Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Cannot install antivirus

This is a discussion on Cannot install antivirus within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have purchased bitdefender total security and cannot install it as the installation crashes. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet


 
 
Thread Tools Search this Thread
Old 05-07-2016, 10:42 PM   #1
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



I have purchased bitdefender total security and cannot install it as the installation crashes.

DDS.txt

Quote:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Soumil at 11:07:07 on 2016-05-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7326.4663 [GMT 5.5:30]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Soumil\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\TEMP\bd_3561.tmp\wxq3572.tmp
C:\Users\Soumil\AppData\Local\Temp\RarSFX1\setupdownloader.exe
C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\Installer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Microsoft Web Test Recorder 12.0 Helper: {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Web Test Recorder 12.0: {46857999-9b7c-4895-9d22-81a4a2478868} -
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [uTorrent] "C:\Users\Soumil\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [{0698C8B1-24DE-44B7-B8C9-A6044C297EE1}] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\IJNTU').SwGAjkd)));
mRun: [razer update] C:\Users\Soumil\AppData\Roaming\Razer Synapse\razerupdater.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mExplorerRun: [742502532] C:\ProgramData\msbjadtby.exe
StartupFolder: C:\Users\Soumil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GDYNXD~1.LNK - C:\Users\Soumil\AppData\Roaming\brVzWJr\regKey.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{317285C5-5721-46A8-B64C-DB499BDC6E26} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{64A135FF-0E37-44A5-A8AB-DBD986C47312} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {28D584AW-734E-HHK3-0R13-1531XHN7XQP5} - C:\Users\Soumil\AppData\Roaming\Razer Synapse\razerupdater.exe
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-EB: Web Test Recorder 12.0: {46857999-9b7c-4895-9d22-81a4a2478868} -
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\Windows\System32\rundll32.exe" C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Soumil\AppData\Roaming\Mozilla\Firefox\Profiles\to80odf6.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-4-11 645480]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-4-11 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-12-11 20464]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2015-12-30 44648]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-24 1156400]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2016-4-26 2449536]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-4-11 16232]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-12-11 296432]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 IntelHaxm;Intel HAXM Service;C:\Windows\System32\drivers\IntelHaxm.sys [2016-3-13 84992]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [2014-10-15 22744]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-12-11 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-24 1872688]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-11-23 5915440]
R2 ProductAgentService;ProductAgentService;C:\Program Files\Bitdefender Agent\ProductAgentService.exe [2016-5-8 947640]
R2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2013-9-13 337776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-11-23 417400]
R2 syshost32;syshost32;"C:\Windows\Installer\{E9CAEF2E-8C5E-EBC7-6DBA-E7014DA2ADC2}\syshost.exe" /service --> C:\Windows\Installer\{E9CAEF2E-8C5E-EBC7-6DBA-E7014DA2ADC2}\syshost.exe [?]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-7-14 5495056]
R2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2015-11-20 339968]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-12-11 450520]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-12-11 370672]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-12-11 791024]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-24 19760]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2015-11-23 8133424]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-11-23 50472]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-12-11 906968]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2015-6-23 190088]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2015-9-19 42088]
S2 AGSService;Adobe Genuine Software Integrity Service;"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" --> C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;C:\Windows\System32\drivers\hidusbf.sys [2015-2-1 7808]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-2-8 20992]
S3 tap0901cn;Speedify Virtual Adapter;C:\Windows\System32\drivers\tap0901cn.sys [2015-11-21 39544]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-8-22 119808]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-2-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2014-7-22 89232]
S3 wampapache64;wampapache64;C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [2015-6-23 24576]
S3 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 --> c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [?]
.
=============== Created Last 30 ================
.
2016-05-08 05:32:32 25987 ----a-w- C:\ProgramData\1462685550.bdinstall.bin
2016-05-08 05:29:47 26022 ----a-w- C:\ProgramData\1462685384.bdinstall.bin
2016-05-08 05:28:19 26022 ----a-w- C:\ProgramData\1462685296.bdinstall.bin
2016-05-08 05:26:50 26022 ----a-w- C:\ProgramData\1462685208.bdinstall.bin
2016-05-08 05:24:17 72553 ----a-w- C:\ProgramData\1462685021.5376.bin
2016-05-08 05:24:14 991 ----a-w- C:\ProgramData\1462685021.5784.bin
2016-05-08 05:24:14 7685 ----a-w- C:\ProgramData\1462685021.5680.bin
2016-05-08 05:24:14 739 ----a-w- C:\ProgramData\1462685021.5988.bin
2016-05-08 05:24:14 739 ----a-w- C:\ProgramData\1462685021.3008.bin
2016-05-08 05:24:14 3190 ----a-w- C:\ProgramData\1462685021.5368.bin
2016-05-08 05:24:14 -------- d-----w- C:\Program Files\Bitdefender
2016-05-08 05:24:08 2342 ----a-w- C:\ProgramData\1462685021.6088.bin
2016-05-08 05:23:49 8134 ----a-w- C:\ProgramData\1462685021.5896.bin
2016-05-08 05:23:49 7923 ----a-w- C:\ProgramData\1462685021.5052.bin
2016-05-08 05:23:41 103475 ----a-w- C:\ProgramData\1462685021.4336.bin
2016-05-08 05:04:28 -------- d-----w- C:\Users\Soumil\AppData\Roaming\QuickScan
2016-05-08 05:04:25 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2016-05-08 04:58:04 -------- d-----w- C:\ProgramData\Bitdefender Agent
2016-05-08 04:58:04 -------- d-----w- C:\Program Files\Bitdefender Agent
2016-04-30 07:12:37 242960 ----a-w- C:\Windows\SysWow64\EasyAntiCheat.exe
2016-04-25 15:27:35 -------- d-----w- C:\Users\Soumil\AppData\Local\Labcenter Electronics
2016-04-25 15:26:53 54784 ----a-w- C:\Windows\SysWow64\INETWH32.DLL
2016-04-25 15:26:53 1048576 ----a-w- C:\Windows\SysWow64\ROBOEX32.DLL
2016-04-25 15:26:53 -------- d-----w- C:\Program Files (x86)\Common Files\Labcenter Electronics
2016-04-25 15:26:51 -------- d-----w- C:\Program Files (x86)\Labcenter Electronics
2016-04-25 15:18:34 -------- d-----w- C:\ProgramData\HP InfoTech
2016-04-25 15:17:53 -------- d-----w- C:\cvavreval
2016-04-14 17:27:34 -------- d-----w- C:\My Web Sites
2016-04-14 17:27:19 -------- d-----w- C:\Program Files\WinHTTrack
.
==================== Find3M ====================
.
2016-03-02 23:03:45 110176 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
.
============= FINISH: 11:07:57.95 ===============
Attached Files
File Type: txt attach.txt (17.7 KB, 343 views)
Dsoumil is offline  
Sponsored Links
Advertisement
 
Old 05-11-2016, 12:16 AM   #2
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



bump thread.
Dsoumil is offline  
Old 05-11-2016, 12:47 AM   #3
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Dsoumil,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we? Please do the below steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Sponsored Links
Advertisement
 
Old 05-11-2016, 01:04 AM   #4
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



AdwCleaner Scan

Quote:
# AdwCleaner v5.116 - Logfile created 11/05/2016 at 13:22:05
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Soumil - SOUMIL-PC
# Running from : C:\Users\Soumil\Downloads\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
[-] Folder Deleted : C:\Program Files (x86)\Popcorn Time

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [874 bytes] - [11/05/2016 13:22:05]
C:\AdwCleaner\AdwCleaner[C2].txt - [4441 bytes] - [16/10/2015 11:55:05]
C:\AdwCleaner\AdwCleaner[C3].txt - [967 bytes] - [23/11/2015 14:13:25]
C:\AdwCleaner\AdwCleaner[C4].txt - [2928 bytes] - [17/01/2016 10:16:33]
C:\AdwCleaner\AdwCleaner[R0].txt - [1027 bytes] - [23/05/2015 18:20:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [1055 bytes] - [23/05/2015 18:21:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [3094 bytes] - [27/02/2016 03:14:08]
C:\AdwCleaner\AdwCleaner[S2].txt - [6715 bytes] - [16/09/2015 18:42:03]
C:\AdwCleaner\AdwCleaner[S3].txt - [863 bytes] - [23/11/2015 14:12:29]
C:\AdwCleaner\AdwCleaner[S4].txt - [2704 bytes] - [16/01/2016 03:33:23]
C:\AdwCleaner\AdwCleaner[S5].txt - [2704 bytes] - [17/01/2016 10:15:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1674 bytes] ##########
Attached Files
File Type: txt FRST.txt (67.2 KB, 46 views)
File Type: txt Addition.txt (43.3 KB, 43 views)
Dsoumil is offline  
Old 05-11-2016, 05:31 AM   #5
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Dsoumil,

It looks like we have a Necurs Rootkit.

Please go to: VirusTotal

Click the Choose File button.
Please copy/paste the following bolded text into the 'File name:' box:

C:\Windows\SysWOW64\EasyAntiCheat.exe

Click Open then click the Scan it! button just below.
This will scan the file. Please be patient.
If you get a message saying File already analyzed: click Reanalyse
Once scanned, copy and paste the URL from your browser address bar in your next reply.

========================================================

Please do the below steps.

STEP 1

We need to uninstall some programs.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programS to uninstall:

Hotspot Shield 5.4.0
>>>>> READ
Popcorn Time >>>>>>>>> READ
IDM
IDM Patch 6.25 build 02

========================================================

STEP 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST64.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

========================================================

STEP 3

Please download TDSSKiller here or here. to the desktop.
Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
If a suspicious file is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
If Necurs is detected in this service 4adf39cfa5401019; with this file C:\Windows\System32\Drivers\4adf39cfa5401019.sys then select delete
Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
Copy and paste its contents in your next reply.
Attached Files
File Type: txt fixlist.txt (3.8 KB, 39 views)
__________________
tekir06 is offline  
Old 05-11-2016, 10:18 AM   #6
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



Virustotal link :-

https://www.virustotal.com/en/file/e...is/1462986829/

fixlog.txt

Quote:
Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Soumil (2016-05-11 22:13:15) Run:1
Running from C:\Users\Soumil\Desktop
Loaded Profiles: Soumil (Available Profiles: Soumil)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorepoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-720693947-1303394291-4216041671-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF HKU\S-1-5-21-720693947-1303394291-4216041671-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Soumil\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\pdf.dll => No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-720693947-1303394291-4216041671-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-720693947-1303394291-4216041671-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
R2 syshost32; C:\Windows\Installer\{E9CAEF2E-8C5E-EBC7-6DBA-E7014DA2ADC2}\syshost.exe [253952 2016-03-17] () [File not signed]
S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [X]
U5 4adf39cfa5401019; C:\Windows\System32\Drivers\4adf39cfa5401019.sys [74176 2016-03-17] () <===== ATTENTION Necurs Rootkit?
U5 4adf39cfa5401019; <===== ATTENTION: Locked Service
S3 cpuz138; \??\C:\Users\Soumil\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U4 vsserv; no ImagePath
2016-05-11 13:23 - 2014-12-25 05:26 - 00000000 ____D C:\Users\Soumil\AppData\Roaming\uTorrent
2016-01-17 10:12 - 2016-01-17 10:12 - 0000006 ____S () C:\ProgramData\6fc91da760ab7b04670e1a21d05a13caf8841d43
2015-02-08 14:36 - 2010-11-20 17:47 - 100187904 ___SH () C:\ProgramData\msbjadtby.exe
Task: {0B21667E-1EA3-4ABE-9422-94A3BE37AAAD} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-13] ()
Task: {5717E643-A3F2-4900-B405-9A97D8EA3F95} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-13] ()
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [143]
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent" /f
FirewallRules: [{0621E26A-3A28-4948-BF6C-8345759F2151}] => (Allow) C:\Users\Soumil\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{76733F96-8B79-4EB2-BF1A-4A8E1A6A346F}] => (Allow) C:\Users\Soumil\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{15C8E6D6-523E-41B2-8838-F3E814157B3A}] => (Allow) C:\Users\Soumil\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ADB89DF0-5765-41CD-B391-A182EB51D6CA}] => (Allow) C:\Users\Soumil\AppData\Roaming\uTorrent\uTorrent.exe
CMD: sc stop 4adf39cfa5401019
CMD: sc delete 4adf39cfa5401019
RemoveProxy:
EmptyTemp:


*****************

Error: (0) Failed to create a restore point.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-720693947-1303394291-4216041671-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKU\S-1-5-21-720693947-1303394291-4216041671-1000\Software\Mozilla\SeaMonkey\Extensions\\[email protected] => value removed successfully
C:\Users\Soumil\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\pdf.dll => not found.
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
"HKU\S-1-5-21-720693947-1303394291-4216041671-1000\SOFTWARE\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd" => key removed successfully
"HKU\S-1-5-21-720693947-1303394291-4216041671-1000\SOFTWARE\Google\Chrome\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd" => key removed successfully
syshost32 => Unable to stop service.
syshost32 => service removed successfully
Update service => service removed successfully
4adf39cfa5401019 => service could not remove
4adf39cfa5401019 => service could not remove
cpuz138 => service removed successfully
gdrv => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
vsserv => service removed successfully

"C:\Users\Soumil\AppData\Roaming\uTorrent" folder move:

Could not move "C:\Users\Soumil\AppData\Roaming\uTorrent" => Scheduled to move on reboot.

C:\ProgramData\6fc91da760ab7b04670e1a21d05a13caf8841d43 => moved successfully
Could not move "C:\ProgramData\msbjadtby.exe" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B21667E-1EA3-4ABE-9422-94A3BE37AAAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B21667E-1EA3-4ABE-9422-94A3BE37AAAD}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMSDaily => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5717E643-A3F2-4900-B405-9A97D8EA3F95}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5717E643-A3F2-4900-B405-9A97D8EA3F95}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.

========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent" /f =========

The operation completed successfully.



========= End of Reg: =========

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0621E26A-3A28-4948-BF6C-8345759F2151} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76733F96-8B79-4EB2-BF1A-4A8E1A6A346F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15C8E6D6-523E-41B2-8838-F3E814157B3A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADB89DF0-5765-41CD-B391-A182EB51D6CA} => value removed successfully

========= sc stop 4adf39cfa5401019 =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


========= sc delete 4adf39cfa5401019 =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-720693947-1303394291-4216041671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-720693947-1303394291-4216041671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 705.5 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-05-11 22:15:30)

C:\Users\Soumil\AppData\Roaming\uTorrent => Is moved successfully
C:\ProgramData\msbjadtby.exe => Is moved successfully

==== End of Fixlog 22:15:30 ====

TDSSKiller.3.1.0.9_11.05.2016_22.18.52_log.txt

Quote:
22:18:52.0458 0x11e8 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:18:56.0908 0x11e8 ============================================================
22:18:56.0908 0x11e8 Current date / time: 2016/05/11 22:18:56.0908
22:18:56.0908 0x11e8 SystemInfo:
22:18:56.0908 0x11e8
22:18:56.0908 0x11e8 OS Version: 6.1.7601 ServicePack: 1.0
22:18:56.0908 0x11e8 Product type: Workstation
22:18:56.0908 0x11e8 ComputerName: SOUMIL-PC
22:18:56.0908 0x11e8 UserName: Soumil
22:18:56.0908 0x11e8 Windows directory: C:\Windows
22:18:56.0908 0x11e8 System windows directory: C:\Windows
22:18:56.0908 0x11e8 Running under WOW64
22:18:56.0908 0x11e8 Processor architecture: Intel x64
22:18:56.0908 0x11e8 Number of processors: 8
22:18:56.0908 0x11e8 Page size: 0x1000
22:18:56.0908 0x11e8 Boot type: Normal boot
22:18:56.0908 0x11e8 ============================================================
22:18:59.0846 0x11e8 KLMD registered as C:\Windows\system32\drivers\45555390.sys
22:19:14.0117 0x11e8 KLMD registered as C:\Windows\system32\drivers\67891255.sys
22:19:14.0819 0x11f0 Deinitialize success
Dsoumil is offline  
Old 05-11-2016, 10:20 AM   #7
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



