Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Running beyond slow and turning off antivirus


  • This topic is locked This topic is locked
35 replies to this topic

#1 ddman

ddman

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 21 December 2013 - 12:33 PM

User set computer down with a web page open...came back to unresponsive unit.

 

-Can only boot into one of the SAFE modes...takes forever.

-Any key press or mousing action takes 30 sec - 3 minutes to actually do something. McAfee and Malwarebytes does not turn anything up.

-Mcafee antivirus shows as OFF. If I turn back on it turns itself off.

-ran SFC.exe /scannow, errored with message "Windows Resource Protection could not start the repair service"

Usually I can detect and erradicate...but this time I'm stumpedI'm stumped.

 

Executed Deffoger.exe. Ran dds.com. Attach.txt is attached to post

 

DDS paste:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16736
Run by Joan at 9:59:35 on 2013-12-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.3339 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe -k secsvcs
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625161148.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRunOnce: [1] C:\Users\Joan\Desktop\Save comp\mbam-chameleon.exe /r /p
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://just4us1099.dyndns.org:4549/cab/OCXChecker_8310.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {FEC048AB-277A-460C-BF50-1A4193AEF148} - hxxp://just4us1099.dyndns.org:4549/cab/DownloadCenter_8300.cab
TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{4A3CB75B-23EF-4018-BFB3-B7DF8BDDD9E9} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{4A3CB75B-23EF-4018-BFB3-B7DF8BDDD9E9}\465636B656273677534363 : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625161148.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-2-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2012-6-10 340216]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-6-10 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-6-10 182752]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2012-6-10 70112]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-12-30 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2012-6-10 515968]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-12-30 1109096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-11-2 179296]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-11-2 151648]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S2 EpsonScanSvc;Epson Scanner Service;C:\windows\System32\escsvc64.exe [2012-11-2 135824]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-21 201304]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-6-10 241456]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-26 132056]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-30 126392]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-30 2656280]
S3 FlyUsb;FLY Fusion;C:\windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-11-21 196440]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\windows\System32\drivers\btblan.sys [2012-9-28 40320]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-6-10 309840]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2012-6-10 106552]
S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-12-30 38096]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-29 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-30 243712]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-30 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-1-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-29 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .chm: chm.file="C:\windows\hh.exe" %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-10 10:49:52 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{123C9E04-E007-48F0-B199-6796EA50EA12}\offreg.dll
2013-12-08 14:48:23 256904 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys
2013-12-07 18:54:08 184768 ----a-w- C:\windows\System32\drivers\tmrkb.sys
2013-12-07 18:52:37 173504 ----a-w- C:\windows\System32\drivers\tmcomm.sys
2013-12-07 05:30:24 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{123C9E04-E007-48F0-B199-6796EA50EA12}\mpengine.dll
2013-12-06 21:34:26 -------- d-----w- C:\windows\pss
.
==================== Find3M  ====================
.
2013-11-11 11:50:16 267936 ----a-w- C:\windows\System32\MpSigStub.exe
2013-10-12 08:45:20 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe
.
============= FINISH: 10:01:17.82 ===============
 

Thank you in advance,

Dan

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 26 December 2013 - 12:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518192 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ddman

ddman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 31 December 2013 - 02:34 PM

see above



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 AM

Posted 02 January 2014 - 12:17 PM

Hello ddman,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Edited by fireman4it, 02 January 2014 - 12:22 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 ddman

ddman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 02 January 2014 - 03:56 PM

Hi,

Im trying to comply, but unit is taking 100 times longer than normal.

 

Question....

 

in a direct email you instructed me to run

1) OTC

2) RogueKiller

3) Malware Bytes Rootkit

 

In this post you are instructing me differently

1) AdWCleaner

2) RogueKiller

 

What should I run?

 

I HAVE already run OTC and am in the middle of running RogueKiller



#6 ddman

ddman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 02 January 2014 - 04:09 PM

After running for almost 2 hours now.....RogueKiller is still in the process of "Looking for faked files"

 

Don't know if this will help but here's a behaviour I am observing.

The laptop just sits there not changing for a couple of minutes, with the same name of the "file" it says its checking for fakes, but is not changing.

Every few minutes the cpu cooling fan comes on and the file names will change for a brief moment and then it goes back to just sitting there.

Only up to \system32\drivers\circlass.sys at this time....this will take many hours to run the whole list of drivers



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 AM

Posted 02 January 2014 - 06:34 PM

Please follow the direction givin in this topic.  Post the logs as the tools finish.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 ddman

ddman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 02 January 2014 - 10:38 PM

OTC ran OK

RogueKiller report floows (attached debug.log also)

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joan [Admin rights]
Mode : Scan -- Date : 01/02/2014 16:05:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] {2004F95B-C2E0-48A8-BDE6-148138ED2A59}.job : C:\Users\Joan\AppData\Local\a064c503-d9a4-41fe-a197-4772fd76eafead\acdafeafdeafead.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3275GSX +++++
--- User ---
[MBR] c14a194e47a70f624d48fac8dd35e444
[BSP] 35cff5c93c53e5a466e70c6c8ff31d64 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289747 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596475904 | Size: 13997 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01022014_160550.txt >>

 

 



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 AM

Posted 02 January 2014 - 11:50 PM

Please run MalwareBytes Rootkit and post those logs. Then run Roguekiller again as follows.

 

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 ddman

ddman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 03 January 2014 - 03:19 PM

Finally was able to run the things you asked and get the .txt and .log files off to post here.

 

Ran AdWcleaner....did NOT remove of delete any thing found (waiting to be told to do so)

 

Here are the results

 

# AdwCleaner v3.016 - Report created 03/01/2014 at 08:46:58
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joan - JOAN-PC
# Running from : C:\Users\Joan\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\ProgramData\Ask
Folder Found C:\Users\Joan\AppData\Local\apn
Folder Found C:\Users\Joan\AppData\LocalLow\iac
Folder Found C:\Users\Joan\AppData\Roaming\pccustubinstaller
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\APN PIP
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1839 octets] - [03/01/2014 08:46:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1899 octets] ##########


#11 ddman

ddman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 03 January 2014 - 03:30 PM

Ran MalwareBytes Anti-Root 3 times.

Deleted what was found on run 3

 

Posted in order of run sequence

Run #1:

 

mbar-log

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
 
Database version: v2014.01.02.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Joan :: JOAN-PC [administrator]
 
1/2/2014 4:55:22 PM
mbar-log-2014-01-02 (16-55-22).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 235826
Time elapsed: 30 minute(s), 20 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak (Unknown.Rootkit.Driver) -> Replace on reboot.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
System-Log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16736
 
Java version: 1.6.0_25
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4240293888, free: 2150707200
 
Downloaded database version: v2014.01.02.04
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
     01/02/2014 16:55:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\cfwids.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80067b9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004dbb050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80067b9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80067b22b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80067b9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004dbb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak --> [Forged file]
Replacement file found for a file C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak
Infected: C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys.bak --> [Unknown.Rootkit.Driver]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 10ED62A
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 593401856
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 596475904  Numsec = 28665856
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Scan finished
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16736
 
Java version: 1.6.0_25
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4240293888, free: 3277201408
 
=======================================
 
RUN #2:
 
mbar-log:
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
 
Database version: v2014.01.02.04
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16428
Joan :: JOAN-PC [administrator]
 
1/3/2014 9:07:56 AM
mbar-log-2014-01-03 (09-07-56).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 235474
Time elapsed: 28 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
System-log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16736
 
Java version: 1.6.0_25
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4240293888, free: 2871435264
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16428
 
Java version: 1.6.0_25
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4240293888, free: 3582115840
 
Could not load protection driver
Downloaded database version: v2014.01.03.01
Downloaded database version: v2014.01.03.03
Canceled update
=======================================
------------ Kernel report ------------
     01/03/2014 09:06:37
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\cfwids.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\usp10.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\wininet.dll
\Windows\System32\shell32.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\advapi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80057d1790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80049bb050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80057d1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80057d0470, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80057d1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80049bb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 10ED62A
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 593401856
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 596475904  Numsec = 28665856
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
Run #3:
 
mbar-log
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
 
Database version: v2014.01.02.04
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 11.0.9600.16428
Joan :: JOAN-PC [administrator]
 
1/3/2014 11:17:16 AM
mbar-log-2014-01-03 (11-17-16).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 235378
Time elapsed: 18 minute(s), 43 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
System-log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16428
 
Java version: 1.6.0_25
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4240293888, free: 3695128576
 
Could not load protection driver
DNS error
DNS error
DNS error
=======================================
Initializing...
------------ Kernel report ------------
     01/03/2014 11:17:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\ole32.dll
\Windows\System32\kernel32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\oleaut32.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\iertutil.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
----------- End -----------
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_596475904_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800578b410
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80049bb050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800578b410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800578c040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800578b410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80049bb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 10ED62A
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 593401856
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 596475904  Numsec = 28665856
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Scan finished
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
=======================================
 
 
 
 
 


#12 ddman

ddman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 03 January 2014 - 03:32 PM

Ran RogueKiller and used Cleaned afterwards

 

report:

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Joan [Admin rights]
Mode : Remove -- Date : 01/03/2014 14:11:52
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. 
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] {2004F95B-C2E0-48A8-BDE6-148138ED2A59}.job : C:\Users\Joan\AppData\Local\a064c503-d9a4-41fe-a197-4772fd76eafead\acdafeafdeafead.exe [x] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3275GSX +++++
--- User ---
[MBR] c14a194e47a70f624d48fac8dd35e444
[BSP] 35cff5c93c53e5a466e70c6c8ff31d64 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289747 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596475904 | Size: 13997 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_01032014_141152.txt >>
RKreport[0]_S_01022014_160550.txt;RKreport[0]_S_01032014_141135.txt


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:33 AM

Posted 03 January 2014 - 04:26 PM

1.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

2.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

3.

Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop

Link 1
Link 2

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 ddman

ddman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 04 January 2014 - 06:22 PM

find the AdWCleaner report below.

I cannot get TDSSKiller to run on reboot (i.e. after I click Load Modules and it reboots).

