a5c8e98c70c605f417908cebb3a4
14:42:04.0586 2152 BthEnum ( LockedFile.Multi.Generic ) - warning
14:42:04.0586 2152 BthEnum - detected LockedFile.Multi.Generic (1)
14:42:04.0633 2152 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
14:42:04.0633 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\bthmodem.sys. md5: ed3df7c56ce0084eb2034432fc56565a
14:42:04.0649 2152 BTHMODEM ( LockedFile.Multi.Generic ) - warning
14:42:04.0649 2152 BTHMODEM - detected LockedFile.Multi.Generic (1)
14:42:04.0680 2152 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
14:42:04.0680 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\bthpan.sys. md5: ad1872e5829e8a2c3b5b4b641c3eab0e
14:42:04.0695 2152 BthPan ( LockedFile.Multi.Generic ) - warning
14:42:04.0695 2152 BthPan - detected LockedFile.Multi.Generic (1)
14:42:04.0758 2152 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
14:42:04.0758 2152 Suspicious file (NoAccess): C:\windows\System32\Drivers\BTHport.sys. md5: 88059ff1ded4472acd17eebabd393069
14:42:04.0758 2152 BTHPORT ( LockedFile.Multi.Generic ) - warning
14:42:04.0758 2152 BTHPORT - detected LockedFile.Multi.Generic (1)
14:42:04.0836 2152 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
14:42:04.0836 2152 Suspicious file (NoAccess): C:\windows\System32\Drivers\BTHUSB.sys. md5: 80e6384beec03b8bd45edea29802d657
14:42:04.0836 2152 BTHUSB ( LockedFile.Multi.Generic ) - warning
14:42:04.0836 2152 BTHUSB - detected LockedFile.Multi.Generic (1)
14:42:04.0914 2152 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
14:42:04.0914 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\cdfs.sys. md5: 77ea11b065e0a8ab902d78145ca51e10
14:42:04.0961 2152 cdfs ( LockedFile.Multi.Generic ) - warning
14:42:04.0961 2152 cdfs - detected LockedFile.Multi.Generic (1)
14:42:05.0007 2152 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
14:42:05.0007 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\cdrom.sys. md5: ba6e70aa0e6091bc39de29477d866a77
14:42:05.0023 2152 cdrom ( LockedFile.Multi.Generic ) - warning
14:42:05.0023 2152 cdrom - detected LockedFile.Multi.Generic (1)
14:42:05.0085 2152 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
14:42:05.0085 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\circlass.sys. md5: 3fe3fe94a34df6fb06e6418d0f6a0060
14:42:05.0101 2152 circlass ( LockedFile.Multi.Generic ) - warning
14:42:05.0101 2152 circlass - detected LockedFile.Multi.Generic (1)
14:42:05.0257 2152 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
14:42:05.0257 2152 CLFS - ok
14:42:05.0382 2152 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
14:42:05.0382 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\CmBatt.sys. md5: dea805815e587dad1dd2c502220b5616
14:42:05.0429 2152 CmBatt ( LockedFile.Multi.Generic ) - warning
14:42:05.0429 2152 CmBatt - detected LockedFile.Multi.Generic (1)
14:42:05.0475 2152 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
14:42:05.0475 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\cmdide.sys. md5: c537b1db64d495b9b4717b4d6d9edbf2
14:42:05.0491 2152 cmdide ( LockedFile.Multi.Generic ) - warning
14:42:05.0491 2152 cmdide - detected LockedFile.Multi.Generic (1)
14:42:05.0616 2152 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
14:42:05.0616 2152 Suspicious file (NoAccess): C:\windows\system32\Drivers\cng.sys. md5: 1b675691ed940766149c93e8f4488d68
14:42:05.0663 2152 CNG ( LockedFile.Multi.Generic ) - warning
14:42:05.0663 2152 CNG - detected LockedFile.Multi.Generic (1)
14:42:05.0725 2152 CnxtHdAudService (7c47786b58ae503777dbd12fae20ed42) C:\windows\system32\drivers\CHDRT32.sys
14:42:05.0725 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\CHDRT32.sys. md5: 7c47786b58ae503777dbd12fae20ed42
14:42:05.0725 2152 CnxtHdAudService ( LockedFile.Multi.Generic ) - warning
14:42:05.0725 2152 CnxtHdAudService - detected LockedFile.Multi.Generic (1)
14:42:05.0772 2152 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
14:42:05.0772 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\compbatt.sys. md5: a6023d3823c37043986713f118a89bee
14:42:05.0819 2152 Compbatt ( LockedFile.Multi.Generic ) - warning
14:42:05.0819 2152 Compbatt - detected LockedFile.Multi.Generic (1)
14:42:05.0865 2152 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
14:42:05.0865 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\CompositeBus.sys. md5: f1724ba27e97d627f808fb0ba77a28a6
14:42:05.0865 2152 CompositeBus ( LockedFile.Multi.Generic ) - warning
14:42:05.0865 2152 CompositeBus - detected LockedFile.Multi.Generic (1)
14:42:05.0943 2152 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
14:42:05.0943 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\crcdisk.sys. md5: 2c4ebcfc84a9b44f209dff6c6e6c61d1
14:42:05.0943 2152 crcdisk ( LockedFile.Multi.Generic ) - warning
14:42:05.0943 2152 crcdisk - detected LockedFile.Multi.Generic (1)
14:42:06.0131 2152 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
14:42:06.0131 2152 Suspicious file (NoAccess): C:\windows\system32\Drivers\dfsc.sys. md5: 83d1ecea8faae75604c0fa49ac7ad996
14:42:06.0162 2152 DfsC ( LockedFile.Multi.Generic ) - warning
14:42:06.0162 2152 DfsC - detected LockedFile.Multi.Generic (1)
14:42:06.0240 2152 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
14:42:06.0240 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\discache.sys. md5: 1a050b0274bfb3890703d490f330c0da
14:42:06.0271 2152 discache ( LockedFile.Multi.Generic ) - warning
14:42:06.0271 2152 discache - detected LockedFile.Multi.Generic (1)
14:42:06.0318 2152 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
14:42:06.0318 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\disk.sys. md5: 565003f326f99802e68ca78f2a68e9ff
14:42:06.0318 2152 Disk ( LockedFile.Multi.Generic ) - warning
14:42:06.0318 2152 Disk - detected LockedFile.Multi.Generic (1)
14:42:06.0443 2152 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
14:42:06.0443 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\drmkaud.sys. md5: b918e7c5f9bf77202f89e1a9539f2eb4
14:42:06.0443 2152 drmkaud ( LockedFile.Multi.Generic ) - warning
14:42:06.0443 2152 drmkaud - detected LockedFile.Multi.Generic (1)
14:42:06.0552 2152 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
14:42:06.0552 2152 Suspicious file (NoAccess): C:\windows\System32\drivers\dxgkrnl.sys. md5: 1679a4669326cb1a67cc95658d273234
14:42:06.0599 2152 DXGKrnl ( LockedFile.Multi.Generic ) - warning
14:42:06.0599 2152 DXGKrnl - detected LockedFile.Multi.Generic (1)
14:42:06.0755 2152 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
14:42:06.0755 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\evbdx.sys. md5: 024e1b5cac09731e4d868e64dbfb4ab0
14:42:06.0770 2152 ebdrv ( LockedFile.Multi.Generic ) - warning
14:42:06.0770 2152 ebdrv - detected LockedFile.Multi.Generic (1)
14:42:06.0895 2152 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
14:42:06.0895 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\elxstor.sys. md5: 0ed67910c8c326796faa00b2bf6d9d3c
14:42:06.0911 2152 elxstor ( LockedFile.Multi.Generic ) - warning
14:42:06.0911 2152 elxstor - detected LockedFile.Multi.Generic (1)
14:42:06.0957 2152 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
14:42:06.0957 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\errdev.sys. md5: 8fc3208352dd3912c94367a206ab3f11
14:42:06.0989 2152 ErrDev ( LockedFile.Multi.Generic ) - warning
14:42:06.0989 2152 ErrDev - detected LockedFile.Multi.Generic (1)
14:42:07.0098 2152 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
14:42:07.0098 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\exfat.sys. md5: 2dc9108d74081149cc8b651d3a26207f
14:42:07.0098 2152 exfat ( LockedFile.Multi.Generic ) - warning
14:42:07.0098 2152 exfat - detected LockedFile.Multi.Generic (1)
14:42:07.0113 2152 Suspicious service (NoAccess): f1fd89874c5dc9ed
14:42:07.0160 2152 f1fd89874c5dc9ed (966e4154853e440a7b92d53c31b2b774) C:\windows\System32\Drivers\f1fd89874c5dc9ed.sys
14:42:07.0160 2152 Suspicious file (NoAccess): C:\windows\System32\Drivers\f1fd89874c5dc9ed.sys. md5: 966e4154853e440a7b92d53c31b2b774
14:42:07.0207 2152 f1fd89874c5dc9ed ( LockedService.Multi.Generic ) - warning
14:42:07.0207 2152 f1fd89874c5dc9ed - detected LockedService.Multi.Generic (1)
14:42:07.0254 2152 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
14:42:07.0254 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\fastfat.sys. md5: 7e0ab74553476622fb6ae36f73d97d35
14:42:07.0254 2152 fastfat ( LockedFile.Multi.Generic ) - warning
14:42:07.0254 2152 fastfat - detected LockedFile.Multi.Generic (1)
14:42:07.0332 2152 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
14:42:07.0332 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\fdc.sys. md5: e817a017f82df2a1f8cfdbda29388b29
14:42:07.0347 2152 fdc ( LockedFile.Multi.Generic ) - warning
14:42:07.0347 2152 fdc - detected LockedFile.Multi.Generic (1)
14:42:07.0425 2152 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
14:42:07.0425 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\fileinfo.sys. md5: 6cf00369c97f3cf563be99be983d13d8
14:42:07.0441 2152 FileInfo ( LockedFile.Multi.Generic ) - warning
14:42:07.0441 2152 FileInfo - detected LockedFile.Multi.Generic (1)
14:42:07.0488 2152 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
14:42:07.0488 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\filetrace.sys. md5: 42c51dc94c91da21cb9196eb64c45db9
14:42:07.0503 2152 Filetrace ( LockedFile.Multi.Generic ) - warning
14:42:07.0503 2152 Filetrace - detected LockedFile.Multi.Generic (1)
14:42:07.0566 2152 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
14:42:07.0566 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\flpydisk.sys. md5: 87907aa70cb3c56600f1c2fb8841579b
14:42:07.0581 2152 flpydisk ( LockedFile.Multi.Generic ) - warning
14:42:07.0581 2152 flpydisk - detected LockedFile.Multi.Generic (1)
14:42:07.0628 2152 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
14:42:07.0628 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\fltmgr.sys. md5: 7520ec808e0c35e0ee6f841294316653
14:42:07.0675 2152 FltMgr ( LockedFile.Multi.Generic ) - warning
14:42:07.0675 2152 FltMgr - detected LockedFile.Multi.Generic (1)
14:42:07.0769 2152 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
14:42:07.0769 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\FsDepends.sys. md5: 1a16b57943853e598cff37fe2b8cbf1d
14:42:07.0769 2152 FsDepends ( LockedFile.Multi.Generic ) - warning
14:42:07.0769 2152 FsDepends - detected LockedFile.Multi.Generic (1)
14:42:07.0800 2152 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
14:42:07.0800 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\Fs_Rec.sys. md5: a574b4360e438977038aae4bf60d79a2
14:42:07.0815 2152 Fs_Rec ( LockedFile.Multi.Generic ) - warning
14:42:07.0815 2152 Fs_Rec - detected LockedFile.Multi.Generic (1)
14:42:07.0862 2152 funfrm (f626f291e3f56e8969e35945552feca3) C:\windows\system32\drivers\funfrm.sys
14:42:07.0862 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\funfrm.sys. md5: f626f291e3f56e8969e35945552feca3
14:42:07.0862 2152 funfrm ( LockedFile.Multi.Generic ) - warning
14:42:07.0862 2152 funfrm - detected LockedFile.Multi.Generic (1)
14:42:07.0940 2152 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
14:42:07.0940 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\fvevol.sys. md5: dafbd9fe39197495aed6d51f3b85b5d2
14:42:07.0940 2152 fvevol ( LockedFile.Multi.Generic ) - warning
14:42:07.0940 2152 fvevol - detected LockedFile.Multi.Generic (1)
14:42:07.0987 2152 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
14:42:07.0987 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\gagp30kx.sys. md5: 65ee0c7a58b65e74ae05637418153938
14:42:07.0987 2152 gagp30kx ( LockedFile.Multi.Generic ) - warning
14:42:07.0987 2152 gagp30kx - detected LockedFile.Multi.Generic (1)
14:42:08.0049 2152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:42:08.0049 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8182ff89c65e4d38b2de4bb0fb18564e
14:42:08.0065 2152 GEARAspiWDM ( LockedFile.Multi.Generic ) - warning
14:42:08.0065 2152 GEARAspiWDM - detected LockedFile.Multi.Generic (1)
14:42:08.0143 2152 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
14:42:08.0143 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\hcw85cir.sys. md5: c44e3c2bab6837db337ddee7544736db
14:42:08.0159 2152 hcw85cir ( LockedFile.Multi.Generic ) - warning
14:42:08.0159 2152 hcw85cir - detected LockedFile.Multi.Generic (1)
14:42:08.0190 2152 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
14:42:08.0190 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\HdAudio.sys. md5: 3530cad25deba7dc7de8bb51632cbc5f
14:42:08.0205 2152 HdAudAddService ( LockedFile.Multi.Generic ) - warning
14:42:08.0205 2152 HdAudAddService - detected LockedFile.Multi.Generic (1)
14:42:08.0252 2152 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
14:42:08.0252 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\HDAudBus.sys. md5: 717a2207fd6f13ad3e664c7d5a43c7bf
14:42:08.0268 2152 HDAudBus ( LockedFile.Multi.Generic ) - warning
14:42:08.0268 2152 HDAudBus - detected LockedFile.Multi.Generic (1)
14:42:08.0299 2152 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
14:42:08.0299 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\HidBatt.sys. md5: 1d58a7f3e11a9731d0eaaaa8405acc36
14:42:08.0315 2152 HidBatt ( LockedFile.Multi.Generic ) - warning
14:42:08.0315 2152 HidBatt - detected LockedFile.Multi.Generic (1)
14:42:08.0346 2152 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
14:42:08.0346 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\hidbth.sys. md5: 89448f40e6df260c206a193a4683ba78
14:42:08.0377 2152 HidBth ( LockedFile.Multi.Generic ) - warning
14:42:08.0377 2152 HidBth - detected LockedFile.Multi.Generic (1)
14:42:08.0424 2152 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