TDSSKiller.3.1.0.9_11.05.2016_22.20.27_log

Quote:
22:20:27.0810 0x0964 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:20:29.0666 0x0964 ============================================================
22:20:29.0666 0x0964 Current date / time: 2016/05/11 22:20:29.0666
22:20:29.0666 0x0964 SystemInfo:
22:20:29.0666 0x0964
22:20:29.0666 0x0964 OS Version: 6.1.7601 ServicePack: 1.0
22:20:29.0666 0x0964 Product type: Workstation
22:20:29.0666 0x0964 ComputerName: SOUMIL-PC
22:20:29.0666 0x0964 UserName: Soumil
22:20:29.0666 0x0964 Windows directory: C:\Windows
22:20:29.0666 0x0964 System windows directory: C:\Windows
22:20:29.0666 0x0964 Running under WOW64
22:20:29.0666 0x0964 Processor architecture: Intel x64
22:20:29.0666 0x0964 Number of processors: 8
22:20:29.0666 0x0964 Page size: 0x1000
22:20:29.0666 0x0964 Boot type: Normal boot
22:20:29.0666 0x0964 ============================================================
22:20:29.0666 0x0964 BG loaded
22:20:30.0306 0x0964 System UUID: {C95E907B-4A64-533E-F01E-8160F89C8963}
22:20:31.0008 0x0964 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
22:20:31.0039 0x0964 ============================================================
22:20:31.0039 0x0964 \Device\Harddisk0\DR0:
22:20:31.0054 0x0964 MBR partitions:
22:20:31.0054 0x0964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:20:31.0054 0x0964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C3800
22:20:31.0070 0x0964 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F650F, BlocksNum 0x124F6491
22:20:31.0101 0x0964 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x249EC9DF, BlocksNum 0x159943A1
22:20:31.0101 0x0964 ============================================================
22:20:31.0273 0x0964 C: <-> \Device\Harddisk0\DR0\Partition2
22:20:31.0538 0x0964 D: <-> \Device\Harddisk0\DR0\Partition3
22:20:31.0772 0x0964 E: <-> \Device\Harddisk0\DR0\Partition4
22:20:31.0866 0x0964 G: <-> \Device\Harddisk0\DR0\Partition1
22:20:31.0866 0x0964 ============================================================
22:20:31.0866 0x0964 Initialize success
22:20:31.0866 0x0964 ============================================================
22:21:01.0881 0x0e28 ============================================================
22:21:01.0881 0x0e28 Scan started
22:21:01.0881 0x0e28 Mode: Manual;
22:21:01.0881 0x0e28 ============================================================
22:21:01.0881 0x0e28 KSN ping started
22:21:15.0921 0x0e28 KSN ping finished: true
22:21:24.0096 0x0e28 ================ Scan system memory ========================
22:21:24.0096 0x0e28 Scan was interrupted by user!
22:21:27.0481 0x0e28 Win FW state via NFP2: disabled ( not trusted )
22:21:30.0180 0x0e28 ============================================================
22:21:30.0180 0x0e28 Scan finished
22:21:30.0180 0x0e28 ============================================================
22:21:30.0180 0x0e20 Detected object count: 0
22:21:30.0180 0x0e20 Actual detected object count: 0
22:23:09.0871 0x0b7c ============================================================
22:23:09.0871 0x0b7c Scan started
22:23:09.0871 0x0b7c Mode: Manual; SigCheck; TDLFS;
22:23:09.0871 0x0b7c ============================================================
22:23:09.0871 0x0b7c KSN ping started
22:23:12.0966 0x0b7c KSN ping finished: true
22:23:14.0887 0x0b7c ================ Scan system memory ========================
22:23:14.0887 0x0b7c System memory - ok
22:23:14.0887 0x0b7c ================ Scan services =============================
22:23:15.0043 0x0b7c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:23:15.0090 0x0b7c 1394ohci - ok
22:23:15.0105 0x0b7c Suspicious service (NoAccess): 4adf39cfa5401019
22:23:15.0136 0x0b7c [ 821BF03BF3170B299A2F9BF3D276A495, 60EA949C9FC7476AD88B2892367B291D7CA39021EFD74F5405AB4CABBD0E95B1 ] 4adf39cfa5401019 C:\Windows\System32\Drivers\4adf39cfa5401019.sys
22:23:15.0136 0x0b7c Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\4adf39cfa5401019.sys. md5: 821BF03BF3170B299A2F9BF3D276A495, sha256: 60EA949C9FC7476AD88B2892367B291D7CA39021EFD74F5405AB4CABBD0E95B1
22:23:15.0168 0x0b7c 4adf39cfa5401019 - detected Rootkit.Win32.Necurs.gen ( 0 )
22:23:18.0730 0x0b7c 4adf39cfa5401019 ( Rootkit.Win32.Necurs.gen ) - infected
22:23:18.0730 0x0b7c Force sending object to P2P due to detect: 4adf39cfa5401019
22:23:21.0680 0x0b7c Object send P2P result: true
22:23:24.0440 0x0b7c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:23:24.0440 0x0b7c ACPI - ok
22:23:24.0487 0x0b7c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:23:24.0518 0x0b7c AcpiPmi - ok
22:23:24.0590 0x0b7c [ E5568164C070A4988BD79C896920B3C6, A60F0ECEEC5D1E2298C4852803B66B92CE6EF44B9C3387BA6A94339BBE4D6D75 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
22:23:24.0599 0x0b7c acsock - ok
22:23:24.0739 0x0b7c [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:23:24.0755 0x0b7c AdobeARMservice - ok
22:23:24.0786 0x0b7c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:23:24.0801 0x0b7c adp94xx - ok
22:23:24.0817 0x0b7c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:23:24.0817 0x0b7c adpahci - ok
22:23:24.0848 0x0b7c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:23:24.0848 0x0b7c adpu320 - ok
22:23:24.0879 0x0b7c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:23:24.0942 0x0b7c AeLookupSvc - ok
22:23:24.0989 0x0b7c [ D31DC7A16DEA4A9BAF179F3D6FBDB38C, 532678D86E3E667F2E789C4873565E0B92C549A93F10802BB6D5B505CA3238CE ] AFD C:\Windows\system32\drivers\afd.sys
22:23:25.0098 0x0b7c AFD - ok
22:23:25.0145 0x0b7c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
22:23:25.0145 0x0b7c agp440 - ok
22:23:25.0176 0x0b7c AGSService - ok
22:23:25.0207 0x0b7c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
22:23:25.0238 0x0b7c ALG - ok
22:23:25.0254 0x0b7c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
22:23:25.0254 0x0b7c aliide - ok
22:23:25.0269 0x0b7c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
22:23:25.0269 0x0b7c amdide - ok
22:23:25.0285 0x0b7c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:23:25.0316 0x0b7c AmdK8 - ok
22:23:25.0316 0x0b7c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:23:25.0332 0x0b7c AmdPPM - ok
22:23:25.0363 0x0b7c [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:23:25.0363 0x0b7c amdsata - ok
22:23:25.0379 0x0b7c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:23:25.0394 0x0b7c amdsbs - ok
22:23:25.0410 0x0b7c [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:23:25.0410 0x0b7c amdxata - ok
22:23:25.0441 0x0b7c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
22:23:25.0472 0x0b7c AppID - ok
22:23:25.0503 0x0b7c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:23:25.0519 0x0b7c AppIDSvc - ok
22:23:25.0550 0x0b7c [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\Windows\System32\appinfo.dll
22:23:25.0581 0x0b7c Appinfo - ok
22:23:25.0737 0x0b7c [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:23:25.0737 0x0b7c Apple Mobile Device Service - ok
22:23:25.0769 0x0b7c [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
22:23:25.0800 0x0b7c AppMgmt - ok
22:23:25.0831 0x0b7c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:23:25.0847 0x0b7c arc - ok
22:23:25.0847 0x0b7c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:23:25.0847 0x0b7c arcsas - ok
22:23:25.0940 0x0b7c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:23:25.0956 0x0b7c aspnet_state - ok
22:23:25.0971 0x0b7c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:23:26.0003 0x0b7c AsyncMac - ok
22:23:26.0034 0x0b7c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
22:23:26.0049 0x0b7c atapi - ok
22:23:26.0096 0x0b7c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:23:26.0127 0x0b7c AudioEndpointBuilder - ok
22:23:26.0127 0x0b7c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:23:26.0143 0x0b7c AudioSrv - ok
22:23:26.0174 0x0b7c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:23:26.0237 0x0b7c AxInstSV - ok
22:23:26.0283 0x0b7c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:23:26.0330 0x0b7c b06bdrv - ok
22:23:26.0361 0x0b7c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:23:26.0393 0x0b7c b57nd60a - ok
22:23:26.0408 0x0b7c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
22:23:26.0439 0x0b7c BDESVC - ok
22:23:26.0439 0x0b7c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
22:23:26.0471 0x0b7c Beep - ok
22:23:26.0517 0x0b7c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
22:23:26.0549 0x0b7c BFE - ok
22:23:26.0580 0x0b7c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
22:23:26.0676 0x0b7c BITS - ok
22:23:26.0691 0x0b7c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:23:26.0691 0x0b7c blbdrive - ok
22:23:26.0754 0x0b7c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:23:26.0754 0x0b7c Bonjour Service - ok
22:23:26.0769 0x0b7c [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:23:26.0801 0x0b7c bowser - ok
22:23:26.0816 0x0b7c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:23:26.0847 0x0b7c BrFiltLo - ok
22:23:26.0847 0x0b7c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:23:26.0863 0x0b7c BrFiltUp - ok
22:23:26.0894 0x0b7c [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser C:\Windows\System32\browser.dll
22:23:26.0925 0x0b7c Browser - ok
22:23:26.0941 0x0b7c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:23:26.0972 0x0b7c Brserid - ok
22:23:26.0972 0x0b7c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:23:26.0988 0x0b7c BrSerWdm - ok
22:23:26.0988 0x0b7c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:23:27.0019 0x0b7c BrUsbMdm - ok
22:23:27.0019 0x0b7c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:23:27.0019 0x0b7c BrUsbSer - ok
22:23:27.0019 0x0b7c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:23:27.0035 0x0b7c BTHMODEM - ok
22:23:27.0066 0x0b7c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
22:23:27.0081 0x0b7c bthserv - ok
22:23:27.0097 0x0b7c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:23:27.0128 0x0b7c cdfs - ok
22:23:27.0159 0x0b7c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:23:27.0159 0x0b7c cdrom - ok
22:23:27.0206 0x0b7c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
22:23:27.0222 0x0b7c CertPropSvc - ok
22:23:27.0237 0x0b7c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:23:27.0253 0x0b7c circlass - ok
22:23:27.0284 0x0b7c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
22:23:27.0300 0x0b7c CLFS - ok
22:23:27.0347 0x0b7c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:23:27.0347 0x0b7c clr_optimization_v2.0.50727_32 - ok
22:23:27.0362 0x0b7c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:23:27.0378 0x0b7c clr_optimization_v2.0.50727_64 - ok
22:23:27.0409 0x0b7c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:23:27.0425 0x0b7c clr_optimization_v4.0.30319_32 - ok
22:23:27.0425 0x0b7c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:23:27.0487 0x0b7c clr_optimization_v4.0.30319_64 - ok
22:23:27.0518 0x0b7c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:23:27.0518 0x0b7c CmBatt - ok
22:23:27.0534 0x0b7c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:23:27.0534 0x0b7c cmdide - ok
22:23:27.0596 0x0b7c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
22:23:27.0612 0x0b7c CNG - ok
22:23:27.0612 0x0b7c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:23:27.0612 0x0b7c Compbatt - ok
22:23:27.0660 0x0b7c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:23:27.0660 0x0b7c CompositeBus - ok
22:23:27.0675 0x0b7c COMSysApp - ok
22:23:27.0738 0x0b7c [ 8492FA3B8E6C23805A61032A2C66FD54, 13248B60A1D119694DBAC464CCF0D534CD8ADC24329394F0E31D856746791DF5 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:23:27.0753 0x0b7c cphs - ok
22:23:27.0769 0x0b7c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:23:27.0784 0x0b7c crcdisk - ok
22:23:27.0816 0x0b7c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:23:27.0831 0x0b7c CryptSvc - ok
22:23:27.0862 0x0b7c [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
22:23:27.0894 0x0b7c CSC - ok
22:23:27.0925 0x0b7c [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
22:23:27.0956 0x0b7c CscService - ok
22:23:28.0112 0x0b7c [ 4ED97237B34297D89553E293FAFDE5A6, 4DB28C1332D8871680CC1B3800596D75C318956EDE3CC1FE40C6D25039E48B67 ] D-LAN Core C:\Program Files (x86)\D-LAN\D-LAN.Core.exe
22:23:28.0143 0x0b7c D-LAN Core - detected UnsignedFile.Multi.Generic ( 1 )
22:23:30.0958 0x0b7c Detect skipped due to KSN trusted
22:23:30.0958 0x0b7c D-LAN Core - ok
22:23:31.0005 0x0b7c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:23:31.0052 0x0b7c DcomLaunch - ok
22:23:31.0067 0x0b7c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
22:23:31.0099 0x0b7c defragsvc - ok
22:23:31.0114 0x0b7c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:23:31.0145 0x0b7c DfsC - ok
22:23:31.0177 0x0b7c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:23:31.0208 0x0b7c Dhcp - ok
22:23:31.0239 0x0b7c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
22:23:31.0255 0x0b7c discache - ok
22:23:31.0270 0x0b7c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:23:31.0286 0x0b7c Disk - ok
22:23:31.0301 0x0b7c [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:23:31.0333 0x0b7c Dnscache - ok
22:23:31.0364 0x0b7c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
22:23:31.0395 0x0b7c dot3svc - ok
22:23:31.0426 0x0b7c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
22:23:31.0442 0x0b7c DPS - ok
22:23:31.0473 0x0b7c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:23:31.0489 0x0b7c drmkaud - ok
22:23:31.0520 0x0b7c [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:23:31.0535 0x0b7c DXGKrnl - ok
22:23:31.0567 0x0b7c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
22:23:31.0598 0x0b7c EapHost - ok
22:23:31.0613 0x0b7c EasyAntiCheat - ok
22:23:31.0692 0x0b7c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:23:31.0770 0x0b7c ebdrv - ok
22:23:31.0802 0x0b7c [ 7554A1B82B4A222FD4CC292ABD38A558, C77F35A6244CF7A1AC5988967E1731C3AFFAE05FE4799ED07ACF1065094FF34E ] EFS C:\Windows\System32\lsass.exe
22:23:31.0833 0x0b7c EFS - ok
22:23:31.0880 0x0b7c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:23:31.0911 0x0b7c ehRecvr - ok
22:23:31.0926 0x0b7c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
22:23:31.0942 0x0b7c ehSched - ok
22:23:31.0989 0x0b7c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:23:32.0004 0x0b7c elxstor - ok
22:23:32.0020 0x0b7c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:23:32.0020 0x0b7c ErrDev - ok
22:23:32.0067 0x0b7c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
22:23:32.0082 0x0b7c EventSystem - ok
22:23:32.0098 0x0b7c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
22:23:32.0129 0x0b7c exfat - ok
22:23:32.0145 0x0b7c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:23:32.0160 0x0b7c fastfat - ok
22:23:32.0192 0x0b7c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
22:23:32.0238 0x0b7c Fax - ok
22:23:32.0238 0x0b7c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:23:32.0270 0x0b7c fdc - ok
22:23:32.0285 0x0b7c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
22:23:32.0316 0x0b7c fdPHost - ok
22:23:32.0332 0x0b7c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
22:23:32.0348 0x0b7c FDResPub - ok
22:23:32.0363 0x0b7c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:23:32.0379 0x0b7c FileInfo - ok
22:23:32.0379 0x0b7c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:23:32.0394 0x0b7c Filetrace - ok
22:23:32.0394 0x0b7c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:23:32.0394 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
22:23:32.0394 0x0b7c flpydisk - detected LockedFile.Multi.Generic ( 1 )
22:23:42.0399 0x0b7c Object is SCO, delete is not allowed
22:23:42.0399 0x0b7c flpydisk ( LockedFile.Multi.Generic ) - warning
22:23:47.0000 0x0b7c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:23:47.0015 0x0b7c FltMgr - ok
22:23:47.0047 0x0b7c [ B4447F606BB19FD8AD0BAFB59B90F5D9, 043E686029DE2710305852E3A416176E400F9FD5FB98E4F2A6F14C060FAABED5 ] FontCache C:\Windows\system32\FntCache.dll
22:23:47.0093 0x0b7c FontCache - ok
22:23:47.0125 0x0b7c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:23:47.0140 0x0b7c FontCache3.0.0.0 - ok
22:23:47.0156 0x0b7c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:23:47.0156 0x0b7c FsDepends - ok
22:23:47.0171 0x0b7c [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:23:47.0171 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: E95EF8547DE20CF0603557C0CF7A9462, sha256: 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6
22:23:47.0171 0x0b7c Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
22:23:49.0878 0x0b7c Detect skipped due to KSN trusted
22:23:49.0878 0x0b7c Fs_Rec - ok
22:23:49.0987 0x0b7c [ 38F3CF15321DC2B47C7907EB222B637A, C2CE4F62BD7C93566C36B7290DA3E804FB79A18A18E2544E2B6404B473483D4E ] fussvc C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe
22:23:50.0019 0x0b7c fussvc - detected UnsignedFile.Multi.Generic ( 1 )
22:23:52.0740 0x0b7c Detect skipped due to KSN trusted
22:23:52.0740 0x0b7c fussvc - ok
22:23:52.0786 0x0b7c [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:23:52.0786 0x0b7c fvevol - ok
22:23:52.0818 0x0b7c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:23:52.0818 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
22:23:52.0818 0x0b7c gagp30kx - detected LockedFile.Multi.Generic ( 1 )
22:23:55.0543 0x0b7c Detect skipped due to KSN trusted
22:23:55.0543 0x0b7c gagp30kx - ok
22:23:55.0590 0x0b7c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:23:55.0590 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
22:23:55.0590 0x0b7c GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
22:23:58.0313 0x0b7c Detect skipped due to KSN trusted
22:23:58.0313 0x0b7c GEARAspiWDM - ok
22:23:58.0438 0x0b7c [ 5E42BDFF22707E577AD82BE4C43C3BCE, 4C0BBF6AAA7EB30A789D91A4F29726C2A6D941D457B59CF376EF96571F3E1BB4 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
22:23:58.0469 0x0b7c GfExperienceService - ok
22:23:58.0516 0x0b7c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
22:23:58.0563 0x0b7c gpsvc - ok
22:23:58.0625 0x0b7c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:23:58.0625 0x0b7c gupdate - ok
22:23:58.0643 0x0b7c [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:23:58.0648 0x0b7c gupdatem - ok
22:23:58.0665 0x0b7c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:23:58.0665 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
22:23:58.0665 0x0b7c hcw85cir - detected LockedFile.Multi.Generic ( 1 )
22:24:01.0396 0x0b7c Detect skipped due to KSN trusted
22:24:01.0396 0x0b7c hcw85cir - ok
22:24:01.0443 0x0b7c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:24:01.0443 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
22:24:01.0443 0x0b7c HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
22:24:04.0190 0x0b7c Detect skipped due to KSN trusted
22:24:04.0190 0x0b7c HdAudAddService - ok
22:24:04.0237 0x0b7c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:24:04.0237 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
22:24:04.0252 0x0b7c HDAudBus - detected LockedFile.Multi.Generic ( 1 )
22:24:06.0984 0x0b7c Detect skipped due to KSN trusted
22:24:06.0984 0x0b7c HDAudBus - ok
22:24:06.0984 0x0b7c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:24:06.0984 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
22:24:06.0984 0x0b7c HidBatt - detected LockedFile.Multi.Generic ( 1 )
22:24:09.0715 0x0b7c Detect skipped due to KSN trusted
22:24:09.0715 0x0b7c HidBatt - ok
22:24:09.0715 0x0b7c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:24:09.0715 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
22:24:09.0715 0x0b7c HidBth - detected LockedFile.Multi.Generic ( 1 )
22:24:12.0446 0x0b7c Detect skipped due to KSN trusted
22:24:12.0446 0x0b7c HidBth - ok
22:24:12.0446 0x0b7c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:24:12.0446 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
22:24:12.0446 0x0b7c HidIr - detected LockedFile.Multi.Generic ( 1 )
22:24:15.0178 0x0b7c Detect skipped due to KSN trusted
22:24:15.0178 0x0b7c HidIr - ok
22:24:15.0194 0x0b7c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