Please Note:
When my machines boots, no matter whether normal or any of the SAFE modes, the program HelpPane.exe autoruns. I have to kill it before doing anything else. The machine can take up to an hour to fully boot. Rebooting means another hours to wait.

Is there any way to run TDSSKiller from a command line with switches?


# AdwCleaner v3.016 - Report created 04/01/2014 at 07:51:48
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joan - JOAN-PC
# Running from : C:\Users\Joan\Desktop\Save comp\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1987 octets] - [03/01/2014 08:46:58]
AdwCleaner[R1].txt - [2047 octets] - [03/01/2014 15:24:19]
AdwCleaner[R2].txt - [748 octets] - [04/01/2014 07:51:48]
AdwCleaner[S0].txt - [2060 octets] - [03/01/2014 15:28:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [867 octets] ##########

#15 ddman

ddman
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Charles, MO
  • Local time:02:33 AM

Posted 04 January 2014 - 10:11 PM

Was finally able to get TDSSKiller to run...It found 3 medium threats, none had "Cure" as a choice...left them at "Skip"

here's the log file

17:38:12.0035 0x0b50 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
17:38:14.0172 0x0b50 ============================================================
17:38:14.0172 0x0b50 Current date / time: 2014/01/04 17:38:14.0172
17:38:14.0172 0x0b50 SystemInfo:
17:38:14.0172 0x0b50
17:38:14.0172 0x0b50 OS Version: 6.1.7601 ServicePack: 1.0
17:38:14.0172 0x0b50 Product type: Workstation
17:38:14.0172 0x0b50 ComputerName: JOAN-PC
17:38:14.0172 0x0b50 UserName: Joan
17:38:14.0172 0x0b50 Windows directory: C:\windows
17:38:14.0172 0x0b50 System windows directory: C:\windows
17:38:14.0172 0x0b50 Running under WOW64
17:38:14.0172 0x0b50 Processor architecture: Intel x64
17:38:14.0172 0x0b50 Number of processors: 2
17:38:14.0172 0x0b50 Page size: 0x1000
17:38:14.0172 0x0b50 Boot type: Normal boot
17:38:14.0172 0x0b50 ============================================================
17:38:15.0670 0x0b50 KLMD registered as C:\windows\system32\drivers\79577406.sys
17:38:16.0075 0x0b50 System UUID: {271B4071-59C3-CB2F-7910-CDA93AF49D35}
17:38:17.0417 0x0b50 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:17.0417 0x0b50 ============================================================
17:38:17.0417 0x0b50 \Device\Harddisk0\DR0:
17:38:17.0417 0x0b50 MBR partitions:
17:38:17.0417 0x0b50 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235E9800
17:38:17.0417 0x0b50 ============================================================
17:38:17.0604 0x0b50 C: <-> \Device\Harddisk0\DR0\Partition1
17:38:17.0604 0x0b50 ============================================================
17:38:17.0604 0x0b50 Initialize success
17:38:17.0604 0x0b50 ============================================================
17:38:33.0360 0x13f0 ============================================================
17:38:33.0360 0x13f0 Scan started
17:38:33.0360 0x13f0 Mode: Manual; SigCheck; TDLFS;
17:38:33.0360 0x13f0 ============================================================
17:38:33.0360 0x13f0 KSN ping started
17:39:11.0986 0x13f0 KSN ping finished: true
17:42:52.0477 0x13f0 ================ Scan system memory ========================
17:42:52.0477 0x13f0 System memory - ok
17:42:52.0477 0x13f0 ================ Scan services =============================
17:43:19.0590 0x13f0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:43:28.0404 0x13f0 1394ohci - ok
17:43:58.0122 0x13f0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:43:58.0168 0x13f0 ACPI - ok
17:44:15.0126 0x13f0 [ 430077B0065CB075748316C2BC3CB8C5, 59EC91DCB7DC65B5F928091CB0E25C26729A0A4453EBE7D8244FC1CEAE7D9712 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:44:15.0282 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\acpipmi.sys. Real md5: 430077B0065CB075748316C2BC3CB8C5, sha256: 59EC91DCB7DC65B5F928091CB0E25C26729A0A4453EBE7D8244FC1CEAE7D9712, fake md5: 99F8E788246D495CE3794D7E7821D2CA, fake sha256: F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76
17:44:15.0282 0x13f0 AcpiPmi - detected ForgedFile.Multi.Generic ( 1 )
17:44:18.0277 0x13f0 Detect skipped due to KSN trusted
17:44:18.0277 0x13f0 AcpiPmi - ok
17:44:25.0827 0x13f0 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:44:25.0952 0x13f0 AdobeARMservice - ok
17:44:47.0387 0x13f0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:44:56.0279 0x13f0 adp94xx - ok
17:45:17.0807 0x13f0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
17:45:26.0090 0x13f0 adpahci - ok
17:45:48.0039 0x13f0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:46:05.0231 0x13f0 adpu320 - ok
17:46:05.0964 0x13f0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:46:43.0544 0x13f0 AeLookupSvc - ok
17:46:47.0756 0x13f0 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
17:46:48.0037 0x13f0 AFD - ok
17:47:04.0682 0x13f0 agp440 - ok
17:47:04.0854 0x13f0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
17:47:04.0963 0x13f0 ALG - ok
17:47:04.0979 0x13f0 aliide - ok
17:47:04.0979 0x13f0 amdide - ok
17:47:05.0026 0x13f0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:47:05.0057 0x13f0 AmdK8 - ok
17:47:05.0072 0x13f0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
17:47:05.0088 0x13f0 AmdPPM - ok
17:47:05.0104 0x13f0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:47:05.0135 0x13f0 amdsata - ok
17:47:05.0166 0x13f0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:47:05.0182 0x13f0 amdsbs - ok
17:47:05.0213 0x13f0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
17:47:05.0228 0x13f0 amdxata - ok
17:47:05.0244 0x13f0 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
17:47:05.0306 0x13f0 AppID - ok
17:47:05.0338 0x13f0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:47:05.0400 0x13f0 AppIDSvc - ok
17:47:05.0447 0x13f0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
17:47:05.0478 0x13f0 Appinfo - ok
17:47:05.0540 0x13f0 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:47:05.0540 0x13f0 Apple Mobile Device - ok
17:47:05.0572 0x13f0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\drivers\arc.sys
17:47:05.0587 0x13f0 arc - ok
17:47:05.0603 0x13f0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\drivers\arcsas.sys
17:47:05.0618 0x13f0 arcsas - ok
17:47:05.0634 0x13f0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:47:05.0681 0x13f0 AsyncMac - ok
17:47:05.0728 0x13f0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
17:47:14.0276 0x13f0 atapi - ok
17:47:18.0332 0x13f0 AudioEndpointBuilder - ok
17:47:22.0638 0x13f0 AudioSrv - ok
17:47:31.0234 0x13f0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
17:47:56.0178 0x13f0 AxInstSV - ok
17:48:12.0745 0x13f0 b06bdrv - ok
17:48:12.0886 0x13f0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:48:12.0995 0x13f0 b57nd60a - ok
17:48:13.0057 0x13f0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
17:48:13.0104 0x13f0 BDESVC - ok
17:48:13.0135 0x13f0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
17:48:13.0198 0x13f0 Beep - ok
17:48:13.0276 0x13f0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
17:48:13.0338 0x13f0 BFE - ok
17:48:13.0385 0x13f0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
17:48:13.0494 0x13f0 BITS - ok
17:48:13.0525 0x13f0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:48:13.0572 0x13f0 blbdrive - ok
17:48:13.0666 0x13f0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:48:13.0697 0x13f0 Bonjour Service - ok
17:48:13.0728 0x13f0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:48:13.0759 0x13f0 bowser - ok
17:48:22.0074 0x13f0 BrFiltLo - ok
17:48:22.0074 0x13f0 BrFiltUp - ok
17:48:22.0339 0x13f0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
17:48:22.0371 0x13f0 Browser - ok
17:48:22.0386 0x13f0 Brserid - ok
17:48:22.0417 0x13f0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:48:22.0433 0x13f0 BrSerWdm - ok
17:48:22.0464 0x13f0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:48:22.0511 0x13f0 BrUsbMdm - ok
17:48:22.0527 0x13f0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:48:22.0558 0x13f0 BrUsbSer - ok
17:48:22.0558 0x13f0 BTHMODEM - ok
17:48:22.0605 0x13f0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
17:48:22.0667 0x13f0 bthserv - ok
17:48:22.0683 0x13f0 cdfs - ok
17:48:22.0698 0x13f0 cdrom - ok
17:48:22.0761 0x13f0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
17:48:22.0807 0x13f0 CertPropSvc - ok
17:48:22.0963 0x13f0 [ D2B3252AD4EB499C935A56467997AA3C, BC65242406A7449E88969265AC67D35F7842C70D5483CBCFF7786F00C3EF896D ] cfwids C:\windows\system32\drivers\cfwids.sys
17:48:22.0979 0x13f0 cfwids - ok
17:48:23.0010 0x13f0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\drivers\circlass.sys
17:48:23.0041 0x13f0 circlass - ok
17:48:23.0119 0x13f0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
17:48:23.0151 0x13f0 CLFS - ok
17:48:31.0731 0x13f0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:48:31.0824 0x13f0 clr_optimization_v2.0.50727_32 - ok
17:48:32.0136 0x13f0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:48:32.0152 0x13f0 clr_optimization_v2.0.50727_64 - ok
17:48:48.0821 0x13f0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:22.0470 0x13f0 clr_optimization_v4.0.30319_32 - ok