14:42:08.0424 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\hidir.sys. md5: cf50b4cf4a4f229b9f3c08351f99ca5e
14:42:08.0439 2152 HidIr ( LockedFile.Multi.Generic ) - warning
14:42:08.0439 2152 HidIr - detected LockedFile.Multi.Generic (1)
14:42:08.0502 2152 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
14:42:08.0502 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\hidusb.sys. md5: 25072fb35ac90b25f9e4e3bacf774102
14:42:08.0533 2152 HidUsb ( LockedFile.Multi.Generic ) - warning
14:42:08.0533 2152 HidUsb - detected LockedFile.Multi.Generic (1)
14:42:08.0642 2152 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
14:42:08.0642 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\HpSAMD.sys. md5: 295fdc419039090eb8b49ffdbb374549
14:42:08.0658 2152 HpSAMD ( LockedFile.Multi.Generic ) - warning
14:42:08.0658 2152 HpSAMD - detected LockedFile.Multi.Generic (1)
14:42:08.0705 2152 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
14:42:08.0705 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\HTTP.sys. md5: c531c7fd9e8b62021112787c4e2c5a5a
14:42:08.0736 2152 HTTP ( LockedFile.Multi.Generic ) - warning
14:42:08.0736 2152 HTTP - detected LockedFile.Multi.Generic (1)
14:42:08.0767 2152 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
14:42:08.0767 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\hwpolicy.sys. md5: 8305f33cde89ad6c7a0763ed0b5a8d42
14:42:08.0783 2152 hwpolicy ( LockedFile.Multi.Generic ) - warning
14:42:08.0783 2152 hwpolicy - detected LockedFile.Multi.Generic (1)
14:42:08.0814 2152 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
14:42:08.0814 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\i8042prt.sys. md5: f151f0bdc47f4a28b1b20a0818ea36d6
14:42:08.0845 2152 i8042prt ( LockedFile.Multi.Generic ) - warning
14:42:08.0845 2152 i8042prt - detected LockedFile.Multi.Generic (1)
14:42:08.0923 2152 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
14:42:08.0923 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\iaStor.sys. md5: d483687eace0c065ee772481a96e05f5
14:42:08.0939 2152 iaStor ( LockedFile.Multi.Generic ) - warning
14:42:08.0939 2152 iaStor - detected LockedFile.Multi.Generic (1)
14:42:09.0017 2152 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
14:42:09.0017 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\iaStorV.sys. md5: 71f1a494fedf4b33c02c4a6a28d6d9e9
14:42:09.0048 2152 iaStorV ( LockedFile.Multi.Generic ) - warning
14:42:09.0048 2152 iaStorV - detected LockedFile.Multi.Generic (1)
14:42:09.0251 2152 igfx (45d1a22c0e932768729dd422e175a448) C:\windows\system32\DRIVERS\igdkmd32.sys
14:42:09.0251 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\igdkmd32.sys. md5: 45d1a22c0e932768729dd422e175a448
14:42:09.0282 2152 igfx ( LockedFile.Multi.Generic ) - warning
14:42:09.0282 2152 igfx - detected LockedFile.Multi.Generic (1)
14:42:09.0344 2152 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
14:42:09.0344 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\iirsp.sys. md5: 4173ff5708f3236cf25195fecd742915
14:42:09.0360 2152 iirsp ( LockedFile.Multi.Generic ) - warning
14:42:09.0360 2152 iirsp - detected LockedFile.Multi.Generic (1)
14:42:09.0438 2152 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
14:42:09.0438 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\intelide.sys. md5: a0f12f2c9ba6c72f3987ce780e77c130
14:42:09.0438 2152 intelide ( LockedFile.Multi.Generic ) - warning
14:42:09.0438 2152 intelide - detected LockedFile.Multi.Generic (1)
14:42:09.0500 2152 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
14:42:09.0500 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\intelppm.sys. md5: 3b514d27bfc4accb4037bc6685f766e0
14:42:09.0516 2152 intelppm ( LockedFile.Multi.Generic ) - warning
14:42:09.0516 2152 intelppm - detected LockedFile.Multi.Generic (1)
14:42:09.0594 2152 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:42:09.0594 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\ipfltdrv.sys. md5: 709d1761d3b19a932ff0238ea6d50200
14:42:09.0594 2152 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
14:42:09.0594 2152 IpFilterDriver - detected LockedFile.Multi.Generic (1)
14:42:09.0656 2152 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
14:42:09.0656 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\IPMIDrv.sys. md5: e4454b6c37d7ffd5649611f6496308a7
14:42:09.0672 2152 IPMIDRV ( LockedFile.Multi.Generic ) - warning
14:42:09.0672 2152 IPMIDRV - detected LockedFile.Multi.Generic (1)
14:42:09.0719 2152 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
14:42:09.0719 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\ipnat.sys. md5: a5fa468d67abcdaa36264e463a7bb0cd
14:42:09.0719 2152 IPNAT ( LockedFile.Multi.Generic ) - warning
14:42:09.0719 2152 IPNAT - detected LockedFile.Multi.Generic (1)
14:42:09.0781 2152 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
14:42:09.0781 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\irenum.sys. md5: 42996cff20a3084a56017b7902307e9f
14:42:09.0781 2152 IRENUM ( LockedFile.Multi.Generic ) - warning
14:42:09.0781 2152 IRENUM - detected LockedFile.Multi.Generic (1)
14:42:09.0828 2152 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
14:42:09.0828 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\isapnp.sys. md5: 1f32bb6b38f62f7df1a7ab7292638a35
14:42:09.0843 2152 isapnp ( LockedFile.Multi.Generic ) - warning
14:42:09.0843 2152 isapnp - detected LockedFile.Multi.Generic (1)
14:42:09.0890 2152 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
14:42:09.0890 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\msiscsi.sys. md5: ed46c223ae46c6866ab77cdc41c404b7
14:42:09.0921 2152 iScsiPrt ( LockedFile.Multi.Generic ) - warning
14:42:09.0921 2152 iScsiPrt - detected LockedFile.Multi.Generic (1)
14:42:09.0968 2152 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\windows\system32\DRIVERS\k57nd60x.sys
14:42:09.0968 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\k57nd60x.sys. md5: c4c95805b85bce1eb9d20f4a02fc5f9b
14:42:09.0984 2152 k57nd60x ( LockedFile.Multi.Generic ) - warning
14:42:09.0984 2152 k57nd60x - detected LockedFile.Multi.Generic (1)
14:42:10.0015 2152 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
14:42:10.0015 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\kbdclass.sys. md5: adef52ca1aeae82b50df86b56413107e
14:42:10.0031 2152 kbdclass ( LockedFile.Multi.Generic ) - warning
14:42:10.0031 2152 kbdclass - detected LockedFile.Multi.Generic (1)
14:42:10.0093 2152 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
14:42:10.0093 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\kbdhid.sys. md5: 3d9f0ebf350edcfd6498057301455964
14:42:10.0124 2152 kbdhid ( LockedFile.Multi.Generic ) - warning
14:42:10.0124 2152 kbdhid - detected LockedFile.Multi.Generic (1)
14:42:10.0187 2152 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
14:42:10.0187 2152 Suspicious file (NoAccess): C:\windows\system32\Drivers\ksecdd.sys. md5: e36a061ec11b373826905b21be10948f
14:42:10.0187 2152 KSecDD ( LockedFile.Multi.Generic ) - warning
14:42:10.0187 2152 KSecDD - detected LockedFile.Multi.Generic (1)
14:42:10.0265 2152 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
14:42:10.0265 2152 Suspicious file (NoAccess): C:\windows\system32\Drivers\ksecpkg.sys. md5: 365c6154bbbc5377173f1ca7bfb6cc59
14:42:10.0296 2152 KSecPkg ( LockedFile.Multi.Generic ) - warning
14:42:10.0296 2152 KSecPkg - detected LockedFile.Multi.Generic (1)
14:42:10.0452 2152 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
14:42:10.0452 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\lltdio.sys. md5: f7611ec07349979da9b0ae1f18ccc7a6
14:42:10.0483 2152 lltdio ( LockedFile.Multi.Generic ) - warning
14:42:10.0483 2152 lltdio - detected LockedFile.Multi.Generic (1)
14:42:10.0592 2152 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
14:42:10.0592 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\lsi_fc.sys. md5: eb119a53ccf2acc000ac71b065b78fef
14:42:10.0592 2152 LSI_FC ( LockedFile.Multi.Generic ) - warning
14:42:10.0592 2152 LSI_FC - detected LockedFile.Multi.Generic (1)
14:42:10.0639 2152 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
14:42:10.0639 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\lsi_sas.sys. md5: 8ade1c877256a22e49b75d1cc9161f9c
14:42:10.0655 2152 LSI_SAS ( LockedFile.Multi.Generic ) - warning
14:42:10.0655 2152 LSI_SAS - detected LockedFile.Multi.Generic (1)
14:42:10.0701 2152 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
14:42:10.0701 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\lsi_sas2.sys. md5: dc9dc3d3daa0e276fd2ec262e38b11e9
14:42:10.0701 2152 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
14:42:10.0701 2152 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
14:42:10.0748 2152 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
14:42:10.0748 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\lsi_scsi.sys. md5: 0a036c7d7cab643a7f07135ac47e0524
14:42:10.0764 2152 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
14:42:10.0764 2152 LSI_SCSI - detected LockedFile.Multi.Generic (1)
14:42:10.0795 2152 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
14:42:10.0795 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\luafv.sys. md5: 6703e366cc18d3b6e534f5cf7df39cee
14:42:10.0826 2152 luafv ( LockedFile.Multi.Generic ) - warning
14:42:10.0826 2152 luafv - detected LockedFile.Multi.Generic (1)
14:42:10.0889 2152 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\windows\system32\DRIVERS\MarvinBus.sys
14:42:10.0889 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\MarvinBus.sys. md5: a3e700d78eec390f1208098cdca5c6b6
14:42:10.0889 2152 MarvinBus ( LockedFile.Multi.Generic ) - warning
14:42:10.0889 2152 MarvinBus - detected LockedFile.Multi.Generic (1)
14:42:11.0076 2152 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
14:42:11.0076 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\megasas.sys. md5: 0fff5b045293002ab38eb1fd1fc2fb74
14:42:11.0091 2152 megasas ( LockedFile.Multi.Generic ) - warning
14:42:11.0091 2152 megasas - detected LockedFile.Multi.Generic (1)
14:42:11.0138 2152 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
14:42:11.0138 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\MegaSR.sys. md5: dcbab2920c75f390caf1d29f675d03d6
14:42:11.0169 2152 MegaSR ( LockedFile.Multi.Generic ) - warning
14:42:11.0169 2152 MegaSR - detected LockedFile.Multi.Generic (1)
14:42:11.0216 2152 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\windows\system32\drivers\mfeavfk.sys
14:42:11.0216 2152 mfeavfk - ok
14:42:11.0247 2152 mfebopk (1d003e3056a43d881597d6763e83b943) C:\windows\system32\drivers\mfebopk.sys
14:42:11.0247 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\mfebopk.sys. md5: 1d003e3056a43d881597d6763e83b943
14:42:11.0279 2152 mfebopk ( LockedFile.Multi.Generic ) - warning
14:42:11.0279 2152 mfebopk - detected LockedFile.Multi.Generic (1)
14:42:11.0310 2152 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\windows\system32\drivers\mfehidk.sys
14:42:11.0310 2152 mfehidk - ok
14:42:11.0357 2152 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\windows\system32\drivers\mferkdk.sys
14:42:11.0357 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\mferkdk.sys. md5: 41fe2f288e05a6c8ab85dd56770ffbad
14:42:11.0357 2152 mferkdk ( LockedFile.Multi.Generic ) - warning
14:42:11.0357 2152 mferkdk - detected LockedFile.Multi.Generic (1)
14:42:11.0388 2152 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\windows\system32\drivers\mfesmfk.sys
14:42:11.0388 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\mfesmfk.sys. md5: 096b52ea918aa909ba5903d79e129005
14:42:11.0403 2152 mfesmfk ( LockedFile.Multi.Generic ) - warning
14:42:11.0403 2152 mfesmfk - detected LockedFile.Multi.Generic (1)
14:42:11.0497 2152 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
14:42:11.0497 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\modem.sys. md5: f001861e5700ee84e2d4e52c712f4964
14:42:11.0513 2152 Modem ( LockedFile.Multi.Generic ) - warning
14:42:11.0513 2152 Modem - detected LockedFile.Multi.Generic (1)
14:42:11.0544 2152 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
14:42:11.0544 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\monitor.sys. md5: 79d10964de86b292320e9dfe02282a23
14:42:11.0544 2152 monitor ( LockedFile.Multi.Generic ) - warning
14:42:11.0544 2152 monitor - detected LockedFile.Multi.Generic (1)
14:42:11.0575 2152 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
14:42:11.0575 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\mouclass.sys. md5: fb18cc1d4c2e716b6b903b0ac0cc0609
14:42:11.0575 2152 mouclass ( LockedFile.Multi.Generic ) - warning
14:42:11.0575 2152 mouclass - detected LockedFile.Multi.Generic (1)
14:42:11.0606 2152 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
14:42:11.0606 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\mouhid.sys. md5: 2c388d2cd01c9042596cf3c8f3c7b24d
14:42:11.0622 2152 mouhid ( LockedFile.Multi.Generic ) - warning
14:42:11.0622 2152 mouhid - detected LockedFile.Multi.Generic (1)
14:42:11.0669 2152 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
14:42:11.0669 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\mountmgr.sys. md5: 921c18727c5920d6c0300736646931c2
14:42:11.0669 2152 mountmgr ( LockedFile.Multi.Generic ) - warning
14:42:11.0669 2152 mountmgr - detected LockedFile.Multi.Generic (1)
14:42:11.0731 2152 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\windows\system32\Drivers\Mpfp.sys
14:42:11.0731 2152 Suspicious file (NoAccess): C:\windows\system32\Drivers\Mpfp.sys. md5: 95675c3398dcc084c8d1dc35cc4e9e01
14:42:11.0778 2152 MPFP ( LockedFile.Multi.Generic ) - warning
14:42:11.0778 2152 MPFP - detected LockedFile.Multi.Generic (1)
14:42:11.0840 2152 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
(CONT...)