22:24:15.0225 0x0b7c hidserv - ok
22:24:15.0256 0x0b7c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:24:15.0256 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
22:24:15.0256 0x0b7c HidUsb - detected LockedFile.Multi.Generic ( 1 )
22:24:18.0003 0x0b7c Detect skipped due to KSN trusted
22:24:18.0003 0x0b7c HidUsb - ok
22:24:18.0050 0x0b7c [ 2DD26F406897D81FB44D7B9171DB7CF8, FDD9153FAD4D339E72C29288011A4782EBF298BE358567FD09870D9F5F36A607 ] hidusbf C:\Windows\system32\DRIVERS\hidusbf.sys
22:24:18.0050 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusbf.sys. md5: 2DD26F406897D81FB44D7B9171DB7CF8, sha256: FDD9153FAD4D339E72C29288011A4782EBF298BE358567FD09870D9F5F36A607
22:24:18.0050 0x0b7c hidusbf - detected LockedFile.Multi.Generic ( 1 )
22:24:20.0781 0x0b7c hidusbf ( LockedFile.Multi.Generic ) - warning
22:24:23.0483 0x0b7c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:24:23.0515 0x0b7c hkmsvc - ok
22:24:23.0546 0x0b7c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:24:23.0577 0x0b7c HomeGroupListener - ok
22:24:23.0608 0x0b7c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:24:23.0624 0x0b7c HomeGroupProvider - ok
22:24:23.0671 0x0b7c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:24:23.0671 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
22:24:23.0671 0x0b7c HpSAMD - detected LockedFile.Multi.Generic ( 1 )
22:24:26.0388 0x0b7c Detect skipped due to KSN trusted
22:24:26.0388 0x0b7c HpSAMD - ok
22:24:26.0435 0x0b7c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:24:26.0450 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
22:24:26.0450 0x0b7c HTTP - detected LockedFile.Multi.Generic ( 1 )
22:24:29.0182 0x0b7c Detect skipped due to KSN trusted
22:24:29.0182 0x0b7c HTTP - ok
22:24:29.0198 0x0b7c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:24:29.0198 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
22:24:29.0198 0x0b7c hwpolicy - detected LockedFile.Multi.Generic ( 1 )
22:24:32.0435 0x0b7c Detect skipped due to KSN trusted
22:24:32.0435 0x0b7c hwpolicy - ok
22:24:32.0451 0x0b7c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:24:32.0451 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
22:24:32.0451 0x0b7c i8042prt - detected LockedFile.Multi.Generic ( 1 )
22:24:35.0160 0x0b7c Detect skipped due to KSN trusted
22:24:35.0160 0x0b7c i8042prt - ok
22:24:35.0207 0x0b7c [ 6655615C7E4E29E6481F75A93ED99954, C7387D85DEC6BEF74DAD3B36398D1DA8914E9CF6F460D36E30088E3F6754E972 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
22:24:35.0207 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStorA.sys. md5: 6655615C7E4E29E6481F75A93ED99954, sha256: C7387D85DEC6BEF74DAD3B36398D1DA8914E9CF6F460D36E30088E3F6754E972
22:24:35.0207 0x0b7c iaStorA - detected LockedFile.Multi.Generic ( 1 )
22:24:37.0939 0x0b7c Detect skipped due to KSN trusted
22:24:37.0939 0x0b7c iaStorA - ok
22:24:38.0001 0x0b7c [ F35FBCEB1B71BC20BBAFA526E203D6A1, F389B689B5DF0D204E3EA21B7201A89D29DE518716781BB390AC6E5CED64C790 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:24:38.0017 0x0b7c IAStorDataMgrSvc - ok
22:24:38.0017 0x0b7c [ ABE52EF9AF37C8D4FC67FDB9BE368142, 75B2787A0E45ED4801530D13381E596D1DB635D0A9C3FDFAB3951063048A5ECF ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
22:24:38.0017 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStorF.sys. md5: ABE52EF9AF37C8D4FC67FDB9BE368142, sha256: 75B2787A0E45ED4801530D13381E596D1DB635D0A9C3FDFAB3951063048A5ECF
22:24:38.0017 0x0b7c iaStorF - detected LockedFile.Multi.Generic ( 1 )
22:24:40.0751 0x0b7c Detect skipped due to KSN trusted
22:24:40.0751 0x0b7c iaStorF - ok
22:24:40.0782 0x0b7c [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:24:40.0782 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: 3DF4395A7CF8B7A72A5F4606366B8C2D, sha256: 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80
22:24:40.0782 0x0b7c iaStorV - detected LockedFile.Multi.Generic ( 1 )
22:24:43.0487 0x0b7c Detect skipped due to KSN trusted
22:24:43.0487 0x0b7c iaStorV - ok
22:24:43.0518 0x0b7c [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:24:43.0533 0x0b7c idsvc - ok
22:24:43.0627 0x0b7c [ B12F7F8180BCD99B29AE2A6534857EA1, D095DF08A4F3510B96DE55A69ACCDEA0AACC7244447A858041D4C511835BA066 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:24:43.0627 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: B12F7F8180BCD99B29AE2A6534857EA1, sha256: D095DF08A4F3510B96DE55A69ACCDEA0AACC7244447A858041D4C511835BA066
22:24:43.0627 0x0b7c igfx - detected LockedFile.Multi.Generic ( 1 )
22:24:46.0358 0x0b7c Detect skipped due to KSN trusted
22:24:46.0358 0x0b7c igfx - ok
22:24:46.0389 0x0b7c [ 181722D8E78521191B9B83109AA011CA, 42255FD631D269283686DE964F512345C2C3A257E988A950A12EE9A7F815234E ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
22:24:46.0405 0x0b7c igfxCUIService1.0.0.0 - ok
22:24:46.0420 0x0b7c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:24:46.0420 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
22:24:46.0420 0x0b7c iirsp - detected LockedFile.Multi.Generic ( 1 )
22:24:56.0433 0x0b7c Object is SCO, delete is not allowed
22:24:56.0433 0x0b7c iirsp ( LockedFile.Multi.Generic ) - warning
22:24:59.0181 0x0b7c [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
22:24:59.0196 0x0b7c IKEEXT - ok
22:24:59.0290 0x0b7c [ 067D63BC5A114FF0C4EF3404F0134625, F6CE79F0015F19B1B346815F769758F5FF6DCA663626DCE352682D93763CFFC0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:24:59.0290 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 067D63BC5A114FF0C4EF3404F0134625, sha256: F6CE79F0015F19B1B346815F769758F5FF6DCA663626DCE352682D93763CFFC0
22:24:59.0305 0x0b7c IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
22:25:02.0035 0x0b7c Detect skipped due to KSN trusted
22:25:02.0035 0x0b7c IntcAzAudAddService - ok
22:25:02.0082 0x0b7c [ 890144FA6AB42F2B54EE633BF96A019A, 8741904C66170BA11C78D31681E3759537C0BF2338538678BC64234DB8FDE93F ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:25:02.0082 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\IntcDAud.sys. md5: 890144FA6AB42F2B54EE633BF96A019A, sha256: 8741904C66170BA11C78D31681E3759537C0BF2338538678BC64234DB8FDE93F
22:25:02.0082 0x0b7c IntcDAud - detected LockedFile.Multi.Generic ( 1 )
22:25:04.0813 0x0b7c Detect skipped due to KSN trusted
22:25:04.0813 0x0b7c IntcDAud - ok
22:25:04.0860 0x0b7c [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:25:04.0876 0x0b7c Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
22:25:07.0608 0x0b7c Detect skipped due to KSN trusted
22:25:07.0608 0x0b7c Intel(R) Capability Licensing Service Interface - ok
22:25:07.0639 0x0b7c [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
22:25:07.0654 0x0b7c Intel(R) Capability Licensing Service TCP IP Interface - ok
22:25:07.0717 0x0b7c [ C02FD35184CEA3A65DEE7DE278699BBC, D525FAD9C14587E90FD40922BC9FAC713A3CBC58A630CAA726DC6EEFCC6D0232 ] IntelHaxm C:\Windows\system32\DRIVERS\IntelHaxm.sys
22:25:07.0717 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\IntelHaxm.sys. md5: C02FD35184CEA3A65DEE7DE278699BBC, sha256: D525FAD9C14587E90FD40922BC9FAC713A3CBC58A630CAA726DC6EEFCC6D0232
22:25:07.0717 0x0b7c IntelHaxm - detected LockedFile.Multi.Generic ( 1 )
22:25:10.0448 0x0b7c Detect skipped due to KSN trusted
22:25:10.0448 0x0b7c IntelHaxm - ok
22:25:10.0479 0x0b7c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
22:25:10.0479 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
22:25:10.0479 0x0b7c intelide - detected LockedFile.Multi.Generic ( 1 )
22:25:13.0398 0x0b7c Detect skipped due to KSN trusted
22:25:13.0398 0x0b7c intelide - ok
22:25:13.0429 0x0b7c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:25:13.0429 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
22:25:13.0429 0x0b7c intelppm - detected LockedFile.Multi.Generic ( 1 )
22:25:16.0176 0x0b7c Detect skipped due to KSN trusted
22:25:16.0176 0x0b7c intelppm - ok
22:25:16.0207 0x0b7c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:25:16.0223 0x0b7c IPBusEnum - ok
22:25:16.0238 0x0b7c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:25:16.0238 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
22:25:16.0238 0x0b7c IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
22:25:18.0985 0x0b7c Detect skipped due to KSN trusted
22:25:18.0985 0x0b7c IpFilterDriver - ok
22:25:19.0032 0x0b7c [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:25:19.0079 0x0b7c iphlpsvc - ok
22:25:19.0094 0x0b7c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:25:19.0094 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
22:25:19.0094 0x0b7c IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
22:25:21.0818 0x0b7c Detect skipped due to KSN trusted
22:25:21.0818 0x0b7c IPMIDRV - ok
22:25:21.0833 0x0b7c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:25:21.0833 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
22:25:21.0833 0x0b7c IPNAT - detected LockedFile.Multi.Generic ( 1 )
22:25:24.0360 0x0b7c Detect skipped due to KSN trusted
22:25:24.0360 0x0b7c IPNAT - ok
22:25:24.0406 0x0b7c [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:25:24.0422 0x0b7c iPod Service - ok
22:25:24.0531 0x0b7c [ 944A6D2E1D971806EFFE4BBABF0DBDC7, 394FC1137D2F5CAE0076229EBFEA940584A15AE4D382006507292A94441AF442 ] IpOverUsbSvc C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
22:25:24.0531 0x0b7c IpOverUsbSvc - ok
22:25:24.0562 0x0b7c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:25:24.0562 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
22:25:24.0562 0x0b7c IRENUM - detected LockedFile.Multi.Generic ( 1 )
22:25:27.0278 0x0b7c Detect skipped due to KSN trusted
22:25:27.0278 0x0b7c IRENUM - ok
22:25:27.0325 0x0b7c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:25:27.0325 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
22:25:27.0325 0x0b7c isapnp - detected LockedFile.Multi.Generic ( 1 )
22:25:30.0060 0x0b7c Detect skipped due to KSN trusted
22:25:30.0060 0x0b7c isapnp - ok
22:25:30.0091 0x0b7c [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:25:30.0091 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
22:25:30.0091 0x0b7c iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
22:25:32.0812 0x0b7c Detect skipped due to KSN trusted
22:25:32.0812 0x0b7c iScsiPrt - ok
22:25:32.0827 0x0b7c [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:25:32.0827 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iusb3hcs.sys. md5: 45392E76EE30DC9C8F0181C785F0BA48, sha256: 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3
22:25:32.0827 0x0b7c iusb3hcs - detected LockedFile.Multi.Generic ( 1 )
22:25:35.0549 0x0b7c Detect skipped due to KSN trusted
22:25:35.0549 0x0b7c iusb3hcs - ok
22:25:35.0580 0x0b7c [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
22:25:35.0580 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iusb3hub.sys. md5: C6E8FB7FF41877378CCB30DE6E9941DF, sha256: CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC
22:25:35.0580 0x0b7c iusb3hub - detected LockedFile.Multi.Generic ( 1 )
22:25:38.0298 0x0b7c Detect skipped due to KSN trusted
22:25:38.0298 0x0b7c iusb3hub - ok
22:25:38.0407 0x0b7c [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:25:38.0407 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iusb3xhc.sys. md5: 6FBA980433B2B21604CE990FBF542D3F, sha256: ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D
22:25:38.0407 0x0b7c iusb3xhc - detected LockedFile.Multi.Generic ( 1 )
22:25:41.0111 0x0b7c Detect skipped due to KSN trusted
22:25:41.0111 0x0b7c iusb3xhc - ok
22:25:41.0237 0x0b7c [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:25:41.0237 0x0b7c jhi_service - ok
22:25:41.0268 0x0b7c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:25:41.0268 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
22:25:41.0268 0x0b7c kbdclass - detected LockedFile.Multi.Generic ( 1 )
22:25:44.0015 0x0b7c Detect skipped due to KSN trusted
22:25:44.0015 0x0b7c kbdclass - ok
22:25:44.0030 0x0b7c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:25:44.0030 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
22:25:44.0030 0x0b7c kbdhid - detected LockedFile.Multi.Generic ( 1 )
22:25:46.0562 0x0b7c Detect skipped due to KSN trusted
22:25:46.0562 0x0b7c kbdhid - ok
22:25:46.0593 0x0b7c [ 7554A1B82B4A222FD4CC292ABD38A558, C77F35A6244CF7A1AC5988967E1731C3AFFAE05FE4799ED07ACF1065094FF34E ] KeyIso C:\Windows\system32\lsass.exe
22:25:46.0608 0x0b7c KeyIso - ok
22:25:46.0624 0x0b7c [ CAF4B57FAF391960F6E697F8417B8310, 0E034C287CA84DBEB06A9C34A163E0F0885FA989C583BCD4251732F2A986E896 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:25:46.0624 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: CAF4B57FAF391960F6E697F8417B8310, sha256: 0E034C287CA84DBEB06A9C34A163E0F0885FA989C583BCD4251732F2A986E896
22:25:46.0624 0x0b7c KSecDD - detected LockedFile.Multi.Generic ( 1 )
22:25:49.0327 0x0b7c Detect skipped due to KSN trusted
22:25:49.0327 0x0b7c KSecDD - ok
22:25:49.0358 0x0b7c [ 66C9E3E9239E23F0444D69EC14CB789A, 08C42CAAC417C140C101D9F8A222DB48644D69E81DFAFF789030542B961965AA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:25:49.0358 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 66C9E3E9239E23F0444D69EC14CB789A, sha256: 08C42CAAC417C140C101D9F8A222DB48644D69E81DFAFF789030542B961965AA
22:25:49.0358 0x0b7c KSecPkg - detected LockedFile.Multi.Generic ( 1 )
22:25:56.0792 0x0b7c Detect skipped due to KSN trusted
22:25:56.0792 0x0b7c KSecPkg - ok
22:25:56.0823 0x0b7c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:25:56.0823 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
22:25:56.0823 0x0b7c ksthunk - detected LockedFile.Multi.Generic ( 1 )
22:26:03.0587 0x0b7c Detect skipped due to KSN trusted
22:26:03.0587 0x0b7c ksthunk - ok
22:26:03.0619 0x0b7c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
22:26:03.0650 0x0b7c KtmRm - ok
22:26:03.0681 0x0b7c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:26:03.0697 0x0b7c LanmanServer - ok
22:26:03.0743 0x0b7c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:26:03.0759 0x0b7c LanmanWorkstation - ok
22:26:03.0775 0x0b7c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:26:03.0775 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
22:26:03.0775 0x0b7c lltdio - detected LockedFile.Multi.Generic ( 1 )
22:26:13.0786 0x0b7c Object is SCO, delete is not allowed
22:26:13.0786 0x0b7c lltdio ( LockedFile.Multi.Generic ) - warning
22:26:13.0786 0x0b7c Force sending object to P2P due to detect: lltdio
22:26:18.0674 0x0b7c Object send P2P result: true
22:26:21.0391 0x0b7c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:26:21.0406 0x0b7c lltdsvc - ok
22:26:21.0438 0x0b7c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:26:21.0459 0x0b7c lmhosts - ok
22:26:21.0518 0x0b7c [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:26:21.0518 0x0b7c LMS - ok
22:26:21.0549 0x0b7c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:26:21.0549 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
22:26:21.0549 0x0b7c LSI_FC - detected LockedFile.Multi.Generic ( 1 )
22:26:24.0282 0x0b7c Detect skipped due to KSN trusted
22:26:24.0282 0x0b7c LSI_FC - ok
22:26:24.0298 0x0b7c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:26:24.0298 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
22:26:24.0298 0x0b7c LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
22:26:26.0935 0x0b7c Detect skipped due to KSN trusted
22:26:26.0935 0x0b7c LSI_SAS - ok
22:26:26.0966 0x0b7c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:26:26.0966 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
22:26:26.0966 0x0b7c LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
22:26:29.0698 0x0b7c Detect skipped due to KSN trusted
22:26:29.0698 0x0b7c LSI_SAS2 - ok
22:26:29.0714 0x0b7c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:26:29.0714 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
22:26:29.0714 0x0b7c LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
22:26:32.0339 0x0b7c Detect skipped due to KSN trusted
22:26:32.0339 0x0b7c LSI_SCSI - ok
22:26:32.0370 0x0b7c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
22:26:32.0370 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
22:26:32.0370 0x0b7c luafv - detected LockedFile.Multi.Generic ( 1 )
22:26:35.0078 0x0b7c Detect skipped due to KSN trusted
22:26:35.0078 0x0b7c luafv - ok
22:26:35.0125 0x0b7c [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
22:26:35.0125 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mcdbus.sys. md5: 79D51E7F5926E8CE1B3EBECEBAE28CFF, sha256: 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA
22:26:35.0125 0x0b7c mcdbus - detected LockedFile.Multi.Generic ( 1 )
22:26:37.0844 0x0b7c Detect skipped due to KSN trusted
22:26:37.0844 0x0b7c mcdbus - ok
22:26:37.0875 0x0b7c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:26:37.0891 0x0b7c Mcx2Svc - ok
22:26:37.0906 0x0b7c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:26:37.0906 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
22:26:37.0906 0x0b7c megasas - detected LockedFile.Multi.Generic ( 1 )
22:26:40.0639 0x0b7c Detect skipped due to KSN trusted
22:26:40.0639 0x0b7c megasas - ok
22:26:40.0655 0x0b7c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:26:40.0655 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
22:26:40.0655 0x0b7c MegaSR - detected LockedFile.Multi.Generic ( 1 )
22:26:43.0358 0x0b7c Detect skipped due to KSN trusted
22:26:43.0358 0x0b7c MegaSR - ok
22:26:43.0405 0x0b7c [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
22:26:43.0405 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\TeeDriverx64.sys. md5: E0EF6C1399A9B1AAA0B28590411BED04, sha256: 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009
22:26:43.0405 0x0b7c MEIx64 - detected LockedFile.Multi.Generic ( 1 )
22:26:46.0111 0x0b7c Detect skipped due to KSN trusted
22:26:46.0111 0x0b7c MEIx64 - ok
22:26:46.0143 0x0b7c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
22:26:46.0158 0x0b7c MMCSS - ok
22:26:46.0158 0x0b7c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
22:26:46.0158 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
22:26:46.0158 0x0b7c Modem - detected LockedFile.Multi.Generic ( 1 )
22:26:48.0894 0x0b7c Detect skipped due to KSN trusted
22:26:48.0894 0x0b7c Modem - ok
22:26:48.0925 0x0b7c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:26:48.0925 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
22:26:48.0925 0x0b7c monitor - detected LockedFile.Multi.Generic ( 1 )
22:26:51.0647 0x0b7c Detect skipped due to KSN trusted
22:26:51.0647 0x0b7c monitor - ok
22:26:51.0678 0x0b7c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:26:51.0678 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
22:26:51.0678 0x0b7c mouclass - detected LockedFile.Multi.Generic ( 1 )
22:26:54.0412 0x0b7c Detect skipped due to KSN trusted
22:26:54.0412 0x0b7c mouclass - ok
22:26:54.0443 0x0b7c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:26:54.0443 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
22:26:54.0443 0x0b7c mouhid - detected LockedFile.Multi.Generic ( 1 )
22:26:57.0160 0x0b7c Detect skipped due to KSN trusted
22:26:57.0160 0x0b7c mouhid - ok
22:26:57.0209 0x0b7c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:26:57.0209 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 87BCD1034CBF33537D4D4C251D39BA26, sha256: CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F
22:26:57.0209 0x0b7c mountmgr - detected LockedFile.Multi.Generic ( 1 )
22:26:59.0928 0x0b7c Detect skipped due to KSN trusted
22:26:59.0928 0x0b7c mountmgr - ok
22:26:59.0990 0x0b7c [ 63282F5EB7E5BFB58FD1EC93C6ADB457, 25096C4AE319E854153C75DCEC0A67A63F6B05FDD0B49D4D373724B3BF55D665 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:27:00.0006 0x0b7c MozillaMaintenance - ok
22:27:00.0021 0x0b7c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
22:27:00.0021 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
22:27:00.0021 0x0b7c mpio - detected LockedFile.Multi.Generic ( 1 )
22:27:02.0783 0x0b7c Detect skipped due to KSN trusted
22:27:02.0783 0x0b7c mpio - ok