17:49:35.0075 0x13f0 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:49:47.0680 0x13f0 clr_optimization_v4.0.30319_64 - ok
17:50:00.0285 0x13f0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:50:17.0180 0x13f0 CmBatt - ok
17:50:17.0211 0x13f0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
17:50:17.0211 0x13f0 cmdide - ok
17:50:21.0501 0x13f0 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
17:50:21.0563 0x13f0 CNG - ok
17:50:30.0252 0x13f0 [ A260BE645DD096D90318C8CF98536720, ACFDC643485AAAB40ABB3A00C8D9F2E962AF273B95118F0CD19FB8E93E8BF032 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
17:50:34.0527 0x13f0 CnxtHdAudService - ok
17:50:46.0820 0x13f0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\drivers\compbatt.sys
17:50:46.0835 0x13f0 Compbatt - ok
17:50:46.0851 0x13f0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
17:50:59.0487 0x13f0 CompositeBus - ok
17:51:03.0621 0x13f0 COMSysApp - ok
17:51:03.0636 0x13f0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:51:03.0792 0x13f0 crcdisk - ok
17:51:04.0011 0x13f0 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
17:51:08.0363 0x13f0 CryptSvc - ok
17:51:12.0482 0x13f0 dc3d - ok
17:51:12.0591 0x13f0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
17:51:12.0669 0x13f0 DcomLaunch - ok
17:51:12.0731 0x13f0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
17:51:12.0778 0x13f0 defragsvc - ok
17:51:12.0872 0x13f0 DfsC - ok
17:51:12.0903 0x13f0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
17:51:12.0981 0x13f0 Dhcp - ok
17:51:12.0981 0x13f0 discache - ok
17:51:13.0043 0x13f0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\drivers\disk.sys
17:51:13.0059 0x13f0 Disk - ok
17:51:13.0074 0x13f0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:51:13.0137 0x13f0 Dnscache - ok
17:51:13.0152 0x13f0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
17:51:13.0230 0x13f0 dot3svc - ok
17:51:13.0277 0x13f0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
17:51:13.0324 0x13f0 DPS - ok
17:51:13.0355 0x13f0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:51:13.0386 0x13f0 drmkaud - ok
17:51:13.0449 0x13f0 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:51:13.0496 0x13f0 DXGKrnl - ok
17:51:17.0895 0x13f0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
17:52:28.0064 0x13f0 EapHost - ok
17:54:28.0480 0x13f0 [ 089813CB08A9A6948B7C5CD30B0B55C1, 662AF2D23B9C0E2502CDEFDF69F142CBDA469C253A8AF7F59CC952C0AD68CAF4 ] ebdrv C:\windows\system32\drivers\evbda.sys
17:54:40.0960 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\evbda.sys. Real md5: 089813CB08A9A6948B7C5CD30B0B55C1, sha256: 662AF2D23B9C0E2502CDEFDF69F142CBDA469C253A8AF7F59CC952C0AD68CAF4, fake md5: DC5D737F51BE844D8C82C695EB17372F, fake sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
17:54:40.0960 0x13f0 ebdrv - detected ForgedFile.Multi.Generic ( 1 )
17:54:44.0205 0x13f0 ebdrv ( ForgedFile.Multi.Generic ) - warning
17:54:53.0206 0x13f0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\windows\System32\lsass.exe
17:55:01.0365 0x13f0 EFS - ok
17:55:05.0827 0x13f0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:55:42.0440 0x13f0 ehRecvr - ok
17:56:06.0729 0x13f0 [ A6761BA0C8FA8DE5851AF7A679112599, 68E96D8157C4FB8F5B854A793A0FC5C9FEBCE6595FE1B28484C60223F2254D3D ] ehSched C:\windows\ehome\ehsched.exe
17:56:06.0807 0x13f0 Suspicious file ( Forged ): C:\windows\ehome\ehsched.exe. Real md5: A6761BA0C8FA8DE5851AF7A679112599, sha256: 68E96D8157C4FB8F5B854A793A0FC5C9FEBCE6595FE1B28484C60223F2254D3D, fake md5: 4705E8EF9934482C5BB488CE28AFC681, fake sha256: 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D
17:56:06.0807 0x13f0 ehSched - detected ForgedFile.Multi.Generic ( 1 )
17:56:09.0927 0x13f0 Detect skipped due to KSN trusted
17:56:09.0927 0x13f0 ehSched - ok
17:56:32.0079 0x13f0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:56:44.0201 0x13f0 elxstor - ok
17:57:04.0418 0x13f0 EpsonBidirectionalService - ok
17:57:04.0715 0x13f0 [ 757305C7AD34222F4A46D86FE0BEE241, 94540DC1EA19821EACC796EF4FE247005B02E417B30E91383D1260E9D9A8B747 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
17:57:04.0746 0x13f0 EpsonCustomerParticipation - ok
17:57:04.0793 0x13f0 [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc C:\windows\system32\EscSvc64.exe
17:57:04.0808 0x13f0 EpsonScanSvc - ok
17:57:04.0871 0x13f0 [ 2A60F7356E9149CF898A6232440F3738, ECF33DABC5287C1D8D163C5411C654F33C669AE0E3249D56BDA25F115C619B54 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
17:57:04.0886 0x13f0 EPSON_EB_RPCV4_04 - ok
17:57:04.0917 0x13f0 [ 3F0C6F09DBDFA034865E560B7166690B, 71178152A70EA6E563B1213D8507D015292FFAF9937DC9326268B6DDE5BD1D42 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
17:57:04.0933 0x13f0 EPSON_PM_RPCV4_04 - ok
17:57:04.0964 0x13f0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
17:57:04.0980 0x13f0 ErrDev - ok
17:57:05.0027 0x13f0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
17:57:05.0089 0x13f0 EventSystem - ok
17:57:05.0120 0x13f0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
17:57:05.0167 0x13f0 exfat - ok
17:57:05.0183 0x13f0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
17:57:05.0245 0x13f0 fastfat - ok
17:57:05.0307 0x13f0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
17:57:05.0370 0x13f0 Fax - ok
17:57:05.0417 0x13f0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\drivers\fdc.sys
17:57:05.0432 0x13f0 fdc - ok
17:57:09.0675 0x13f0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
17:57:21.0953 0x13f0 fdPHost - ok
17:57:30.0236 0x13f0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
17:57:46.0772 0x13f0 FDResPub - ok
17:57:50.0922 0x13f0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:57:50.0938 0x13f0 FileInfo - ok
17:58:03.0277 0x13f0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:58:03.0308 0x13f0 Filetrace - ok
17:58:27.0520 0x13f0 [ 91FF0DAC5DF86E798BFEF5E573536B08, DE676BAE28A480011D3D012DB14BEF539324E62A841A9627863C689BEA168AF3 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:58:27.0644 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\flpydisk.sys. Real md5: 91FF0DAC5DF86E798BFEF5E573536B08, sha256: DE676BAE28A480011D3D012DB14BEF539324E62A841A9627863C689BEA168AF3, fake md5: C172A0F53008EAEB8EA33FE10E177AF5, fake sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
17:58:27.0644 0x13f0 flpydisk - detected ForgedFile.Multi.Generic ( 1 )
17:58:30.0608 0x13f0 Detect skipped due to KSN trusted
17:58:30.0608 0x13f0 flpydisk - ok
17:58:36.0770 0x13f0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:58:36.0802 0x13f0 FltMgr - ok
17:58:36.0864 0x13f0 [ 6CD6BB45BD3E0EEF6CE496BF52854FF1, 939630A1EEAB79DD5AA3D9272B9EDC0550BC06D40C9B398815FCFF4AC12A7F2C ] FlyUsb C:\windows\system32\DRIVERS\FlyUsb.sys
17:59:13.0836 0x13f0 FlyUsb - ok
17:59:14.0054 0x13f0 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
17:59:18.0157 0x13f0 FontCache - ok
17:59:22.0182 0x13f0 FontCache3.0.0.0 - ok
17:59:22.0400 0x13f0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:59:22.0416 0x13f0 FsDepends - ok
17:59:22.0432 0x13f0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:59:22.0447 0x13f0 Fs_Rec - ok
17:59:22.0463 0x13f0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:59:22.0478 0x13f0 fvevol - ok
17:59:22.0494 0x13f0 [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
17:59:22.0510 0x13f0 FwLnk - ok
17:59:22.0541 0x13f0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:59:22.0541 0x13f0 gagp30kx - ok
17:59:22.0572 0x13f0 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:59:22.0588 0x13f0 GEARAspiWDM - ok
17:59:22.0650 0x13f0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
17:59:22.0728 0x13f0 gpsvc - ok
17:59:22.0744 0x13f0 gupdate - ok
17:59:22.0744 0x13f0 gupdatem - ok
17:59:22.0775 0x13f0 gusvc - ok
17:59:22.0822 0x13f0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:59:22.0900 0x13f0 hcw85cir - ok
17:59:22.0962 0x13f0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:59:22.0993 0x13f0 HdAudAddService - ok
17:59:23.0024 0x13f0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:59:23.0056 0x13f0 HDAudBus - ok
17:59:23.0071 0x13f0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:59:23.0087 0x13f0 HidBatt - ok
17:59:23.0102 0x13f0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:59:23.0134 0x13f0 HidBth - ok
17:59:23.0165 0x13f0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\drivers\hidir.sys
17:59:23.0196 0x13f0 HidIr - ok
17:59:52.0072 0x13f0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
18:00:00.0511 0x13f0 hidserv - ok
18:00:24.0754 0x13f0 [ E0469D25EFC50F58B71E2D65B015DDB5, E669790053814E6309E6093480D9E5055719CC590DCB688B1C9CF2207F2560D2 ] HidUsb C:\windows\system32\drivers\hidusb.sys
18:00:24.0925 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\hidusb.sys. Real md5: E0469D25EFC50F58B71E2D65B015DDB5, sha256: E669790053814E6309E6093480D9E5055719CC590DCB688B1C9CF2207F2560D2, fake md5: 9592090A7E2B61CD582B612B6DF70536, fake sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
18:00:24.0925 0x13f0 HidUsb - detected ForgedFile.Multi.Generic ( 1 )
18:00:28.0092 0x13f0 Detect skipped due to KSN trusted
18:00:28.0092 0x13f0 HidUsb - ok