 

[Joyfulldreams]

(CONT…)
14:42:11.0840 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\mpio.sys. md5: 2af5997438c55fb79d33d015c30e1974
14:42:11.0856 2152 mpio ( LockedFile.Multi.Generic ) - warning
14:42:11.0856 2152 mpio - detected LockedFile.Multi.Generic (1)
14:42:11.0887 2152 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
14:42:11.0887 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\mpsdrv.sys. md5: ad2723a7b53dd1aacae6ad8c0bfbf4d0
14:42:11.0903 2152 mpsdrv ( LockedFile.Multi.Generic ) - warning
14:42:11.0903 2152 mpsdrv - detected LockedFile.Multi.Generic (1)
14:42:11.0965 2152 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
14:42:11.0965 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\mrxdav.sys. md5: b1be47008d20e43da3adc37c24cdb89d
14:42:11.0965 2152 MRxDAV ( LockedFile.Multi.Generic ) - warning
14:42:11.0965 2152 MRxDAV - detected LockedFile.Multi.Generic (1)
14:42:12.0043 2152 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
14:42:12.0043 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\mrxsmb.sys. md5: ca7570e42522e24324a12161db14ec02
14:42:12.0043 2152 mrxsmb ( LockedFile.Multi.Generic ) - warning
14:42:12.0043 2152 mrxsmb - detected LockedFile.Multi.Generic (1)
14:42:12.0105 2152 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:42:12.0105 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\mrxsmb10.sys. md5: f965c3ab2b2ae5c378f4562486e35051
14:42:12.0121 2152 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
14:42:12.0121 2152 mrxsmb10 - detected LockedFile.Multi.Generic (1)
14:42:12.0183 2152 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:42:12.0183 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\mrxsmb20.sys. md5: 25c38264a3c72594dd21d355d70d7a5d
14:42:12.0199 2152 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
14:42:12.0199 2152 mrxsmb20 - detected LockedFile.Multi.Generic (1)
14:42:12.0246 2152 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
14:42:12.0246 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\msahci.sys. md5: 4326d168944123f38dd3b2d9c37a0b12
14:42:12.0277 2152 msahci ( LockedFile.Multi.Generic ) - warning
14:42:12.0277 2152 msahci - detected LockedFile.Multi.Generic (1)
14:42:12.0339 2152 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
14:42:12.0339 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\msdsm.sys. md5: 455029c7174a2dbb03dba8a0d8bddd9a
14:42:12.0355 2152 msdsm ( LockedFile.Multi.Generic ) - warning
14:42:12.0355 2152 msdsm - detected LockedFile.Multi.Generic (1)
14:42:12.0417 2152 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
14:42:12.0433 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\Msfs.sys. md5: daefb28e3af5a76abcc2c3078c07327f
14:42:12.0449 2152 Msfs ( LockedFile.Multi.Generic ) - warning
14:42:12.0449 2152 Msfs - detected LockedFile.Multi.Generic (1)
14:42:12.0495 2152 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
14:42:12.0495 2152 Suspicious file (NoAccess): C:\windows\System32\drivers\mshidkmdf.sys. md5: 3e1e5767043c5af9367f0056295e9f84
14:42:12.0495 2152 mshidkmdf ( LockedFile.Multi.Generic ) - warning
14:42:12.0495 2152 mshidkmdf - detected LockedFile.Multi.Generic (1)
14:42:12.0527 2152 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
14:42:12.0527 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\msisadrv.sys. md5: 0a4e5757ae09fa9622e3158cc1aef114
14:42:12.0558 2152 msisadrv ( LockedFile.Multi.Generic ) - warning
14:42:12.0558 2152 msisadrv - detected LockedFile.Multi.Generic (1)
14:42:12.0636 2152 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
14:42:12.0636 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\MSKSSRV.sys. md5: 8c0860d6366aaffb6c5bb9df9448e631
14:42:12.0636 2152 MSKSSRV ( LockedFile.Multi.Generic ) - warning
14:42:12.0636 2152 MSKSSRV - detected LockedFile.Multi.Generic (1)
14:42:12.0667 2152 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
14:42:12.0667 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\MSPCLOCK.sys. md5: 3ea8b949f963562cedbb549eac0c11ce
14:42:12.0698 2152 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
14:42:12.0698 2152 MSPCLOCK - detected LockedFile.Multi.Generic (1)
14:42:12.0729 2152 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
14:42:12.0729 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\MSPQM.sys. md5: f456e973590d663b1073e9c463b40932
14:42:12.0729 2152 MSPQM ( LockedFile.Multi.Generic ) - warning
14:42:12.0729 2152 MSPQM - detected LockedFile.Multi.Generic (1)
14:42:12.0839 2152 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
14:42:12.0839 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\MsRPC.sys. md5: 0e008fc4819d238c51d7c93e7b41e560
14:42:12.0885 2152 MsRPC ( LockedFile.Multi.Generic ) - warning
14:42:12.0885 2152 MsRPC - detected LockedFile.Multi.Generic (1)
14:42:12.0979 2152 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
14:42:12.0979 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\mssmbios.sys. md5: fc6b9ff600cc585ea38b12589bd4e246
14:42:12.0979 2152 mssmbios ( LockedFile.Multi.Generic ) - warning
14:42:12.0979 2152 mssmbios - detected LockedFile.Multi.Generic (1)
14:42:13.0041 2152 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
14:42:13.0041 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\MSTEE.sys. md5: b42c6b921f61a6e55159b8be6cd54a36
14:42:13.0041 2152 MSTEE ( LockedFile.Multi.Generic ) - warning
14:42:13.0041 2152 MSTEE - detected LockedFile.Multi.Generic (1)
14:42:13.0088 2152 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
14:42:13.0088 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\MTConfig.sys. md5: 33599130f44e1f34631cea241de8ac84
14:42:13.0104 2152 MTConfig ( LockedFile.Multi.Generic ) - warning
14:42:13.0104 2152 MTConfig - detected LockedFile.Multi.Generic (1)
14:42:13.0135 2152 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
14:42:13.0135 2152 Suspicious file (NoAccess): C:\windows\system32\Drivers\mup.sys. md5: 159fad02f64e6381758c990f753bcc80
14:42:13.0151 2152 Mup ( LockedFile.Multi.Generic ) - warning
14:42:13.0151 2152 Mup - detected LockedFile.Multi.Generic (1)
14:42:13.0213 2152 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
14:42:13.0213 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\nwifi.sys. md5: 26384429fcd85d83746f63e798ab1480
14:42:13.0229 2152 NativeWifiP ( LockedFile.Multi.Generic ) - warning
14:42:13.0229 2152 NativeWifiP - detected LockedFile.Multi.Generic (1)
14:42:13.0291 2152 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
14:42:13.0291 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\ndis.sys. md5: 23759d175a0a9baaf04d05047bc135a8
14:42:13.0322 2152 NDIS ( LockedFile.Multi.Generic ) - warning
14:42:13.0322 2152 NDIS - detected LockedFile.Multi.Generic (1)
14:42:13.0353 2152 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
14:42:13.0353 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\ndiscap.sys. md5: 0e1787aa6c9191d3d319e8bafe86f80c
14:42:13.0369 2152 NdisCap ( LockedFile.Multi.Generic ) - warning
14:42:13.0369 2152 NdisCap - detected LockedFile.Multi.Generic (1)
14:42:13.0400 2152 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888)
C:\windows\system32\DRIVERS\ndistapi.sys
14:42:13.0400 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\ndistapi.sys. md5: e4a8aec125a2e43a9e32afeea7c9c888
14:42:13.0416 2152 NdisTapi ( LockedFile.Multi.Generic ) - warning
14:42:13.0416 2152 NdisTapi - detected LockedFile.Multi.Generic (1)
14:42:13.0463 2152 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
14:42:13.0463 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\ndisuio.sys. md5: b30ae7f2b6d7e343b0df32e6c08fce75
14:42:13.0494 2152 Ndisuio ( LockedFile.Multi.Generic ) - warning
14:42:13.0494 2152 Ndisuio - detected LockedFile.Multi.Generic (1)
14:42:13.0525 2152 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
14:42:13.0525 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\ndiswan.sys. md5: 267c415eadcbe53c9ca873dee39cf3a4
14:42:13.0541 2152 NdisWan ( LockedFile.Multi.Generic ) - warning
14:42:13.0541 2152 NdisWan - detected LockedFile.Multi.Generic (1)
14:42:13.0572 2152 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
14:42:13.0572 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\NDProxy.sys. md5: af7e7c63dcef3f8772726f86039d6eb4
14:42:13.0587 2152 NDProxy ( LockedFile.Multi.Generic ) - warning
14:42:13.0603 2152 NDProxy - detected LockedFile.Multi.Generic (1)
14:42:13.0634 2152 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
14:42:13.0634 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\netbios.sys. md5: 80b275b1ce3b0e79909db7b39af74d51
14:42:13.0650 2152 NetBIOS ( LockedFile.Multi.Generic ) - warning
14:42:13.0650 2152 NetBIOS - detected LockedFile.Multi.Generic (1)
14:42:13.0681 2152 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
14:42:13.0681 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\netbt.sys. md5: dd52a733bf4ca5af84562a5e2f963b91
14:42:13.0697 2152 NetBT ( LockedFile.Multi.Generic ) - warning
14:42:13.0697 2152 NetBT - detected LockedFile.Multi.Generic (1)
14:42:13.0899 2152 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\windows\system32\DRIVERS\netw5v32.sys
14:42:13.0899 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\netw5v32.sys. md5: 58218ec6b61b1169cf54aab0d00f5fe2
14:42:13.0946 2152 netw5v32 ( LockedFile.Multi.Generic ) - warning
14:42:13.0946 2152 netw5v32 - detected LockedFile.Multi.Generic (1)
14:42:13.0977 2152 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
14:42:13.0977 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\nfrd960.sys. md5: 1d85c4b390b0ee09c7a46b91efb2c097
14:42:13.0993 2152 nfrd960 ( LockedFile.Multi.Generic ) - warning
14:42:13.0993 2152 nfrd960 - detected LockedFile.Multi.Generic (1)
14:42:14.0055 2152 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
14:42:14.0055 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\Npfs.sys. md5: 1db262a9f8c087e8153d89bef3d2235f
14:42:14.0071 2152 Npfs ( LockedFile.Multi.Generic ) - warning
14:42:14.0071 2152 Npfs - detected LockedFile.Multi.Generic (1)
14:42:14.0118 2152 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
14:42:14.0118 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\nsiproxy.sys. md5: e9a0a4d07e53d8fea2bb8387a3293c58
14:42:14.0133 2152 nsiproxy ( LockedFile.Multi.Generic ) - warning
14:42:14.0133 2152 nsiproxy - detected LockedFile.Multi.Generic (1)
14:42:14.0211 2152 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
14:42:14.0211 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\Ntfs.sys. md5: 187002ce05693c306f43c873f821381f
14:42:14.0227 2152 Ntfs ( LockedFile.Multi.Generic ) - warning
14:42:14.0227 2152 Ntfs - detected LockedFile.Multi.Generic (1)
14:42:14.0289 2152 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
14:42:14.0289 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\Null.sys. md5: f9756a98d69098dca8945d62858a812c