22:27:02.0815 0x0b7c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:27:02.0815 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
22:27:02.0815 0x0b7c mpsdrv - detected LockedFile.Multi.Generic ( 1 )
22:27:05.0515 0x0b7c Detect skipped due to KSN trusted
22:27:05.0515 0x0b7c mpsdrv - ok
22:27:05.0578 0x0b7c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:27:05.0609 0x0b7c MpsSvc - ok
22:27:05.0644 0x0b7c [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:27:05.0644 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380, sha256: 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A
22:27:05.0644 0x0b7c MRxDAV - detected LockedFile.Multi.Generic ( 1 )
22:27:06.0284 0x11a4 Object required for P2P: [ 63282F5EB7E5BFB58FD1EC93C6ADB457 ] MozillaMaintenance
22:27:08.0378 0x0b7c Detect skipped due to KSN trusted
22:27:08.0378 0x0b7c MRxDAV - ok
22:27:08.0394 0x0b7c [ FAF015B07E3A2874A790A39B7D2C579F, C614B0E80B38EBF7C670EEB833F5E476B33042097DA07206D6C5EE3E52B9A427 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:08.0394 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: FAF015B07E3A2874A790A39B7D2C579F, sha256: C614B0E80B38EBF7C670EEB833F5E476B33042097DA07206D6C5EE3E52B9A427
22:27:08.0394 0x0b7c mrxsmb - detected LockedFile.Multi.Generic ( 1 )
22:27:09.0236 0x11a4 Object send P2P result: true
22:27:11.0128 0x0b7c Detect skipped due to KSN trusted
22:27:11.0128 0x0b7c mrxsmb - ok
22:27:11.0143 0x0b7c [ 08E2345DF129082BCDFFDC1440F9C00D, 2ADF69F49DF8C43D4440B6C8A62085C51518CA895A88D37264C60A0B4B1EC55F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:11.0143 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 08E2345DF129082BCDFFDC1440F9C00D, sha256: 2ADF69F49DF8C43D4440B6C8A62085C51518CA895A88D37264C60A0B4B1EC55F
22:27:11.0143 0x0b7c mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
22:27:13.0868 0x0b7c Detect skipped due to KSN trusted
22:27:13.0868 0x0b7c mrxsmb10 - ok
22:27:13.0883 0x0b7c [ 108D87409C5812EF47D81E22843E8C9D, CAE9B91B6BD1DF1552463BD63A06288F5D3E0B81B040BC1C7EC0C2A0119CCECA ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:13.0883 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 108D87409C5812EF47D81E22843E8C9D, sha256: CAE9B91B6BD1DF1552463BD63A06288F5D3E0B81B040BC1C7EC0C2A0119CCECA
22:27:13.0883 0x0b7c mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
22:27:16.0614 0x0b7c Detect skipped due to KSN trusted
22:27:16.0614 0x0b7c mrxsmb20 - ok
22:27:16.0630 0x0b7c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
22:27:16.0630 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
22:27:16.0630 0x0b7c msahci - detected LockedFile.Multi.Generic ( 1 )
22:27:26.0641 0x0b7c Object is SCO, delete is not allowed
22:27:26.0641 0x0b7c msahci ( LockedFile.Multi.Generic ) - warning
22:27:31.0198 0x0b7c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:27:31.0198 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
22:27:31.0198 0x0b7c msdsm - detected LockedFile.Multi.Generic ( 1 )
22:27:33.0924 0x0b7c Detect skipped due to KSN trusted
22:27:33.0924 0x0b7c msdsm - ok
22:27:33.0940 0x0b7c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
22:27:33.0955 0x0b7c MSDTC - ok
22:27:33.0987 0x0b7c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:27:33.0987 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
22:27:33.0987 0x0b7c Msfs - detected LockedFile.Multi.Generic ( 1 )
22:27:36.0691 0x0b7c Detect skipped due to KSN trusted
22:27:36.0691 0x0b7c Msfs - ok
22:27:36.0707 0x0b7c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:27:36.0707 0x0b7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
22:27:36.0707 0x0b7c mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
22:27:39.0439 0x0b7c Detect skipped due to KSN trusted
22:27:39.0439 0x0b7c mshidkmdf - ok
22:27:39.0439 0x0b7c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:27:39.0439 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
22:27:39.0455 0x0b7c msisadrv - detected LockedFile.Multi.Generic ( 1 )
22:27:42.0173 0x0b7c Detect skipped due to KSN trusted
22:27:42.0173 0x0b7c msisadrv - ok
22:27:42.0173 0x0b7c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:27:42.0204 0x0b7c MSiSCSI - ok
22:27:42.0204 0x0b7c msiserver - ok
22:27:42.0220 0x0b7c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:27:42.0220 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
22:27:42.0220 0x0b7c MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
22:27:44.0939 0x0b7c Detect skipped due to KSN trusted
22:27:44.0939 0x0b7c MSKSSRV - ok
22:27:44.0939 0x0b7c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:44.0939 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
22:27:44.0939 0x0b7c MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
22:27:47.0645 0x0b7c Detect skipped due to KSN trusted
22:27:47.0645 0x0b7c MSPCLOCK - ok
22:27:47.0645 0x0b7c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:27:47.0645 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
22:27:47.0645 0x0b7c MSPQM - detected LockedFile.Multi.Generic ( 1 )
22:27:50.0377 0x0b7c Detect skipped due to KSN trusted
22:27:50.0377 0x0b7c MSPQM - ok
22:27:50.0408 0x0b7c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:27:50.0408 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
22:27:50.0408 0x0b7c MsRPC - detected LockedFile.Multi.Generic ( 1 )
22:27:53.0826 0x0b7c Detect skipped due to KSN trusted
22:27:53.0826 0x0b7c MsRPC - ok
22:27:53.0841 0x0b7c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:27:53.0841 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
22:27:53.0841 0x0b7c mssmbios - detected LockedFile.Multi.Generic ( 1 )
22:27:56.0560 0x0b7c Detect skipped due to KSN trusted
22:27:56.0560 0x0b7c mssmbios - ok
22:27:56.0575 0x0b7c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:27:56.0575 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
22:27:56.0575 0x0b7c MSTEE - detected LockedFile.Multi.Generic ( 1 )
22:27:59.0306 0x0b7c Detect skipped due to KSN trusted
22:27:59.0306 0x0b7c MSTEE - ok
22:27:59.0306 0x0b7c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:27:59.0306 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
22:27:59.0306 0x0b7c MTConfig - detected LockedFile.Multi.Generic ( 1 )
22:28:02.0038 0x0b7c Detect skipped due to KSN trusted
22:28:02.0038 0x0b7c MTConfig - ok
22:28:02.0054 0x0b7c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
22:28:02.0054 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
22:28:02.0054 0x0b7c Mup - detected LockedFile.Multi.Generic ( 1 )
22:28:04.0785 0x0b7c Detect skipped due to KSN trusted
22:28:04.0785 0x0b7c Mup - ok
22:28:04.0816 0x0b7c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
22:28:04.0847 0x0b7c napagent - ok
22:28:04.0863 0x0b7c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:28:04.0863 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
22:28:04.0863 0x0b7c NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
22:28:07.0610 0x0b7c Detect skipped due to KSN trusted
22:28:07.0610 0x0b7c NativeWifiP - ok
22:28:07.0641 0x0b7c [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
22:28:07.0641 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C, sha256: 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D
22:28:07.0641 0x0b7c NDIS - detected LockedFile.Multi.Generic ( 1 )
22:28:10.0374 0x0b7c Detect skipped due to KSN trusted
22:28:10.0374 0x0b7c NDIS - ok
22:28:10.0405 0x0b7c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:28:10.0405 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
22:28:10.0405 0x0b7c NdisCap - detected LockedFile.Multi.Generic ( 1 )
22:28:13.0152 0x0b7c Detect skipped due to KSN trusted
22:28:13.0152 0x0b7c NdisCap - ok
22:28:13.0183 0x0b7c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:28:13.0183 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
22:28:13.0183 0x0b7c NdisTapi - detected LockedFile.Multi.Generic ( 1 )
22:28:16.0338 0x0b7c Detect skipped due to KSN trusted
22:28:16.0338 0x0b7c NdisTapi - ok
22:28:16.0385 0x0b7c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:28:16.0385 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
22:28:16.0385 0x0b7c Ndisuio - detected LockedFile.Multi.Generic ( 1 )
22:28:19.0116 0x0b7c Detect skipped due to KSN trusted
22:28:19.0116 0x0b7c Ndisuio - ok
22:28:19.0147 0x0b7c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:28:19.0147 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
22:28:19.0147 0x0b7c NdisWan - detected LockedFile.Multi.Generic ( 1 )
22:28:21.0894 0x0b7c Detect skipped due to KSN trusted
22:28:21.0894 0x0b7c NdisWan - ok
22:28:21.0909 0x0b7c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:28:21.0909 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
22:28:21.0909 0x0b7c NDProxy - detected LockedFile.Multi.Generic ( 1 )
22:28:24.0659 0x0b7c Detect skipped due to KSN trusted
22:28:24.0659 0x0b7c NDProxy - ok
22:28:24.0690 0x0b7c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:28:24.0690 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
22:28:24.0690 0x0b7c NetBIOS - detected LockedFile.Multi.Generic ( 1 )
22:28:27.0414 0x0b7c Detect skipped due to KSN trusted
22:28:27.0414 0x0b7c NetBIOS - ok
22:28:27.0446 0x0b7c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:28:27.0446 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
22:28:27.0446 0x0b7c NetBT - detected LockedFile.Multi.Generic ( 1 )
22:28:30.0165 0x0b7c Detect skipped due to KSN trusted
22:28:30.0165 0x0b7c NetBT - ok
22:28:30.0181 0x0b7c [ 7554A1B82B4A222FD4CC292ABD38A558, C77F35A6244CF7A1AC5988967E1731C3AFFAE05FE4799ED07ACF1065094FF34E ] Netlogon C:\Windows\system32\lsass.exe
22:28:30.0181 0x0b7c Netlogon - ok
22:28:30.0227 0x0b7c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
22:28:30.0259 0x0b7c Netman - ok
22:28:30.0305 0x0b7c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:30.0305 0x0b7c NetMsmqActivator - ok
22:28:30.0305 0x0b7c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:30.0321 0x0b7c NetPipeActivator - ok
22:28:30.0321 0x0b7c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
22:28:30.0352 0x0b7c netprofm - ok
22:28:30.0368 0x0b7c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:30.0368 0x0b7c NetTcpActivator - ok
22:28:30.0368 0x0b7c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:28:30.0383 0x0b7c NetTcpPortSharing - ok
22:28:30.0399 0x0b7c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:28:30.0399 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
22:28:30.0399 0x0b7c nfrd960 - detected LockedFile.Multi.Generic ( 1 )
22:28:40.0412 0x0b7c Object is SCO, delete is not allowed
22:28:40.0412 0x0b7c nfrd960 ( LockedFile.Multi.Generic ) - warning
22:28:40.0412 0x0b7c Force sending object to P2P due to detect: nfrd960
22:28:44.0177 0x0b7c Object send P2P result: true
22:28:46.0880 0x0b7c [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:28:46.0912 0x0b7c NlaSvc - ok
22:28:46.0927 0x0b7c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:28:46.0927 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
22:28:46.0927 0x0b7c Npfs - detected LockedFile.Multi.Generic ( 1 )
22:28:49.0633 0x0b7c Detect skipped due to KSN trusted
22:28:49.0633 0x0b7c Npfs - ok
22:28:49.0664 0x0b7c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
22:28:49.0695 0x0b7c nsi - ok
22:28:49.0695 0x0b7c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:28:49.0695 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
22:28:49.0695 0x0b7c nsiproxy - detected LockedFile.Multi.Generic ( 1 )
22:28:52.0416 0x0b7c Detect skipped due to KSN trusted
22:28:52.0416 0x0b7c nsiproxy - ok
22:28:52.0463 0x0b7c [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:28:52.0463 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 05D78AA5CB5F3F5C31160BDB955D0B7C, sha256: E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45
22:28:52.0463 0x0b7c Ntfs - detected LockedFile.Multi.Generic ( 1 )
22:28:55.0168 0x0b7c Detect skipped due to KSN trusted
22:28:55.0168 0x0b7c Ntfs - ok
22:28:55.0184 0x0b7c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
22:28:55.0184 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
22:28:55.0184 0x0b7c Null - detected LockedFile.Multi.Generic ( 1 )
22:28:57.0905 0x0b7c Detect skipped due to KSN trusted
22:28:57.0905 0x0b7c Null - ok
22:28:57.0968 0x0b7c [ D812362E8AF615B521AD4DF19A93BD5A, B1F04122DFE9FCC3FC56BE327D86912D624C89F2EFB9684BE66FC22115D0E19F ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:28:57.0968 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvhda64v.sys. md5: D812362E8AF615B521AD4DF19A93BD5A, sha256: B1F04122DFE9FCC3FC56BE327D86912D624C89F2EFB9684BE66FC22115D0E19F
22:28:57.0968 0x0b7c NVHDA - detected LockedFile.Multi.Generic ( 1 )
22:29:00.0675 0x0b7c Detect skipped due to KSN trusted
22:29:00.0675 0x0b7c NVHDA - ok
22:29:00.0940 0x0b7c [ 6DDB922F08C17C342F1FB868D7EB22CD, A62E476FD377EA9974122DC7C426735B6BE5CECCD0D3DA22502DF7CBB208B49E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:29:00.0940 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: 6DDB922F08C17C342F1FB868D7EB22CD, sha256: A62E476FD377EA9974122DC7C426735B6BE5CECCD0D3DA22502DF7CBB208B49E
22:29:00.0955 0x0b7c nvlddmkm - detected LockedFile.Multi.Generic ( 1 )
22:29:03.0661 0x0b7c Detect skipped due to KSN trusted
22:29:03.0661 0x0b7c nvlddmkm - ok
22:29:03.0739 0x0b7c [ 2CCD9A74A0F9C7605EAFA3F3AC8DC476, DEE95B0C0CA4525850E06AD3C1233A6C6E88D97EE874F83801686B87FD23F0BC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
22:29:03.0770 0x0b7c NvNetworkService - ok
22:29:03.0802 0x0b7c [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:29:03.0802 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 5D9FD91F3D38DC9DA01E3CB5FA89CD48, sha256: 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737
22:29:03.0802 0x0b7c nvraid - detected LockedFile.Multi.Generic ( 1 )
22:29:06.0521 0x0b7c Detect skipped due to KSN trusted
22:29:06.0521 0x0b7c nvraid - ok
22:29:06.0552 0x0b7c [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:29:06.0552 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: F7CD50FE7139F07E77DA8AC8033D1832, sha256: DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC
22:29:06.0552 0x0b7c nvstor - detected LockedFile.Multi.Generic ( 1 )
22:29:09.0283 0x0b7c Detect skipped due to KSN trusted
22:29:09.0283 0x0b7c nvstor - ok
22:29:09.0361 0x0b7c [ 2F61DB46C84CCBB5D9F75065A85D2173, 79049D42F0D82BD3C5A9C8231CF2F412B50C9E6483DB14F41CD48301D85C166C ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
22:29:09.0361 0x0b7c Suspicious file ( NoAccess ): C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys. md5: 2F61DB46C84CCBB5D9F75065A85D2173, sha256: 79049D42F0D82BD3C5A9C8231CF2F412B50C9E6483DB14F41CD48301D85C166C
22:29:09.0361 0x0b7c NvStreamKms - detected LockedFile.Multi.Generic ( 1 )
22:29:12.0092 0x0b7c Detect skipped due to KSN trusted
22:29:12.0092 0x0b7c NvStreamKms - ok
22:29:12.0297 0x0b7c [ 6F5AC1C495DA6D19AF99A59DC44BC13F, 61E8C0C0B9EEEF6ADE86AD4BC8D43256A6B20AEEB43BBC3C44B3B6140544259F ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
22:29:12.0391 0x0b7c NvStreamNetworkSvc - ok
22:29:12.0515 0x0b7c [ 73FA6B2DF3348AF05E1F98310854BD4F, F0B7CF54495C81EE4C8B44580E399F3B22E190CB553AC7BA8E2DC13A28477566 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
22:29:12.0593 0x0b7c NvStreamSvc - ok
22:29:12.0640 0x0b7c [ 5A3DE85307FB54C09C0D1D52B97916FE, EAE8FF99337557F60078F94F952BAC48880CA279A763FD14E098E34B4EE8534F ] nvsvc C:\Windows\system32\nvvsvc.exe
22:29:12.0656 0x0b7c nvsvc - ok
22:29:12.0687 0x0b7c [ 35DFC12FD7E44B7CB8CCD7E5A2B3975A, 36E0E39646636F6E027691E5C3903C51479B3F707BDEA40F460FD27E357DA14E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
22:29:12.0687 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvvad64v.sys. md5: 35DFC12FD7E44B7CB8CCD7E5A2B3975A, sha256: 36E0E39646636F6E027691E5C3903C51479B3F707BDEA40F460FD27E357DA14E
22:29:12.0687 0x0b7c nvvad_WaveExtensible - detected LockedFile.Multi.Generic ( 1 )
22:29:15.0403 0x0b7c Detect skipped due to KSN trusted
22:29:15.0403 0x0b7c nvvad_WaveExtensible - ok
22:29:15.0435 0x0b7c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:29:15.0435 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
22:29:15.0435 0x0b7c nv_agp - detected LockedFile.Multi.Generic ( 1 )
22:29:17.0792 0x0268 Object required for P2P: [ 6F5AC1C495DA6D19AF99A59DC44BC13F ] NvStreamNetworkSvc
22:29:18.0167 0x0b7c Detect skipped due to KSN trusted
22:29:18.0167 0x0b7c nv_agp - ok
22:29:18.0213 0x0b7c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:29:18.0213 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
22:29:18.0213 0x0b7c ohci1394 - detected LockedFile.Multi.Generic ( 1 )
22:29:20.0776 0x0268 Object send P2P result: true
22:29:20.0776 0x0268 Object required for P2P: [ 73FA6B2DF3348AF05E1F98310854BD4F ] NvStreamSvc
22:29:20.0932 0x0b7c Detect skipped due to KSN trusted
22:29:20.0932 0x0b7c ohci1394 - ok
22:29:20.0963 0x0b7c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:29:20.0963 0x0b7c ose - ok
22:29:21.0103 0x0b7c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:29:21.0197 0x0b7c osppsvc - ok
22:29:21.0228 0x0b7c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:29:21.0244 0x0b7c p2pimsvc - ok
22:29:21.0259 0x0b7c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
22:29:21.0291 0x0b7c p2psvc - ok
22:29:21.0306 0x0b7c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:29:21.0306 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
22:29:21.0306 0x0b7c Parport - detected LockedFile.Multi.Generic ( 1 )
22:29:23.0742 0x0268 Object send P2P result: true
22:29:23.0742 0x0268 Object required for P2P: [ 5A3DE85307FB54C09C0D1D52B97916FE ] nvsvc
22:29:24.0023 0x0b7c Detect skipped due to KSN trusted
22:29:24.0023 0x0b7c Parport - ok
22:29:24.0038 0x0b7c [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:29:24.0038 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 871EADAC56B0A4C6512BBE32753CCF79, sha256: F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180
22:29:24.0038 0x0b7c partmgr - detected LockedFile.Multi.Generic ( 1 )
22:29:26.0589 0x0268 Object send P2P result: true
22:29:26.0761 0x0b7c Detect skipped due to KSN trusted
22:29:26.0761 0x0b7c partmgr - ok
22:29:26.0792 0x0b7c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:29:26.0807 0x0b7c PcaSvc - ok
22:29:26.0839 0x0b7c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
22:29:26.0839 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
22:29:26.0839 0x0b7c pci - detected LockedFile.Multi.Generic ( 1 )
22:29:29.0352 0x0b7c Detect skipped due to KSN trusted
22:29:29.0352 0x0b7c pci - ok
22:29:29.0399 0x0b7c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
22:29:29.0399 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
22:29:29.0399 0x0b7c pciide - detected LockedFile.Multi.Generic ( 1 )
22:29:32.0413 0x0b7c Detect skipped due to KSN trusted
22:29:32.0413 0x0b7c pciide - ok
22:29:32.0447 0x0b7c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:29:32.0447 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
22:29:32.0447 0x0b7c pcmcia - detected LockedFile.Multi.Generic ( 1 )
22:29:35.0086 0x0b7c Detect skipped due to KSN trusted
22:29:35.0086 0x0b7c pcmcia - ok
22:29:35.0110 0x0b7c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
22:29:35.0110 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
22:29:35.0110 0x0b7c pcw - detected LockedFile.Multi.Generic ( 1 )
22:29:37.0812 0x0b7c Detect skipped due to KSN trusted
22:29:37.0812 0x0b7c pcw - ok
22:29:37.0843 0x0b7c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:29:37.0843 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: ED6E75158D28D33A2E2A020AC5B2B59D, sha256: 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C
22:29:37.0859 0x0b7c PEAUTH - detected LockedFile.Multi.Generic ( 1 )
22:29:40.0577 0x0b7c Detect skipped due to KSN trusted
22:29:40.0577 0x0b7c PEAUTH - ok
22:29:40.0625 0x0b7c [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:29:40.0684 0x0b7c PeerDistSvc - ok
22:29:40.0725 0x0b7c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
Dsoumil is offline  
Old 05-11-2016, 10:21 AM   #8
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