18:01:10.0368 0x13f0 [ 4BBAB33098A9B4BD4F09F6E9AA1FDCBC, 39033FBDEC25FF0EE05C3CECD738D7290A38E39ED3AA4DFC34C0CA26099EDC6A ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
18:01:10.0555 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\HipShieldK.sys. Real md5: 4BBAB33098A9B4BD4F09F6E9AA1FDCBC, sha256: 39033FBDEC25FF0EE05C3CECD738D7290A38E39ED3AA4DFC34C0CA26099EDC6A, fake md5: A894FB2CAE6A29F5D9C8EDA47B074623, fake sha256: F39014379B6F546CF3D3F56A343A7173B600A350715638040AE93E03EAB81CAC
18:01:10.0555 0x13f0 HipShieldK - detected ForgedFile.Multi.Generic ( 1 )
18:01:13.0519 0x13f0 Detect skipped due to KSN trusted
18:01:13.0519 0x13f0 HipShieldK - ok
18:01:19.0806 0x13f0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
18:01:19.0900 0x13f0 hkmsvc - ok
18:01:32.0115 0x13f0 HomeGroupListener - ok
18:01:32.0333 0x13f0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:01:32.0380 0x13f0 HomeGroupProvider - ok
18:01:32.0427 0x13f0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
18:01:32.0427 0x13f0 HpSAMD - ok
18:01:32.0489 0x13f0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:01:32.0567 0x13f0 HTTP - ok
18:01:32.0567 0x13f0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:01:32.0583 0x13f0 hwpolicy - ok
18:01:32.0598 0x13f0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
18:01:32.0614 0x13f0 i8042prt - ok
18:01:32.0676 0x13f0 [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
18:01:32.0708 0x13f0 iaStor - ok
18:01:32.0754 0x13f0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:01:32.0770 0x13f0 iaStorV - ok
18:01:32.0770 0x13f0 idsvc - ok
18:01:32.0817 0x13f0 IEEtwCollectorService - ok
18:01:33.0316 0x13f0 [ 370C2A8629B30F910F740387795DDC6F, 7D2D69F0BC12E86236014003EEA7479BD0FDE9A469459B6550DC3AED07A02030 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
18:01:58.0104 0x13f0 igfx - ok
18:02:10.0288 0x13f0 [ B04AC6C72C2B6E0034009C1A4DA66515, DEA44C96655C747012AA400AF96F686F7707392EC444F09CC6390DF93DFBE958 ] iirsp C:\windows\system32\drivers\iirsp.sys
18:02:10.0444 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\iirsp.sys. Real md5: B04AC6C72C2B6E0034009C1A4DA66515, sha256: DEA44C96655C747012AA400AF96F686F7707392EC444F09CC6390DF93DFBE958, fake md5: 5C18831C61933628F5BB0EA2675B9D21, fake sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
18:02:10.0444 0x13f0 iirsp - detected ForgedFile.Multi.Generic ( 1 )
18:02:13.0330 0x13f0 Detect skipped due to KSN trusted
18:02:13.0330 0x13f0 iirsp - ok
18:02:19.0664 0x13f0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
18:02:23.0829 0x13f0 IKEEXT - ok
18:02:35.0997 0x13f0 intelide - ok
18:02:36.0106 0x13f0 intelppm - ok
18:02:36.0122 0x13f0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:02:36.0184 0x13f0 IPBusEnum - ok
18:02:36.0184 0x13f0 IpFilterDriver - ok
18:02:36.0231 0x13f0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:02:36.0278 0x13f0 iphlpsvc - ok
18:02:36.0309 0x13f0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
18:02:36.0340 0x13f0 IPMIDRV - ok
18:02:36.0356 0x13f0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:02:36.0418 0x13f0 IPNAT - ok
18:02:36.0480 0x13f0 [ 0FF335D687C85097725A53458160E81E, BF8BB3C8AF1822BEB5FF5F8008614B982F277D862B16B6516CA91F73D336E9D4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:02:36.0512 0x13f0 iPod Service - ok
18:02:36.0543 0x13f0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
18:02:36.0574 0x13f0 IRENUM - ok
18:02:36.0605 0x13f0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
18:02:36.0636 0x13f0 isapnp - ok
18:02:36.0668 0x13f0 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
18:02:36.0699 0x13f0 iScsiPrt - ok
18:02:36.0730 0x13f0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
18:02:36.0746 0x13f0 kbdclass - ok
18:02:36.0777 0x13f0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
18:02:36.0808 0x13f0 kbdhid - ok
18:02:36.0824 0x13f0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\windows\system32\lsass.exe
18:02:36.0839 0x13f0 KeyIso - ok
18:02:36.0870 0x13f0 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:02:36.0870 0x13f0 KSecDD - ok
18:02:36.0886 0x13f0 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:02:36.0902 0x13f0 KSecPkg - ok
18:02:36.0917 0x13f0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
18:02:36.0980 0x13f0 ksthunk - ok
18:02:37.0120 0x13f0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
18:02:49.0460 0x13f0 KtmRm - ok
18:03:30.0051 0x13f0 [ C7EAB1F95D2C3F7C5743423CA734AFC8, 848866F79E75E497E68FF416D59D14D23BF2DF82E1F1BD81EE9E7F4CCE975975 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
18:03:30.0113 0x13f0 Suspicious file ( Forged ): C:\windows\system32\DRIVERS\L1C62x64.sys. Real md5: C7EAB1F95D2C3F7C5743423CA734AFC8, sha256: 848866F79E75E497E68FF416D59D14D23BF2DF82E1F1BD81EE9E7F4CCE975975, fake md5: 045FB70BC993B691517CE309045FF02D, fake sha256: DF8D4755DB8440999CAABE1B25181D76342E0F79D9979A0600ECCAFA60E4130D
18:03:30.0113 0x13f0 L1C - detected ForgedFile.Multi.Generic ( 1 )
18:03:33.0077 0x13f0 Detect skipped due to KSN trusted
18:03:33.0077 0x13f0 L1C - ok
18:03:43.0233 0x13f0 LanmanServer - ok
18:03:43.0342 0x13f0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:03:43.0405 0x13f0 LanmanWorkstation - ok
18:03:43.0436 0x13f0 LeapFrog Connect Device Service - ok
18:03:43.0467 0x13f0 [ 797289607A5EBF31353AA5EAD141F872, 4E3F8635F61DBFEEA3737EEB013F3B0A07B044A6F0D49901EB476B3904E98D2A ] Leapfrog-USBLAN C:\windows\system32\DRIVERS\btblan.sys
18:03:43.0498 0x13f0 Leapfrog-USBLAN - ok
18:03:43.0545 0x13f0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:03:43.0592 0x13f0 lltdio - ok
18:03:43.0623 0x13f0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
18:03:43.0701 0x13f0 lltdsvc - ok
18:03:43.0717 0x13f0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
18:03:43.0763 0x13f0 lmhosts - ok
18:03:43.0795 0x13f0 LMS - ok
18:03:43.0841 0x13f0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
18:03:43.0841 0x13f0 LSI_FC - ok
18:03:43.0873 0x13f0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
18:03:43.0873 0x13f0 LSI_SAS - ok
18:03:43.0888 0x13f0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
18:03:43.0904 0x13f0 LSI_SAS2 - ok
18:03:43.0919 0x13f0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
18:03:43.0919 0x13f0 LSI_SCSI - ok
18:03:43.0951 0x13f0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
18:03:43.0997 0x13f0 luafv - ok
18:03:44.0060 0x13f0 [ 90AA9E273410AD7A41D2D06E0FB46022, DE8D57149D503F9D5B3B6D4133482C9A19F8BB1FF0FCCADBB0F5B4E64121F92C ] mbamchameleon C:\windows\system32\drivers\mbamchameleon.sys
18:03:44.0075 0x13f0 mbamchameleon - ok
18:03:44.0169 0x13f0 [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:03:44.0185 0x13f0 McAfee SiteAdvisor Service - ok
18:03:44.0216 0x13f0 [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:03:44.0231 0x13f0 McMPFSvc - ok
18:03:44.0247 0x13f0 [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:03:44.0263 0x13f0 mcmscsvc - ok
18:03:44.0309 0x13f0 [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:03:44.0325 0x13f0 McNaiAnn - ok
18:03:56.0649 0x13f0 [ D1CF54CC004890E8D0EB07F9F78B9FBB, 7C4EB740DC6AD1A074D131FA4BF7C6B3CB47B68B7E439F3703347E2475602691 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:03:56.0649 0x13f0 Suspicious file ( Forged ): C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe. Real md5: D1CF54CC004890E8D0EB07F9F78B9FBB, sha256: 7C4EB740DC6AD1A074D131FA4BF7C6B3CB47B68B7E439F3703347E2475602691, fake md5: F928E5E72BBA15DD0CE9A26E0413D236, fake sha256: D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B
18:03:56.0649 0x13f0 McNASvc - detected ForgedFile.Multi.Generic ( 1 )
18:03:59.0597 0x13f0 McNASvc ( ForgedFile.Multi.Generic ) - warning
18:03:59.0597 0x13f0 Force sending object to P2P due to detect: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:04:13.0731 0x13f0 Object send P2P result: true
18:04:25.0291 0x13f0 McODS - ok
18:04:25.0384 0x13f0 [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:04:25.0400 0x13f0 McProxy - ok
18:04:25.0478 0x13f0 [ 21F81090A00932C5E96700EDF2977582, 5687F4BF22BCA348020E46169A9677C9691DFB2656E481D38ABFA3C172A5993F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:04:25.0493 0x13f0 McShield - ok
18:04:25.0509 0x13f0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
18:04:25.0540 0x13f0 Mcx2Svc - ok
18:04:25.0540 0x13f0 MDM - ok
18:04:25.0571 0x13f0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\drivers\megasas.sys
18:04:25.0587 0x13f0 megasas - ok
18:04:25.0618 0x13f0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
18:04:25.0634 0x13f0 MegaSR - ok
18:04:25.0665 0x13f0 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
18:04:25.0665 0x13f0 MEIx64 - ok
18:04:25.0727 0x13f0 [ B1720E97FABBDF7D30B36DAF19C3DEE8, 93F82FDA8FFB801B823792F3BFAB587ECB1AECC06AE76B2007631A910F827C94 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
18:04:25.0743 0x13f0 mfeapfk - ok
18:04:25.0759 0x13f0 [ 113F1534B80D65DFDCA660F19967A3B7, F63D297E128DFD7A3FF3C6446334671B41492EFFE67D7EF56B30D0F1696656BD ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
18:04:25.0774 0x13f0 mfeavfk - ok
18:04:25.0805 0x13f0 mfeavfk01 - ok