14:42:14.0289 2152 Null ( LockedFile.Multi.Generic ) - warning
14:42:14.0289 2152 Null - detected LockedFile.Multi.Generic (1)
14:42:14.0352 2152 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
14:42:14.0352 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\nvraid.sys. md5: f1b0bed906f97e16f6d0c3629d2f21c6
14:42:14.0367 2152 nvraid ( LockedFile.Multi.Generic ) - warning
14:42:14.0367 2152 nvraid - detected LockedFile.Multi.Generic (1)
14:42:14.0399 2152 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
14:42:14.0399 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\nvstor.sys. md5: 4520b63899e867f354ee012d34e11536
14:42:14.0414 2152 nvstor ( LockedFile.Multi.Generic ) - warning
14:42:14.0414 2152 nvstor - detected LockedFile.Multi.Generic (1)
14:42:14.0461 2152 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
14:42:14.0461 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\nv_agp.sys. md5: 5a0983915f02bae73267cc2a041f717d
14:42:14.0477 2152 nv_agp ( LockedFile.Multi.Generic ) - warning
14:42:14.0477 2152 nv_agp - detected LockedFile.Multi.Generic (1)
14:42:14.0539 2152 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
14:42:14.0539 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\ohci1394.sys. md5: 08a70a1f2cdde9bb49b885cb817a66eb
14:42:14.0539 2152 ohci1394 ( LockedFile.Multi.Generic ) - warning
14:42:14.0539 2152 ohci1394 - detected LockedFile.Multi.Generic (1)
14:42:14.0633 2152 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
14:42:14.0633 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\parport.sys. md5: 2ea877ed5dd9713c5ac74e8ea7348d14
14:42:14.0664 2152 Parport ( LockedFile.Multi.Generic ) - warning
14:42:14.0664 2152 Parport - detected LockedFile.Multi.Generic (1)
14:42:14.0711 2152 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
14:42:14.0711 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\partmgr.sys. md5: ff4218952b51de44fe910953a3e686b9
14:42:14.0726 2152 partmgr ( LockedFile.Multi.Generic ) - warning
14:42:14.0726 2152 partmgr - detected LockedFile.Multi.Generic (1)
14:42:14.0773 2152 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
14:42:14.0773 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\parvdm.sys. md5: eb0a59f29c19b86479d36b35983daadc
14:42:14.0804 2152 Parvdm ( LockedFile.Multi.Generic ) - warning
14:42:14.0804 2152 Parvdm - detected LockedFile.Multi.Generic (1)
14:42:14.0867 2152 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
14:42:14.0867 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\pci.sys. md5: c858cb77c577780ecc456a892e7e7d0f
14:42:14.0867 2152 pci ( LockedFile.Multi.Generic ) - warning
14:42:14.0867 2152 pci - detected LockedFile.Multi.Generic (1)
14:42:14.0913 2152 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
14:42:14.0913 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\pciide.sys. md5: afe86f419014db4e5593f69ffe26ce0a
14:42:14.0945 2152 pciide ( LockedFile.Multi.Generic ) - warning
14:42:14.0945 2152 pciide - detected LockedFile.Multi.Generic (1)
14:42:14.0991 2152 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
14:42:14.0991 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\pcmcia.sys. md5: f396431b31693e71e8a80687ef523506
14:42:14.0991 2152 pcmcia ( LockedFile.Multi.Generic ) - warning
14:42:14.0991 2152 pcmcia - detected LockedFile.Multi.Generic (1)
14:42:15.0054 2152 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
14:42:15.0054 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\pcw.sys. md5: 250f6b43d2b613172035c6747aeeb19f
14:42:15.0069 2152 pcw ( LockedFile.Multi.Generic ) - warning
14:42:15.0069 2152 pcw - detected LockedFile.Multi.Generic (1)
14:42:15.0116 2152 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
14:42:15.0116 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\peauth.sys. md5: 9e0104ba49f4e6973749a02bf41344ed
14:42:15.0116 2152 PEAUTH ( LockedFile.Multi.Generic ) - warning
14:42:15.0116 2152 PEAUTH - detected LockedFile.Multi.Generic (1)
14:42:15.0288 2152 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
14:42:15.0288 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\raspptp.sys. md5: 631e3e205ad6d86f2aed6a4a8e69f2db
14:42:15.0303 2152 PptpMiniport ( LockedFile.Multi.Generic ) - warning
14:42:15.0303 2152 PptpMiniport - detected LockedFile.Multi.Generic (1)
14:42:15.0335 2152 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
14:42:15.0335 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\processr.sys. md5: 85b1e3a0c7585bc4aae6899ec6fcf011
14:42:15.0350 2152 Processor ( LockedFile.Multi.Generic ) - warning
14:42:15.0350 2152 Processor - detected LockedFile.Multi.Generic (1)
14:42:15.0428 2152 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
14:42:15.0428 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\pacer.sys. md5: 6270ccae2a86de6d146529fe55b3246a
14:42:15.0459 2152 Psched ( LockedFile.Multi.Generic ) - warning
14:42:15.0459 2152 Psched - detected LockedFile.Multi.Generic (1)
14:42:15.0522 2152 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
14:42:15.0522 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\ql2300.sys. md5: ab95ecf1f6659a60ddc166d8315b0751
14:42:15.0537 2152 ql2300 ( LockedFile.Multi.Generic ) - warning
14:42:15.0537 2152 ql2300 - detected LockedFile.Multi.Generic (1)
14:42:15.0584 2152 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
14:42:15.0584 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\ql40xx.sys. md5: b4dd51dd25182244b86737dc51af2270
14:42:15.0615 2152 ql40xx ( LockedFile.Multi.Generic ) - warning
14:42:15.0615 2152 ql40xx - detected LockedFile.Multi.Generic (1)
14:42:15.0678 2152 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
14:42:15.0678 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\qwavedrv.sys. md5: 584078ca1b95ca72df2a27c336f9719d
14:42:15.0678 2152 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
14:42:15.0678 2152 QWAVEdrv - detected LockedFile.Multi.Generic (1)
14:42:15.0709 2152 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
14:42:15.0709 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\rasacd.sys. md5: 30a81b53c766d0133bb86d234e5556ab
14:42:15.0725 2152 RasAcd ( LockedFile.Multi.Generic ) - warning
14:42:15.0725 2152 RasAcd - detected LockedFile.Multi.Generic (1)
14:42:15.0756 2152 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
14:42:15.0756 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\AgileVpn.sys. md5: 57ec4aef73660166074d8f7f31c0d4fd
14:42:15.0771 2152 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
14:42:15.0771 2152 RasAgileVpn - detected LockedFile.Multi.Generic (1)
14:42:15.0818 2152 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
14:42:15.0818 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\rasl2tp.sys. md5: d9f91eafec2815365cbe6d167e4e332a
14:42:15.0849 2152 Rasl2tp ( LockedFile.Multi.Generic ) - warning
14:42:15.0849 2152 Rasl2tp - detected LockedFile.Multi.Generic (1)
14:42:15.0896 2152 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
14:42:15.0896 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\raspppoe.sys. md5: 0fe8b15916307a6ac12bfb6a63e45507
14:42:15.0896 2152 RasPppoe ( LockedFile.Multi.Generic ) - warning
14:42:15.0896 2152 RasPppoe - detected LockedFile.Multi.Generic (1)
14:42:15.0927 2152 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
14:42:15.0927 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\rassstp.sys. md5: 44101f495a83ea6401d886e7fd70096b
14:42:15.0943 2152 RasSstp ( LockedFile.Multi.Generic ) - warning
14:42:15.0943 2152 RasSstp - detected LockedFile.Multi.Generic (1)
14:42:15.0974 2152 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
14:42:15.0974 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\rdbss.sys. md5: 835d7e81bf517a3b72384bdcc85e1ce6
14:42:15.0990 2152 rdbss ( LockedFile.Multi.Generic ) - warning
14:42:15.0990 2152 rdbss - detected LockedFile.Multi.Generic (1)
14:42:16.0037 2152 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
14:42:16.0037 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\rdpbus.sys. md5: 0d8f05481cb76e70e1da06ee9f0da9df
14:42:16.0037 2152 rdpbus ( LockedFile.Multi.Generic ) - warning
14:42:16.0037 2152 rdpbus - detected LockedFile.Multi.Generic (1)
14:42:16.0099 2152 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
14:42:16.0099 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\RDPCDD.sys. md5: 1e016846895b15a99f9a176a05029075
14:42:16.0099 2152 RDPCDD ( LockedFile.Multi.Generic ) - warning
14:42:16.0099 2152 RDPCDD - detected LockedFile.Multi.Generic (1)
14:42:16.0130 2152 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
14:42:16.0130 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\rdpencdd.sys. md5: 5a53ca1598dd4156d44196d200c94b8a
14:42:16.0146 2152 RDPENCDD ( LockedFile.Multi.Generic ) - warning
14:42:16.0146 2152 RDPENCDD - detected LockedFile.Multi.Generic (1)
14:42:16.0177 2152 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
14:42:16.0177 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\rdprefmp.sys. md5: 44b0a53cd4f27d50ed461dae0c0b4e1f
14:42:16.0193 2152 RDPREFMP ( LockedFile.Multi.Generic ) - warning
14:42:16.0193 2152 RDPREFMP - detected LockedFile.Multi.Generic (1)
14:42:16.0240 2152 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
14:42:16.0240 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\RDPWD.sys. md5: 801371ba9782282892d00aadb08ee367
14:42:16.0240 2152 RDPWD ( LockedFile.Multi.Generic ) - warning
14:42:16.0240 2152 RDPWD - detected LockedFile.Multi.Generic (1)
14:42:16.0287 2152 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
14:42:16.0287 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\rdyboost.sys. md5: 4ea225bf1cf05e158853f30a99ca29a7
14:42:16.0287 2152 rdyboost ( LockedFile.Multi.Generic ) - warning
14:42:16.0287 2152 rdyboost - detected LockedFile.Multi.Generic (1)
14:42:16.0365 2152 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
14:42:16.0365 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\rfcomm.sys. md5: cb928d9e6daf51879dd6ba8d02f01321
14:42:16.0381 2152 RFCOMM ( LockedFile.Multi.Generic ) - warning
14:42:16.0381 2152 RFCOMM - detected LockedFile.Multi.Generic (1)
14:42:16.0474 2152 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
14:42:16.0474 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\rspndr.sys. md5: 032b0d36ad92b582d869879f5af5b928
14:42:16.0506 2152 rspndr ( LockedFile.Multi.Generic ) - warning
14:42:16.0506 2152 rspndr - detected LockedFile.Multi.Generic (1)
14:42:16.0521 2152 RSUSBSTOR - ok
14:42:16.0552 2152 RtsUIR - ok
14:42:16.0615 2152 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
14:42:16.0615 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\sbp2port.sys. md5: 34ee0c44b724e3e4ce2eff29126de5b5
14:42:16.0615 2152 sbp2port ( LockedFile.Multi.Generic ) - warning
14:42:16.0615 2152 sbp2port - detected LockedFile.Multi.Generic (1)