Quote:
22:29:40.0732 0x0b7c PerfHost - ok
22:29:40.0785 0x0b7c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
22:29:40.0852 0x0b7c pla - ok
22:29:40.0898 0x0b7c [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:29:40.0931 0x0b7c PlugPlay - ok
22:29:40.0949 0x0b7c PnkBstrA - ok
22:29:40.0964 0x0b7c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:29:40.0970 0x0b7c PNRPAutoReg - ok
22:29:40.0986 0x0b7c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:29:40.0996 0x0b7c PNRPsvc - ok
22:29:41.0022 0x0b7c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:29:41.0062 0x0b7c PolicyAgent - ok
22:29:41.0108 0x0b7c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
22:29:41.0136 0x0b7c Power - ok
22:29:41.0182 0x0b7c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:29:41.0182 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
22:29:41.0182 0x0b7c PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
22:29:43.0781 0x0b7c Detect skipped due to KSN trusted
22:29:43.0781 0x0b7c PptpMiniport - ok
22:29:43.0805 0x0b7c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:29:43.0806 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
22:29:43.0806 0x0b7c Processor - detected LockedFile.Multi.Generic ( 1 )
22:29:53.0807 0x0b7c Object is SCO, delete is not allowed
22:29:53.0807 0x0b7c Processor ( LockedFile.Multi.Generic ) - warning
22:29:53.0807 0x0b7c Force sending object to P2P due to detect: Processor
22:29:58.0442 0x0b7c Object send P2P result: true
22:30:01.0225 0x0b7c [ 2DC4BE7BA723BC70D22597A3CF061125, 31013F2F51E1FD1B66403EF1BED6FC2E6722C3737F274E88A4660CF35A40192D ] ProductAgentService C:\Program Files\Bitdefender Agent\ProductAgentService.exe
22:30:01.0240 0x0b7c ProductAgentService - ok
22:30:01.0264 0x0b7c [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
22:30:01.0296 0x0b7c ProfSvc - ok
22:30:01.0332 0x0b7c [ 7554A1B82B4A222FD4CC292ABD38A558, C77F35A6244CF7A1AC5988967E1731C3AFFAE05FE4799ED07ACF1065094FF34E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:30:01.0338 0x0b7c ProtectedStorage - ok
22:30:01.0376 0x0b7c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:30:01.0376 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
22:30:01.0377 0x0b7c Psched - detected LockedFile.Multi.Generic ( 1 )
22:30:04.0066 0x0b7c Detect skipped due to KSN trusted
22:30:04.0066 0x0b7c Psched - ok
22:30:04.0096 0x0b7c [ 02EB0277D29B172F27BFB392422C1F05, 1F81D3B756EC1430F476A5AE7AF7B360B4ACD923D4BACEB91BE49AB6515459FC ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
22:30:04.0104 0x0b7c PSI_SVC_2_x64 - ok
22:30:04.0155 0x0b7c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:30:04.0155 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
22:30:04.0156 0x0b7c ql2300 - detected LockedFile.Multi.Generic ( 1 )
22:30:06.0850 0x0b7c Detect skipped due to KSN trusted
22:30:06.0851 0x0b7c ql2300 - ok
22:30:06.0866 0x0b7c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:30:06.0866 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
22:30:06.0866 0x0b7c ql40xx - detected LockedFile.Multi.Generic ( 1 )
22:30:09.0567 0x0b7c Detect skipped due to KSN trusted
22:30:09.0567 0x0b7c ql40xx - ok
22:30:09.0586 0x0b7c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
22:30:09.0613 0x0b7c QWAVE - ok
22:30:09.0621 0x0b7c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:30:09.0621 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
22:30:09.0621 0x0b7c QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
22:30:12.0330 0x0b7c Detect skipped due to KSN trusted
22:30:12.0330 0x0b7c QWAVEdrv - ok
22:30:12.0332 0x0b7c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:30:12.0332 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
22:30:12.0332 0x0b7c RasAcd - detected LockedFile.Multi.Generic ( 1 )
22:30:15.0020 0x0b7c Detect skipped due to KSN trusted
22:30:15.0020 0x0b7c RasAcd - ok
22:30:15.0047 0x0b7c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:30:15.0047 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
22:30:15.0047 0x0b7c RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
22:30:18.0660 0x0b7c Detect skipped due to KSN trusted
22:30:18.0660 0x0b7c RasAgileVpn - ok
22:30:18.0703 0x0b7c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
22:30:18.0726 0x0b7c RasAuto - ok
22:30:18.0755 0x0b7c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:30:18.0755 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
22:30:18.0756 0x0b7c Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
22:30:22.0277 0x0b7c Detect skipped due to KSN trusted
22:30:22.0277 0x0b7c Rasl2tp - ok
22:30:22.0312 0x0b7c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
22:30:22.0347 0x0b7c RasMan - ok
22:30:22.0361 0x0b7c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:30:22.0361 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
22:30:22.0361 0x0b7c RasPppoe - detected LockedFile.Multi.Generic ( 1 )
22:30:25.0062 0x0b7c Detect skipped due to KSN trusted
22:30:25.0062 0x0b7c RasPppoe - ok
22:30:25.0082 0x0b7c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:30:25.0082 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
22:30:25.0083 0x0b7c RasSstp - detected LockedFile.Multi.Generic ( 1 )
22:30:27.0735 0x0b7c Detect skipped due to KSN trusted
22:30:27.0735 0x0b7c RasSstp - ok
22:30:27.0760 0x0b7c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:30:27.0760 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
22:30:27.0760 0x0b7c rdbss - detected LockedFile.Multi.Generic ( 1 )
22:30:31.0165 0x0b7c Detect skipped due to KSN trusted
22:30:31.0166 0x0b7c rdbss - ok
22:30:31.0190 0x0b7c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:30:31.0191 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
22:30:31.0191 0x0b7c rdpbus - detected LockedFile.Multi.Generic ( 1 )
22:30:33.0894 0x0b7c Detect skipped due to KSN trusted
22:30:33.0894 0x0b7c rdpbus - ok
22:30:33.0920 0x0b7c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:30:33.0920 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
22:30:33.0920 0x0b7c RDPCDD - detected LockedFile.Multi.Generic ( 1 )
22:30:36.0612 0x0b7c Detect skipped due to KSN trusted
22:30:36.0612 0x0b7c RDPCDD - ok
22:30:36.0636 0x0b7c [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:30:36.0636 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpdr.sys. md5: 1B6163C503398B23FF8B939C67747683, sha256: 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE
22:30:36.0636 0x0b7c RDPDR - detected LockedFile.Multi.Generic ( 1 )
22:30:39.0326 0x0b7c Detect skipped due to KSN trusted
22:30:39.0326 0x0b7c RDPDR - ok
22:30:39.0338 0x0b7c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:30:39.0338 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
22:30:39.0338 0x0b7c RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
22:30:42.0025 0x0b7c Detect skipped due to KSN trusted
22:30:42.0025 0x0b7c RDPENCDD - ok
22:30:42.0043 0x0b7c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:30:42.0043 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
22:30:42.0044 0x0b7c RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
22:30:44.0741 0x0b7c Detect skipped due to KSN trusted
22:30:44.0741 0x0b7c RDPREFMP - ok
22:30:44.0802 0x0b7c [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:30:44.0802 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpvideominiport.sys. md5: 70CBA1A0C98600A2AA1863479B35CB90, sha256: 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E
22:30:44.0802 0x0b7c RdpVideoMiniport - detected LockedFile.Multi.Generic ( 1 )
22:30:47.0488 0x0b7c Detect skipped due to KSN trusted
22:30:47.0488 0x0b7c RdpVideoMiniport - ok
22:30:47.0511 0x0b7c [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:30:47.0511 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: 15B66C206B5CB095BAB980553F38ED23, sha256: 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24
22:30:47.0512 0x0b7c RDPWD - detected LockedFile.Multi.Generic ( 1 )
22:30:50.0194 0x0b7c Detect skipped due to KSN trusted
22:30:50.0194 0x0b7c RDPWD - ok
22:30:50.0240 0x0b7c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:30:50.0240 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
22:30:50.0254 0x0b7c rdyboost - detected LockedFile.Multi.Generic ( 1 )
22:30:52.0949 0x0b7c Detect skipped due to KSN trusted
22:30:52.0949 0x0b7c rdyboost - ok
22:30:52.0977 0x0b7c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:30:53.0000 0x0b7c RemoteAccess - ok
22:30:53.0017 0x0b7c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:30:53.0046 0x0b7c RemoteRegistry - ok
22:30:53.0056 0x0b7c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:30:53.0083 0x0b7c RpcEptMapper - ok
22:30:53.0094 0x0b7c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
22:30:53.0101 0x0b7c RpcLocator - ok
22:30:53.0130 0x0b7c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
22:30:53.0153 0x0b7c RpcSs - ok
22:30:53.0185 0x0b7c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:30:53.0185 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
22:30:53.0194 0x0b7c rspndr - detected LockedFile.Multi.Generic ( 1 )
22:30:58.0812 0x0b7c Detect skipped due to KSN trusted
22:30:58.0812 0x0b7c rspndr - ok
22:30:58.0851 0x0b7c [ EB287A54E91FE224FCDB12F0B6C3FA05, 45E0A93A9147CF747E388DCDA1EF3500AFFB29A6C0FEA87A492028505B193144 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:30:58.0852 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: EB287A54E91FE224FCDB12F0B6C3FA05, sha256: 45E0A93A9147CF747E388DCDA1EF3500AFFB29A6C0FEA87A492028505B193144
22:30:58.0852 0x0b7c RTL8167 - detected LockedFile.Multi.Generic ( 1 )
22:31:08.0853 0x0b7c RTL8167 ( LockedFile.Multi.Generic ) - warning
22:31:12.0333 0x0b7c [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:31:12.0333 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vms3cap.sys. md5: E60C0A09F997826C7627B244195AB581, sha256: E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D
22:31:12.0346 0x0b7c s3cap - detected LockedFile.Multi.Generic ( 1 )
22:31:14.0927 0x0b7c Detect skipped due to KSN trusted
22:31:14.0927 0x0b7c s3cap - ok
22:31:14.0956 0x0b7c [ 7554A1B82B4A222FD4CC292ABD38A558, C77F35A6244CF7A1AC5988967E1731C3AFFAE05FE4799ED07ACF1065094FF34E ] SamSs C:\Windows\system32\lsass.exe
22:31:14.0963 0x0b7c SamSs - ok
22:31:15.0179 0x0b7c [ 4752E1DBF5671A941CFA6DFC4C840EB7, FEA249AA3F153398161DA8A43165E5B76C291B690C3DDF5D496099771842E273 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
22:31:15.0180 0x0b7c Suspicious file ( NoAccess ): C:\Program Files\Sandboxie\SbieDrv.sys. md5: 4752E1DBF5671A941CFA6DFC4C840EB7, sha256: FEA249AA3F153398161DA8A43165E5B76C291B690C3DDF5D496099771842E273
22:31:15.0180 0x0b7c SbieDrv - detected LockedFile.Multi.Generic ( 1 )
22:31:17.0873 0x0b7c Detect skipped due to KSN trusted
22:31:17.0873 0x0b7c SbieDrv - ok
22:31:17.0928 0x0b7c [ 208D06C26717783E07104F30B9D3F301, 0F020277740B5AC03DC46592896B7B83AE658DAEDD796EDD1109AE4B7C14DF22 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
22:31:17.0935 0x0b7c SbieSvc - ok
22:31:17.0964 0x0b7c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:31:17.0964 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
22:31:17.0964 0x0b7c sbp2port - detected LockedFile.Multi.Generic ( 1 )
22:31:20.0659 0x0b7c Detect skipped due to KSN trusted
22:31:20.0659 0x0b7c sbp2port - ok
22:31:20.0674 0x0b7c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:31:20.0704 0x0b7c SCardSvr - ok
22:31:20.0724 0x0b7c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:31:20.0724 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
22:31:20.0724 0x0b7c scfilter - detected LockedFile.Multi.Generic ( 1 )
22:31:23.0417 0x0b7c Detect skipped due to KSN trusted
22:31:23.0417 0x0b7c scfilter - ok
22:31:23.0462 0x0b7c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
22:31:23.0505 0x0b7c Schedule - ok
22:31:23.0527 0x0b7c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:31:23.0544 0x0b7c SCPolicySvc - ok
22:31:23.0567 0x0b7c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:31:23.0588 0x0b7c SDRSVC - ok
22:31:23.0609 0x0b7c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:31:23.0609 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
22:31:23.0609 0x0b7c secdrv - detected LockedFile.Multi.Generic ( 1 )
22:31:26.0303 0x0b7c Detect skipped due to KSN trusted
22:31:26.0303 0x0b7c secdrv - ok
22:31:26.0331 0x0b7c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
22:31:26.0360 0x0b7c seclogon - ok
22:31:26.0371 0x0b7c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
22:31:26.0399 0x0b7c SENS - ok
22:31:26.0409 0x0b7c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:31:26.0423 0x0b7c SensrSvc - ok
22:31:26.0438 0x0b7c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:31:26.0438 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
22:31:26.0438 0x0b7c Serenum - detected LockedFile.Multi.Generic ( 1 )
22:31:29.0131 0x0b7c Detect skipped due to KSN trusted
22:31:29.0131 0x0b7c Serenum - ok
22:31:29.0170 0x0b7c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:31:29.0170 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
22:31:29.0170 0x0b7c Serial - detected LockedFile.Multi.Generic ( 1 )
22:31:31.0745 0x0b7c Detect skipped due to KSN trusted
22:31:31.0745 0x0b7c Serial - ok
22:31:31.0838 0x0b7c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:31:31.0838 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
22:31:31.0838 0x0b7c sermouse - detected LockedFile.Multi.Generic ( 1 )
22:31:34.0534 0x0b7c Detect skipped due to KSN trusted
22:31:34.0534 0x0b7c sermouse - ok
22:31:34.0571 0x0b7c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
22:31:34.0602 0x0b7c SessionEnv - ok
22:31:34.0611 0x0b7c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:31:34.0611 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
22:31:34.0611 0x0b7c sffdisk - detected LockedFile.Multi.Generic ( 1 )
22:31:37.0300 0x0b7c Detect skipped due to KSN trusted
22:31:37.0300 0x0b7c sffdisk - ok
22:31:37.0315 0x0b7c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:31:37.0315 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
22:31:37.0315 0x0b7c sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
22:31:39.0813 0x0b7c Detect skipped due to KSN trusted
22:31:39.0813 0x0b7c sffp_mmc - ok
22:31:39.0838 0x0b7c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:31:39.0838 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
22:31:39.0838 0x0b7c sffp_sd - detected LockedFile.Multi.Generic ( 1 )
22:31:42.0533 0x0b7c Detect skipped due to KSN trusted
22:31:42.0533 0x0b7c sffp_sd - ok
22:31:42.0565 0x0b7c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:31:42.0566 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
22:31:42.0566 0x0b7c sfloppy - detected LockedFile.Multi.Generic ( 1 )
22:31:45.0263 0x0b7c Detect skipped due to KSN trusted
22:31:45.0263 0x0b7c sfloppy - ok
22:31:45.0294 0x0b7c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:31:45.0319 0x0b7c SharedAccess - ok
22:31:45.0347 0x0b7c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:31:45.0369 0x0b7c ShellHWDetection - ok
22:31:45.0382 0x0b7c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:31:45.0382 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
22:31:45.0382 0x0b7c SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
22:31:48.0094 0x0b7c Detect skipped due to KSN trusted
22:31:48.0094 0x0b7c SiSRaid2 - ok
22:31:48.0118 0x0b7c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:31:48.0118 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
22:31:48.0118 0x0b7c SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
22:31:50.0805 0x0b7c Detect skipped due to KSN trusted
22:31:50.0805 0x0b7c SiSRaid4 - ok
22:31:50.0866 0x0b7c [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:31:50.0874 0x0b7c SkypeUpdate - ok
22:31:50.0912 0x0b7c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:31:50.0912 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
22:31:50.0939 0x0b7c Smb - detected LockedFile.Multi.Generic ( 1 )
22:31:53.0623 0x0b7c Detect skipped due to KSN trusted
22:31:53.0623 0x0b7c Smb - ok
22:31:53.0650 0x0b7c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:31:53.0665 0x0b7c SNMPTRAP - ok
22:31:53.0677 0x0b7c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
22:31:53.0677 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
22:31:53.0677 0x0b7c spldr - detected LockedFile.Multi.Generic ( 1 )
22:31:56.0841 0x0b7c Detect skipped due to KSN trusted
22:31:56.0841 0x0b7c spldr - ok
22:31:56.0874 0x0b7c [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
22:31:56.0906 0x0b7c Spooler - ok
22:31:56.0983 0x0b7c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
22:31:57.0045 0x0b7c sppsvc - ok
22:31:57.0062 0x0b7c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:31:57.0081 0x0b7c sppuinotify - ok
22:31:57.0137 0x0b7c [ 055B0DE7BCDB14FB18279F09DCA07954, 94944F996F2F73233A96F8E766606EA5CCC7142EA2AF4BCEFD2603578F2B4A4A ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:31:57.0143 0x0b7c SQLWriter - ok
22:31:57.0172 0x0b7c [ 2098B8556D1CEC2ACA9A29CD479E3692, D5826407C64F18C16EB36E6F00787CFAFCD9B24B5BD8AD126AD01E6E4134966F ] srv C:\Windows\system32\DRIVERS\srv.sys
22:31:57.0172 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 2098B8556D1CEC2ACA9A29CD479E3692, sha256: D5826407C64F18C16EB36E6F00787CFAFCD9B24B5BD8AD126AD01E6E4134966F
22:31:57.0172 0x0b7c srv - detected LockedFile.Multi.Generic ( 1 )