18:04:25.0837 0x13f0 [ C4F521310E40327BBC8E8E71DA344F48, C04C7CF39577010926A1C6EE589876EF40A59CA64FD1825544CED011DCFC844A ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:04:25.0852 0x13f0 mfefire - ok
18:04:25.0899 0x13f0 [ CECC9841D036EE008091825272D91331, 0D1576EB2EE99B62D35AB87CDDCD8BAC12AAC7E53DB9E0B46B99442C9831F8E0 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
18:04:25.0930 0x13f0 mfefirek - ok
18:04:25.0993 0x13f0 [ EF0F85EDBDF6C0AB467E88E0CEE2B346, 2A7322D58DADF093D4BEBDE6DD6B85EEC70FC5F40CA786774200B917D5BE0CEA ] mfehidk C:\windows\system32\drivers\mfehidk.sys
18:04:26.0024 0x13f0 mfehidk - ok
18:04:26.0039 0x13f0 [ 6E3A46BF6CBB80450CC24F80FE03ED5A, 2B2DA9D5BDF6F0082BECFF48E19A5DC633458E7B47651E275A20645BBFAFBEFE ] mferkdet C:\windows\system32\drivers\mferkdet.sys
18:04:26.0055 0x13f0 mferkdet - ok
18:04:26.0117 0x13f0 [ 341BFCAA3A55C08E8C9ECB1654ACA905, C81D87320192730EC6BDA932EEAC300793070FDF4FB7D1B9EE083F47A357690C ] mfevtp C:\windows\system32\mfevtps.exe
18:04:26.0133 0x13f0 mfevtp - ok
18:04:26.0164 0x13f0 [ 2802D09F1B6ED502237539563F3C4992, C95C7C4880FB8435C828C85599035F00500BD85B363E0842B4719792125CB9FE ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
18:04:26.0195 0x13f0 mfewfpk - ok
18:04:26.0227 0x13f0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
18:04:26.0289 0x13f0 MMCSS - ok
18:04:26.0289 0x13f0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
18:04:34.0526 0x13f0 Modem - ok
18:04:42.0685 0x13f0 [ E0469D25EFC50F58B71E2D65B015DDB5, E669790053814E6309E6093480D9E5055719CC590DCB688B1C9CF2207F2560D2 ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:04:42.0685 0x13f0 Suspicious file ( Forged ): C:\windows\system32\DRIVERS\monitor.sys. Real md5: E0469D25EFC50F58B71E2D65B015DDB5, sha256: E669790053814E6309E6093480D9E5055719CC590DCB688B1C9CF2207F2560D2, fake md5: B03D591DC7DA45ECE20B3B467E6AADAA, fake sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
18:04:42.0685 0x13f0 monitor - detected ForgedFile.Multi.Generic ( 1 )
18:04:42.0685 0x13f0 Detect skipped due to KSN trusted
18:04:42.0685 0x13f0 monitor - ok
18:04:42.0825 0x13f0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
18:04:42.0841 0x13f0 mouclass - ok
18:04:42.0887 0x13f0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:04:42.0919 0x13f0 mouhid - ok
18:04:42.0934 0x13f0 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:04:42.0950 0x13f0 mountmgr - ok
18:04:42.0981 0x13f0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
18:04:42.0997 0x13f0 mpio - ok
18:04:42.0997 0x13f0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:04:43.0043 0x13f0 mpsdrv - ok
18:04:43.0090 0x13f0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
18:04:43.0168 0x13f0 MpsSvc - ok
18:04:43.0184 0x13f0 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:04:43.0215 0x13f0 MRxDAV - ok
18:04:43.0246 0x13f0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:04:43.0277 0x13f0 mrxsmb - ok
18:04:43.0293 0x13f0 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:04:43.0340 0x13f0 mrxsmb10 - ok
18:04:43.0340 0x13f0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:04:43.0371 0x13f0 mrxsmb20 - ok
18:04:43.0371 0x13f0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
18:04:43.0387 0x13f0 msahci - ok
18:04:43.0402 0x13f0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
18:04:43.0418 0x13f0 msdsm - ok
18:04:43.0449 0x13f0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
18:04:43.0465 0x13f0 MSDTC - ok
18:04:43.0527 0x13f0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
18:04:43.0574 0x13f0 Msfs - ok
18:04:43.0589 0x13f0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:04:43.0621 0x13f0 mshidkmdf - ok
18:04:43.0621 0x13f0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
18:04:43.0636 0x13f0 msisadrv - ok
18:04:43.0683 0x13f0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:04:43.0808 0x13f0 MSiSCSI - ok
18:04:43.0823 0x13f0 msiserver - ok
18:05:00.0125 0x13f0 [ 9EED881D5798685AFB224F52C255DFB7, C3A0F854149E981AAFCB9B0C771EBF8EE7E9DE704077323B521D2ED5C17A5193 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:05:00.0328 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\MSKSSRV.sys. Real md5: 9EED881D5798685AFB224F52C255DFB7, sha256: C3A0F854149E981AAFCB9B0C771EBF8EE7E9DE704077323B521D2ED5C17A5193, fake md5: 49CCF2C4FEA34FFAD8B1B59D49439366, fake sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
18:05:00.0328 0x13f0 MSKSSRV - detected ForgedFile.Multi.Generic ( 1 )
18:05:03.0542 0x13f0 Detect skipped due to KSN trusted
18:05:03.0542 0x13f0 MSKSSRV - ok
18:05:05.0258 0x13f0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:05:13.0635 0x13f0 MSPCLOCK - ok
18:05:21.0825 0x13f0 [ 24F9A7D5B9FEC86DD43D76AC2670A697, 0125DA3F1A311E0BB915A075FC56FC90291868F3A753765109A365ACFCE36BA8 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:05:21.0950 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\MSPQM.sys. Real md5: 24F9A7D5B9FEC86DD43D76AC2670A697, sha256: 0125DA3F1A311E0BB915A075FC56FC90291868F3A753765109A365ACFCE36BA8, fake md5: 4ED981241DB27C3383D72092B618A1D0, fake sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
18:05:21.0950 0x13f0 MSPQM - detected ForgedFile.Multi.Generic ( 1 )
18:05:24.0945 0x13f0 Detect skipped due to KSN trusted
18:05:24.0945 0x13f0 MSPQM - ok
18:05:35.0132 0x13f0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:05:35.0163 0x13f0 MsRPC - ok
18:05:35.0163 0x13f0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
18:05:35.0179 0x13f0 mssmbios - ok
18:05:39.0391 0x13f0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:05:39.0422 0x13f0 MSTEE - ok
18:05:39.0438 0x13f0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
18:06:20.0356 0x13f0 MTConfig - ok
18:06:28.0406 0x13f0 Mup - ok
18:06:53.0007 0x13f0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
18:06:53.0085 0x13f0 napagent - ok
18:07:01.0166 0x13f0 NativeWifiP - ok
18:07:01.0166 0x13f0 NDIS - ok
18:07:01.0275 0x13f0 NdisCap - ok
18:07:01.0322 0x13f0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:07:26.0875 0x13f0 NdisTapi - ok
18:07:35.0034 0x13f0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:08:40.0554 0x13f0 Ndisuio - ok
18:08:44.0641 0x13f0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:08:49.0009 0x13f0 NdisWan - ok
18:08:49.0056 0x13f0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:08:49.0103 0x13f0 NDProxy - ok
18:08:57.0246 0x13f0 NetBIOS - ok
18:08:57.0246 0x13f0 NetBT - ok
18:09:01.0364 0x13f0 [ F18208F33CA9F847DD2E348117E3BC54, 4C7EEA521D2218C5965FD3666C694A967A939E29A6928D528B6ED1101176B8AC ] Netlogon C:\windows\system32\lsass.exe
18:09:01.0364 0x13f0 Suspicious file ( Forged ): C:\windows\system32\lsass.exe. Real md5: F18208F33CA9F847DD2E348117E3BC54, sha256: 4C7EEA521D2218C5965FD3666C694A967A939E29A6928D528B6ED1101176B8AC, fake md5: 4D71227301DD8D09097B9E4CC6527E5A, fake sha256: 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E
18:09:01.0364 0x13f0 Netlogon - detected ForgedFile.Multi.Generic ( 1 )
18:09:04.0313 0x13f0 Detect skipped due to KSN trusted
18:09:04.0313 0x13f0 Netlogon - ok
18:09:10.0709 0x13f0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
18:09:19.0055 0x13f0 Netman - ok
18:09:27.0214 0x13f0 netprofm - ok
18:09:27.0214 0x13f0 NetTcpPortSharing - ok
18:09:27.0401 0x13f0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
18:09:27.0416 0x13f0 nfrd960 - ok
18:09:27.0463 0x13f0 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
18:09:27.0494 0x13f0 NlaSvc - ok
18:09:27.0526 0x13f0 Norton PC Checkup Application Launcher - ok
18:09:27.0572 0x13f0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
18:09:27.0604 0x13f0 Npfs - ok
18:09:27.0650 0x13f0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
18:09:27.0697 0x13f0 nsi - ok
18:09:27.0697 0x13f0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:09:27.0744 0x13f0 nsiproxy - ok
18:09:27.0822 0x13f0 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:09:27.0884 0x13f0 Ntfs - ok
18:09:27.0916 0x13f0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
18:09:27.0962 0x13f0 Null - ok
18:09:27.0994 0x13f0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
18:09:28.0009 0x13f0 nvraid - ok
18:09:28.0025 0x13f0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
18:09:28.0040 0x13f0 nvstor - ok
18:09:28.0072 0x13f0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
18:09:28.0087 0x13f0 nv_agp - ok
18:09:28.0103 0x13f0 ohci1394 - ok
18:09:28.0118 0x13f0 ose - ok
18:09:28.0150 0x13f0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:09:28.0212 0x13f0 p2pimsvc - ok
18:09:32.0330 0x13f0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
18:09:36.0386 0x13f0 p2psvc - ok
18:09:36.0386 0x13f0 Parport - ok
18:09:44.0420 0x13f0 [ D1263A2705917AD1D0265547750A3DA2, 8FEB049BC48667819F7E88C81134DA4FCEF55D603A47F7B2C118B0A4EDDD9090 ] partmgr C:\windows\system32\drivers\partmgr.sys
18:09:44.0576 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\partmgr.sys. Real md5: D1263A2705917AD1D0265547750A3DA2, sha256: 8FEB049BC48667819F7E88C81134DA4FCEF55D603A47F7B2C118B0A4EDDD9090, fake md5: E9766131EEADE40A27DC27D2D68FBA9C, fake sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
18:09:44.0576 0x13f0 partmgr - detected ForgedFile.Multi.Generic ( 1 )