14:42:16.0662 2152 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
14:42:16.0662 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\scfilter.sys. md5: a95c54b2ac3cc9c73fcdf9e51a1d6b51
14:42:16.0677 2152 scfilter ( LockedFile.Multi.Generic ) - warning
14:42:16.0677 2152 scfilter - detected LockedFile.Multi.Generic (1)
14:42:16.0786 2152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
14:42:16.0786 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\secdrv.sys. md5: 90a3935d05b494a5a39d37e71f09a677
14:42:16.0818 2152 secdrv ( LockedFile.Multi.Generic ) - warning
14:42:16.0818 2152 secdrv - detected LockedFile.Multi.Generic (1)
14:42:16.0896 2152 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
14:42:16.0896 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\serenum.sys. md5: 9ad8b8b515e3df6acd4212ef465de2d1
14:42:16.0896 2152 Serenum ( LockedFile.Multi.Generic ) - warning
14:42:16.0896 2152 Serenum - detected LockedFile.Multi.Generic (1)
14:42:16.0927 2152 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
14:42:16.0927 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\serial.sys. md5: 5fb7fcea0490d821f26f39cc5ea3d1e2
14:42:16.0942 2152 Serial ( LockedFile.Multi.Generic ) - warning
14:42:16.0942 2152 Serial - detected LockedFile.Multi.Generic (1)
14:42:16.0974 2152 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
14:42:16.0974 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\sermouse.sys. md5: 79bffb520327ff916a582dfea17aa813
14:42:16.0989 2152 sermouse ( LockedFile.Multi.Generic ) - warning
14:42:16.0989 2152 sermouse - detected LockedFile.Multi.Generic (1)
14:42:17.0052 2152 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
14:42:17.0052 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\sffdisk.sys. md5: 9f976e1eb233df46fce808d9dea3eb9c
14:42:17.0052 2152 sffdisk ( LockedFile.Multi.Generic ) - warning
14:42:17.0052 2152 sffdisk - detected LockedFile.Multi.Generic (1)
14:42:17.0083 2152 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
14:42:17.0083 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\sffp_mmc.sys. md5: 932a68ee27833cfd57c1639d375f2731
14:42:17.0098 2152 sffp_mmc ( LockedFile.Multi.Generic ) - warning
14:42:17.0098 2152 sffp_mmc - detected LockedFile.Multi.Generic (1)
14:42:17.0114 2152 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
14:42:17.0114 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\sffp_sd.sys. md5: 4f1e5b0fe7c8050668dbfade8999aefb
14:42:17.0130 2152 sffp_sd ( LockedFile.Multi.Generic ) - warning
14:42:17.0130 2152 sffp_sd - detected LockedFile.Multi.Generic (1)
14:42:17.0176 2152 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
14:42:17.0176 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\sfloppy.sys. md5: db96666cc8312ebc45032f30b007a547
14:42:17.0176 2152 sfloppy ( LockedFile.Multi.Generic ) - warning
14:42:17.0176 2152 sfloppy - detected LockedFile.Multi.Generic (1)
14:42:17.0254 2152 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
14:42:17.0254 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\sisagp.sys. md5: 2565cac0dc9fe0371bdce60832582b2e
14:42:17.0270 2152 sisagp ( LockedFile.Multi.Generic ) - warning
14:42:17.0270 2152 sisagp - detected LockedFile.Multi.Generic (1)
14:42:17.0301 2152 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
14:42:17.0301 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\SiSRaid2.sys. md5: a9f0486851becb6dda1d89d381e71055
14:42:17.0332 2152 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
14:42:17.0332 2152 SiSRaid2 - detected LockedFile.Multi.Generic (1)
14:42:17.0379 2152 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
14:42:17.0379 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\sisraid4.sys. md5: 3727097b55738e2f554972c3be5bc1aa
14:42:17.0379 2152 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
14:42:17.0379 2152 SiSRaid4 - detected LockedFile.Multi.Generic (1)
14:42:17.0457 2152 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
14:42:17.0457 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\smb.sys. md5: 3e21c083b8a01cb70ba1f09303010fce
14:42:17.0473 2152 Smb ( LockedFile.Multi.Generic ) - warning
14:42:17.0473 2152 Smb - detected LockedFile.Multi.Generic (1)
14:42:17.0535 2152 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
14:42:17.0535 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\spldr.sys. md5: 95cf1ae7527fb70f7816563cbc09d942
14:42:17.0535 2152 spldr ( LockedFile.Multi.Generic ) - warning
14:42:17.0535 2152 spldr - detected LockedFile.Multi.Generic (1)
14:42:17.0785 2152 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
14:42:17.0785 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\srv.sys. md5: c4a027b8c0bd3fc0699f41fa5e9e0c87
14:42:17.0800 2152 srv ( LockedFile.Multi.Generic ) - warning
14:42:17.0800 2152 srv - detected LockedFile.Multi.Generic (1)
14:42:17.0847 2152 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
14:42:17.0847 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\srv2.sys. md5: 414bb592cad8a79649d01f9d94318fb3
14:42:17.0847 2152 srv2 ( LockedFile.Multi.Generic ) - warning
14:42:17.0847 2152 srv2 - detected LockedFile.Multi.Generic (1)
14:42:17.0910 2152 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
14:42:17.0910 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\srvnet.sys. md5: ff207d67700aa18242aaf985d3e7d8f4
14:42:17.0910 2152 srvnet ( LockedFile.Multi.Generic ) - warning
14:42:17.0910 2152 srvnet - detected LockedFile.Multi.Generic (1)
14:42:17.0972 2152 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
14:42:17.0972 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\stexstor.sys. md5: db32d325c192b801df274bfd12a7e72b
14:42:17.0988 2152 stexstor ( LockedFile.Multi.Generic ) - warning
14:42:17.0988 2152 stexstor - detected LockedFile.Multi.Generic (1)
14:42:18.0019 2152 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
14:42:18.0019 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\swenum.sys. md5: e58c78a848add9610a4db6d214af5224
14:42:18.0034 2152 swenum ( LockedFile.Multi.Generic ) - warning
14:42:18.0034 2152 swenum - detected LockedFile.Multi.Generic (1)
14:42:18.0222 2152 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
14:42:18.0222 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\tcpip.sys. md5: 56c198ac82efa622dd93e9e43575f79c
14:42:18.0253 2152 Tcpip ( LockedFile.Multi.Generic ) - warning
14:42:18.0253 2152 Tcpip - detected LockedFile.Multi.Generic (1)
14:42:18.0315 2152 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
14:42:18.0315 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\tcpip.sys. md5: 56c198ac82efa622dd93e9e43575f79c
14:42:18.0331 2152 TCPIP6 ( LockedFile.Multi.Generic ) - warning
14:42:18.0331 2152 TCPIP6 - detected LockedFile.Multi.Generic (1)
14:42:18.0487 2152 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
14:42:18.0487 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\tcpipreg.sys. md5: e64444523add154f86567c469bc0b17f
14:42:18.0502 2152 tcpipreg ( LockedFile.Multi.Generic ) - warning
14:42:18.0502 2152 tcpipreg - detected LockedFile.Multi.Generic (1)
14:42:18.0549 2152 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
14:42:18.0549 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\tdpipe.sys. md5: 1875c1490d99e70e449e3afae9fcbadf
14:42:18.0549 2152 TDPIPE ( LockedFile.Multi.Generic ) - warning
14:42:18.0549 2152 TDPIPE - detected LockedFile.Multi.Generic (1)
14:42:18.0580 2152 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
14:42:18.0580 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\tdtcp.sys. md5: 7551e91ea999ee9a8e9c331d5a9c31f3
14:42:18.0612 2152 TDTCP ( LockedFile.Multi.Generic ) - warning
14:42:18.0612 2152 TDTCP - detected LockedFile.Multi.Generic (1)
14:42:18.0674 2152 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
14:42:18.0674 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\tdx.sys. md5: cb39e896a2a83702d1737bfd402b3542
14:42:18.0674 2152 tdx ( LockedFile.Multi.Generic ) - warning
14:42:18.0674 2152 tdx - detected LockedFile.Multi.Generic (1)
14:42:18.0721 2152 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
14:42:18.0721 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\termdd.sys. md5: c36f41ee20e6999dbf4b0425963268a5
14:42:18.0736 2152 TermDD ( LockedFile.Multi.Generic ) - warning
14:42:18.0736 2152 TermDD - detected LockedFile.Multi.Generic (1)
14:42:18.0877 2152 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
14:42:18.0877 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\tssecsrv.sys. md5: 98ae6fa07d12cb4ec5cf4a9bfa5f4242
14:42:18.0892 2152 tssecsrv ( LockedFile.Multi.Generic ) - warning
14:42:18.0892 2152 tssecsrv - detected LockedFile.Multi.Generic (1)
14:42:18.0924 2152 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
14:42:18.0924 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\tunnel.sys. md5: 3e461d890a97f9d4c168f5fda36e1d00
14:42:18.0924 2152 tunnel ( LockedFile.Multi.Generic ) - warning
14:42:18.0924 2152 tunnel - detected LockedFile.Multi.Generic (1)
14:42:18.0970 2152 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
14:42:18.0970 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\uagp35.sys. md5: 750fbcb269f4d7dd2e420c56b795db6d
14:42:19.0002 2152 uagp35 ( LockedFile.Multi.Generic ) - warning
14:42:19.0002 2152 uagp35 - detected LockedFile.Multi.Generic (1)
14:42:19.0048 2152 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
14:42:19.0048 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\udfs.sys. md5: 09cc3e16f8e5ee7168e01cf8fcbe061a
14:42:19.0048 2152 udfs ( LockedFile.Multi.Generic ) - warning
14:42:19.0048 2152 udfs - detected LockedFile.Multi.Generic (1)
14:42:19.0126 2152 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
14:42:19.0126 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\uliagpkx.sys. md5: 44e8048ace47befbfdc2e9be4cbc8880
14:42:19.0126 2152 uliagpkx ( LockedFile.Multi.Generic ) - warning
14:42:19.0126 2152 uliagpkx - detected LockedFile.Multi.Generic (1)
14:42:19.0173 2152 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
14:42:19.0173 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\umbus.sys. md5: 049b3a50b3d646baeeee9eec9b0668dc
14:42:19.0189 2152 umbus ( LockedFile.Multi.Generic ) - warning
14:42:19.0189 2152 umbus - detected LockedFile.Multi.Generic (1)
14:42:19.0220 2152 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
14:42:19.0220 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\umpass.sys. md5: 7550ad0c6998ba1cb4843e920ee0feac
14:42:19.0236 2152 UmPass ( LockedFile.Multi.Generic ) - warning
14:42:19.0236 2152 UmPass - detected LockedFile.Multi.Generic (1)
14:42:19.0298 2152 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
14:42:19.0298 2152 Suspicious file (NoAccess): C:\windows\system32\Drivers\usbaapl.sys. md5: 83cafcb53201bbac04d822f32438e244
14:42:19.0329 2152 USBAAPL ( LockedFile.Multi.Generic ) - warning
14:42:19.0329 2152 USBAAPL - detected LockedFile.Multi.Generic (1)
14:42:19.0407 2152 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys
14:42:19.0407 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\usbaudio.sys. md5: 2436a42aab4ad48a9b714e5b0f344627
14:42:19.0438 2152 usbaudio ( LockedFile.Multi.Generic ) - warning
14:42:19.0438 2152 usbaudio - detected LockedFile.Multi.Generic (1)
14:42:19.0485 2152 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
14:42:19.0485 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\usbccgp.sys. md5: c31ae588e403042632dc796cf09e30b0
14:42:19.0501 2152 usbccgp ( LockedFile.Multi.Generic ) - warning
14:42:19.0501 2152 usbccgp - detected LockedFile.Multi.Generic (1)
14:42:19.0532 2152 USBCCID - ok
14:42:19.0594 2152 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
14:42:19.0594 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\usbcir.sys. md5: 04ec7cec62ec3b6d9354eee93327fc82
14:42:19.0641 2152 usbcir ( LockedFile.Multi.Generic ) - warning
14:42:19.0641 2152 usbcir - detected LockedFile.Multi.Generic (1)
14:42:19.0735 2152 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
14:42:19.0735 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\usbehci.sys. md5: e4c436d914768ce965d5e659ba7eebd8
14:42:19.0750 2152 usbehci ( LockedFile.Multi.Generic ) - warning
14:42:19.0750 2152 usbehci - detected LockedFile.Multi.Generic (1)
14:42:19.0782 2152 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
14:42:19.0782 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\usbhub.sys. md5: bdcd7156ec37448f08633fd899823620
14:42:19.0797 2152 usbhub ( LockedFile.Multi.Generic ) - warning
14:42:19.0797 2152 usbhub - detected LockedFile.Multi.Generic (1)
14:42:19.0844 2152 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
14:42:19.0844 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\usbohci.sys. md5: eb2d819a639015253c871cda09d91d58
14:42:19.0860 2152 usbohci ( LockedFile.Multi.Generic ) - warning
14:42:19.0860 2152 usbohci - detected LockedFile.Multi.Generic (1)
14:42:19.0906 2152 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
14:42:19.0906 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\usbprint.sys. md5: 797d862fe0875e75c7cc4c1ad7b30252
14:42:19.0922 2152 usbprint ( LockedFile.Multi.Generic ) - warning
14:42:19.0922 2152 usbprint - detected LockedFile.Multi.Generic (1)
14:42:19.0984 2152 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
14:42:19.0984 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\usbscan.sys. md5: 576096ccbc07e7c4ea4f5e6686d6888f
14:42:20.0000 2152 usbscan ( LockedFile.Multi.Generic ) - warning
14:42:20.0000 2152 usbscan - detected LockedFile.Multi.Generic (1)
14:42:20.0031 2152 usbsmi (44cdcf77305096e866381688635064d8) C:\windows\system32\DRIVERS\SMIksdrv.sys
14:42:20.0031 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\SMIksdrv.sys. md5: 44cdcf77305096e866381688635064d8
14:42:20.0062 2152 usbsmi ( LockedFile.Multi.Generic ) - warning
14:42:20.0062 2152 usbsmi - detected LockedFile.Multi.Generic (1)
14:42:20.0109 2152 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:42:20.0109 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\USBSTOR.SYS. md5: 1c4287739a93594e57e2a9e6a3ed7353
14:42:20.0140 2152 USBSTOR ( LockedFile.Multi.Generic ) - warning
14:42:20.0140 2152 USBSTOR - detected LockedFile.Multi.Generic (1)
14:42:20.0203 2152 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
14:42:20.0203 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\usbuhci.sys. md5: 22480bf4e5a09192e5e30ba4dde79fa4
14:42:20.0218 2152 usbuhci ( LockedFile.Multi.Generic ) - warning
14:42:20.0218 2152 usbuhci - detected LockedFile.Multi.Generic (1)
14:42:20.0281 2152 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
14:42:20.0281 2152 Suspicious file (NoAccess): C:\windows\System32\Drivers\usbvideo.sys. md5: b5f6a992d996282b7fae7048e50af83a
14:42:20.0312 2152 usbvideo ( LockedFile.Multi.Generic ) - warning
14:42:20.0312 2152 usbvideo - detected LockedFile.Multi.Generic (1)
14:42:20.0390 2152 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
14:42:20.0390 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vdrvroot.sys. md5: a059c4c3edb09e07d21a8e5c0aabd3cb
14:42:20.0390 2152 vdrvroot ( LockedFile.Multi.Generic ) - warning
14:42:20.0390 2152 vdrvroot - detected LockedFile.Multi.Generic (1)
14:42:20.0452 2152 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
14:42:20.0452 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vgapnp.sys. md5: 17c408214ea61696cec9c66e388b14f3
14:42:20.0468 2152 vga ( LockedFile.Multi.Generic ) - warning
14:42:20.0468 2152 vga - detected LockedFile.Multi.Generic (1)
14:42:20.0515 2152 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
14:42:20.0515 2152 Suspicious file (NoAccess): C:\windows\System32\drivers\vga.sys. md5: 8e38096ad5c8570a6f1570a61e251561
14:42:20.0546 2152 VgaSave ( LockedFile.Multi.Generic ) - warning
14:42:20.0546 2152 VgaSave - detected LockedFile.Multi.Generic (1)
14:42:20.0593 2152 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
14:42:20.0593 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vhdmp.sys. md5: 3be6e1f3a4f1afec8cee0d7883f93583
14:42:20.0608 2152 vhdmp ( LockedFile.Multi.Generic ) - warning
14:42:20.0608 2152 vhdmp - detected LockedFile.Multi.Generic (1)
14:42:20.0655 2152 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
14:42:20.0655 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\viaagp.sys. md5: c829317a37b4bea8f39735d4b076e923
14:42:20.0655 2152 viaagp ( LockedFile.Multi.Generic ) - warning
14:42:20.0655 2152 viaagp - detected LockedFile.Multi.Generic (1)
14:42:20.0702 2152 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
14:42:20.0702 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\viac7.sys. md5: e02f079a6aa107f06b16549c6e5c7b74
14:42:20.0702 2152 ViaC7 ( LockedFile.Multi.Generic ) - warning
14:42:20.0702 2152 ViaC7 - detected LockedFile.Multi.Generic (1)
14:42:20.0749 2152 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
14:42:20.0749 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\viaide.sys. md5: e43574f6a56a0ee11809b48c09e4fd3c
14:42:20.0749 2152 viaide ( LockedFile.Multi.Generic ) - warning
14:42:20.0749 2152 viaide - detected LockedFile.Multi.Generic (1)
14:42:20.0796 2152 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
14:42:20.0796 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\volmgr.sys. md5: 384e5a2aa49934295171e499f86ba6f3
14:42:20.0827 2152 volmgr ( LockedFile.Multi.Generic ) - warning
14:42:20.0827 2152 volmgr - detected LockedFile.Multi.Generic (1)
14:42:20.0874 2152 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
14:42:20.0874 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\volmgrx.sys. md5: b5bb72067ddddbbfb04b2f89ff8c3c87
14:42:20.0874 2152 volmgrx ( LockedFile.Multi.Generic ) - warning
14:42:20.0874 2152 volmgrx - detected LockedFile.Multi.Generic (1)
14:42:20.0920 2152 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
14:42:20.0920 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\volsnap.sys. md5: 58df9d2481a56edde167e51b334d44fd
14:42:20.0967 2152 volsnap ( LockedFile.Multi.Generic ) - warning
14:42:20.0967 2152 volsnap - detected LockedFile.Multi.Generic (1)
14:42:20.0998 2152 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
14:42:20.0998 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vsmraid.sys. md5: 9dfa0cc2f8855a04816729651175b631
14:42:20.0998 2152 vsmraid ( LockedFile.Multi.Generic ) - warning
14:42:20.0998 2152 vsmraid - detected LockedFile.Multi.Generic (1)
14:42:21.0076 2152 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
14:42:21.0076 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vwifibus.sys. md5: 90567b1e658001e79d7c8bbd3dde5aa6
14:42:21.0092 2152 vwifibus ( LockedFile.Multi.Generic ) - warning
14:42:21.0092 2152 vwifibus - detected LockedFile.Multi.Generic (1)
14:42:21.0123 2152 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
14:42:21.0123 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vwififlt.sys. md5: 7090d3436eeb4e7da3373090a23448f7
14:42:21.0139 2152 vwififlt ( LockedFile.Multi.Generic ) - warning
14:42:21.0139 2152 vwififlt - detected LockedFile.Multi.Generic (1)
14:42:21.0248 2152 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
14:42:21.0248 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vwifimp.sys. md5: a3f04cbea6c2a10e6cb01f8b47611882
14:42:21.0279 2152 vwifimp ( LockedFile.Multi.Generic ) - warning
14:42:21.0279 2152 vwifimp - detected LockedFile.Multi.Generic (1)
14:42:21.0404 2152 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\windows\system32\DRIVERS\VX3000.sys
14:42:21.0404 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\VX3000.sys. md5: e26744e5dd71a16e80d4dd5a286b8423
14:42:21.0435 2152 VX3000 ( LockedFile.Multi.Generic ) - warning
14:42:21.0435 2152 VX3000 - detected LockedFile.Multi.Generic (1)
14:42:21.0513 2152 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys
14:42:21.0513 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wacommousefilter.sys. md5: 427a8bc96f16c40df81c2d2f4edd32dd
14:42:21.0529 2152 wacommousefilter ( LockedFile.Multi.Generic ) - warning
14:42:21.0529 2152 wacommousefilter - detected LockedFile.Multi.Generic (1)
14:42:21.0576 2152 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
14:42:21.0576 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wacompen.sys. md5: de3721e89c653aa281428c8a69745d90
14:42:21.0591 2152 WacomPen ( LockedFile.Multi.Generic ) - warning
14:42:21.0591 2152 WacomPen - detected LockedFile.Multi.Generic (1)
14:42:21.0732 2152 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\windows\system32\DRIVERS\wacomvhid.sys
14:42:21.0732 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wacomvhid.sys. md5: 73e6f16a1f187d71fb26af308551e54a
14:42:21.0747 2152 wacomvhid ( LockedFile.Multi.Generic ) - warning
14:42:21.0747 2152 wacomvhid - detected LockedFile.Multi.Generic (1)
14:42:21.0794 2152 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\windows\system32\DRIVERS\WacomVKHid.sys
14:42:21.0794 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\WacomVKHid.sys. md5: 889459833432b161cb99cfdf84a1a9bb
14:42:21.0794 2152 WacomVKHid ( LockedFile.Multi.Generic ) - warning
14:42:21.0794 2152 WacomVKHid - detected LockedFile.Multi.Generic (1)
14:42:21.0841 2152 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
14:42:21.0841 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wanarp.sys. md5: 692a712062146e96d28ba0b7d75de31b
14:42:21.0856 2152 WANARP ( LockedFile.Multi.Generic ) - warning
14:42:21.0856 2152 WANARP - detected LockedFile.Multi.Generic (1)
14:42:21.0888 2152 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
14:42:21.0888 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wanarp.sys. md5: 692a712062146e96d28ba0b7d75de31b
14:42:21.0888 2152 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
(CONT...)

 

[Joyfulldreams]

(CONT…)
14:42:21.0888 2152 Wanarpv6 - detected LockedFile.Multi.Generic (1)
14:42:22.0075 2152 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
14:42:22.0075 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wd.sys. md5: 1112a9badacb47b7c0bb0392e3158dff
14:42:22.0090 2152 Wd ( LockedFile.Multi.Generic ) - warning
14:42:22.0090 2152 Wd - detected LockedFile.Multi.Generic (1)
14:42:22.0153 2152 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
14:42:22.0153 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\Wdf01000.sys. md5: 9950e3d0f08141c7e89e64456ae7dc73
14:42:22.0200 2152 Wdf01000 ( LockedFile.Multi.Generic ) - warning
14:42:22.0200 2152 Wdf01000 - detected LockedFile.Multi.Generic (1)
14:42:22.0357 2152 wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\windows\system32\DRIVERS\WDMirror.sys
14:42:22.0357 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\WDMirror.sys. md5: ea4e9dd00e69b35f9bd3d39acb113e3f
14:42:22.0372 2152 wdmirror ( LockedFile.Multi.Generic ) - warning
14:42:22.0372 2152 wdmirror - detected LockedFile.Multi.Generic (1)
14:42:22.0591 2152 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
14:42:22.0591 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wfplwf.sys. md5: 8b9a943f3b53861f2bfaf6c186168f79
14:42:22.0622 2152 WfpLwf ( LockedFile.Multi.Generic ) - warning
14:42:22.0622 2152 WfpLwf - detected LockedFile.Multi.Generic (1)
14:42:22.0669 2152 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
14:42:22.0669 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wimfltr.sys. md5: f9ad3a5e3fd7e0bdb18b8202b0fdd4e4
14:42:22.0684 2152 WimFltr ( LockedFile.Multi.Generic ) - warning
14:42:22.0684 2152 WimFltr - detected LockedFile.Multi.Generic (1)
14:42:22.0715 2152 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
14:42:22.0715 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\wimmount.sys. md5: 5cf95b35e59e2a38023836fff31be64c
14:42:22.0715 2152 WIMMount ( LockedFile.Multi.Generic ) - warning
14:42:22.0715 2152 WIMMount - detected LockedFile.Multi.Generic (1)
14:42:22.0793 2152 WinRing0_1_2_0 - ok
14:42:22.0981 2152 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
14:42:22.0981 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\WinUsb.sys. md5: 30fc6e5448d0cbaaa95280eeef7fedae
14:42:23.0012 2152 WinUsb ( LockedFile.Multi.Generic ) - warning
14:42:23.0012 2152 WinUsb - detected LockedFile.Multi.Generic (1)
14:42:23.0074 2152 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
14:42:23.0074 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wmiacpi.sys. md5: 0217679b8fca58714c3bf2726d2ca84e
14:42:23.0074 2152 WmiAcpi ( LockedFile.Multi.Generic ) - warning
14:42:23.0074 2152 WmiAcpi - detected LockedFile.Multi.Generic (1)
14:42:23.0183 2152 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
14:42:23.0183 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\ws2ifsl.sys. md5: 6db3276587b853bf886b69528fdb048c
14:42:23.0183 2152 ws2ifsl ( LockedFile.Multi.Generic ) - warning
14:42:23.0183 2152 ws2ifsl - detected LockedFile.Multi.Generic (1)
14:42:23.0293 2152 wsvd (baedc491374defd5e76336901d6d397d) C:\windows\system32\DRIVERS\wsvd.sys
14:42:23.0293 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wsvd.sys. md5: baedc491374defd5e76336901d6d397d
14:42:23.0293 2152 wsvd ( LockedFile.Multi.Generic ) - warning
14:42:23.0293 2152 wsvd - detected LockedFile.Multi.Generic (1)
14:42:23.0418 2152 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
14:42:23.0418 2152 Suspicious file (NoAccess): C:\windows\system32\drivers\WudfPf.sys. md5: 6f9b6c0c93232cff47d0f72d6db1d21e
14:42:23.0450 2152 WudfPf ( LockedFile.Multi.Generic ) - warning
14:42:23.0450 2152 WudfPf - detected LockedFile.Multi.Generic (1)
14:42:23.0481 2152 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
14:42:23.0481 2152 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\WUDFRd.sys. md5: f91ff1e51fca30b3c3981db7d5924252
14:42:23.0481 2152 WUDFRd ( LockedFile.Multi.Generic ) - warning
14:42:23.0481 2152 WUDFRd - detected LockedFile.Multi.Generic (1)
14:42:23.0559 2152 yduowol - ok
14:42:23.0590 2152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:42:24.0605 2152 \Device\Harddisk0\DR0 - ok
14:42:24.0621 2152 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
14:42:28.0038 2152 \Device\Harddisk1\DR2 - ok
14:42:28.0054 2152 Boot (0x1200) (6a9859e29c460d04956380340e36ecfb) \Device\Harddisk0\DR0\Partition0
14:42:28.0054 2152 \Device\Harddisk0\DR0\Partition0 - ok
14:42:28.0100 2152 Boot (0x1200) (b19277422edb57508603871b3b9facd5) \Device\Harddisk0\DR0\Partition1
14:42:28.0100 2152 \Device\Harddisk0\DR0\Partition1 - ok
14:42:28.0132 2152 Boot (0x1200) (68bfb177d49be22e2ddce6c6625c0060) \Device\Harddisk0\DR0\Partition2
14:42:28.0132 2152 \Device\Harddisk0\DR0\Partition2 - ok
14:42:28.0132 2152 Boot (0x1200) (432ae445ee7bb19feab728fe3ec87f08) \Device\Harddisk1\DR2\Partition0
14:42:28.0132 2152 \Device\Harddisk1\DR2\Partition0 - ok
14:42:28.0132 2152 ============================================================
14:42:28.0132 2152 Scan finished
14:42:28.0132 2152 ============================================================
14:42:28.0147 3832 Detected object count: 250
14:42:28.0147 3832 Actual detected object count: 250
14:42:34.0440 3832 AmdK8 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0440 3832 AmdK8 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0456 3832 AmdPPM ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0456 3832 AmdPPM ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0456 3832 amdsata ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0456 3832 amdsata ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0456 3832 amdsbs ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0456 3832 amdsbs ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0456 3832 amdxata ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0456 3832 amdxata ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0456 3832 ApfiltrService ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0456 3832 ApfiltrService ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0456 3832 AppID ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0456 3832 AppID ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0471 3832 arc ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0471 3832 arc ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0471 3832 arcsas ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0471 3832 arcsas ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0471 3832 AsyncMac ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0471 3832 AsyncMac ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0471 3832 BCM43XX ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0471 3832 BCM43XX ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0471 3832 Beep ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0471 3832 Beep ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0487 3832 blbdrive ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0487 3832 blbdrive ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0487 3832 bowser ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0487 3832 bowser ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0487 3832 BrFiltLo ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0487 3832 BrFiltLo ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0487 3832 BrFiltUp ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0487 3832 BrFiltUp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0487 3832 Bridge0 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0487 3832 Bridge0 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0487 3832 Brserid ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0487 3832 Brserid ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0502 3832 BrSerWdm ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0502 3832 BrSerWdm ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0502 3832 BrUsbMdm ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0502 3832 BrUsbMdm ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0502 3832 BrUsbSer ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0502 3832 BrUsbSer ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0502 3832 BthEnum ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0502 3832 BthEnum ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0502 3832 BTHMODEM ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0502 3832 BTHMODEM ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0518 3832 BthPan ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0518 3832 BthPan ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0518 3832 BTHPORT ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0518 3832 BTHPORT ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0518 3832 BTHUSB ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0518 3832 BTHUSB ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0518 3832 cdfs ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0518 3832 cdfs ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0518 3832 cdrom ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0518 3832 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0518 3832 circlass ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0518 3832 circlass ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0534 3832 CmBatt ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0534 3832 CmBatt ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0534 3832 cmdide ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0534 3832 cmdide ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0534 3832 CNG ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0534 3832 CNG ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0534 3832 CnxtHdAudService ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0534 3832 CnxtHdAudService ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0534 3832 Compbatt ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0534 3832 Compbatt ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0534 3832 CompositeBus ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0534 3832 CompositeBus ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0549 3832 crcdisk ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0549 3832 crcdisk ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0549 3832 DfsC ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0549 3832 DfsC ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0549 3832 discache ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0549 3832 discache ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0549 3832 Disk ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0549 3832 Disk ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0549 3832 drmkaud ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0549 3832 drmkaud ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0565 3832 DXGKrnl ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0565 3832 DXGKrnl ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0565 3832 ebdrv ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0565 3832 ebdrv ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0565 3832 elxstor ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0565 3832 elxstor ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0565 3832 ErrDev ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0565 3832 ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0565 3832 exfat ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0565 3832 exfat ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0565 3832 f1fd89874c5dc9ed ( LockedService.Multi.Generic ) - skipped by user
14:42:34.0565 3832 f1fd89874c5dc9ed ( LockedService.Multi.Generic ) - User select action: Skip
14:42:34.0580 3832 fastfat ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0580 3832 fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0580 3832 fdc ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0580 3832 fdc ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0580 3832 FileInfo ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0580 3832 FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0580 3832 Filetrace ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0580 3832 Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0580 3832 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0580 3832 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0580 3832 FltMgr ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0580 3832 FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0596 3832 FsDepends ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0596 3832 FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0596 3832 Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0596 3832 Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0596 3832 funfrm ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0596 3832 funfrm ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0596 3832 fvevol ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0596 3832 fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0596 3832 gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0596 3832 gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0596 3832 GEARAspiWDM ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0612 3832 GEARAspiWDM ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0612 3832 hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0612 3832 hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0612 3832 HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0612 3832 HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0612 3832 HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0612 3832 HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0612 3832 HidBatt ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0612 3832 HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0612 3832 HidBth ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0612 3832 HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0627 3832 HidIr ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0627 3832 HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0627 3832 HidUsb ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0627 3832 HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0627 3832 HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0627 3832 HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0627 3832 HTTP ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0627 3832 HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0627 3832 hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0627 3832 hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0627 3832 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0627 3832 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0643 3832 iaStor ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0643 3832 iaStor ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0643 3832 iaStorV ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0643 3832 iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0643 3832 igfx ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0643 3832 igfx ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0643 3832 iirsp ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0643 3832 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0643 3832 intelide ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0643 3832 intelide ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0643 3832 intelppm ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0643 3832 intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0658 3832 IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0658 3832 IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0658 3832 IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0658 3832 IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0658 3832 IPNAT ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0658 3832 IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0658 3832 IRENUM ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0658 3832 IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0658 3832 isapnp ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0658 3832 isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0674 3832 iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0674 3832 iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0674 3832 k57nd60x ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0674 3832 k57nd60x ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0674 3832 kbdclass ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0674 3832 kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0674 3832 kbdhid ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0674 3832 kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0674 3832 KSecDD ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0674 3832 KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0674 3832 KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0674 3832 KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0690 3832 lltdio ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0690 3832 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0690 3832 LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0690 3832 LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0690 3832 LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0690 3832 LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0690 3832 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0690 3832 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0690 3832 LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0690 3832 LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0690 3832 luafv ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0690 3832 luafv ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0705 3832 MarvinBus ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0705 3832 MarvinBus ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0705 3832 megasas ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0705 3832 megasas ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0705 3832 MegaSR ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0705 3832 MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0705 3832 mfebopk ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0705 3832 mfebopk ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0705 3832 mferkdk ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0705 3832 mferkdk ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0721 3832 mfesmfk ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0721 3832 mfesmfk ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0721 3832 Modem ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0721 3832 Modem ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0721 3832 monitor ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0721 3832 monitor ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0721 3832 mouclass ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0721 3832 mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0721 3832 mouhid ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0721 3832 mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0721 3832 mountmgr ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0721 3832 mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0736 3832 MPFP ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0736 3832 MPFP ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0736 3832 mpio ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0736 3832 mpio ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0736 3832 mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0736 3832 mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0736 3832 MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0736 3832 MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0736 3832 mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0736 3832 mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0736 3832 mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0736 3832 mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0752 3832 mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0752 3832 mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0752 3832 msahci ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0752 3832 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0752 3832 msdsm ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0752 3832 msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0752 3832 Msfs ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0752 3832 Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0752 3832 mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0752 3832 mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0768 3832 msisadrv ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0768 3832 msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0768 3832 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0768 3832 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0768 3832 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0768 3832 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0768 3832 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0768 3832 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0768 3832 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0768 3832 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0768 3832 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0768 3832 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0783 3832 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0783 3832 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0783 3832 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0783 3832 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0783 3832 Mup ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0783 3832 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0783 3832 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0783 3832 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0783 3832 NDIS ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0783 3832 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0799 3832 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0799 3832 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0799 3832 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0799 3832 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0799 3832 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0799 3832 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0799 3832 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0799 3832 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0799 3832 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0799 3832 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0799 3832 NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0799 3832 NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0814 3832 NetBT ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0814 3832 NetBT ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0814 3832 netw5v32 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0814 3832 netw5v32 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0814 3832 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0814 3832 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0814 3832 Npfs ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0814 3832 Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0814 3832 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0814 3832 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0814 3832 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0814 3832 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0830 3832 Null ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0830 3832 Null ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0830 3832 nvraid ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0830 3832 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0830 3832 nvstor ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0830 3832 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0830 3832 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0830 3832 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0830 3832 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0830 3832 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0830 3832 Parport ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0830 3832 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0846 3832 partmgr ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0846 3832 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0846 3832 Parvdm ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0846 3832 Parvdm ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0846 3832 pci ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0846 3832 pci ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0846 3832 pciide ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0846 3832 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0846 3832 pcmcia ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0846 3832 pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0861 3832 pcw ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0861 3832 pcw ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0861 3832 PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0861 3832 PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0861 3832 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0861 3832 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0861 3832 Processor ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0861 3832 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0861 3832 Psched ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0861 3832 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0861 3832 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0861 3832 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0877 3832 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0877 3832 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0877 3832 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0877 3832 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0877 3832 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0877 3832 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0877 3832 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0877 3832 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0877 3832 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0877 3832 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0877 3832 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0877 3832 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0892 3832 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0892 3832 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0892 3832 rdbss ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0892 3832 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0892 3832 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0892 3832 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0892 3832 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0892 3832 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0892 3832 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0892 3832 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0908 3832 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0908 3832 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0908 3832 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0908 3832 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0908 3832 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0908 3832 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0908 3832 RFCOMM ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0908 3832 RFCOMM ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0908 3832 rspndr ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0908 3832 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0908 3832 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0908 3832 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0924 3832 scfilter ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0924 3832 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0924 3832 secdrv ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0924 3832 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0924 3832 Serenum ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0924 3832 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0924 3832 Serial ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0924 3832 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0924 3832 sermouse ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0924 3832 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0924 3832 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0924 3832 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0939 3832 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0939 3832 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0939 3832 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0939 3832 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0939 3832 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0939 3832 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0939 3832 sisagp ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0939 3832 sisagp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0939 3832 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0939 3832 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0955 3832 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0955 3832 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0955 3832 Smb ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0955 3832 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0955 3832 spldr ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0955 3832 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0955 3832 srv ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0955 3832 srv ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0955 3832 srv2 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0955 3832 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0955 3832 srvnet ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0955 3832 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0970 3832 stexstor ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0970 3832 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0970 3832 swenum ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0970 3832 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0970 3832 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0970 3832 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0970 3832 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0970 3832 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0970 3832 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0970 3832 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0970 3832 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0970 3832 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0986 3832 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0986 3832 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0986 3832 tdx ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0986 3832 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0986 3832 TermDD ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0986 3832 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0986 3832 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0986 3832 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:34.0986 3832 tunnel ( LockedFile.Multi.Generic ) - skipped by user
14:42:34.0986 3832 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0002 3832 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0002 3832 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0002 3832 udfs ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0002 3832 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0002 3832 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0002 3832 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0002 3832 umbus ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0002 3832 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0002 3832 UmPass ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0002 3832 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0002 3832 USBAAPL ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0002 3832 USBAAPL ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0017 3832 usbaudio ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0017 3832 usbaudio ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0017 3832 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0017 3832 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0017 3832 usbcir ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0017 3832 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0017 3832 usbehci ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0017 3832 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0017 3832 usbhub ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0017 3832 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0017 3832 usbohci ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0017 3832 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0033 3832 usbprint ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0033 3832 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0033 3832 usbscan ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0033 3832 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0033 3832 usbsmi ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0033 3832 usbsmi ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0033 3832 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0033 3832 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0033 3832 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0033 3832 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0048 3832 usbvideo ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0048 3832 usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0048 3832 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0048 3832 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0048 3832 vga ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0048 3832 vga ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0048 3832 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0048 3832 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0048 3832 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0048 3832 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0048 3832 viaagp ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0048 3832 viaagp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0064 3832 ViaC7 ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0064 3832 ViaC7 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0064 3832 viaide ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0064 3832 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0064 3832 volmgr ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0064 3832 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0064 3832 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0064 3832 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0064 3832 volsnap ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0064 3832 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0080 3832 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0080 3832 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0080 3832 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0080 3832 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0080 3832 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0080 3832 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0080 3832 vwifimp ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0080 3832 vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0080 3832 VX3000 ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0080 3832 VX3000 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0080 3832 wacommousefilter ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0080 3832 wacommousefilter ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0095 3832 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0095 3832 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0095 3832 wacomvhid ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0095 3832 wacomvhid ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0095 3832 WacomVKHid ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0095 3832 WacomVKHid ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0095 3832 WANARP ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0095 3832 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0095 3832 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0095 3832 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0111 3832 Wd ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0111 3832 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0111 3832 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0111 3832 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0111 3832 wdmirror ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0111 3832 wdmirror ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0111 3832 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0111 3832 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0111 3832 WimFltr ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0111 3832 WimFltr ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0111 3832 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0111 3832 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0126 3832 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0126 3832 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0126 3832 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0126 3832 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0126 3832 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0126 3832 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0126 3832 wsvd ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0126 3832 wsvd ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0126 3832 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0126 3832 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
14:42:35.0126 3832 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
14:42:35.0126 3832 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
14:44:44.0078 4628 Deinitialize success

THIRD

14:39:34.0453 6120 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:39:34.0484 6120 ============================================================
14:39:34.0484 6120 Current date / time: 2012/01/05 14:39:34.0484
14:39:34.0484 6120 SystemInfo:
14:39:34.0484 6120
14:39:34.0484 6120 OS Version: 6.1.7600 ServicePack: 0.0
14:39:34.0484 6120 Product type: Workstation
14:39:34.0484 6120 ComputerName: REBECCA-PC
14:39:34.0484 6120 UserName: Rebecca
14:39:34.0484 6120 Windows directory: C:\windows
14:39:34.0484 6120 System windows directory: C:\windows
14:39:34.0484 6120 Processor architecture: Intel x86
14:39:34.0484 6120 Number of processors: 2
14:39:34.0484 6120 Page size: 0x1000
14:39:34.0484 6120 Boot type: Normal boot
14:39:34.0484 6120 ============================================================
14:39:38.0458 6120 !crdlk
14:39:38.0599 6120 Initialize success
14:40:27.0444 6128 Deinitialize success

I have 1 instance of the results in the first log, 4 instances of the results in the second log, and 3 instances of the results in the third log...

(Also, when I tried to put in my USB key to transfer the logs from my no-internet laptop to the MacBook with internet, it wouldn't recognize my USB key and had to restart my computer. Nothing changed and I put everything on my USB. Just thought you should know.)

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Joyfulldreams]

I think there was an error downloading Avast onto my infected laptop because it has no internet access.

Should I start the scan anyway?

 

[Broni]

Go ahead...

 

[Joyfulldreams]

There was a scan error, and it hasn't done anything...

Should I try the thing the says 'FixMBR' or just save the log and move on?

 

[Broni]

Do nothing more than posted in my instructions.

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Joyfulldreams]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c900000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Go ahead with Combofix.

 

[Joyfulldreams]

For some reason, this is taking a really long time. It says it should only take around 10 minutes, but it's been almost two hours with no change...

 

[Broni]

Restart manually and try safe mode.

 

[Joyfulldreams]

Still can't boot up into safe mode. The computer restarts itself before it finishes booting into safe mode...

I tried going again with ComboFix in normal mode, but it tells me that McAfee VirusScan is still enabled, even though I'm not sure if I even have that and I have no idea how to disable it. Also, I'm having issues disabling the E-mail and Instant Messaging protection on my McAfee Security Center, it keeps on telling me 'the setting cannot be changed because of an error' and nothing more.

McAfee came with my laptop and I never even use it, so I'm not familiar with it...

 

[Broni]

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Joyfulldreams]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c900000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Joyfulldreams]

When I first double-click on the .exe, I get this error:

16 bit MS-DOS Subsystem
---
C:\Users\Rebecca\Desktop\_OTL~1.EXE
The NTVDM CPU has encountered an illegal instruction.
CS:058a IP:010a OP:63 20 4f 53 20 Choose 'Close' to terminate the application.

Choose Close or Ignore?

 

[Broni]

Delete your OTL file, download fresh one and try again.

 

[Joyfulldreams]

Same thing happens...

 

[Broni]

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

 

[Joyfulldreams]

I'm trying to boot via the CD, but when I enter the boot setup and look at the Boot priority order it doesn't say anything about a CD-ROM

Order says:
1: HDD : WDC WD2500BEVT-22ZCT0 - (PM)
2: ODD : HL-DT-ST DVDRAM GSA-T50N- (PS)
3: PCI LAN : MBA v11.0.11 Slot 0700
4: USB FDD :
5: USB KEY :
6: USB HDD : -(USB 2.0)
7: USB ODD :
8:

What do I do? ^_^;

Or, wait...is it the DVDRAM thing? Am I just being stupid?

Also, when I restarted the computer I got some warning about 'this window is set to be open at all times, if you close it you'll miss important warnings, are you sure you want to be like an ostrich and stick your head in the sand' or something like that, but I restarted anyway.