22:31:59.0867 0x0b7c Detect skipped due to KSN trusted
22:31:59.0867 0x0b7c srv - ok
22:31:59.0932 0x0b7c [ D0F73A42040F21F92FD314B42AC5C9E7, A021C4318C9CFA594305458B2643BB0C22DDE1F3D51C93C9F3E7F7AB75B31278 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:31:59.0932 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: D0F73A42040F21F92FD314B42AC5C9E7, sha256: A021C4318C9CFA594305458B2643BB0C22DDE1F3D51C93C9F3E7F7AB75B31278
22:31:59.0932 0x0b7c srv2 - detected LockedFile.Multi.Generic ( 1 )
22:32:02.0621 0x0b7c Detect skipped due to KSN trusted
22:32:02.0621 0x0b7c srv2 - ok
22:32:02.0644 0x0b7c [ 2BA8F3250828CCDB4204ECF2C6F40B6A, 22C4FBF9A87C46E69C48B681FF733D68D9CB7B7D73FB14C8C2A06E9009F9860E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:32:02.0644 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 2BA8F3250828CCDB4204ECF2C6F40B6A, sha256: 22C4FBF9A87C46E69C48B681FF733D68D9CB7B7D73FB14C8C2A06E9009F9860E
22:32:02.0644 0x0b7c srvnet - detected LockedFile.Multi.Generic ( 1 )
22:32:05.0329 0x0b7c Detect skipped due to KSN trusted
22:32:05.0329 0x0b7c srvnet - ok
22:32:05.0353 0x0b7c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:32:05.0385 0x0b7c SSDPSRV - ok
22:32:05.0401 0x0b7c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:32:05.0421 0x0b7c SstpSvc - ok
22:32:05.0473 0x0b7c [ 591249EA969797C2A24629AF7C71A6F8, 61F28FB495657916514DE2A7FFD4AD833A1B2BBA5591616BE0C9CCD7DAFA40B7 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:32:05.0492 0x0b7c Steam Client Service - ok
22:32:05.0564 0x0b7c [ 937821881026EBE17DA25285CD5461A8, 79C503798BD6CE218598229AAB417EBD43E151A2E821BE99E138BFA9F841103A ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:32:05.0580 0x0b7c Stereo Service - ok
22:32:05.0607 0x0b7c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:32:05.0607 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
22:32:05.0607 0x0b7c stexstor - detected LockedFile.Multi.Generic ( 1 )
22:32:08.0299 0x0b7c Detect skipped due to KSN trusted
22:32:08.0299 0x0b7c stexstor - ok
22:32:08.0362 0x0b7c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
22:32:08.0391 0x0b7c stisvc - ok
22:32:08.0414 0x0b7c [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:32:08.0414 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmstorfl.sys. md5: 7785DC213270D2FC066538DAF94087E7, sha256: F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B
22:32:08.0414 0x0b7c storflt - detected LockedFile.Multi.Generic ( 1 )
22:32:11.0118 0x0b7c Detect skipped due to KSN trusted
22:32:11.0118 0x0b7c storflt - ok
22:32:11.0143 0x0b7c [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:32:11.0143 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\storvsc.sys. md5: D34E4943D5AC096C8EDEEBFD80D76E23, sha256: 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE
22:32:11.0143 0x0b7c storvsc - detected LockedFile.Multi.Generic ( 1 )
22:32:21.0144 0x0b7c storvsc ( LockedFile.Multi.Generic ) - warning
22:32:26.0627 0x0b7c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
22:32:26.0627 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
22:32:26.0639 0x0b7c swenum - detected LockedFile.Multi.Generic ( 1 )
22:32:29.0330 0x0b7c Detect skipped due to KSN trusted
22:32:29.0330 0x0b7c swenum - ok
22:32:29.0499 0x0b7c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
22:32:29.0534 0x0b7c swprv - ok
22:32:29.0583 0x0b7c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
22:32:29.0637 0x0b7c SysMain - ok
22:32:29.0659 0x0b7c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:32:29.0669 0x0b7c TabletInputService - ok
22:32:29.0714 0x0b7c [ 8DA7E25C0E46E6D389CF94F8BAAF5523, 9D3DF3B0AA8F65D08376FFDA8D110FFE4D82A0AD89F18D2F199B31C2B2AAE45C ] tap0901cn C:\Windows\system32\DRIVERS\tap0901cn.sys
22:32:29.0714 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tap0901cn.sys. md5: 8DA7E25C0E46E6D389CF94F8BAAF5523, sha256: 9D3DF3B0AA8F65D08376FFDA8D110FFE4D82A0AD89F18D2F199B31C2B2AAE45C
22:32:29.0714 0x0b7c tap0901cn - detected LockedFile.Multi.Generic ( 1 )
22:32:32.0405 0x0b7c Detect skipped due to KSN trusted
22:32:32.0405 0x0b7c tap0901cn - ok
22:32:32.0451 0x0b7c [ 48B1504D5D3219C192EA080C10BF48B7, 2646E1E7258A9DF9A659260006D5C365505EEFCC43727372B0C84A534C78DF63 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
22:32:32.0451 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\taphss6.sys. md5: 48B1504D5D3219C192EA080C10BF48B7, sha256: 2646E1E7258A9DF9A659260006D5C365505EEFCC43727372B0C84A534C78DF63
22:32:32.0451 0x0b7c taphss6 - detected LockedFile.Multi.Generic ( 1 )
22:32:35.0146 0x0b7c Detect skipped due to KSN trusted
22:32:35.0146 0x0b7c taphss6 - ok
22:32:35.0181 0x0b7c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
22:32:35.0219 0x0b7c TapiSrv - ok
22:32:35.0230 0x0b7c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
22:32:35.0249 0x0b7c TBS - ok
22:32:35.0306 0x0b7c [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:32:35.0306 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 509383E505C973ED7534A06B3D19688D, sha256: 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF
22:32:35.0327 0x0b7c Tcpip - detected LockedFile.Multi.Generic ( 1 )
22:32:38.0019 0x0b7c Detect skipped due to KSN trusted
22:32:38.0020 0x0b7c Tcpip - ok
22:32:38.0078 0x0b7c [ 509383E505C973ED7534A06B3D19688D, 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:32:38.0078 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 509383E505C973ED7534A06B3D19688D, sha256: 520AE434CCE1D365A45B2035283A4AD915E98D28D06BD73822F6FF865C2AE7DF
22:32:38.0080 0x0b7c TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
22:32:38.0080 0x0b7c Detect skipped due to KSN trusted
22:32:38.0080 0x0b7c TCPIP6 - ok
22:32:38.0099 0x0b7c [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:32:38.0099 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519, sha256: 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784
22:32:38.0099 0x0b7c tcpipreg - detected LockedFile.Multi.Generic ( 1 )
22:32:40.0786 0x0b7c Detect skipped due to KSN trusted
22:32:40.0786 0x0b7c tcpipreg - ok
22:32:40.0804 0x0b7c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:32:40.0804 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
22:32:40.0804 0x0b7c TDPIPE - detected LockedFile.Multi.Generic ( 1 )
22:32:43.0494 0x0b7c Detect skipped due to KSN trusted
22:32:43.0494 0x0b7c TDPIPE - ok
22:32:43.0496 0x0b7c [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:32:43.0496 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: E4245BDA3190A582D55ED09E137401A9, sha256: F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116
22:32:43.0497 0x0b7c TDTCP - detected LockedFile.Multi.Generic ( 1 )
22:32:46.0187 0x0b7c Detect skipped due to KSN trusted
22:32:46.0187 0x0b7c TDTCP - ok
22:32:46.0222 0x0b7c [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:32:46.0223 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
22:32:46.0223 0x0b7c tdx - detected LockedFile.Multi.Generic ( 1 )
22:32:48.0922 0x0b7c Detect skipped due to KSN trusted
22:32:48.0922 0x0b7c tdx - ok
22:32:49.0004 0x0b7c [ 950AD1AE7498A492126FB9F9B2E27DB5, C4C9A972015F567FC87A4094C86835B2DD3476426AB8B40CD4872A725CA89CFC ] Te.Service C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe
22:32:49.0009 0x0b7c Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
22:32:52.0577 0x0b7c Detect skipped due to KSN trusted
22:32:52.0577 0x0b7c Te.Service - ok
22:32:52.0846 0x0b7c [ A903E5C565A2677F3960E4AAB7B42280, 6D819D4F464005FBAECAAB719EB2D6539E8A48851C09A1AA8E9D48CDFDA9FEE1 ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
22:32:52.0937 0x0b7c TeamViewer - ok
22:32:52.0969 0x0b7c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
22:32:52.0969 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
22:32:52.0969 0x0b7c TermDD - detected LockedFile.Multi.Generic ( 1 )
22:32:55.0661 0x0b7c Detect skipped due to KSN trusted
22:32:55.0661 0x0b7c TermDD - ok
22:32:55.0699 0x0b7c [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
22:32:55.0739 0x0b7c TermService - ok
22:32:55.0762 0x0b7c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
22:32:55.0777 0x0b7c Themes - ok
22:32:55.0791 0x0b7c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
22:32:55.0810 0x0b7c THREADORDER - ok
22:32:55.0823 0x0b7c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
22:32:55.0847 0x0b7c TrkWks - ok
22:32:55.0892 0x0b7c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:32:55.0928 0x0b7c TrustedInstaller - ok
22:32:55.0951 0x0b7c [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:32:55.0951 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30, sha256: CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC
22:32:55.0951 0x0b7c tssecsrv - detected LockedFile.Multi.Generic ( 1 )
22:32:58.0847 0x0b7c Detect skipped due to KSN trusted
22:32:58.0847 0x0b7c tssecsrv - ok
22:32:58.0882 0x0b7c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:32:58.0882 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
22:32:58.0891 0x0b7c TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
22:33:01.0590 0x0b7c Detect skipped due to KSN trusted
22:33:01.0590 0x0b7c TsUsbFlt - ok
22:33:01.0621 0x0b7c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:33:01.0621 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
22:33:01.0621 0x0b7c tunnel - detected LockedFile.Multi.Generic ( 1 )
22:33:04.0653 0x0b7c Detect skipped due to KSN trusted
22:33:04.0653 0x0b7c tunnel - ok
22:33:04.0694 0x0b7c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:33:04.0694 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
22:33:04.0694 0x0b7c uagp35 - detected LockedFile.Multi.Generic ( 1 )
22:33:07.0396 0x0b7c Detect skipped due to KSN trusted
22:33:07.0396 0x0b7c uagp35 - ok
22:33:07.0421 0x0b7c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:33:07.0422 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
22:33:07.0422 0x0b7c udfs - detected LockedFile.Multi.Generic ( 1 )
22:33:10.0121 0x0b7c Detect skipped due to KSN trusted
22:33:10.0121 0x0b7c udfs - ok
22:33:10.0152 0x0b7c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:33:10.0161 0x0b7c UI0Detect - ok
22:33:10.0178 0x0b7c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:33:10.0178 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
22:33:10.0178 0x0b7c uliagpkx - detected LockedFile.Multi.Generic ( 1 )
22:33:12.0871 0x0b7c Detect skipped due to KSN trusted
22:33:12.0871 0x0b7c uliagpkx - ok
22:33:12.0903 0x0b7c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
22:33:12.0903 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
22:33:12.0907 0x0b7c umbus - detected LockedFile.Multi.Generic ( 1 )
22:33:15.0602 0x0b7c Detect skipped due to KSN trusted
22:33:15.0602 0x0b7c umbus - ok
22:33:15.0639 0x0b7c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:33:15.0639 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
22:33:15.0639 0x0b7c UmPass - detected LockedFile.Multi.Generic ( 1 )
22:33:18.0327 0x0b7c Detect skipped due to KSN trusted
22:33:18.0327 0x0b7c UmPass - ok
22:33:18.0365 0x0b7c [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
22:33:18.0382 0x0b7c UmRdpService - ok
22:33:18.0410 0x0b7c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
22:33:18.0434 0x0b7c upnphost - ok
22:33:18.0461 0x0b7c [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:33:18.0461 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: 5C3BE22E485B9BF11FCEFDC676C728D0, sha256: F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A
22:33:18.0461 0x0b7c USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
22:33:21.0158 0x0b7c Detect skipped due to KSN trusted
22:33:21.0158 0x0b7c USBAAPL64 - ok
22:33:21.0202 0x0b7c [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:33:21.0202 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 481DFF26B4DCA8F4CBAC1F7DCE1D6829, sha256: 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485
22:33:21.0203 0x0b7c usbccgp - detected LockedFile.Multi.Generic ( 1 )
22:33:23.0745 0x0b7c Detect skipped due to KSN trusted
22:33:23.0745 0x0b7c usbccgp - ok
22:33:23.0769 0x0b7c [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:33:23.0769 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
22:33:23.0769 0x0b7c usbcir - detected LockedFile.Multi.Generic ( 1 )
22:33:26.0458 0x0b7c Detect skipped due to KSN trusted
22:33:26.0458 0x0b7c usbcir - ok
22:33:26.0495 0x0b7c [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:33:26.0495 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: 74EE782B1D9C241EFE425565854C661C, sha256: E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065
22:33:26.0495 0x0b7c usbehci - detected LockedFile.Multi.Generic ( 1 )
22:33:36.0495 0x0b7c Object is SCO, delete is not allowed
22:33:36.0495 0x0b7c usbehci ( LockedFile.Multi.Generic ) - warning
22:33:36.0495 0x0b7c Force sending object to P2P due to detect: usbehci
22:33:41.0137 0x0b7c Object send P2P result: true
22:33:43.0801 0x0b7c [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub C:\Windows\system32\drivers\usbhub.sys
22:33:43.0802 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbhub.sys. md5: DC96BD9CCB8403251BCF25047573558E, sha256: 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565
22:33:43.0809 0x0b7c usbhub - detected LockedFile.Multi.Generic ( 1 )
22:33:46.0498 0x0b7c Detect skipped due to KSN trusted
22:33:46.0498 0x0b7c usbhub - ok
22:33:46.0518 0x0b7c [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:33:46.0518 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 58E546BBAF87664FC57E0F6081E4F609, sha256: 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9
22:33:46.0518 0x0b7c usbohci - detected LockedFile.Multi.Generic ( 1 )
22:33:49.0221 0x0b7c Detect skipped due to KSN trusted
22:33:49.0221 0x0b7c usbohci - ok
22:33:49.0260 0x0b7c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:33:49.0261 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
22:33:49.0261 0x0b7c usbprint - detected LockedFile.Multi.Generic ( 1 )
22:33:51.0957 0x0b7c Detect skipped due to KSN trusted
22:33:51.0957 0x0b7c usbprint - ok
22:33:52.0009 0x0b7c [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:33:52.0009 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0, sha256: 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42
22:33:52.0009 0x0b7c usbscan - detected LockedFile.Multi.Generic ( 1 )
22:33:54.0707 0x0b7c Detect skipped due to KSN trusted
22:33:54.0707 0x0b7c usbscan - ok
22:33:54.0722 0x0b7c [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:33:54.0722 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: D76510CFA0FC09023077F22C2F979D86, sha256: 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439
22:33:54.0722 0x0b7c USBSTOR - detected LockedFile.Multi.Generic ( 1 )
22:33:57.0422 0x0b7c Detect skipped due to KSN trusted
22:33:57.0422 0x0b7c USBSTOR - ok
22:33:57.0443 0x0b7c [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:33:57.0443 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: 81FB2216D3A60D1284455D511797DB3D, sha256: 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E
22:33:57.0443 0x0b7c usbuhci - detected LockedFile.Multi.Generic ( 1 )
22:34:00.0140 0x0b7c Detect skipped due to KSN trusted
22:34:00.0140 0x0b7c usbuhci - ok
22:34:00.0164 0x0b7c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
22:34:00.0195 0x0b7c UxSms - ok
22:34:00.0203 0x0b7c [ 7554A1B82B4A222FD4CC292ABD38A558, C77F35A6244CF7A1AC5988967E1731C3AFFAE05FE4799ED07ACF1065094FF34E ] VaultSvc C:\Windows\system32\lsass.exe
22:34:00.0209 0x0b7c VaultSvc - ok
22:34:00.0251 0x0b7c [ 4DDB01FFB3A526D66A85AF7820A6AB75, 85E193D2D772F8DCDCE54B44106725825667B97CDF02AA4CAE014C33AD99FAF0 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
22:34:00.0251 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\VBoxDrv.sys. md5: 4DDB01FFB3A526D66A85AF7820A6AB75, sha256: 85E193D2D772F8DCDCE54B44106725825667B97CDF02AA4CAE014C33AD99FAF0
22:34:00.0252 0x0b7c VBoxDrv - detected LockedFile.Multi.Generic ( 1 )
22:34:02.0951 0x0b7c Detect skipped due to KSN trusted
22:34:02.0951 0x0b7c VBoxDrv - ok
22:34:02.0990 0x0b7c [ 0FC730AE58CD9E41693B57E24087C73A, 8FE856A51FB1C598DFE84327AB13DA9440160FFC6002B550B82A6A26975B65C1 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
22:34:02.0990 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\VBoxNetAdp.sys. md5: 0FC730AE58CD9E41693B57E24087C73A, sha256: 8FE856A51FB1C598DFE84327AB13DA9440160FFC6002B550B82A6A26975B65C1
22:34:02.0990 0x0b7c VBoxNetAdp - detected LockedFile.Multi.Generic ( 1 )
22:34:05.0850 0x0b7c Detect skipped due to KSN trusted
22:34:05.0850 0x0b7c VBoxNetAdp - ok
22:34:05.0872 0x0b7c [ BE0CE1FB6AFFEB5DD90CC9F3528AFD71, D334B8BBD1C50023EBD45B573D6FF7C0BA21C8F820D23DB1019EF79F4A1D9FFE ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
22:34:05.0872 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\VBoxNetFlt.sys. md5: BE0CE1FB6AFFEB5DD90CC9F3528AFD71, sha256: D334B8BBD1C50023EBD45B573D6FF7C0BA21C8F820D23DB1019EF79F4A1D9FFE
22:34:05.0873 0x0b7c VBoxNetFlt - detected LockedFile.Multi.Generic ( 1 )
22:34:08.0560 0x0b7c Detect skipped due to KSN trusted
22:34:08.0560 0x0b7c VBoxNetFlt - ok
22:34:08.0613 0x0b7c [ 1D417C8824CEA128ED67570B91F6E74A, 68B1E7D345D19E0A6F3016C7B31B56766ACE769800C3EF37A82096C5FF4001F4 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
22:34:08.0614 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\VBoxUSBMon.sys. md5: 1D417C8824CEA128ED67570B91F6E74A, sha256: 68B1E7D345D19E0A6F3016C7B31B56766ACE769800C3EF37A82096C5FF4001F4