18:09:47.0728 0x13f0 Detect skipped due to KSN trusted
18:09:47.0728 0x13f0 partmgr - ok
18:09:49.0631 0x13f0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
18:10:14.0341 0x13f0 PcaSvc - ok
18:10:14.0372 0x13f0 PCCUJobMgr - ok
18:10:14.0388 0x13f0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
18:10:14.0404 0x13f0 pci - ok
18:10:14.0419 0x13f0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
18:10:14.0435 0x13f0 pciide - ok
18:10:22.0718 0x13f0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
18:10:22.0734 0x13f0 pcmcia - ok
18:10:26.0915 0x13f0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
18:10:26.0930 0x13f0 pcw - ok
18:10:31.0049 0x13f0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:10:39.0208 0x13f0 PEAUTH - ok
18:10:43.0232 0x13f0 PerfHost - ok
18:10:43.0342 0x13f0 [ 91111CEBBDE8015E822C46120ED9537C, 255B85FEF663C2E0652CECF3F9B67B12B576F924A34415DEE13F0F5137E1E7F7 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
18:10:43.0357 0x13f0 PGEffect - ok
18:10:43.0451 0x13f0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
18:10:43.0544 0x13f0 pla - ok
18:10:43.0591 0x13f0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:10:43.0654 0x13f0 PlugPlay - ok
18:10:43.0685 0x13f0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:10:43.0716 0x13f0 PNRPAutoReg - ok
18:10:43.0747 0x13f0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:10:43.0763 0x13f0 PNRPsvc - ok
18:10:43.0810 0x13f0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:10:43.0872 0x13f0 PolicyAgent - ok
18:10:43.0903 0x13f0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
18:10:43.0966 0x13f0 Power - ok
18:10:44.0012 0x13f0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:10:44.0090 0x13f0 PptpMiniport - ok
18:10:44.0106 0x13f0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\drivers\processr.sys
18:10:44.0122 0x13f0 Processor - ok
18:10:44.0153 0x13f0 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
18:10:44.0184 0x13f0 ProfSvc - ok
18:10:44.0200 0x13f0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
18:10:44.0200 0x13f0 ProtectedStorage - ok
18:10:44.0231 0x13f0 Psched - ok
18:13:11.0682 0x13f0 [ F7A7E5C35654A40DAC4F32DF6ACFB443, ED2E24A367A2811376BBE232CF76EB523CFB1EF12D25936BC86E7FE134EA5D29 ] ql2300 C:\windows\system32\drivers\ql2300.sys
18:13:11.0776 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\ql2300.sys. Real md5: F7A7E5C35654A40DAC4F32DF6ACFB443, sha256: ED2E24A367A2811376BBE232CF76EB523CFB1EF12D25936BC86E7FE134EA5D29, fake md5: A53A15A11EBFD21077463EE2C7AFEEF0, fake sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
18:13:11.0776 0x13f0 ql2300 - detected ForgedFile.Multi.Generic ( 1 )
18:13:15.0083 0x13f0 Object is SCO, delete is not allowed
18:13:15.0083 0x13f0 ql2300 ( ForgedFile.Multi.Generic ) - warning
18:13:15.0083 0x13f0 Force sending object to P2P due to detect: C:\windows\system32\drivers\ql2300.sys
18:13:20.0933 0x13f0 Object send P2P result: true
18:14:37.0077 0x13f0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\drivers\ql40xx.sys
18:14:37.0092 0x13f0 ql40xx - ok
18:15:33.0674 0x13f0 QWAVE - ok
18:15:33.0736 0x13f0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:15:51.0333 0x13f0 QWAVEdrv - ok
18:15:55.0498 0x13f0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:16:32.0579 0x13f0 RasAcd - ok
18:16:49.0240 0x13f0 RasAgileVpn - ok
18:16:49.0412 0x13f0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
18:16:49.0474 0x13f0 RasAuto - ok
18:16:50.0379 0x13f0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:16:50.0426 0x13f0 Rasl2tp - ok
18:16:58.0616 0x13f0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
18:17:35.0588 0x13f0 RasMan - ok
18:17:43.0669 0x13f0 [ ED320D2ED022802ACD15EA5224AF6CFE, 5BB66DA122ED1D1E0C80091C5EEF6E94107739A4CB3038E0CCB6B7EACE452B0D ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:17:43.0747 0x13f0 Suspicious file ( Forged ): C:\windows\system32\DRIVERS\raspppoe.sys. Real md5: ED320D2ED022802ACD15EA5224AF6CFE, sha256: 5BB66DA122ED1D1E0C80091C5EEF6E94107739A4CB3038E0CCB6B7EACE452B0D, fake md5: 855C9B1CD4756C5E9A2AA58A15F58C25, fake sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
18:17:43.0747 0x13f0 RasPppoe - detected ForgedFile.Multi.Generic ( 1 )
18:17:46.0695 0x13f0 Detect skipped due to KSN trusted
18:17:46.0695 0x13f0 RasPppoe - ok
18:17:48.0957 0x13f0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:17:57.0194 0x13f0 RasSstp - ok
18:17:57.0241 0x13f0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:17:57.0319 0x13f0 rdbss - ok
18:18:09.0674 0x13f0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\drivers\rdpbus.sys
18:18:13.0839 0x13f0 rdpbus - ok
18:18:18.0004 0x13f0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:18:18.0036 0x13f0 RDPCDD - ok
18:18:18.0067 0x13f0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:18:18.0098 0x13f0 RDPENCDD - ok
18:18:18.0098 0x13f0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:18:26.0226 0x13f0 RDPREFMP - ok
18:18:42.0403 0x13f0 RdpVideoMiniport - ok
18:18:42.0465 0x13f0 RDPWD - ok
18:18:42.0465 0x13f0 rdyboost - ok
18:18:42.0481 0x13f0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
18:18:42.0528 0x13f0 RemoteAccess - ok
18:18:42.0559 0x13f0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:18:42.0606 0x13f0 RemoteRegistry - ok
18:18:42.0606 0x13f0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:18:42.0653 0x13f0 RpcEptMapper - ok
18:18:42.0684 0x13f0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
18:18:42.0715 0x13f0 RpcLocator - ok
18:18:42.0746 0x13f0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
18:18:42.0809 0x13f0 RpcSs - ok
18:18:42.0840 0x13f0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:18:42.0902 0x13f0 rspndr - ok
18:18:42.0933 0x13f0 [ 0E3DCF76F11DC431B088A2DFD7265CDA, 7FCC8A9C28B8B2E9EC6AB9FFF7354929838134F61DB9D5BB96C5F6A7ABDC6B6A ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
18:18:42.0996 0x13f0 RSUSBSTOR - ok
18:18:43.0043 0x13f0 [ 64FDF4FE366CA42DA2B7D9D424B6E39B, FC3844152E29B703373788F24862CDD307837AA53D21F978FB9C038A34593B95 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
18:18:43.0105 0x13f0 RTL8192Ce - ok
18:18:43.0121 0x13f0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\windows\system32\lsass.exe
18:18:43.0121 0x13f0 SamSs - ok
18:18:43.0152 0x13f0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
18:18:43.0167 0x13f0 sbp2port - ok
18:18:43.0199 0x13f0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
18:18:43.0261 0x13f0 SCardSvr - ok
18:18:43.0292 0x13f0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:18:43.0339 0x13f0 scfilter - ok
18:18:43.0401 0x13f0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
18:18:43.0479 0x13f0 Schedule - ok
18:19:08.0455 0x13f0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
18:19:08.0486 0x13f0 SCPolicySvc - ok
18:19:20.0841 0x13f0 [ BFCCB94CBCE9A3CE51F8F4B7E15EC7D7, 78F3169FDB99FAF93679695E981CC46923276430A33A307F21864B98749492E5 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:19:20.0857 0x13f0 Suspicious file ( Forged ): C:\windows\System32\SDRSVC.dll. Real md5: BFCCB94CBCE9A3CE51F8F4B7E15EC7D7, sha256: 78F3169FDB99FAF93679695E981CC46923276430A33A307F21864B98749492E5, fake md5: 6EA4234DC55346E0709560FE7C2C1972, fake sha256: 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8
18:19:20.0857 0x13f0 SDRSVC - detected ForgedFile.Multi.Generic ( 1 )
18:19:23.0915 0x13f0 Detect skipped due to KSN trusted
18:19:23.0915 0x13f0 SDRSVC - ok
18:19:25.0989 0x13f0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
18:19:26.0052 0x13f0 secdrv - ok
18:19:26.0083 0x13f0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
18:20:06.0846 0x13f0 seclogon - ok
18:20:19.0139 0x13f0 [ C746F3BF98E92FB137B5BD2B8B5925BD, 67A8990F3D491D149E65C90042909259793C65E671DC953FDA1F7590FAC23D9E ] SENS C:\windows\System32\sens.dll
18:20:19.0139 0x13f0 Suspicious file ( Forged ): C:\windows\System32\sens.dll. Real md5: C746F3BF98E92FB137B5BD2B8B5925BD, sha256: 67A8990F3D491D149E65C90042909259793C65E671DC953FDA1F7590FAC23D9E, fake md5: C32AB8FA018EF34C0F113BD501436D21, fake sha256: E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7
18:20:19.0139 0x13f0 SENS - detected ForgedFile.Multi.Generic ( 1 )
18:20:22.0337 0x13f0 Detect skipped due to KSN trusted
18:20:22.0337 0x13f0 SENS - ok
18:21:04.0597 0x13f0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
18:21:25.0267 0x13f0 SensrSvc - ok
18:21:37.0420 0x13f0 [ 6FF3E30F82B9D7840369598FB3DDDE5E, 2E6C31CBC5F0F6EA215B56CA1C3284B2E6C80799ACA74D4FC6D66469D5E5E69D ] Serenum C:\windows\system32\drivers\serenum.sys
18:21:37.0607 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\serenum.sys. Real md5: 6FF3E30F82B9D7840369598FB3DDDE5E, sha256: 2E6C31CBC5F0F6EA215B56CA1C3284B2E6C80799ACA74D4FC6D66469D5E5E69D, fake md5: CB624C0035412AF0DEBEC78C41F5CA1B, fake sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
18:21:37.0607 0x13f0 Serenum - detected ForgedFile.Multi.Generic ( 1 )
18:21:40.0571 0x13f0 Detect skipped due to KSN trusted
18:21:40.0571 0x13f0 Serenum - ok
18:22:02.0816 0x13f0 Serial - ok
18:22:02.0988 0x13f0 sermouse - ok
18:22:03.0019 0x13f0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
18:22:03.0066 0x13f0 SessionEnv - ok
18:22:03.0066 0x13f0 sffdisk - ok
18:22:03.0082 0x13f0 sffp_mmc - ok
18:22:03.0097 0x13f0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
18:22:03.0128 0x13f0 sffp_sd - ok
18:22:03.0128 0x13f0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
18:22:03.0144 0x13f0 sfloppy - ok
18:22:03.0206 0x13f0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
18:22:03.0269 0x13f0 SharedAccess - ok
18:22:03.0316 0x13f0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:22:03.0378 0x13f0 ShellHWDetection - ok
18:22:03.0409 0x13f0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
18:22:03.0409 0x13f0 SiSRaid2 - ok
18:22:03.0425 0x13f0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
18:22:03.0440 0x13f0 SiSRaid4 - ok
18:22:03.0472 0x13f0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
18:22:03.0503 0x13f0 Smb - ok
18:22:03.0565 0x13f0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:22:03.0596 0x13f0 SNMPTRAP - ok
18:22:03.0612 0x13f0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
18:22:03.0628 0x13f0 spldr - ok
18:22:03.0659 0x13f0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
18:22:03.0690 0x13f0 Spooler - ok
18:22:03.0846 0x13f0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
18:22:03.0986 0x13f0 sppsvc - ok
18:22:36.0466 0x13f0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:22:44.0671 0x13f0 sppuinotify - ok
18:23:09.0257 0x13f0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] srv C:\windows\system32\DRIVERS\srv.sys
18:23:09.0288 0x13f0 Suspicious file ( Forged ): C:\windows\system32\DRIVERS\srv.sys. Real md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D, fake md5: 441FBA48BFF01FDB9D5969EBC1838F0B, fake sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
18:23:09.0288 0x13f0 srv - detected ForgedFile.Multi.Generic ( 1 )
18:23:09.0288 0x13f0 Detect skipped due to KSN trusted
18:23:09.0288 0x13f0 srv - ok
18:23:09.0304 0x13f0 [ 856E76B3641746ABBC2946BED1372098, FD93CC7F72560F72CA49AD5609C079E25B8A3A4802E72B127B63A9E7B4884710 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:23:09.0319 0x13f0 Suspicious file ( Forged ): C:\windows\system32\DRIVERS\srv2.sys. Real md5: 856E76B3641746ABBC2946BED1372098, sha256: FD93CC7F72560F72CA49AD5609C079E25B8A3A4802E72B127B63A9E7B4884710, fake md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, fake sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
18:23:09.0319 0x13f0 srv2 - detected ForgedFile.Multi.Generic ( 1 )
18:23:12.0611 0x13f0 Detect skipped due to KSN trusted
18:23:12.0611 0x13f0 srv2 - ok
18:23:12.0611 0x13f0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:23:14.0249 0x13f0 Suspicious file ( Forged ): C:\windows\system32\DRIVERS\srvnet.sys. Real md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F, fake md5: 27E461F0BE5BFF5FC737328F749538C3, fake sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
18:23:14.0249 0x13f0 srvnet - detected ForgedFile.Multi.Generic ( 1 )
18:23:17.0197 0x13f0 Detect skipped due to KSN trusted
18:23:17.0197 0x13f0 srvnet - ok
18:23:18.0383 0x13f0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:23:18.0445 0x13f0 SSDPSRV - ok
18:23:18.0461 0x13f0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
18:23:18.0492 0x13f0 SstpSvc - ok
18:23:22.0533 0x13f0 [ A894FB2CAE6A29F5D9C8EDA47B074623, F39014379B6F546CF3D3F56A343A7173B600A350715638040AE93E03EAB81CAC ] stexstor C:\windows\system32\drivers\stexstor.sys
18:23:22.0548 0x13f0 Suspicious file ( Forged ): C:\windows\system32\drivers\stexstor.sys. Real md5: A894FB2CAE6A29F5D9C8EDA47B074623, sha256: F39014379B6F546CF3D3F56A343A7173B600A350715638040AE93E03EAB81CAC, fake md5: F3817967ED533D08327DC73BC4D5542A, fake sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
18:23:22.0548 0x13f0 stexstor - detected ForgedFile.Multi.Generic ( 1 )
18:23:25.0777 0x13f0 Detect skipped due to KSN trusted
18:23:25.0777 0x13f0 stexstor - ok
18:23:30.0660 0x13f0 stisvc - ok
18:23:30.0785 0x13f0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\DRIVERS\swenum.sys
18:23:30.0785 0x13f0 swenum - ok
18:23:30.0847 0x13f0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
18:23:30.0894 0x13f0 swprv - ok
18:23:30.0941 0x13f0 [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
18:23:30.0957 0x13f0 SynTP - ok
18:23:31.0035 0x13f0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
18:23:31.0128 0x13f0 SysMain - ok
18:23:31.0159 0x13f0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
18:23:31.0206 0x13f0 TabletInputService - ok
18:23:31.0222 0x13f0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
18:23:31.0269 0x13f0 TapiSrv - ok
18:23:31.0284 0x13f0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
18:23:31.0331 0x13f0 TBS - ok
18:23:31.0440 0x13f0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:23:31.0503 0x13f0 Tcpip - ok
18:23:31.0565 0x13f0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:23:31.0627 0x13f0 TCPIP6 - ok
18:23:31.0643 0x13f0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:23:31.0674 0x13f0 tcpipreg - ok
18:23:39.0786 0x13f0 [ E9212EB5EB938C1CF441C2DE1EEDB71B, 646C2D69A751C6E2AD82A0E2A897C95EFA2E6DC06E913F31AC7A1CE13781915D ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
18:23:39.0849 0x13f0 Suspicious file ( Forged ): C:\windows\system32\DRIVERS\tdcmdpst.sys. Real md5: E9212EB5EB938C1CF441C2DE1EEDB71B, sha256: 646C2D69A751C6E2AD82A0E2A897C95EFA2E6DC06E913F31AC7A1CE13781915D, fake md5: FD542B661BD22FA69CA789AD0AC58C29, fake sha256: 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C
18:23:39.0849 0x13f0 tdcmdpst - detected ForgedFile.Multi.Generic ( 1 )
18:23:42.0906 0x13f0 Detect skipped due to KSN trusted
18:23:42.0906 0x13f0 tdcmdpst - ok
18:23:42.0953 0x13f0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:23:43.0015 0x13f0 TDPIPE - ok
18:23:43.0047 0x13f0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:23:43.0093 0x13f0 TDTCP - ok
18:23:43.0140 0x13f0 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:23:43.0171 0x13f0 tdx - ok
18:23:43.0218 0x13f0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\DRIVERS\termdd.sys
18:23:43.0218 0x13f0 TermDD - ok
18:23:43.0296 0x13f0 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
18:23:43.0374 0x13f0 TermService - ok
18:23:43.0421 0x13f0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
18:23:43.0468 0x13f0 Themes - ok
18:23:43.0483 0x13f0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
18:23:43.0515 0x13f0 THREADORDER - ok
18:23:43.0530 0x13f0 TMachInfo - ok
18:23:43.0608 0x13f0 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19, CFE8A69E3F2A42C3BA2B38EC9233076D0AD32C441500E6407219F2E866905D9B ] TODDSrv C:\windows\system32\TODDSrv.exe
18:23:43.0608 0x13f0 TODDSrv - ok
18:23:43.0717 0x13f0 [ 1C73689B900428C7D054A41C4687F55C, 6DD3CDC09E4A62F40A81872789A5C8678C0FE23DD911C2951DFF5494B6BFC012 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:23:43.0749 0x13f0 TosCoSrv - ok
18:23:43.0827 0x13f0 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8, 8D852DB100AC68A07A6E2AD21198410EAAB36E83BB8BAEA71CB698680B5DCE71 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:23:43.0842 0x13f0 TOSHIBA HDD SSD Alert Service - ok
18:23:43.0905 0x13f0 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
18:23:43.0936 0x13f0 tos_sps64 - ok
18:23:43.0967 0x13f0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
18:23:44.0029 0x13f0 TrkWks - ok
18:23:44.0076 0x13f0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:23:44.0123 0x13f0 TrustedInstaller - ok
18:23:44.0154 0x13f0 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:23:44.0217 0x13f0 tssecsrv - ok
18:23:44.0248 0x13f0 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
18:23:44.0279 0x13f0 TsUsbFlt - ok
18:23:44.0279 0x13f0 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
18:23:44.0310 0x13f0 TsUsbGD - ok
18:23:44.0357 0x13f0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:23:44.0404 0x13f0 tunnel - ok
18:23:44.0419 0x13f0 [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:23:44.0435 0x13f0 TVALZ - ok
18:23:44.0466 0x13f0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\drivers\uagp35.sys
18:23:44.0482 0x13f0 uagp35 - ok
18:23:44.0513 0x13f0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:23:44.0560 0x13f0 udfs - ok
18:23:44.0607 0x13f0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
18:23:44.0638 0x13f0 UI0Detect - ok
18:23:44.0653 0x13f0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
18:23:44.0669 0x13f0 uliagpkx - ok
18:23:44.0685 0x13f0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
18:23:44.0700 0x13f0 umbus - ok
18:23:44.0763 0x13f0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\drivers\umpass.sys
18:23:44.0778 0x13f0 UmPass - ok
18:23:44.0794 0x13f0 UNS - ok
18:23:44.0841 0x13f0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
18:23:44.0887 0x13f0 upnphost - ok
18:23:45.0106 0x13f0 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
18:23:45.0168 0x13f0 USBAAPL64 - ok
18:23:45.0184 0x13f0 [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
18:23:45.0199 0x13f0 usbccgp - ok
18:23:45.0215 0x13f0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
18:23:45.0246 0x13f0 usbcir - ok
18:23:45.0246 0x13f0 [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci C:\windows\system32\drivers\usbehci.sys
18:23:45.0277 0x13f0 usbehci - ok
18:23:45.0324 0x13f0 [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:23:45.0355 0x13f0 usbhub - ok
18:23:45.0371 0x13f0 [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci C:\windows\system32\drivers\usbohci.sys
18:23:45.0387 0x13f0 usbohci - ok
18:23:45.0418 0x13f0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:23:45.0433 0x13f0 usbprint - ok
18:23:45.0449 0x13f0 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
18:23:45.0480 0x13f0 usbscan - ok
18:23:45.0480 0x13f0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:23:45.0511 0x13f0 USBSTOR - ok
18:23:45.0527 0x13f0 [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci C:\windows\system32\drivers\usbuhci.sys
18:23:45.0558 0x13f0 usbuhci - ok
18:23:45.0605 0x13f0 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
18:23:45.0636 0x13f0 usbvideo - ok
18:23:45.0667 0x13f0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
18:23:45.0714 0x13f0 UxSms - ok
18:23:45.0730 0x13f0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\windows\system32\lsass.exe
18:23:45.0745 0x13f0 VaultSvc - ok
18:23:45.0745 0x13f0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
18:23:45.0761 0x13f0 vdrvroot - ok
18:23:45.0792 0x13f0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
18:23:45.0855 0x13f0 vds - ok
18:23:45.0901 0x13f0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:23:45.0917 0x13f0 vga - ok
18:23:45.0933 0x13f0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
18:23:45.0979 0x13f0 VgaSave - ok
18:23:46.0026 0x13f0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
18:23:46.0073 0x13f0 vhdmp - ok
18:23:46.0073 0x13f0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
18:23:46.0089 0x13f0 viaide - ok
18:23:46.0104 0x13f0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
18:23:46.0120 0x13f0 volmgr - ok
18:23:46.0135 0x13f0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:23:46.0182 0x13f0 volmgrx - ok
18:23:46.0213 0x13f0 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\windows\system32\drivers\volsnap.sys
18:23:46.0229 0x13f0 volsnap - ok
18:23:46.0276 0x13f0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\drivers\vsmraid.sys
18:23:46.0291 0x13f0 vsmraid - ok
18:23:46.0401 0x13f0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
18:23:46.0525 0x13f0 VSS - ok
18:23:46.0557 0x13f0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
18:23:46.0572 0x13f0 vwifibus - ok
18:23:46.0619 0x13f0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
18:23:46.0650 0x13f0 vwififlt - ok
18:23:46.0697 0x13f0 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
18:23:46.0713 0x13f0 vwifimp - ok
18:23:46.0759 0x13f0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
18:23:46.0822 0x13f0 W32Time - ok
18:23:46.0837 0x13f0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\drivers\wacompen.sys
18:23:46.0853 0x13f0 WacomPen - ok
18:23:46.0900 0x13f0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:23:46.0947 0x13f0 WANARP - ok
18:23:46.0962 0x13f0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:23:46.0993 0x13f0 Wanarpv6 - ok
18:23:47.0134 0x13f0 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
18:23:47.0181 0x13f0 WatAdminSvc - ok
18:23:47.0368 0x13f0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
18:23:47.0477 0x13f0 wbengine - ok
18:23:47.0524 0x13f0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:23:47.0571 0x13f0 WbioSrvc - ok
18:23:47.0617 0x13f0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
18:23:47.0664 0x13f0 wcncsvc - ok
18:23:47.0695 0x13f0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:23:47.0742 0x13f0 WcsPlugInService - ok
18:23:47.0773 0x13f0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\drivers\wd.sys
18:23:47.0789 0x13f0 Wd - ok
18:23:47.0820 0x13f0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:23:47.0867 0x13f0 Wdf01000 - ok
18:23:47.0898 0x13f0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
18:23:47.0976 0x13f0 WdiServiceHost - ok
18:23:47.0992 0x13f0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
18:23:48.0007 0x13f0 WdiSystemHost - ok
18:23:48.0023 0x13f0 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
18:23:48.0070 0x13f0 WebClient - ok
18:23:48.0101 0x13f0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
18:23:48.0163 0x13f0 Wecsvc - ok
18:23:48.0210 0x13f0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
18:23:48.0273 0x13f0 wercplsupport - ok
18:23:48.0304 0x13f0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
18:23:48.0366 0x13f0 WerSvc - ok
18:23:48.0397 0x13f0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:23:48.0429 0x13f0 WfpLwf - ok
18:23:48.0444 0x13f0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:23:48.0460 0x13f0 WIMMount - ok
18:23:48.0460 0x13f0 WinDefend - ok
18:23:48.0460 0x13f0 WinHttpAutoProxySvc - ok
18:23:48.0600 0x13f0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:23:48.0647 0x13f0 Winmgmt - ok
18:23:48.0897 0x13f0 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
18:23:49.0053 0x13f0 WinRM - ok
18:23:49.0162 0x13f0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
18:23:49.0193 0x13f0 WinUsb - ok
18:23:49.0255 0x13f0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
18:23:49.0318 0x13f0 Wlansvc - ok
18:23:49.0396 0x13f0 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:23:49.0411 0x13f0 wlcrasvc - ok
18:23:49.0723 0x13f0 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:23:49.0786 0x13f0 wlidsvc - ok
18:23:49.0833 0x13f0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
18:23:49.0848 0x13f0 WmiAcpi - ok
18:23:49.0895 0x13f0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:23:49.0926 0x13f0 wmiApSrv - ok
18:23:49.0942 0x13f0 WMPNetworkSvc - ok
18:23:49.0989 0x13f0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
18:23:50.0020 0x13f0 WPCSvc - ok
18:23:50.0020 0x13f0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:23:50.0051 0x13f0 WPDBusEnum - ok
18:23:50.0067 0x13f0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:23:50.0129 0x13f0 ws2ifsl - ok
18:23:50.0145 0x13f0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
18:23:50.0207 0x13f0 wscsvc - ok
18:23:50.0207 0x13f0 WSearch - ok
18:23:50.0488 0x13f0 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\windows\system32\wuaueng.dll
18:23:50.0628 0x13f0 wuauserv - ok
18:23:50.0675 0x13f0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:23:50.0769 0x13f0 WudfPf - ok
18:23:50.0893 0x13f0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
18:23:50.0956 0x13f0 WUDFRd - ok
18:23:51.0003 0x13f0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:23:51.0065 0x13f0 wudfsvc - ok
18:23:51.0081 0x13f0 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\windows\System32\wwansvc.dll
18:23:51.0221 0x13f0 WwanSvc - ok
18:23:51.0299 0x13f0 ================ Scan global ===============================
18:23:51.0346 0x13f0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
18:23:51.0439 0x13f0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
18:23:51.0502 0x13f0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
18:23:51.0517 0x13f0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
18:23:51.0564 0x13f0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
18:23:51.0564 0x13f0 [ Global ] - ok
18:23:51.0595 0x13f0 ================ Scan MBR ==================================
18:23:51.0627 0x13f0 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
18:23:52.0219 0x13f0 \Device\Harddisk0\DR0 - ok
18:23:52.0219 0x13f0 ================ Scan VBR ==================================
18:23:52.0266 0x13f0 [ F35360472A297C6EDD472B5A8FE5D58B ] \Device\Harddisk0\DR0\Partition1
18:23:52.0266 0x13f0 \Device\Harddisk0\DR0\Partition1 - ok
18:23:52.0266 0x13f0 ================ Scan active images ========================
18:23:52.0266 0x13f0 Waiting for KSN requests completion. In queue: 86
18:23:53.0281 0x13f0 Waiting for KSN requests completion. In queue: 86
18:23:54.0296 0x13f0 Waiting for KSN requests completion. In queue: 86
18:23:55.0310 0x13f0 Waiting for KSN requests completion. In queue: 86
18:23:56.0324 0x13f0 AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 11.6.0.0 ), 0x51000 ( enabled : updated )
18:23:56.0324 0x13f0 FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 11.6.0.0 ), 0x51010 ( enabled )
18:23:59.0522 0x13f0 ============================================================
18:23:59.0522 0x13f0 Scan finished
18:23:59.0522 0x13f0 ============================================================
18:23:59.0522 0x13e8 Detected object count: 3
18:23:59.0522 0x13e8 Actual detected object count: 3
18:35:32.0070 0x13e8 ebdrv ( ForgedFile.Multi.Generic ) - skipped by user
18:35:32.0070 0x13e8 ebdrv ( ForgedFile.Multi.Generic ) - User select action: Skip
18:35:32.0070 0x13e8 McNASvc ( ForgedFile.Multi.Generic ) - skipped by user
18:35:32.0070 0x13e8 McNASvc ( ForgedFile.Multi.Generic ) - User select action: Skip
18:35:32.0070 0x13e8 ql2300 ( ForgedFile.Multi.Generic ) - skipped by user
18:35:32.0070 0x13e8 ql2300 ( ForgedFile.Multi.Generic ) - User select action: Skip




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users