22:34:08.0614 0x0b7c VBoxUSBMon - detected LockedFile.Multi.Generic ( 1 )
22:34:11.0104 0x0b7c Detect skipped due to KSN trusted
22:34:11.0104 0x0b7c VBoxUSBMon - ok
22:34:11.0127 0x0b7c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:34:11.0127 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
22:34:11.0127 0x0b7c vdrvroot - detected LockedFile.Multi.Generic ( 1 )
22:34:13.0808 0x0b7c Detect skipped due to KSN trusted
22:34:13.0808 0x0b7c vdrvroot - ok
22:34:13.0858 0x0b7c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
22:34:13.0900 0x0b7c vds - ok
22:34:13.0914 0x0b7c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:34:13.0914 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
22:34:13.0915 0x0b7c vga - detected LockedFile.Multi.Generic ( 1 )
22:34:16.0606 0x0b7c Detect skipped due to KSN trusted
22:34:16.0606 0x0b7c vga - ok
22:34:16.0629 0x0b7c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:34:16.0629 0x0b7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
22:34:16.0629 0x0b7c VgaSave - detected LockedFile.Multi.Generic ( 1 )
22:34:19.0305 0x0b7c Detect skipped due to KSN trusted
22:34:19.0305 0x0b7c VgaSave - ok
22:34:19.0318 0x0b7c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:34:19.0319 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
22:34:19.0319 0x0b7c vhdmp - detected LockedFile.Multi.Generic ( 1 )
22:34:21.0952 0x0b7c Detect skipped due to KSN trusted
22:34:21.0952 0x0b7c vhdmp - ok
22:34:21.0982 0x0b7c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
22:34:21.0982 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
22:34:21.0982 0x0b7c viaide - detected LockedFile.Multi.Generic ( 1 )
22:34:24.0677 0x0b7c Detect skipped due to KSN trusted
22:34:24.0677 0x0b7c viaide - ok
22:34:24.0699 0x0b7c [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:34:24.0700 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmbus.sys. md5: 86EA3E79AE350FEA5331A1303054005F, sha256: 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691
22:34:24.0700 0x0b7c vmbus - detected LockedFile.Multi.Generic ( 1 )
22:34:27.0558 0x0b7c Detect skipped due to KSN trusted
22:34:27.0558 0x0b7c vmbus - ok
22:34:27.0569 0x0b7c [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:34:27.0569 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\VMBusHID.sys. md5: 7DE90B48F210D29649380545DB45A187, sha256: 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4
22:34:27.0569 0x0b7c VMBusHID - detected LockedFile.Multi.Generic ( 1 )
22:34:30.0266 0x0b7c Detect skipped due to KSN trusted
22:34:30.0266 0x0b7c VMBusHID - ok
22:34:30.0290 0x0b7c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:34:30.0290 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
22:34:30.0290 0x0b7c volmgr - detected LockedFile.Multi.Generic ( 1 )
22:34:33.0539 0x0b7c Detect skipped due to KSN trusted
22:34:33.0539 0x0b7c volmgr - ok
22:34:33.0569 0x0b7c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:34:33.0569 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
22:34:33.0569 0x0b7c volmgrx - detected LockedFile.Multi.Generic ( 1 )
22:34:36.0255 0x0b7c Detect skipped due to KSN trusted
22:34:36.0255 0x0b7c volmgrx - ok
22:34:36.0282 0x0b7c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:34:36.0282 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
22:34:36.0282 0x0b7c volsnap - detected LockedFile.Multi.Generic ( 1 )
22:34:38.0970 0x0b7c Detect skipped due to KSN trusted
22:34:38.0970 0x0b7c volsnap - ok
22:34:39.0011 0x0b7c [ ED1F4BDF68C649C6F79A02502BB6C9BC, 3D2830822D4A2C7B3676100B27DEC7B1C2EF640DA36C6543365A9CF2A61BF68E ] VsEtwService120 C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
22:34:39.0017 0x0b7c VsEtwService120 - ok
22:34:39.0053 0x0b7c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:34:39.0053 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
22:34:39.0054 0x0b7c vsmraid - detected LockedFile.Multi.Generic ( 1 )
22:34:49.0054 0x0b7c Object is SCO, delete is not allowed
22:34:49.0054 0x0b7c vsmraid ( LockedFile.Multi.Generic ) - warning
22:34:49.0054 0x0b7c Force sending object to P2P due to detect: vsmraid
22:34:52.0691 0x0b7c Object send P2P result: true
22:34:55.0395 0x0b7c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
22:34:55.0449 0x0b7c VSS - ok
22:34:55.0472 0x0b7c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:34:55.0473 0x0b7c Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
22:34:55.0473 0x0b7c vwifibus - detected LockedFile.Multi.Generic ( 1 )
22:34:58.0170 0x0b7c Detect skipped due to KSN trusted
22:34:58.0170 0x0b7c vwifibus - ok
22:34:58.0213 0x0b7c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
22:34:58.0249 0x0b7c W32Time - ok
22:34:58.0261 0x0b7c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:34:58.0261 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
22:34:58.0261 0x0b7c WacomPen - detected LockedFile.Multi.Generic ( 1 )
22:35:00.0957 0x0b7c Detect skipped due to KSN trusted
22:35:00.0957 0x0b7c WacomPen - ok
22:35:01.0048 0x0b7c [ 4FC7BAC09543260A47AB9BFC7EDF446F, 109A56B6F921DCD80EE123D9F3202C8B640A89FF8C8A064260570D138488ECFA ] wampapache64 c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
22:35:01.0068 0x0b7c wampapache64 - detected UnsignedFile.Multi.Generic ( 1 )
22:35:03.0762 0x0b7c Detect skipped due to KSN trusted
22:35:03.0762 0x0b7c wampapache64 - ok
22:35:03.0834 0x0b7c wampmysqld64 - ok
22:35:03.0864 0x0b7c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:35:03.0864 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
22:35:03.0864 0x0b7c WANARP - detected LockedFile.Multi.Generic ( 1 )
22:35:06.0553 0x0b7c Detect skipped due to KSN trusted
22:35:06.0553 0x0b7c WANARP - ok
22:35:06.0575 0x0b7c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:35:06.0576 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
22:35:06.0576 0x0b7c Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
22:35:06.0576 0x0b7c Detect skipped due to KSN trusted
22:35:06.0576 0x0b7c Wanarpv6 - ok
22:35:06.0621 0x0b7c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
22:35:06.0672 0x0b7c wbengine - ok
22:35:06.0692 0x0b7c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:35:06.0707 0x0b7c WbioSrvc - ok
22:35:06.0733 0x0b7c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:35:06.0764 0x0b7c wcncsvc - ok
22:35:06.0770 0x0b7c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:35:06.0783 0x0b7c WcsPlugInService - ok
22:35:06.0799 0x0b7c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:35:06.0799 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
22:35:06.0799 0x0b7c Wd - detected LockedFile.Multi.Generic ( 1 )
22:35:09.0497 0x0b7c Detect skipped due to KSN trusted
22:35:09.0497 0x0b7c Wd - ok
22:35:09.0533 0x0b7c [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:35:09.0533 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 442783E2CB0DA19873B7A63833FF4CB4, sha256: 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F
22:35:09.0533 0x0b7c Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
22:35:12.0042 0x0b7c Detect skipped due to KSN trusted
22:35:12.0042 0x0b7c Wdf01000 - ok
22:35:12.0068 0x0b7c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:35:12.0121 0x0b7c WdiServiceHost - ok
22:35:12.0124 0x0b7c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:35:12.0134 0x0b7c WdiSystemHost - ok
22:35:12.0167 0x0b7c [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
22:35:12.0180 0x0b7c WebClient - ok
22:35:12.0194 0x0b7c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:35:12.0219 0x0b7c Wecsvc - ok
22:35:12.0233 0x0b7c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:35:12.0252 0x0b7c wercplsupport - ok
22:35:12.0255 0x0b7c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
22:35:12.0282 0x0b7c WerSvc - ok
22:35:12.0310 0x0b7c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:35:12.0310 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
22:35:12.0318 0x0b7c WfpLwf - detected LockedFile.Multi.Generic ( 1 )
22:35:15.0016 0x0b7c Detect skipped due to KSN trusted
22:35:15.0016 0x0b7c WfpLwf - ok
22:35:15.0036 0x0b7c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:35:15.0036 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
22:35:15.0036 0x0b7c WIMMount - detected LockedFile.Multi.Generic ( 1 )
22:35:17.0731 0x0b7c Detect skipped due to KSN trusted
22:35:17.0731 0x0b7c WIMMount - ok
22:35:17.0755 0x0b7c WinDefend - ok
22:35:17.0761 0x0b7c WinHttpAutoProxySvc - ok
22:35:17.0800 0x0b7c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:35:17.0828 0x0b7c Winmgmt - ok
22:35:17.0886 0x0b7c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
22:35:17.0950 0x0b7c WinRM - ok
22:35:17.0997 0x0b7c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:35:17.0997 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
22:35:18.0004 0x0b7c WinUsb - detected LockedFile.Multi.Generic ( 1 )
22:35:20.0699 0x0b7c Detect skipped due to KSN trusted
22:35:20.0699 0x0b7c WinUsb - ok
22:35:20.0743 0x0b7c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:35:20.0776 0x0b7c Wlansvc - ok
22:35:20.0866 0x0b7c [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:35:20.0900 0x0b7c wlidsvc - ok
22:35:20.0915 0x0b7c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:35:20.0915 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
22:35:20.0915 0x0b7c WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
22:35:23.0607 0x0b7c Detect skipped due to KSN trusted
22:35:23.0607 0x0b7c WmiAcpi - ok
22:35:23.0631 0x0b7c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:35:23.0650 0x0b7c wmiApSrv - ok
22:35:23.0657 0x0b7c WMPNetworkSvc - ok
22:35:23.0683 0x0b7c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:35:23.0696 0x0b7c WPCSvc - ok
22:35:23.0721 0x0b7c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:35:23.0741 0x0b7c WPDBusEnum - ok
22:35:23.0760 0x0b7c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:35:23.0761 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
22:35:23.0761 0x0b7c ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
22:35:26.0456 0x0b7c Detect skipped due to KSN trusted
22:35:26.0456 0x0b7c ws2ifsl - ok
22:35:26.0466 0x0b7c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
22:35:26.0483 0x0b7c wscsvc - ok
22:35:26.0485 0x0b7c WSearch - ok
22:35:26.0555 0x0b7c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
22:35:26.0615 0x0b7c wuauserv - ok
22:35:26.0631 0x0b7c [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:35:26.0631 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C, sha256: 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9
22:35:26.0632 0x0b7c WudfPf - detected LockedFile.Multi.Generic ( 1 )
22:35:29.0320 0x0b7c Detect skipped due to KSN trusted
22:35:29.0320 0x0b7c WudfPf - ok
22:35:29.0349 0x0b7c [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:35:29.0349 0x0b7c Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682, sha256: FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF
22:35:29.0350 0x0b7c WUDFRd - detected LockedFile.Multi.Generic ( 1 )
22:35:31.0939 0x0b7c Detect skipped due to KSN trusted
22:35:31.0939 0x0b7c WUDFRd - ok
22:35:31.0963 0x0b7c [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:35:31.0981 0x0b7c wudfsvc - ok
22:35:32.0000 0x0b7c [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:35:32.0018 0x0b7c WwanSvc - ok
22:35:32.0045 0x0b7c [ 9EB8FD651D6EEF8DF25B1147269B2B3D, 9783473692FF95E4FBB7A43F96E6EBB5D93D2ACA5603484929625158BCB5DA3E ] zntport C:\Windows\system32\drivers\zntport.sys
22:35:32.0057 0x0b7c zntport - ok
22:35:32.0088 0x0b7c ================ Scan global ===============================
22:35:32.0104 0x0b7c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:35:32.0145 0x0b7c [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
22:35:32.0153 0x0b7c [ E0406AEF04B088D1C49FC78D0546F689, 7ADD4D1C174FAA5405BD94BAF104A5DD56BE00DBDC1ED9F069A95430A7B264AA ] C:\Windows\system32\winsrv.dll
22:35:32.0172 0x0b7c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:35:32.0191 0x0b7c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
22:35:32.0196 0x0b7c [ Global ] - ok
22:35:32.0196 0x0b7c ================ Scan MBR ==================================
22:35:32.0207 0x0b7c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:35:32.0496 0x0b7c \Device\Harddisk0\DR0 - ok
22:35:32.0496 0x0b7c ================ Scan VBR ==================================
22:35:32.0497 0x0b7c [ 1BED84F868B7B442ABF1ECDD2C6CF799 ] \Device\Harddisk0\DR0\Partition1
22:35:32.0498 0x0b7c \Device\Harddisk0\DR0\Partition1 - ok
22:35:32.0499 0x0b7c [ B57B26356DF06222F92DCEF8E8EC991F ] \Device\Harddisk0\DR0\Partition2
22:35:32.0500 0x0b7c \Device\Harddisk0\DR0\Partition2 - ok
22:35:32.0501 0x0b7c [ 1A3A321A4254EFF4EFE183B329485AF7 ] \Device\Harddisk0\DR0\Partition3
22:35:32.0531 0x0b7c \Device\Harddisk0\DR0\Partition3 - ok
22:35:32.0543 0x0b7c [ E950BBA7CEBBCD818CA709F8F392DA77 ] \Device\Harddisk0\DR0\Partition4
22:35:32.0564 0x0b7c \Device\Harddisk0\DR0\Partition4 - ok
22:35:32.0564 0x0b7c ================ Scan generic autorun ======================
22:35:32.0669 0x0b7c [ DD37DC13DF1224A8719208AE5CDE2B63, EA365A7358637C555D8CDEDD59BCA574C8B6EB8BB3C1B8790FEC7D76A37FC4AB ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
22:35:32.0707 0x0b7c NvBackend - ok
22:35:32.0729 0x0b7c [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
22:35:32.0736 0x0b7c ShadowPlay - ok
22:35:32.0754 0x0b7c AdobeAAMUpdater-1.0 - ok
22:35:32.0827 0x0b7c razer update - ok
22:35:32.0875 0x0b7c [ 4EAF6F8F0B3BE33A0E3877EB7FFD48D4, CD89A31004E3E5A3253554CABF70B89D4F2FCBC40161FFA9E633CD85261A2769 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:35:32.0892 0x0b7c Adobe ARM - ok
22:35:32.0920 0x0b7c [ 61F2D7A31F0EEC2BA373EC1B57264964, 0FA8A5D46AF05DFE6091B5F8BE5F8CBA1DB6544E4E2BF654A0D5AB0CA02BD7D2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
22:35:32.0931 0x0b7c SunJavaUpdateSched - ok
22:35:32.0987 0x0b7c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:35:33.0044 0x0b7c Sidebar - ok
22:35:33.0061 0x0b7c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:35:33.0071 0x0b7c mctadmin - ok
22:35:33.0104 0x0b7c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:35:33.0124 0x0b7c Sidebar - ok
22:35:33.0127 0x0b7c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:35:33.0137 0x0b7c mctadmin - ok
22:35:33.0277 0x0b7c [ 18EE6C694976C4D205AF24D6CCE3B660, 262F8B929CBBC8BFDD465826A27625ED9508A7C325C45F1964A4EFAC36D60056 ] C:\Program Files\CCleaner\CCleaner64.exe
22:35:33.0369 0x0b7c CCleaner Monitoring - ok
22:35:33.0373 0x0b7c uTorrent - ok
22:35:33.0414 0x0b7c [ 852D67A27E454BD389FA7F02A8CBE23F, A8FDBA9DF15E41B6F5C69C79F66A26A9D48E174F9E7018A371600B866867DAB8 ] C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
22:35:33.0434 0x0b7c {0698C8B1-24DE-44B7-B8C9-A6044C297EE1} - ok
22:35:33.0435 0x0b7c Waiting for KSN requests completion. In queue: 13
22:35:34.0435 0x0b7c Waiting for KSN requests completion. In queue: 13
22:35:35.0435 0x0b7c Waiting for KSN requests completion. In queue: 13
22:35:36.0125 0x09d0 Object required for P2P: [ 4EAF6F8F0B3BE33A0E3877EB7FFD48D4 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:35:36.0435 0x0b7c Waiting for KSN requests completion. In queue: 8
22:35:37.0435 0x0b7c Waiting for KSN requests completion. In queue: 8
22:35:38.0435 0x0b7c Waiting for KSN requests completion. In queue: 8
22:35:39.0056 0x09d0 Object send P2P result: true
22:35:39.0442 0x0b7c Win FW state via NFP2: disabled ( not trusted )
22:35:42.0087 0x0b7c ============================================================
22:35:42.0087 0x0b7c Scan finished
22:35:42.0087 0x0b7c ============================================================
22:35:42.0091 0x05f8 Detected object count: 12
22:35:42.0091 0x05f8 Actual detected object count: 12
22:36:22.0936 0x05f8 C:\Windows\System32\Drivers\4adf39cfa5401019.sys - copied to quarantine
22:36:22.0936 0x05f8 HKLM\SYSTEM\ControlSet001\services\4adf39cfa5401019 - will be deleted on reboot
22:36:22.0970 0x05f8 HKLM\SYSTEM\ControlSet002\services\4adf39cfa5401019 - will be deleted on reboot
22:36:23.0083 0x05f8 C:\Windows\System32\Drivers\4adf39cfa5401019.sys - will be deleted on reboot
22:36:23.0083 0x05f8 4adf39cfa5401019 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
22:36:23.0083 0x05f8 flpydisk ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 hidusbf ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 hidusbf ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 iirsp ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 lltdio ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 msahci ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 msahci ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 Processor ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 storvsc ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 storvsc ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 usbehci ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0083 0x05f8 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
22:36:23.0083 0x05f8 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
22:36:23.0644 0x05f8 KLMD registered as C:\Windows\system32\drivers\83478620.sys
22:36:37.0834 0x08b8 Deinitialize success
Dsoumil is offline  
Old 05-11-2016, 10:22 AM   #9
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



TDSSKiller.3.1.0.9_11.05.2016_22.37.48_log

Quote:
22:37:48.0889 0x091c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:37:50.0340 0x091c ============================================================
22:37:50.0340 0x091c Current date / time: 2016/05/11 22:37:50.0340
22:37:50.0340 0x091c SystemInfo:
22:37:50.0340 0x091c
22:37:50.0340 0x091c OS Version: 6.1.7601 ServicePack: 1.0
22:37:50.0340 0x091c Product type: Workstation
22:37:50.0340 0x091c ComputerName: SOUMIL-PC
22:37:50.0340 0x091c UserName: Soumil
22:37:50.0340 0x091c Windows directory: C:\Windows
22:37:50.0340 0x091c System windows directory: C:\Windows
22:37:50.0340 0x091c Running under WOW64
22:37:50.0340 0x091c Processor architecture: Intel x64
22:37:50.0340 0x091c Number of processors: 8
22:37:50.0340 0x091c Page size: 0x1000
22:37:50.0340 0x091c Boot type: Normal boot
22:37:50.0340 0x091c ============================================================
22:37:50.0340 0x091c BG loaded
22:37:50.0902 0x091c System UUID: {C95E907B-4A64-533E-F01E-8160F89C8963}
22:37:51.0604 0x091c Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
22:37:51.0604 0x091c ============================================================
22:37:51.0604 0x091c \Device\Harddisk0\DR0:
22:37:51.0635 0x091c MBR partitions:
22:37:51.0635 0x091c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:37:51.0635 0x091c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C3800
22:37:51.0650 0x091c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F650F, BlocksNum 0x124F6491
22:37:51.0682 0x091c \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x249EC9DF, BlocksNum 0x159943A1
22:37:51.0682 0x091c ============================================================
22:37:51.0822 0x091c C: <-> \Device\Harddisk0\DR0\Partition2
22:37:51.0978 0x091c D: <-> \Device\Harddisk0\DR0\Partition3
22:37:52.0056 0x091c E: <-> \Device\Harddisk0\DR0\Partition4
22:37:52.0087 0x091c G: <-> \Device\Harddisk0\DR0\Partition1
22:37:52.0087 0x091c ============================================================
22:37:52.0087 0x091c Initialize success
22:37:52.0087 0x091c ============================================================
22:39:33.0304 0x0850 Deinitialize success
Dsoumil is offline  
Old 05-12-2016, 12:39 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Dsoumil,

Thanks for the logs. Please do the following.

Please download ComboFix and Save it to your Desktop.

Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Please make sure you disable your security applications before running ComboFix. Get help here
Double-click ComboFix.exe and follow the prompts to run it.
If a message window opens to install the Microsoft Windows Recovery Console, click the yes button.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.
Please re-enable your antivirus before posting the ComboFix.txt log.
NOTE: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe
Next, go File > New Task(Run...) and type explorer then press 'Enter'. or just reboot the computer.
__________________
tekir06 is offline  
Old 05-12-2016, 02:44 AM   #11
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



Hi tekir06,

After your last fix of TDSSKiller, I successfully installed my bitdefender total security 2016 and scanned my entire pc and according to it my pc is totally safe now.
Do I still need to apply this combofix fix?

Thanks for all your help.
Really appreciate it.
Dsoumil is offline  
Old 05-12-2016, 03:10 AM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Dsoumil,

You're Welcome!

Please run ComboFix. I want to be sure. After a couple of things we have to do. Not finished yet.
__________________
tekir06 is offline  
Old 05-12-2016, 03:25 AM   #13
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



Combofix Gave me a dialog box after the installation called "You cannot rename combofix..." I hadnt renamed the file at all. There was no combofix.txt at c:/.
When I rerun combofix it gives me various missing files error.
Dsoumil is offline  
Old 05-12-2016, 03:50 AM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Did scan ComboFix ?
__________________
tekir06 is offline  
Old 05-12-2016, 03:52 AM   #15
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



I disabled bitdefender and ran combofix
Dsoumil is offline  
Old 05-12-2016, 04:03 AM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Combofix Ran but You don't find ComboFix.txt. Is it correct?
__________________
tekir06 is offline  
Old 05-12-2016, 06:54 AM   #17
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



yes sir , that is correct.
Dsoumil is offline  
Old 05-12-2016, 11:16 PM   #18
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Dsoumil,

Please see if you can find ComboFix.txt file in c:\qoobox or c:\combofix folder.
__________________
tekir06 is offline  
Old 05-13-2016, 12:17 AM   #19
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



No sir , I cannot find ComboFix.txt in any of those locations.
Dsoumil is offline  
Old 05-13-2016, 02:06 PM   #20
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Dsoumil,

Please do the following.

Please make sure you disable your security applications.
Press windows key + R on your keyboard at the same time.
Copy/Paste the following single-line command into the Run box

Combofix /uninstall

Then press OK.

Note: It may appear as if Combofix is installing again but it is uninstalling. Please allow the program to run its course.

========================================================

Now, re-download to the desktop from the following link and run it again. Send the report.

ComboFix
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Problems with staying on line with all Browsers
Hi all, I have a Compaq Microsoft Windows XP Version 2002 Service Pk 3. I checked and it said I have 11.3 GB available. I have downloaded every single Browser, IE keeps saying low on memory, no memory at line 1, 10, 22 etc. freezes up on me & boots me off line.The rest of them seem to all say:...
JoJo62 Motherboards, Bios & CPU 14 06-19-2013 07:43 AM
~*~Mixed Bag of Problems~*~
Hi, everyone! I have had a lot of problems with my computer lately and I'm hoping someone would be able to help me out. The most pressing issue right now is that my e-mail is sending out Spam links when I'm not even on my computer. The first time it happened, I changed my password, but tonight the...
TabbyCat725 Virus/Trojan/Spyware Help 156 07-09-2012 07:50 PM
Trouble with Directx 10
When trying to install a redist for a game i was going to play, this error comes up: "An internal system error occured. Please refer to DXERROR.log and Directx.log in your Windows folder to determine the problem" This is my DXError.log: -------------------- module: dxupdate(Sep 4 2009),...
xAtlas PC Gaming Support 1 07-29-2011 01:43 PM
Vista to XP Downgrade Compaq/ HP F700/G6000/DV6900/DV6700/DVx7xx/DV9800 Series Laptop
GUIDELINES Please read the following:. I have compiled a list of drivers for the Compaq Presario/HP F700/G6000,DV6900/DV6700/x7xx and DV9800 series laptops with an AMD Processor ONLY. These drivers have been used "Successfully" to downgrade these laptops from Vista to XP. I must warn you....
BCCOMP Laptop Support 3 11-04-2008 07:58 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:57 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts