Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - 143 items detected in Malwarebyte scan


  • Please log in to reply
9 replies to this topic

#1 jane doe

jane doe

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 18 July 2014 - 09:20 AM

I ran Malwarebytes Pro, quarantined items/deleted and restarted several times (including in safe mode) but the pups come back. I have a screen shot but cannot paste or insert it here. I think it has something to do with security settings so cannot access my clipboard. Anyhow, I pasted the Application Log below and typed out the detected item and one location below - there are 143 of these.  Hopefully someone can guide me on how to get rid of these. 

 

Detected item:  PUP.Optional.MindSpark.A
 
Location: c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx.y.default\extentions\5mffxtbr@myfuncards_5m.com
 
others include same as above but at the end:   \install.rdf    and    \installkeys.js
 
 

APPLICATION LOG:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
 
Protection, 7/18/2014 8:55:50 AM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Starting, 
Protection, 7/18/2014 8:55:50 AM, SYSTEM, NICOLE-PC, Protection, Malware Protection, Started, 
Protection, 7/18/2014 8:55:50 AM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/18/2014 9:01:45 AM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Started, 
Update, 7/18/2014 9:22:10 AM, SYSTEM, NICOLE-PC, Scheduler, Rootkit Database, 2014.7.14.1, 2014.7.17.1, 
Update, 7/18/2014 9:22:20 AM, SYSTEM, NICOLE-PC, Scheduler, Malware Database, 2014.7.17.10, 2014.7.18.6, 
Protection, 7/18/2014 9:22:21 AM, SYSTEM, NICOLE-PC, Protection, Refresh, Starting, 
Protection, 7/18/2014 9:22:21 AM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 7/18/2014 9:22:21 AM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 7/18/2014 9:22:49 AM, SYSTEM, NICOLE-PC, Protection, Refresh, Success, 
Protection, 7/18/2014 9:22:49 AM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Starting, 
Protection, 7/18/2014 9:22:49 AM, SYSTEM, NICOLE-PC, Protection, Malicious Website Protection, Started, 
 
(end)


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:56 AM

Posted 18 July 2014 - 11:23 AM

Hello jane... In FireFox it may be the Add ons/Plugins. First look for MyFunCards, Mindspark  or unknown add ons and disable. Or
Try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date


If it is your homepage...
Click the Firefox button at the top left corner of the page and choose Options.
In the Home Page URL box, enter the homepage you want to use instead of SweetPacks and then click OK.
 
 
 
Then do these and see how it is.
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
     
    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner
    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).

    .
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 18 July 2014 - 02:51 PM

I am still running the ESET scan - it is taking a long time...  below are the TDSS, ADW Cleaner and JRT logs
 
TDSS log
 
14:09:52.0066 0x19ac  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
14:09:55.0472 0x19ac  ============================================================
14:09:55.0472 0x19ac  Current date / time: 2014/07/18 14:09:55.0472
14:09:55.0472 0x19ac  SystemInfo:
14:09:55.0472 0x19ac  
14:09:55.0472 0x19ac  OS Version: 6.1.7601 ServicePack: 1.0
14:09:55.0472 0x19ac  Product type: Workstation
14:09:55.0472 0x19ac  ComputerName: NICOLE-PC
14:09:55.0476 0x19ac  UserName: nicole
14:09:55.0476 0x19ac  Windows directory: C:\Windows
14:09:55.0476 0x19ac  System windows directory: C:\Windows
14:09:55.0476 0x19ac  Processor architecture: Intel x86
14:09:55.0476 0x19ac  Number of processors: 4
14:09:55.0476 0x19ac  Page size: 0x1000
14:09:55.0476 0x19ac  Boot type: Normal boot
14:09:55.0476 0x19ac  ============================================================
14:09:58.0245 0x19ac  KLMD registered as C:\Windows\system32\drivers\37316229.sys
14:10:00.0841 0x19ac  System UUID: {4324E61A-EB7E-548D-CCA2-E857F90F47BE}
14:10:01.0942 0x19ac  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:10:01.0951 0x19ac  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:10:01.0991 0x19ac  ============================================================
14:10:01.0991 0x19ac  \Device\Harddisk0\DR0:
14:10:01.0992 0x19ac  MBR partitions:
14:10:01.0992 0x19ac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x184D000
14:10:01.0992 0x19ac  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1861000, BlocksNum 0x237CC000
14:10:02.0044 0x19ac  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2502D800, BlocksNum 0x400800
14:10:02.0044 0x19ac  \Device\Harddisk1\DR1:
14:10:02.0045 0x19ac  MBR partitions:
14:10:02.0045 0x19ac  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
14:10:02.0045 0x19ac  ============================================================
14:10:02.0124 0x19ac  C: <-> \Device\Harddisk0\DR0\Partition2
14:10:02.0314 0x19ac  D: <-> \Device\Harddisk0\DR0\Partition3
14:10:02.0315 0x19ac  F: <-> \Device\Harddisk1\DR1\Partition1
14:10:02.0315 0x19ac  ============================================================
14:10:02.0315 0x19ac  Initialize success
14:10:02.0316 0x19ac  ============================================================
14:10:04.0029 0x15ac  ============================================================
14:10:04.0029 0x15ac  Scan started
14:10:04.0029 0x15ac  Mode: Manual; 
14:10:04.0029 0x15ac  ============================================================
14:10:04.0029 0x15ac  KSN ping started
14:10:06.0804 0x15ac  KSN ping finished: true
14:10:13.0003 0x15ac  ================ Scan system memory ========================
14:10:13.0003 0x15ac  System memory - ok
14:10:13.0003 0x15ac  ================ Scan services =============================
14:10:17.0806 0x15ac  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:10:17.0838 0x15ac  1394ohci - ok
14:10:18.0036 0x15ac  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:10:18.0043 0x15ac  ACPI - ok
14:10:18.0665 0x15ac  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:10:18.0667 0x15ac  AcpiPmi - ok
14:10:23.0518 0x15ac  [ 2823D74A4F5A787C8C6A16C81DF57894, 1E487F0EA3144CABCA801EDF8AE9C81865DB9BB477DB40AF0EB250701F8BA91F ] AcronisAgent    C:\Program Files\Common Files\Acronis\Agent\agent.exe
14:10:23.0632 0x15ac  AcronisAgent - ok
14:10:24.0510 0x15ac  [ B1CF7BA76536E40A034BB29598C9BDC8, FE5FA05156F99DC8D96AAC2176325B7C6910B57D7F8A4FBE3FBB074AE0454021 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
14:10:24.0661 0x15ac  AcrSch2Svc - ok
14:10:25.0292 0x15ac  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:10:25.0367 0x15ac  Suspicious file ( Forged ): C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe. Real md5: ADDA5E1951B90D3D23C56D3CF0622ADC, sha256: E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E, fake md5: B362181ED3771DC03B4141927C80F801, fake sha256: 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472
14:10:25.0368 0x15ac  AdobeARMservice - detected ForgedFile.Multi.Generic ( 1 )
14:10:28.0227 0x15ac  Detect skipped due to KSN trusted
14:10:28.0227 0x15ac  AdobeARMservice - ok
14:10:29.0734 0x15ac  [ 24A0876D07EF356DCBC1D7A7929354AB, 765653E856EC5841DB851363E7C7CFC332D3605789ECD0998762F60ADD56A0D8 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:10:29.0771 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. Real md5: 24A0876D07EF356DCBC1D7A7929354AB, sha256: 765653E856EC5841DB851363E7C7CFC332D3605789ECD0998762F60ADD56A0D8, fake md5: A6B6AB9502B63F43A9A56AE6AFB22078, fake sha256: DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7
14:10:29.0772 0x15ac  AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Generic ( 1 )
14:10:32.0546 0x15ac  Detect skipped due to KSN trusted
14:10:32.0546 0x15ac  AdobeFlashPlayerUpdateSvc - ok
14:10:33.0968 0x15ac  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:10:34.0143 0x15ac  adp94xx - ok
14:10:34.0261 0x15ac  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:10:34.0331 0x15ac  adpahci - ok
14:10:34.0428 0x15ac  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:10:34.0436 0x15ac  adpu320 - ok
14:10:34.0851 0x15ac  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:10:34.0855 0x15ac  AeLookupSvc - ok
14:10:35.0153 0x15ac  [ 9EBBBA55060F786F0FCAA3893BFA2806, 2E5A0FA2995989E9391771024839F5AD040A041CEE56787286D8FC421E26FE90 ] AFD             C:\Windows\system32\drivers\afd.sys
14:10:35.0313 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\afd.sys. Real md5: 9EBBBA55060F786F0FCAA3893BFA2806, sha256: 2E5A0FA2995989E9391771024839F5AD040A041CEE56787286D8FC421E26FE90, fake md5: D0B388DA1D111A34366E04EB4A5DD156, fake sha256: 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938
14:10:35.0314 0x15ac  AFD - detected ForgedFile.Multi.Generic ( 1 )
14:10:38.0000 0x15ac  Detect skipped due to KSN trusted
14:10:38.0000 0x15ac  AFD - ok
14:10:38.0402 0x15ac  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
14:10:38.0469 0x15ac  agp440 - ok
14:10:38.0717 0x15ac  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
14:10:38.0745 0x15ac  aic78xx - ok
14:10:39.0151 0x15ac  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
14:10:39.0155 0x15ac  ALG - ok
14:10:39.0461 0x15ac  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:10:39.0487 0x15ac  aliide - ok
14:10:39.0564 0x15ac  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:10:39.0568 0x15ac  amdagp - ok
14:10:39.0642 0x15ac  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:10:39.0704 0x15ac  amdide - ok
14:10:39.0875 0x15ac  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:10:39.0914 0x15ac  AmdK8 - ok
14:10:39.0943 0x15ac  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:10:39.0947 0x15ac  AmdPPM - ok
14:10:40.0154 0x15ac  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:10:40.0172 0x15ac  amdsata - ok
14:10:40.0212 0x15ac  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:10:40.0217 0x15ac  amdsbs - ok
14:10:40.0368 0x15ac  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:10:40.0375 0x15ac  amdxata - ok
14:10:40.0686 0x15ac  [ 107AB19CC1D40B9D04537F6EEAAC34C9, 3EE00EFCBF80CD4470EAF90C39285B35749EC9CC5822B882379D3D40400E1815 ] APC Data Service C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
14:10:40.0721 0x15ac  APC Data Service - ok
14:10:41.0488 0x15ac  [ C7F8C8080B055B3DE9A8141DFD8E308A, E4BB4EA75B8DEF4D410CC0B9EABE487F9207057E76BB8FB30326135659E5241A ] APC UPS Service C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
14:10:43.0532 0x15ac  APC UPS Service - ok
14:10:44.0117 0x15ac  AppHostSvc - ok
14:10:44.0312 0x15ac  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
14:10:44.0316 0x15ac  AppID - ok
14:10:44.0396 0x15ac  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:10:44.0451 0x15ac  AppIDSvc - ok
14:10:44.0592 0x15ac  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
14:10:44.0595 0x15ac  Appinfo - ok
14:10:45.0287 0x15ac  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:10:45.0332 0x15ac  Suspicious file ( Forged ): C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe. Real md5: 4FE5C6D40664AE07BE5105874357D2ED, sha256: 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A, fake md5: 221564CC7BE37611FE15EACF443E1BF6, fake sha256: 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4
14:10:45.0333 0x15ac  Apple Mobile Device - detected ForgedFile.Multi.Generic ( 1 )
14:10:48.0029 0x15ac  Detect skipped due to KSN trusted
14:10:48.0029 0x15ac  Apple Mobile Device - ok
14:10:48.0200 0x15ac  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:10:48.0208 0x15ac  AppMgmt - ok
14:10:48.0589 0x15ac  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:10:48.0594 0x15ac  arc - ok
14:10:48.0605 0x15ac  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:10:48.0611 0x15ac  arcsas - ok
14:10:50.0302 0x15ac  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:10:50.0739 0x15ac  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe. Real md5: 776ACEFA0CA9DF0FAA51A5FB2F435705, sha256: 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D, fake md5: 9D768C43FEF254DD50B1DBF8AD5C4C0B, fake sha256: A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09
14:10:50.0739 0x15ac  aspnet_state - detected ForgedFile.Multi.Generic ( 1 )
14:10:53.0376 0x15ac  Detect skipped due to KSN trusted
14:10:53.0376 0x15ac  aspnet_state - ok
14:10:53.0434 0x15ac  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:10:53.0435 0x15ac  AsyncMac - ok
14:10:53.0686 0x15ac  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:10:53.0779 0x15ac  atapi - ok
14:10:55.0523 0x15ac  [ 712D8A95E45B070114C5309ADA7358FF, 1F0285CFB9982637186531489743798511BA75B612B202231E9BC1CF5372C0BB ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:10:55.0669 0x15ac  atikmdag - ok
14:10:55.0931 0x15ac  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:10:56.0084 0x15ac  AudioEndpointBuilder - ok
14:10:56.0110 0x15ac  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:10:56.0117 0x15ac  Audiosrv - ok
14:10:56.0506 0x15ac  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:10:56.0511 0x15ac  AxInstSV - ok
14:10:56.0762 0x15ac  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
14:10:56.0847 0x15ac  b06bdrv - ok
14:10:56.0961 0x15ac  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
14:10:57.0082 0x15ac  b57nd60x - ok
14:10:57.0184 0x15ac  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
14:10:57.0230 0x15ac  BDESVC - ok
14:10:57.0314 0x15ac  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:10:57.0351 0x15ac  Beep - ok
14:10:57.0607 0x15ac  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
14:10:57.0616 0x15ac  BFE - ok
14:10:57.0942 0x15ac  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
14:10:58.0152 0x15ac  BITS - ok
14:10:58.0206 0x15ac  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:10:58.0212 0x15ac  blbdrive - ok
14:10:58.0471 0x15ac  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:10:58.0499 0x15ac  Bonjour Service - ok
14:10:58.0538 0x15ac  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:10:58.0588 0x15ac  bowser - ok
14:10:58.0637 0x15ac  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:10:58.0692 0x15ac  BrFiltLo - ok
14:10:58.0742 0x15ac  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:10:58.0744 0x15ac  BrFiltUp - ok
14:10:59.0044 0x15ac  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:10:59.0050 0x15ac  BridgeMP - ok
14:10:59.0154 0x15ac  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
14:10:59.0159 0x15ac  Browser - ok
14:10:59.0173 0x15ac  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:10:59.0216 0x15ac  Brserid - ok
14:10:59.0221 0x15ac  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:10:59.0224 0x15ac  BrSerWdm - ok
14:10:59.0244 0x15ac  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:10:59.0270 0x15ac  BrUsbMdm - ok
14:10:59.0308 0x15ac  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:10:59.0340 0x15ac  BrUsbSer - ok
14:10:59.0457 0x15ac  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:10:59.0461 0x15ac  BTHMODEM - ok
14:10:59.0765 0x15ac  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
14:11:00.0712 0x15ac  bthserv - ok
14:11:07.0128 0x15ac  catchme - ok
14:11:07.0356 0x15ac  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:11:07.0358 0x15ac  cdfs - ok
14:11:07.0525 0x15ac  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
14:11:07.0602 0x15ac  cdrom - ok
14:11:07.0822 0x15ac  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:11:07.0825 0x15ac  CertPropSvc - ok
14:11:07.0905 0x15ac  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:11:07.0908 0x15ac  circlass - ok
14:11:08.0177 0x15ac  cleanhlp - ok
14:11:08.0233 0x15ac  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
14:11:08.0291 0x15ac  CLFS - ok
14:11:08.0617 0x15ac  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:08.0711 0x15ac  clr_optimization_v2.0.50727_32 - ok
14:11:09.0208 0x15ac  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:11:09.0694 0x15ac  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe. Real md5: C5A75EB48E2344ABDC162BDA79E16841, sha256: 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726, fake md5: E87213F37A13E2B54391E40934F071D0, fake sha256: 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5
14:11:09.0694 0x15ac  clr_optimization_v4.0.30319_32 - detected ForgedFile.Multi.Generic ( 1 )
14:11:12.0580 0x15ac  Detect skipped due to KSN trusted
14:11:12.0580 0x15ac  clr_optimization_v4.0.30319_32 - ok
14:11:12.0626 0x15ac  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:11:12.0631 0x15ac  CmBatt - ok
14:11:12.0734 0x15ac  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:11:12.0767 0x15ac  cmdide - ok
14:11:12.0883 0x15ac  [ 247B4CE2DAB1160CD422D532D5241E1F, CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E ] CNG             C:\Windows\system32\Drivers\cng.sys
14:11:12.0907 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\Drivers\cng.sys. Real md5: 247B4CE2DAB1160CD422D532D5241E1F, sha256: CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E, fake md5: 85449EEBE8F8EBD6481EFBF0F352B4EB, fake sha256: E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC
14:11:12.0908 0x15ac  CNG - detected ForgedFile.Multi.Generic ( 1 )
14:11:15.0701 0x15ac  Detect skipped due to KSN trusted
14:11:15.0701 0x15ac  CNG - ok
14:11:15.0821 0x15ac  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:11:15.0886 0x15ac  Compbatt - ok
14:11:15.0970 0x15ac  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:11:16.0011 0x15ac  CompositeBus - ok
14:11:16.0027 0x15ac  COMSysApp - ok
14:11:16.0315 0x15ac  [ 970D7839B28326D2BBFDF374B02CDC9B, 3C7FE6BE24A7CE286195AD521EA127E72E97B736B549807C478655B669B61388 ] CrashPlanService C:\Program Files\CrashPlan\CrashPlanService.exe
14:11:16.0418 0x15ac  Suspicious file ( Forged ): C:\Program Files\CrashPlan\CrashPlanService.exe. Real md5: 970D7839B28326D2BBFDF374B02CDC9B, sha256: 3C7FE6BE24A7CE286195AD521EA127E72E97B736B549807C478655B669B61388, fake md5: 464F5BF314149A7B21E0936760DAA251, fake sha256: 2639241BEAA55B1475B338AC40B152B552E433032E5AEFB61C90487F12E96B2B
14:11:16.0419 0x15ac  CrashPlanService - detected ForgedFile.Multi.Generic ( 1 )
14:11:19.0530 0x15ac  Detect skipped due to KSN trusted
14:11:19.0530 0x15ac  CrashPlanService - ok
14:11:19.0755 0x15ac  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:11:19.0795 0x15ac  crcdisk - ok
14:11:19.0932 0x15ac  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:11:19.0938 0x15ac  CryptSvc - ok
14:11:20.0148 0x15ac  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
14:11:20.0172 0x15ac  CSC - ok
14:11:20.0464 0x15ac  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
14:11:20.0472 0x15ac  CscService - ok
14:11:20.0733 0x15ac  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:11:20.0866 0x15ac  DcomLaunch - ok
14:11:20.0989 0x15ac  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
14:11:20.0998 0x15ac  defragsvc - ok
14:11:21.0078 0x15ac  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:11:21.0175 0x15ac  DfsC - ok
14:11:21.0261 0x15ac  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:11:21.0273 0x15ac  Dhcp - ok
14:11:21.0298 0x15ac  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
14:11:21.0305 0x15ac  discache - ok
14:11:21.0449 0x15ac  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:11:21.0454 0x15ac  Disk - ok
14:11:21.0525 0x15ac  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:11:21.0531 0x15ac  Dnscache - ok
14:11:21.0698 0x15ac  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:11:21.0751 0x15ac  dot3svc - ok
14:11:21.0981 0x15ac  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
14:11:22.0070 0x15ac  DPS - ok
14:11:22.0601 0x15ac  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:11:22.0618 0x15ac  drmkaud - ok
14:11:22.0860 0x15ac  [ 124528BB6512C9BADBBF783156027A36, 8C2D7DF94989B199B2598004950345D1C271CDAC49195445210AE6F03EC90CF7 ] dSSEventSvc     C:\Program Files\dSupportSuite\dSSEventSvc.exe
14:11:22.0895 0x15ac  Suspicious file ( Forged ): C:\Program Files\dSupportSuite\dSSEventSvc.exe. Real md5: 124528BB6512C9BADBBF783156027A36, sha256: 8C2D7DF94989B199B2598004950345D1C271CDAC49195445210AE6F03EC90CF7, fake md5: 928F45AB1DD3022BA38FF755AAE85376, fake sha256: 2B015B3AD990FCE3DA72D635815D5F7540846CEC1DFDC641584DC60A214A3FB8
14:11:22.0896 0x15ac  dSSEventSvc - detected ForgedFile.Multi.Generic ( 1 )
14:11:25.0678 0x15ac  dSSEventSvc ( ForgedFile.Multi.Generic ) - warning
14:11:28.0699 0x15ac  [ 7797F0CC249709001819E29DAB170EED, 09D696404D8CDF24653BFDCACE915D6ADDDDB668A006BC7579FD84CB968A68CC ] DVMIO           D:\Program Files\Dell\Reader 2.1\dvmio.sys
14:11:28.0802 0x15ac  DVMIO - ok
14:11:29.0019 0x15ac  [ 6F0952F5A3C8D9E90DF1F88B84541145, 55818BCE974D7BCDBD9DE03CE214477C15C085876BBE2AA3B984805F8E61A564 ] DvmMDES         D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
14:11:29.0174 0x15ac  DvmMDES - ok
14:11:29.0459 0x15ac  [ 16498EBC04AE9DD07049A8884B205C05, 134EA1C7A2DB984B8EBADF6C25B28DBADF02215AA2ED298FA124556FC4992084 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:11:29.0574 0x15ac  Suspicious file ( Forged ): C:\Windows\System32\drivers\dxgkrnl.sys. Real md5: 16498EBC04AE9DD07049A8884B205C05, sha256: 134EA1C7A2DB984B8EBADF6C25B28DBADF02215AA2ED298FA124556FC4992084, fake md5: 71BC35067CABC02C9453AEAA42B2E43E, fake sha256: 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619
14:11:29.0576 0x15ac  DXGKrnl - detected ForgedFile.Multi.Generic ( 1 )
14:11:32.0209 0x15ac  Detect skipped due to KSN trusted
14:11:32.0209 0x15ac  DXGKrnl - ok
14:11:32.0400 0x15ac  [ 19E30C3C80D8CE29944B3F30FF9C8B76, 0121F66A1B4B6265C7F9C96CE954E64471891C7C9AE4D3862C05C19A1A9E3AFB ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
14:11:32.0418 0x15ac  e1kexpress - ok
14:11:32.0520 0x15ac  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
14:11:32.0526 0x15ac  EapHost - ok
14:11:32.0667 0x15ac  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
14:11:32.0805 0x15ac  ebdrv - ok
14:11:32.0857 0x15ac  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS             C:\Windows\System32\lsass.exe
14:11:32.0859 0x15ac  Suspicious file ( Forged ): C:\Windows\System32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, sha256: ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B, fake md5: DD17E1573651293D4ED31053795B3471, fake sha256: 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54
14:11:32.0859 0x15ac  EFS - detected ForgedFile.Multi.Generic ( 1 )
14:11:35.0851 0x15ac  Detect skipped due to KSN trusted
14:11:35.0851 0x15ac  EFS - ok
14:11:38.0049 0x15ac  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:11:38.0166 0x15ac  ehRecvr - ok
14:11:38.0227 0x15ac  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
14:11:38.0233 0x15ac  ehSched - ok
14:11:38.0418 0x15ac  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:11:38.0499 0x15ac  elxstor - ok
14:11:38.0598 0x15ac  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:11:38.0636 0x15ac  ErrDev - ok
14:11:38.0671 0x15ac  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
14:11:38.0677 0x15ac  EventSystem - ok
14:11:38.0735 0x15ac  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:11:38.0773 0x15ac  exfat - ok
14:11:38.0872 0x15ac  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:11:38.0897 0x15ac  fastfat - ok
14:11:38.0974 0x15ac  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
14:11:38.0983 0x15ac  Fax - ok
14:11:39.0065 0x15ac  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:11:39.0067 0x15ac  fdc - ok
14:11:39.0187 0x15ac  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
14:11:39.0188 0x15ac  fdPHost - ok
14:11:39.0576 0x15ac  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:11:39.0656 0x15ac  FDResPub - ok
14:11:39.0717 0x15ac  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:11:39.0759 0x15ac  FileInfo - ok
14:11:39.0821 0x15ac  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:11:39.0827 0x15ac  Filetrace - ok
14:11:39.0915 0x15ac  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:39.0942 0x15ac  flpydisk - ok
14:11:40.0024 0x15ac  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:11:40.0034 0x15ac  FltMgr - ok
14:11:40.0367 0x15ac  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
14:11:40.0437 0x15ac  FontCache - ok
14:11:40.0623 0x15ac  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:11:40.0789 0x15ac  FontCache3.0.0.0 - ok
14:11:40.0839 0x15ac  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:11:40.0841 0x15ac  FsDepends - ok
14:11:40.0910 0x15ac  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:11:40.0923 0x15ac  Fs_Rec - ok
14:11:41.0169 0x15ac  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:11:41.0179 0x15ac  fvevol - ok
14:11:41.0326 0x15ac  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:11:41.0408 0x15ac  gagp30kx - ok
14:11:41.0691 0x15ac  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:11:41.0694 0x15ac  GEARAspiWDM - ok
14:11:41.0944 0x15ac  GoToAssist Remote Support Customer - ok
14:11:43.0449 0x15ac  [ BA9265336BE256E6138AE0A0CC09AE46, 2742CB20EF45E55D052C8CBB5102D95E51D8242181E02107D7C05C02DD9B7A3E ] GoToMyPC        C:\Program Files\Citrix\GoToMyPC\g2svc.exe
14:11:43.0522 0x15ac  Suspicious file ( Forged ): C:\Program Files\Citrix\GoToMyPC\g2svc.exe. Real md5: BA9265336BE256E6138AE0A0CC09AE46, sha256: 2742CB20EF45E55D052C8CBB5102D95E51D8242181E02107D7C05C02DD9B7A3E, fake md5: 621AE9ED3A0669EA836325D84E6212F2, fake sha256: F7857C9469997D62583B6A63E6AA973A17C4C9B3DD21F75378D33AF395393370
14:11:43.0524 0x15ac  GoToMyPC - detected ForgedFile.Multi.Generic ( 1 )
14:11:53.0526 0x15ac  GoToMyPC ( ForgedFile.Multi.Generic ) - warning
14:11:56.0459 0x15ac  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:11:56.0477 0x15ac  gpsvc - ok
14:11:56.0516 0x15ac  gupdate - ok
14:11:56.0532 0x15ac  gupdatem - ok
14:11:56.0567 0x15ac  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:11:56.0570 0x15ac  hcw85cir - ok
14:11:56.0617 0x15ac  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:11:56.0619 0x15ac  HDAudBus - ok
14:11:56.0668 0x15ac  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:11:56.0709 0x15ac  HidBatt - ok
14:11:56.0737 0x15ac  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:11:56.0740 0x15ac  HidBth - ok
14:11:56.0759 0x15ac  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:11:56.0761 0x15ac  HidIr - ok
14:11:56.0788 0x15ac  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
14:11:56.0789 0x15ac  hidserv - ok
14:11:56.0849 0x15ac  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:11:56.0895 0x15ac  HidUsb - ok
14:11:56.0937 0x15ac  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:11:56.0939 0x15ac  hkmsvc - ok
14:11:57.0022 0x15ac  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:11:57.0028 0x15ac  HomeGroupListener - ok
14:11:57.0056 0x15ac  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:11:57.0059 0x15ac  HomeGroupProvider - ok
14:11:57.0083 0x15ac  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:11:57.0106 0x15ac  HpSAMD - ok
14:11:57.0145 0x15ac  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:11:57.0155 0x15ac  HTTP - ok
14:11:57.0186 0x15ac  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:11:57.0214 0x15ac  hwpolicy - ok
14:11:57.0267 0x15ac  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:11:57.0302 0x15ac  i8042prt - ok
14:11:57.0660 0x15ac  [ 26541A068572F650A2FA490726FE81BE, 9D6EF745731D45C4482274BE9C56300BBE8843D6C182F0E5C621AB121DBE371E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:11:57.0666 0x15ac  iaStor - ok
14:11:57.0763 0x15ac  [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:11:57.0764 0x15ac  IAStorDataMgrSvc - ok
14:11:57.0916 0x15ac  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:11:57.0931 0x15ac  iaStorV - ok
14:11:58.0032 0x15ac  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:11:58.0097 0x15ac  idsvc - ok
14:11:58.0120 0x15ac  IEEtwCollectorService - ok
14:11:58.0419 0x15ac  [ C5589781F75DE0BFB26E221649C80D00, 949AC24AF8669F9FF71DB30A502AF8BA17D892A0E86708418469B15F084A9D72 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:11:58.0692 0x15ac  igfx - ok
14:11:58.0769 0x15ac  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:11:58.0855 0x15ac  iirsp - ok
14:11:58.0909 0x15ac  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:11:58.0919 0x15ac  Suspicious file ( Forged ): C:\Windows\System32\ikeext.dll. Real md5: F95622F161474511B8D80D6B093AA610, sha256: F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26, fake md5: B9C54120F46392100478F58F374E5709, fake sha256: A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B
14:11:58.0920 0x15ac  IKEEXT - detected ForgedFile.Multi.Generic ( 1 )
14:12:01.0563 0x15ac  Detect skipped due to KSN trusted
14:12:01.0564 0x15ac  IKEEXT - ok
14:12:01.0757 0x15ac  [ E3C36AC5AE87EC970AE8EA2A93D59AE1, 8403A5243DF38EFC35A0200760EC081E42467744AF25A1F2168D5A8198AF6A5B ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
14:12:01.0775 0x15ac  Impcd - ok
14:12:01.0893 0x15ac  [ 2D8D9516281E27A721897A388F17DEFB, BD287534D9FE6D36800348320E61B632CBF672C0ABE739D60C519EC8144A3543 ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHDA.sys
14:12:01.0979 0x15ac  IntcAzAudAddService - ok
14:12:02.0040 0x15ac  [ AF6D1E38BCE11DABA4C01D6A6DE94410, 0913444FE63FF47C99A3F002368C05574DE9AE7973CA5832FFC6C88F9F12B574 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:12:02.0069 0x15ac  IntcDAud - ok
14:12:02.0115 0x15ac  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:12:02.0131 0x15ac  intelide - ok
14:12:02.0192 0x15ac  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:12:02.0193 0x15ac  intelppm - ok
14:12:02.0243 0x15ac  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:12:02.0283 0x15ac  IPBusEnum - ok
14:12:02.0315 0x15ac  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:12:02.0317 0x15ac  IpFilterDriver - ok
14:12:02.0357 0x15ac  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:12:02.0386 0x15ac  iphlpsvc - ok
14:12:02.0435 0x15ac  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:12:02.0438 0x15ac  IPMIDRV - ok
14:12:02.0443 0x15ac  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:12:02.0446 0x15ac  IPNAT - ok
14:12:02.0707 0x15ac  [ E3E71649A926CB34FA4D7AB75DCE126C, FEAAEA9CB8CF3D6152E26E55520F80845391D6214D02449332BB110C64E5CF30 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:12:02.0715 0x15ac  Suspicious file ( Forged ): C:\Program Files\iPod\bin\iPodService.exe. Real md5: E3E71649A926CB34FA4D7AB75DCE126C, sha256: FEAAEA9CB8CF3D6152E26E55520F80845391D6214D02449332BB110C64E5CF30, fake md5: 10F97E4666133FF3E66EE7F31551536E, fake sha256: 9BB1BE505EC0195A4740C214FD9DA744A5D98B9114E7517ABB575F752ED59EEE
14:12:02.0716 0x15ac  iPod Service - detected ForgedFile.Multi.Generic ( 1 )
14:12:05.0847 0x15ac  Detect skipped due to KSN trusted
14:12:05.0847 0x15ac  iPod Service - ok
14:12:05.0933 0x15ac  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:12:05.0962 0x15ac  IRENUM - ok
14:12:05.0994 0x15ac  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:12:06.0028 0x15ac  isapnp - ok
14:12:06.0146 0x15ac  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:12:06.0240 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\msiscsi.sys. Real md5: CB7A9ABB12B8415BCE5D74994C7BA3AE, sha256: 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647, fake md5: EB34CE31FABD4DC4343FD2AD16D2CAF9, fake sha256: D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C
14:12:06.0240 0x15ac  iScsiPrt - detected ForgedFile.Multi.Generic ( 1 )
14:12:08.0873 0x15ac  Detect skipped due to KSN trusted
14:12:08.0873 0x15ac  iScsiPrt - ok
14:12:08.0914 0x15ac  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:12:08.0917 0x15ac  kbdclass - ok
14:12:08.0978 0x15ac  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:12:08.0981 0x15ac  kbdhid - ok
14:12:09.0012 0x15ac  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso          C:\Windows\system32\lsass.exe
14:12:09.0013 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, sha256: ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B, fake md5: DD17E1573651293D4ED31053795B3471, fake sha256: 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54
14:12:09.0013 0x15ac  KeyIso - detected ForgedFile.Multi.Generic ( 1 )
14:12:09.0013 0x15ac  Detect skipped due to KSN trusted
14:12:09.0013 0x15ac  KeyIso - ok
14:12:09.0081 0x15ac  [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:12:09.0123 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\Drivers\ksecdd.sys. Real md5: B7895B4182C0D16F6EFADEB8081E8D36, sha256: BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9, fake md5: 4120DA10AA42A9996F4575DB9E3E6E6E, fake sha256: 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8
14:12:09.0123 0x15ac  KSecDD - detected ForgedFile.Multi.Generic ( 1 )
14:12:11.0752 0x15ac  Detect skipped due to KSN trusted
14:12:11.0752 0x15ac  KSecDD - ok
14:12:11.0788 0x15ac  [ D30159AC9237519FBC62C6EC247D2D46, 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:12:11.0819 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\Drivers\ksecpkg.sys. Real md5: D30159AC9237519FBC62C6EC247D2D46, sha256: 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B, fake md5: D3964885F0A11ACF51DA3AAA776973B2, fake sha256: 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA
14:12:11.0820 0x15ac  KSecPkg - detected ForgedFile.Multi.Generic ( 1 )
14:12:14.0615 0x15ac  Detect skipped due to KSN trusted
14:12:14.0616 0x15ac  KSecPkg - ok
14:12:14.0712 0x15ac  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:12:14.0738 0x15ac  KtmRm - ok
14:12:14.0742 0x15ac  L8042Kbd - ok
14:12:14.0764 0x15ac  L8042mou - ok
14:12:14.0817 0x15ac  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:12:14.0840 0x15ac  LanmanServer - ok
14:12:14.0872 0x15ac  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:12:14.0874 0x15ac  LanmanWorkstation - ok
14:12:15.0058 0x15ac  [ 54581F1B8A4B517040AD316E5C430A2C, D6D0792D77B6C6EC83A723C24FCAFD65B1DB335381F815C7F70C4A8B50C7491C ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
14:12:15.0127 0x15ac  Suspicious file ( Forged ): C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe. Real md5: 54581F1B8A4B517040AD316E5C430A2C, sha256: D6D0792D77B6C6EC83A723C24FCAFD65B1DB335381F815C7F70C4A8B50C7491C, fake md5: FF9E074CCC950398C7D293E1D4D003B3, fake sha256: 542104549F47BB99E9B93503485E7FDA50CAECB6B8C05D00752446DBE69A006B
14:12:15.0129 0x15ac  LBTServ - detected ForgedFile.Multi.Generic ( 1 )
14:12:18.0047 0x15ac  Detect skipped due to KSN trusted
14:12:18.0047 0x15ac  LBTServ - ok
14:12:18.0090 0x15ac  LEqdUsb - ok
14:12:18.0132 0x15ac  LHidEqd - ok
14:12:18.0275 0x15ac  [ 5001C2B3557B53DED02ABED3BCC6FD2D, 47971B3D8C2D8023BFADAD949FA0F069B32959C42EC2AD6B8344508F7F6C9FDD ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:12:18.0305 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\LHidFilt.Sys. Real md5: 5001C2B3557B53DED02ABED3BCC6FD2D, sha256: 47971B3D8C2D8023BFADAD949FA0F069B32959C42EC2AD6B8344508F7F6C9FDD, fake md5: 74EA099C3D9DAD3A657BD89ED4A81C6D, fake sha256: AE0AED792857458CBBEDAD02462FDB5B687D06F5A33547A3EBB39812513BCEDA
14:12:18.0305 0x15ac  LHidFilt - detected ForgedFile.Multi.Generic ( 1 )
14:12:21.0077 0x15ac  Detect skipped due to KSN trusted
14:12:21.0077 0x15ac  LHidFilt - ok
14:12:21.0177 0x15ac  [ 6D3730E50F5DC7AE22843A0FA6176D41, 005A9F53AA94CBFB6AF03CA8466184D9912430B6F8BB1447571968AF9629E6D5 ] LHidUsbK        C:\Windows\system32\Drivers\LHidUsbK.Sys
14:12:21.0182 0x15ac  LHidUsbK - ok
14:12:21.0247 0x15ac  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:12:21.0251 0x15ac  lltdio - ok
14:12:21.0338 0x15ac  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:12:21.0392 0x15ac  lltdsvc - ok
14:12:21.0444 0x15ac  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:12:21.0473 0x15ac  lmhosts - ok
14:12:21.0534 0x15ac  [ 3AD9369E5D17014971A11728F198994C, 0EE59562C011A29C253193A8D202F591C1B4C0FD25C2C2E33ED1288EF4B09578 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:12:21.0586 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\LMouFilt.Sys. Real md5: 3AD9369E5D17014971A11728F198994C, sha256: 0EE59562C011A29C253193A8D202F591C1B4C0FD25C2C2E33ED1288EF4B09578, fake md5: E9D42CDD5BD22BE28247B77953735650, fake sha256: A3CB9B62278830A40150C079370431B71BF5D04240CCE48D116D467D94006402
14:12:21.0587 0x15ac  LMouFilt - detected ForgedFile.Multi.Generic ( 1 )
14:12:24.0210 0x15ac  Detect skipped due to KSN trusted
14:12:24.0210 0x15ac  LMouFilt - ok
14:12:24.0216 0x15ac  LMouKE - ok
14:12:24.0326 0x15ac  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:12:24.0332 0x15ac  LSI_FC - ok
14:12:24.0393 0x15ac  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:12:24.0399 0x15ac  LSI_SAS - ok
14:12:24.0407 0x15ac  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:12:24.0413 0x15ac  LSI_SAS2 - ok
14:12:24.0422 0x15ac  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:12:24.0466 0x15ac  LSI_SCSI - ok
14:12:24.0535 0x15ac  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:12:24.0543 0x15ac  luafv - ok
14:12:24.0678 0x15ac  [ C8CC93D6677DB60C5454C4FF0DC88495, D81BA7A8BAB314E69F3B40FD885B5C47B910884D9EA4C5AB4B80CB391E7CAABF ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
14:12:24.0710 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\Drivers\LUsbFilt.Sys. Real md5: C8CC93D6677DB60C5454C4FF0DC88495, sha256: D81BA7A8BAB314E69F3B40FD885B5C47B910884D9EA4C5AB4B80CB391E7CAABF, fake md5: 3A7A37B972E4F487C7D6963B53684710, fake sha256: 9182F94CB5F8347784221413AE8E18DFAE2FE2EACA6B26F89BC5592D34804DCB
14:12:24.0710 0x15ac  LUsbFilt - detected ForgedFile.Multi.Generic ( 1 )
14:12:27.0341 0x15ac  Detect skipped due to KSN trusted
14:12:27.0341 0x15ac  LUsbFilt - ok
14:12:27.0605 0x15ac  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:12:27.0622 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\mbam.sys. Real md5: 4470E3C1E0C3378E4CAB137893C12C3A, sha256: CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489, fake md5: B96EF84173B47133D8830E9DED30BA41, fake sha256: 37A12F4C2DC2DBE8972F4E7BE243608B7E54E7E1ABE76825180828C5EA34CA35
14:12:27.0623 0x15ac  MBAMProtector - detected ForgedFile.Multi.Generic ( 1 )
14:12:30.0738 0x15ac  Detect skipped due to KSN trusted
14:12:30.0738 0x15ac  MBAMProtector - ok
14:12:30.0759 0x15ac  MBAMScheduler - ok
14:12:30.0779 0x15ac  MBAMService - ok
14:12:30.0790 0x15ac  MBAMSwissArmy - ok
14:12:30.0819 0x15ac  MBAMWebAccessControl - ok
14:12:30.0848 0x15ac  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:12:30.0871 0x15ac  Mcx2Svc - ok
14:12:30.0905 0x15ac  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:12:30.0945 0x15ac  megasas - ok
14:12:31.0015 0x15ac  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:12:31.0027 0x15ac  MegaSR - ok
14:12:31.0060 0x15ac  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
14:12:31.0065 0x15ac  MMCSS - ok
14:12:31.0406 0x15ac  [ 157987AB3EC9EAD1F9FCD0521DEF1002, 0E89043E431676E2056880F8770886CE43F1929493FDC2E72BBDFA44811B421F ] MMS             C:\Program Files\Acronis\BackupAndRecovery\mms.exe
14:12:31.0545 0x15ac  MMS - ok
14:12:31.0590 0x15ac  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
14:12:31.0592 0x15ac  Modem - ok
14:12:31.0668 0x15ac  [ 78833E368ADA63BCBC95D79FF3C04DE0, FFC17F9E92702B1132389DA69A245D36AD6351298BDFC21BD9950515AAE4C744 ] monblanking     C:\Windows\system32\DRIVERS\monblanking.sys
14:12:31.0774 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\monblanking.sys. Real md5: 78833E368ADA63BCBC95D79FF3C04DE0, sha256: FFC17F9E92702B1132389DA69A245D36AD6351298BDFC21BD9950515AAE4C744, fake md5: CB3A4E5ACA01D9A2FA5590557EE69231, fake sha256: 8A8D4EF8F18966FF9CAA63B90079A8146B1EC58AAA1DA05D9D14A2810A40B39F
14:12:31.0774 0x15ac  monblanking - detected ForgedFile.Multi.Generic ( 1 )
14:12:34.0554 0x15ac  Detect skipped due to KSN trusted
14:12:34.0554 0x15ac  monblanking - ok
14:12:34.0604 0x15ac  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:12:34.0606 0x15ac  monitor - ok
14:12:34.0664 0x15ac  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:12:34.0668 0x15ac  mouclass - ok
14:12:34.0689 0x15ac  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:12:34.0693 0x15ac  mouhid - ok
14:12:34.0726 0x15ac  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:12:34.0730 0x15ac  mountmgr - ok
14:12:34.0849 0x15ac  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8, E9D1430C7C9199AECDF75B974E686B36E72F458FE398A0338D9D42F3BA76C399 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:12:34.0887 0x15ac  Suspicious file ( Forged ): C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe. Real md5: 8BE15F71DE6FF33FC56DCDE7B2B9EFE8, sha256: E9D1430C7C9199AECDF75B974E686B36E72F458FE398A0338D9D42F3BA76C399, fake md5: 26EA1DAD601EE3ACAC301D66F07BA219, fake sha256: C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096
14:12:34.0887 0x15ac  MozillaMaintenance - detected ForgedFile.Multi.Generic ( 1 )
14:12:37.0804 0x15ac  Detect skipped due to KSN trusted
14:12:37.0804 0x15ac  MozillaMaintenance - ok
14:12:38.0352 0x15ac  [ CF105EE42E3F71E648CEBB3F666E1CF0, 1839F989ED4D954A586CB8C327F8728C020537E617FB743F457ECEFCCFA4B6C4 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:12:38.0398 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\MpFilter.sys. Real md5: CF105EE42E3F71E648CEBB3F666E1CF0, sha256: 1839F989ED4D954A586CB8C327F8728C020537E617FB743F457ECEFCCFA4B6C4, fake md5: 8072A7BB35D92CC621AC2605EEF79BC4, fake sha256: 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A
14:12:38.0399 0x15ac  MpFilter - detected ForgedFile.Multi.Generic ( 1 )
14:12:41.0178 0x15ac  Detect skipped due to KSN trusted
14:12:41.0178 0x15ac  MpFilter - ok
14:12:41.0237 0x15ac  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:12:41.0283 0x15ac  mpio - ok
14:12:41.0427 0x15ac  MpKsla7524f4b - ok
14:12:41.0455 0x15ac  MpKsle5c5db9a - ok
14:12:41.0504 0x15ac  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:12:41.0509 0x15ac  mpsdrv - ok
14:12:41.0750 0x15ac  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:12:41.0771 0x15ac  MpsSvc - ok
14:12:41.0806 0x15ac  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:12:41.0932 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\mrxdav.sys. Real md5: CEB46AB7C01C9F825F8CC6BABC18166A, sha256: AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8, fake md5: 21F4B24ACFC79A483515BD986DD9043F, fake sha256: 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA
14:12:41.0932 0x15ac  MRxDAV - detected ForgedFile.Multi.Generic ( 1 )
14:12:44.0559 0x15ac  Detect skipped due to KSN trusted
14:12:44.0559 0x15ac  MRxDAV - ok
14:12:44.0594 0x15ac  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:12:44.0601 0x15ac  mrxsmb - ok
14:12:44.0681 0x15ac  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:12:44.0736 0x15ac  mrxsmb10 - ok
14:12:44.0802 0x15ac  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:12:44.0808 0x15ac  mrxsmb20 - ok
14:12:44.0878 0x15ac  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:12:44.0892 0x15ac  msahci - ok
14:12:44.0919 0x15ac  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:12:44.0926 0x15ac  msdsm - ok
14:12:44.0970 0x15ac  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
14:12:44.0974 0x15ac  MSDTC - ok
14:12:45.0028 0x15ac  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:12:45.0042 0x15ac  Msfs - ok
14:12:45.0081 0x15ac  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:12:45.0087 0x15ac  mshidkmdf - ok
14:12:45.0138 0x15ac  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:12:45.0144 0x15ac  msisadrv - ok
14:12:45.0200 0x15ac  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:12:45.0233 0x15ac  MSiSCSI - ok
14:12:45.0239 0x15ac  msiserver - ok
14:12:45.0275 0x15ac  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:12:45.0278 0x15ac  MSKSSRV - ok
14:12:45.0388 0x15ac  [ C1F19D2BACBEE9AB64D9AE69E9859AC0, 11F55350EF5219B132A1E04C8BF8A521089F62D7207D40F7F3C6E8B6E04090A1 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:12:45.0389 0x15ac  Suspicious file ( Forged ): C:\Program Files\Microsoft Security Client\MsMpEng.exe. Real md5: C1F19D2BACBEE9AB64D9AE69E9859AC0, sha256: 11F55350EF5219B132A1E04C8BF8A521089F62D7207D40F7F3C6E8B6E04090A1, fake md5: 1EE3643D1AA747222427F63353611AD7, fake sha256: 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766
14:12:45.0389 0x15ac  MsMpSvc - detected ForgedFile.Multi.Generic ( 1 )
14:12:48.0020 0x15ac  Detect skipped due to KSN trusted
14:12:48.0020 0x15ac  MsMpSvc - ok
14:12:48.0075 0x15ac  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:12:48.0095 0x15ac  MSPCLOCK - ok
14:12:48.0177 0x15ac  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:12:48.0179 0x15ac  MSPQM - ok
14:12:48.0206 0x15ac  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:12:48.0215 0x15ac  MsRPC - ok
14:12:48.0246 0x15ac  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:12:48.0247 0x15ac  mssmbios - ok
14:12:48.0253 0x15ac  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:12:48.0274 0x15ac  MSTEE - ok
14:12:48.0298 0x15ac  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:12:48.0327 0x15ac  MTConfig - ok
14:12:48.0380 0x15ac  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:12:48.0403 0x15ac  Mup - ok
14:12:48.0529 0x15ac  [ 428C611928DF3E96538A482117E659F7, C4310708EE81058286BE30DB1B1D93DEAB62A37EAA7974750A7FFBE798EED747 ] NAL             C:\Windows\system32\Drivers\iqvw32.sys
14:12:48.0532 0x15ac  NAL - ok
14:12:48.0936 0x15ac  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
14:12:48.0945 0x15ac  napagent - ok
14:12:49.0114 0x15ac  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:12:49.0151 0x15ac  NativeWifiP - ok
14:12:49.0473 0x15ac  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:12:49.0540 0x15ac  NDIS - ok
14:12:49.0595 0x15ac  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:12:49.0598 0x15ac  NdisCap - ok
14:12:49.0685 0x15ac  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:12:49.0691 0x15ac  NdisTapi - ok
14:12:49.0785 0x15ac  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:12:49.0789 0x15ac  Ndisuio - ok
14:12:49.0849 0x15ac  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:12:49.0879 0x15ac  NdisWan - ok
14:12:49.0917 0x15ac  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:12:49.0920 0x15ac  NDProxy - ok
14:12:50.0017 0x15ac  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:12:50.0042 0x15ac  NetBIOS - ok
14:12:50.0131 0x15ac  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:12:50.0181 0x15ac  NetBT - ok
14:12:50.0202 0x15ac  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon        C:\Windows\system32\lsass.exe
14:12:50.0205 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, sha256: ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B, fake md5: DD17E1573651293D4ED31053795B3471, fake sha256: 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54
14:12:50.0205 0x15ac  Netlogon - detected ForgedFile.Multi.Generic ( 1 )
14:12:50.0205 0x15ac  Detect skipped due to KSN trusted
14:12:50.0205 0x15ac  Netlogon - ok
14:12:50.0384 0x15ac  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
14:12:50.0398 0x15ac  Netman - ok
14:12:50.0470 0x15ac  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:50.0578 0x15ac  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, sha256: 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8, fake md5: 21318671BCAD3ACF16638F98D4D00973, fake sha256: CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11
14:12:50.0579 0x15ac  NetMsmqActivator - detected ForgedFile.Multi.Generic ( 1 )
14:12:53.0210 0x15ac  Detect skipped due to KSN trusted
14:12:53.0210 0x15ac  NetMsmqActivator - ok
14:12:53.0333 0x15ac  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:53.0339 0x15ac  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, sha256: 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8, fake md5: 21318671BCAD3ACF16638F98D4D00973, fake sha256: CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11
14:12:53.0340 0x15ac  NetPipeActivator - detected ForgedFile.Multi.Generic ( 1 )
14:12:53.0340 0x15ac  Detect skipped due to KSN trusted
14:12:53.0340 0x15ac  NetPipeActivator - ok
14:12:53.0529 0x15ac  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
14:12:53.0548 0x15ac  netprofm - ok
14:12:53.0579 0x15ac  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:53.0581 0x15ac  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, sha256: 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8, fake md5: 21318671BCAD3ACF16638F98D4D00973, fake sha256: CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11
14:12:53.0581 0x15ac  NetTcpActivator - detected ForgedFile.Multi.Generic ( 1 )
14:12:53.0582 0x15ac  Detect skipped due to KSN trusted
14:12:53.0582 0x15ac  NetTcpActivator - ok
14:12:53.0682 0x15ac  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:53.0688 0x15ac  Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: D22CD77D4F0D63D1169BB35911BFF12D, sha256: 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8, fake md5: 21318671BCAD3ACF16638F98D4D00973, fake sha256: CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11
14:12:53.0688 0x15ac  NetTcpPortSharing - detected ForgedFile.Multi.Generic ( 1 )
14:12:53.0688 0x15ac  Detect skipped due to KSN trusted
14:12:53.0688 0x15ac  NetTcpPortSharing - ok
14:12:53.0797 0x15ac  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:12:53.0836 0x15ac  nfrd960 - ok
14:12:53.0953 0x15ac  [ 832E098BCA8235436FE2D8AE50AC3718, 516147B97266A2985B396C9637E017CBF7F0E36081BA8812CF535D836F944006 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:12:54.0043 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\NisDrvWFP.sys. Real md5: 832E098BCA8235436FE2D8AE50AC3718, sha256: 516147B97266A2985B396C9637E017CBF7F0E36081BA8812CF535D836F944006, fake md5: FCBC2F48430EB0D7150A6521C0B84ACA, fake sha256: EEFB975E2D1121EE9E93702F2CA2938C99C6B2273616C85816BA15E857E8D4FF
14:12:54.0043 0x15ac  NisDrv - detected ForgedFile.Multi.Generic ( 1 )
14:12:56.0822 0x15ac  Detect skipped due to KSN trusted
14:12:56.0822 0x15ac  NisDrv - ok
14:12:56.0921 0x15ac  [ E570ECA850F30EB740C2E9699DF3D2BD, 56C204800D41A3A950F40457FA18F6CF8DB80B0A1FAAE0209EBCE83B74549071 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
14:12:56.0933 0x15ac  Suspicious file ( Forged ): C:\Program Files\Microsoft Security Client\NisSrv.exe. Real md5: E570ECA850F30EB740C2E9699DF3D2BD, sha256: 56C204800D41A3A950F40457FA18F6CF8DB80B0A1FAAE0209EBCE83B74549071, fake md5: E4AA07F8BCBCB66EF115C443CD45C7A2, fake sha256: 3B538D9E376F12FC8589BA500BB5E859337CF1856D0E4AA66E2E3B5E301DAEC5
14:12:56.0933 0x15ac  NisSrv - detected ForgedFile.Multi.Generic ( 1 )
14:12:59.0780 0x15ac  Detect skipped due to KSN trusted
14:12:59.0780 0x15ac  NisSrv - ok
14:12:59.0881 0x15ac  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:12:59.0894 0x15ac  NlaSvc - ok
14:12:59.0949 0x15ac  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:13:00.0008 0x15ac  Npfs - ok
14:13:00.0048 0x15ac  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
14:13:00.0087 0x15ac  nsi - ok
14:13:00.0143 0x15ac  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:13:00.0145 0x15ac  nsiproxy - ok
14:13:00.0525 0x15ac  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:13:00.0613 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\Ntfs.sys. Real md5: 5E43D2B0EE64123D4880DFA6626DEFDE, sha256: 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F, fake md5: C8DFF8D07755A66C7A4A738930F0FEAC, fake sha256: A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA
14:13:00.0667 0x15ac  Ntfs - detected ForgedFile.Multi.Generic ( 1 )
14:13:10.0669 0x15ac  Object is SCO, delete is not allowed
14:13:10.0669 0x15ac  Ntfs ( ForgedFile.Multi.Generic ) - warning
14:13:10.0669 0x15ac  Force sending object to P2P due to detect: Ntfs
14:13:13.0772 0x15ac  Object send P2P result: true
14:13:16.0567 0x15ac  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
14:13:16.0608 0x15ac  Null - ok
14:13:16.0645 0x15ac  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:13:16.0701 0x15ac  nvraid - ok
14:13:16.0866 0x15ac  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:13:16.0941 0x15ac  nvstor - ok
14:13:16.0991 0x15ac  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:13:17.0063 0x15ac  nv_agp - ok
14:13:17.0110 0x15ac  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:13:17.0147 0x15ac  ohci1394 - ok
14:13:17.0273 0x15ac  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:13:17.0340 0x15ac  ose - ok
14:13:18.0539 0x15ac  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:13:18.0607 0x15ac  osppsvc - ok
14:13:18.0749 0x15ac  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:13:18.0860 0x15ac  p2pimsvc - ok
14:13:19.0023 0x15ac  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:13:19.0115 0x15ac  p2psvc - ok
14:13:19.0177 0x15ac  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:13:19.0185 0x15ac  Parport - ok
14:13:19.0220 0x15ac  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:13:19.0240 0x15ac  partmgr - ok
14:13:19.0274 0x15ac  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:13:19.0292 0x15ac  Parvdm - ok
14:13:19.0350 0x15ac  [ 4088C1ECD1F54281A92FA663B0FDC36F, DF6EF6C6ACBF7604681D86D352773E8C11937995C512761C66D50DB126F581C2 ] PBADRV          C:\Windows\system32\DRIVERS\PBADRV.sys
14:13:19.0373 0x15ac  PBADRV - ok
14:13:19.0421 0x15ac  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:13:19.0431 0x15ac  PcaSvc - ok
14:13:19.0584 0x15ac  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
14:13:19.0593 0x15ac  pci - ok
14:13:19.0636 0x15ac  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:13:19.0653 0x15ac  pciide - ok
14:13:19.0744 0x15ac  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:13:19.0778 0x15ac  pcmcia - ok
14:13:19.0805 0x15ac  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:13:19.0810 0x15ac  pcw - ok
14:13:20.0072 0x15ac  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:13:20.0110 0x15ac  PEAUTH - ok
14:13:20.0482 0x15ac  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:13:20.0566 0x15ac  PeerDistSvc - ok
14:13:21.0559 0x15ac  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
14:13:21.0644 0x15ac  pla - ok
14:13:21.0760 0x15ac  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:13:21.0775 0x15ac  PlugPlay - ok
14:13:21.0817 0x15ac  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:13:21.0820 0x15ac  PNRPAutoReg - ok
14:13:21.0980 0x15ac  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:13:21.0993 0x15ac  PNRPsvc - ok
14:13:22.0178 0x15ac  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:13:22.0185 0x15ac  PolicyAgent - ok
14:13:22.0233 0x15ac  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
14:13:22.0237 0x15ac  Power - ok
14:13:22.0310 0x15ac  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:13:22.0315 0x15ac  PptpMiniport - ok
14:13:22.0337 0x15ac  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:13:22.0379 0x15ac  Processor - ok
14:13:22.0471 0x15ac  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:13:22.0480 0x15ac  ProfSvc - ok
14:13:22.0518 0x15ac  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
14:13:22.0520 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, sha256: ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B, fake md5: DD17E1573651293D4ED31053795B3471, fake sha256: 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54
14:13:22.0520 0x15ac  ProtectedStorage - detected ForgedFile.Multi.Generic ( 1 )
14:13:22.0521 0x15ac  Detect skipped due to KSN trusted
14:13:22.0521 0x15ac  ProtectedStorage - ok
14:13:22.0603 0x15ac  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:13:22.0610 0x15ac  Psched - ok
14:13:22.0723 0x15ac  [ D24DFD16A1E2A76034DF5AA18125C35D, BB1F2BB3EB69DE742AA8ED33DCB572888BC473182E0F7DA860CB57903C9924A6 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
14:13:22.0779 0x15ac  PSI - ok
14:13:22.0953 0x15ac  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:13:22.0978 0x15ac  PxHelp20 - ok
14:13:23.0450 0x15ac  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:13:23.0561 0x15ac  ql2300 - ok
14:13:23.0615 0x15ac  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:13:23.0619 0x15ac  ql40xx - ok
14:13:23.0703 0x15ac  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
14:13:23.0794 0x15ac  QWAVE - ok
14:13:23.0818 0x15ac  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:13:23.0849 0x15ac  QWAVEdrv - ok
14:13:23.0876 0x15ac  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:13:23.0881 0x15ac  RasAcd - ok
14:13:23.0939 0x15ac  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:13:23.0957 0x15ac  RasAgileVpn - ok
14:13:24.0081 0x15ac  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
14:13:24.0110 0x15ac  RasAuto - ok
14:13:24.0224 0x15ac  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:13:24.0229 0x15ac  Rasl2tp - ok
14:13:24.0428 0x15ac  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
14:13:24.0495 0x15ac  RasMan - ok
14:13:24.0540 0x15ac  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:13:24.0545 0x15ac  RasPppoe - ok
14:13:24.0603 0x15ac  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:13:24.0631 0x15ac  RasSstp - ok
14:13:24.0719 0x15ac  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:13:24.0732 0x15ac  rdbss - ok
14:13:24.0768 0x15ac  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:13:24.0774 0x15ac  rdpbus - ok
14:13:24.0822 0x15ac  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:13:24.0828 0x15ac  RDPCDD - ok
14:13:24.0906 0x15ac  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:13:24.0912 0x15ac  RDPDR - ok
14:13:25.0015 0x15ac  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:13:25.0053 0x15ac  RDPENCDD - ok
14:13:25.0095 0x15ac  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:13:25.0097 0x15ac  RDPREFMP - ok
14:13:25.0217 0x15ac  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:13:25.0225 0x15ac  RDPWD - ok
14:13:25.0295 0x15ac  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:13:25.0304 0x15ac  rdyboost - ok
14:13:25.0371 0x15ac  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:13:25.0378 0x15ac  RemoteAccess - ok
14:13:25.0491 0x15ac  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:13:25.0500 0x15ac  RemoteRegistry - ok
14:13:26.0387 0x15ac  [ 3C957189B31C34D3AD21967B12B6AED7, 878FE6EA03F60592D6D557B905A5119E2CC836C2A6A86ED2867C3C9B0F0FDBA2 ] RoxMediaDB12OEM C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
14:13:26.0563 0x15ac  RoxMediaDB12OEM - ok
14:13:26.0732 0x15ac  [ 2B73088CC2CA757A172B425C9398E5BC, 3D296B4D6F66F7729CC48FE54456E6E6D8207DBA7E31D66653566C128E53163B ] RoxWatch12      C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
14:13:26.0741 0x15ac  RoxWatch12 - ok
14:13:26.0786 0x15ac  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:13:26.0790 0x15ac  RpcEptMapper - ok
14:13:26.0837 0x15ac  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
14:13:26.0841 0x15ac  RpcLocator - ok
14:13:26.0999 0x15ac  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
14:13:27.0013 0x15ac  RpcSs - ok
14:13:27.0143 0x15ac  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:13:27.0148 0x15ac  rspndr - ok
14:13:27.0261 0x15ac  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:13:27.0309 0x15ac  s3cap - ok
14:13:27.0346 0x15ac  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs           C:\Windows\system32\lsass.exe
14:13:27.0348 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, sha256: ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B, fake md5: DD17E1573651293D4ED31053795B3471, fake sha256: 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54
14:13:27.0349 0x15ac  SamSs - detected ForgedFile.Multi.Generic ( 1 )
14:13:27.0349 0x15ac  Detect skipped due to KSN trusted
14:13:27.0349 0x15ac  SamSs - ok
14:13:27.0599 0x15ac  Samsung Network Fax Server - ok
14:13:27.0771 0x15ac  [ 37D623C460EA4FCCB853783EE81AA05B, 1DE34F41C5CD80CB0A37BD69706489F95654685C02859BAAA48B9134A098E4FD ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
14:13:27.0919 0x15ac  Suspicious file ( Forged ): C:\Program Files\Sandboxie\SbieDrv.sys. Real md5: 37D623C460EA4FCCB853783EE81AA05B, sha256: 1DE34F41C5CD80CB0A37BD69706489F95654685C02859BAAA48B9134A098E4FD, fake md5: F2BF19FE48D9B8ADF8F5A0A6F17FD6BA, fake sha256: 4215E6D93946E5E038118DA7A80C93A567DD907F2CB04C6D37AC2175A185B527
14:13:27.0920 0x15ac  SbieDrv - detected ForgedFile.Multi.Generic ( 1 )
14:13:31.0051 0x15ac  Detect skipped due to KSN trusted
14:13:31.0052 0x15ac  SbieDrv - ok
14:13:31.0179 0x15ac  [ 75B191596E6C2F149AA8E0228B3E0B3A, ECE764D5FFCCCF8F23A2E74F60EBF6601DCB62F9C474158CE735B7C71871ADD3 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
14:13:31.0315 0x15ac  Suspicious file ( Forged ): C:\Program Files\Sandboxie\SbieSvc.exe. Real md5: 75B191596E6C2F149AA8E0228B3E0B3A, sha256: ECE764D5FFCCCF8F23A2E74F60EBF6601DCB62F9C474158CE735B7C71871ADD3, fake md5: 72A63DB72D3DE34B880CE90464069E7E, fake sha256: 321FCAA7AD1BC0D805828C08AEA3CA1A81ACE20BE88FAF115D3DE8B009C5221B
14:13:31.0315 0x15ac  SbieSvc - detected ForgedFile.Multi.Generic ( 1 )
14:13:34.0428 0x15ac  Detect skipped due to KSN trusted
14:13:34.0428 0x15ac  SbieSvc - ok
14:13:34.0501 0x15ac  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:13:34.0525 0x15ac  sbp2port - ok
14:13:34.0562 0x15ac  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:13:34.0571 0x15ac  SCardSvr - ok
14:13:34.0601 0x15ac  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:13:34.0604 0x15ac  scfilter - ok
14:13:35.0047 0x15ac  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
14:13:35.0140 0x15ac  Schedule - ok
14:13:35.0215 0x15ac  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:13:35.0219 0x15ac  SCPolicySvc - ok
14:13:35.0269 0x15ac  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:13:35.0298 0x15ac  SDRSVC - ok
14:13:35.0356 0x15ac  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:13:35.0359 0x15ac  secdrv - ok
14:13:35.0395 0x15ac  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
14:13:35.0400 0x15ac  seclogon - ok
14:13:35.0894 0x15ac  [ 9901DCF2B6DD2AD12CB42BD559E0C92D, 857A91A716858348C625A1CDE7E2D9B94FCD5654E6F72104073E1DD3EE35CE93 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
14:13:36.0103 0x15ac  Secunia PSI Agent - ok
14:13:36.0352 0x15ac  [ 4F2056349F8BA4154D5213BF8A476B14, 2B0ABC151CE03C26F832F07CDAFD9A8FAE5D18B7E1197B01299B123FD821B89C ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
14:13:36.0506 0x15ac  Secunia Update Agent - ok
14:13:37.0161 0x15ac  [ 6ABF8E8AE3800CCF84D9AE6865A641E5, 6156DCC3D81E2DDC7955EF088ABE6B44F8A1290933573811BE968397161BD3CA ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
14:13:38.0085 0x15ac  SecureStorageService - ok
14:13:38.0109 0x15ac  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
14:13:38.0112 0x15ac  SENS - ok
14:13:38.0180 0x15ac  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:13:38.0223 0x15ac  SensrSvc - ok
14:13:38.0292 0x15ac  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:13:38.0294 0x15ac  Serenum - ok
14:13:38.0329 0x15ac  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:13:38.0334 0x15ac  Serial - ok
14:13:38.0367 0x15ac  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:13:38.0373 0x15ac  sermouse - ok
14:13:38.0459 0x15ac  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:13:38.0466 0x15ac  SessionEnv - ok
14:13:38.0721 0x15ac  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:13:38.0752 0x15ac  sffdisk - ok
14:13:38.0802 0x15ac  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:13:38.0805 0x15ac  sffp_mmc - ok
14:13:38.0880 0x15ac  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:13:38.0929 0x15ac  sffp_sd - ok
14:13:39.0006 0x15ac  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:13:39.0032 0x15ac  sfloppy - ok
14:13:39.0182 0x15ac  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:13:39.0240 0x15ac  SharedAccess - ok
14:13:39.0329 0x15ac  [ DB18A8FE50514F6A04CB28C5DA2ABA32, 8A9CF8E6470B271CEA28120300C9B5392B94BCBC1CCB83E06FCF94286B8F0B9C ] Shdbus          C:\Windows\system32\drivers\Shdbus.sys
14:13:39.0363 0x15ac  Shdbus - ok
14:13:39.0637 0x15ac  [ 81A0B34C3DFA1FEB95FD58658FC77C70, 1C90DECB3FAB2DBE4C1DA9B8C7C30DBF7C7368E327311C6E9D5A27A513C953AA ] SHDSERV         C:\Program Files\Shield\shdserv.exe
14:13:39.0769 0x15ac  SHDSERV - ok
14:13:40.0020 0x15ac  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:13:40.0035 0x15ac  ShellHWDetection - ok
14:13:40.0250 0x15ac  [ AED46AECF565DB9A312781803373865D, 22D32B0E7FE979A448007F099C68FF6B62D6CC16A634332E16A2A39EF4EA19CD ] Shield          C:\Windows\system32\drivers\Shield.sys
14:13:40.0285 0x15ac  Shield - ok
14:13:40.0329 0x15ac  [ 4253E54101E83740974084C576EAC8E9, FC974E05040E4DA8298E18E1BD4AE63E3DA3FF53ED2C412CF96394D41705B1BC ] ShieldClientService C:\Program Files\Shield\shieldclnt.exe
14:13:40.0351 0x15ac  ShieldClientService - ok
14:13:40.0456 0x15ac  [ C9CA77FA6762C46FCC8606CC80594F3C, F500BE78012602B07B2E7CC9520B2A950288EB2B9E96E168CB52C08CA0370365 ] Shieldf         C:\Windows\system32\drivers\Shieldf.sys
14:13:40.0484 0x15ac  Shieldf - ok
14:13:40.0521 0x15ac  [ EF0F3F699A7B4A983F7182B77302195E, AF1F55633F8421F055407CA06C1EE6EF487E6BBD61F8FD3C4905EA62927F5ABD ] Shieldm         C:\Windows\system32\drivers\Shieldm.sys
14:13:40.0592 0x15ac  Shieldm - ok
14:13:40.0619 0x15ac  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:13:40.0646 0x15ac  sisagp - ok
14:13:40.0719 0x15ac  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:13:40.0725 0x15ac  SiSRaid2 - ok
14:13:40.0751 0x15ac  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:13:40.0757 0x15ac  SiSRaid4 - ok
14:13:40.0777 0x15ac  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:13:40.0781 0x15ac  Smb - ok
14:13:40.0967 0x15ac  [ 2E625A4D7DE2AA1B08BF8681246D6134, E48386809C828E80AEAD3A9CA90D24AE063BBF92138ABF9113949F7C7649884E ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
14:13:41.0025 0x15ac  snapman - ok
14:13:41.0117 0x15ac  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:13:41.0122 0x15ac  SNMPTRAP - ok
14:13:41.0158 0x15ac  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:13:41.0211 0x15ac  spldr - ok
14:13:41.0343 0x15ac  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
14:13:41.0385 0x15ac  Spooler - ok
14:13:42.0067 0x15ac  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
14:13:42.0114 0x15ac  sppsvc - ok
14:13:42.0177 0x15ac  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:13:42.0185 0x15ac  sppuinotify - ok
14:13:42.0327 0x15ac  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:13:42.0349 0x15ac  srv - ok
14:13:42.0477 0x15ac  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:13:42.0510 0x15ac  srv2 - ok
14:13:42.0543 0x15ac  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:13:42.0548 0x15ac  srvnet - ok
14:13:42.0689 0x15ac  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:13:42.0699 0x15ac  SSDPSRV - ok
14:13:43.0272 0x15ac  SSPORT - ok
14:13:43.0292 0x15ac  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:13:43.0296 0x15ac  SstpSvc - ok
14:13:43.0333 0x15ac  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:13:43.0339 0x15ac  stexstor - ok
14:13:43.0470 0x15ac  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:13:43.0494 0x15ac  StiSvc - ok
14:13:43.0514 0x15ac  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:13:43.0517 0x15ac  storflt - ok
14:13:43.0612 0x15ac  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
14:13:43.0618 0x15ac  StorSvc - ok
14:13:43.0672 0x15ac  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:13:43.0727 0x15ac  storvsc - ok
14:13:43.0761 0x15ac  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:13:43.0764 0x15ac  swenum - ok
14:13:43.0891 0x15ac  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
14:13:43.0905 0x15ac  swprv - ok
14:13:44.0296 0x15ac  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
14:13:44.0357 0x15ac  SysMain - ok
14:13:44.0386 0x15ac  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:13:44.0390 0x15ac  TabletInputService - ok
14:13:44.0516 0x15ac  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:13:44.0591 0x15ac  TapiSrv - ok
14:13:44.0636 0x15ac  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
14:13:44.0667 0x15ac  TBS - ok
14:13:45.0020 0x15ac  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C, 0FA6A6F065A99B0F40A3D50A20DF69D692824EE5776AC3904F9ED1F6F8832BD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:13:45.0103 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\tcpip.sys. Real md5: 4E8B9BE71B807B3BAEDB7F4243F85E3C, sha256: 0FA6A6F065A99B0F40A3D50A20DF69D692824EE5776AC3904F9ED1F6F8832BD3, fake md5: 5579DD18546999F5D0EC39D018726C6B, fake sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
14:13:45.0107 0x15ac  Tcpip - detected ForgedFile.Multi.Generic ( 1 )
14:13:47.0738 0x15ac  Detect skipped due to KSN trusted
14:13:47.0739 0x15ac  Tcpip - ok
14:13:48.0115 0x15ac  [ 4E8B9BE71B807B3BAEDB7F4243F85E3C, 0FA6A6F065A99B0F40A3D50A20DF69D692824EE5776AC3904F9ED1F6F8832BD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:13:48.0133 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\tcpip.sys. Real md5: 4E8B9BE71B807B3BAEDB7F4243F85E3C, sha256: 0FA6A6F065A99B0F40A3D50A20DF69D692824EE5776AC3904F9ED1F6F8832BD3, fake md5: 5579DD18546999F5D0EC39D018726C6B, fake sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
14:13:48.0136 0x15ac  TCPIP6 - detected ForgedFile.Multi.Generic ( 1 )
14:13:48.0136 0x15ac  Detect skipped due to KSN trusted
14:13:48.0136 0x15ac  TCPIP6 - ok
14:13:48.0216 0x15ac  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:13:48.0219 0x15ac  tcpipreg - ok
14:13:48.0606 0x15ac  [ E42D560E2163480E7B586B14ABEB3386, CA400CA4A9358740D811AAEEE016F3A162F8A9AC1EF2B718203C83945C234EF2 ] tcsd_win32.exe  C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:13:49.0731 0x15ac  tcsd_win32.exe - ok
14:13:50.0220 0x15ac  [ B434294EAA2AE4FB9BD63E25EB89B86F, A16196B84ED88732634D6A26B13A75B49B8346086AF7450DFA403F27C046983D ] TdmService      C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
14:13:50.0310 0x15ac  TdmService - ok
14:13:50.0360 0x15ac  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:13:50.0392 0x15ac  TDPIPE - ok
14:13:50.0464 0x15ac  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:13:50.0466 0x15ac  TDTCP - ok
14:13:50.0503 0x15ac  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:13:50.0531 0x15ac  tdx - ok
14:13:52.0082 0x15ac  [ 576918B02840A360702051BC4269B13F, ADC9798F280FB0238C63C798912264E88E244257DF8ACF1854343D14FAC73E19 ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
14:13:52.0323 0x15ac  Suspicious file ( Forged ): C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe. Real md5: 576918B02840A360702051BC4269B13F, sha256: ADC9798F280FB0238C63C798912264E88E244257DF8ACF1854343D14FAC73E19, fake md5: 775A7C4B689C0F112A12AD62064E57D1, fake sha256: C9E9B0F89AEA660CA80F8CC1C9E7116E199B267700265BB47640B0A9341C52FF
14:13:52.0333 0x15ac  TeamViewer8 - detected ForgedFile.Multi.Generic ( 1 )
14:13:55.0178 0x15ac  Detect skipped due to KSN trusted
14:13:55.0179 0x15ac  TeamViewer8 - ok
14:13:55.0215 0x15ac  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:13:55.0218 0x15ac  TermDD - ok
14:13:55.0389 0x15ac  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
14:13:55.0400 0x15ac  TermService - ok
14:13:55.0442 0x15ac  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
14:13:55.0444 0x15ac  Themes - ok
14:13:55.0539 0x15ac  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:13:55.0543 0x15ac  THREADORDER - ok
14:13:55.0760 0x15ac  [ 1DCF2395CF531057A698C0B6AF2B87C1, 7A1AF63B3859087E7EF2FBEDDC2C5C910A314E83085A31F30D00E5CF6E3E8296 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
14:13:55.0838 0x15ac  timounter - ok
14:13:55.0897 0x15ac  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
14:13:55.0904 0x15ac  TrkWks - ok
14:13:56.0014 0x15ac  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:13:56.0022 0x15ac  TrustedInstaller - ok
14:13:56.0090 0x15ac  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:13:56.0091 0x15ac  tssecsrv - ok
14:13:56.0162 0x15ac  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:13:56.0169 0x15ac  TsUsbFlt - ok
14:13:56.0237 0x15ac  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:13:56.0243 0x15ac  tunnel - ok
14:13:56.0297 0x15ac  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:13:56.0351 0x15ac  uagp35 - ok
14:13:56.0448 0x15ac  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:13:56.0471 0x15ac  udfs - ok
14:13:56.0513 0x15ac  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:13:56.0519 0x15ac  UI0Detect - ok
14:13:56.0541 0x15ac  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:13:56.0591 0x15ac  uliagpkx - ok
14:13:56.0654 0x15ac  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:13:56.0707 0x15ac  umbus - ok
14:13:56.0774 0x15ac  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:13:56.0790 0x15ac  UmPass - ok
14:13:56.0875 0x15ac  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:13:56.0907 0x15ac  UmRdpService - ok
14:13:56.0994 0x15ac  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
14:13:57.0011 0x15ac  upnphost - ok
14:13:57.0080 0x15ac  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:13:57.0102 0x15ac  USBAAPL - ok
14:13:57.0160 0x15ac  [ BD9C55D7023C5DE374507ACC7A14E2AC, 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:13:57.0220 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\usbccgp.sys. Real md5: BD9C55D7023C5DE374507ACC7A14E2AC, sha256: 1DBAFF733DE5C1A6A2374B15BD94512A22D9C0F4DF91F997801340828333AF3C, fake md5: 0803FBA9FE829D61AE26EC0BCC910C46, fake sha256: 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B
14:13:57.0221 0x15ac  usbccgp - detected ForgedFile.Multi.Generic ( 1 )
14:14:07.0221 0x15ac  Object is SCO, delete is not allowed
14:14:07.0221 0x15ac  usbccgp ( ForgedFile.Multi.Generic ) - warning
14:14:07.0221 0x15ac  Force sending object to P2P due to detect: usbccgp
14:14:10.0139 0x15ac  Object send P2P result: true
14:14:12.0950 0x15ac  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:14:12.0981 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\usbcir.sys. Real md5: 04EC7CEC62EC3B6D9354EEE93327FC82, sha256: 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E, fake md5: 2352AB5F9F8F097BF9D41D5A4718A041, fake sha256: 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C
14:14:12.0982 0x15ac  usbcir - detected ForgedFile.Multi.Generic ( 1 )
14:14:16.0074 0x15ac  Detect skipped due to KSN trusted
14:14:16.0075 0x15ac  usbcir - ok
14:14:16.0119 0x15ac  [ F92DE757E4B7CE9C07C5E65423F3AE3B, B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:14:16.0157 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\usbehci.sys. Real md5: F92DE757E4B7CE9C07C5E65423F3AE3B, sha256: B3FDEE4A8F1C7EC12405D99ACABC3E633FA4ED08D2A2AA871526ED7927A35A91, fake md5: D40855F89B69305140BBD7E9A3BA2DA6, fake sha256: 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C
14:14:16.0157 0x15ac  usbehci - detected ForgedFile.Multi.Generic ( 1 )
14:14:19.0289 0x15ac  Detect skipped due to KSN trusted
14:14:19.0289 0x15ac  usbehci - ok
14:14:19.0345 0x15ac  [ 8DC94AEC6A7E644A06135AE7506DC2E9, 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:14:19.0372 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\usbhub.sys. Real md5: 8DC94AEC6A7E644A06135AE7506DC2E9, sha256: 3ACB621D57BC8691DBBCDEF27563AA6390370362F21AFA6E7BA35BC429E14590, fake md5: EDF2DF71C4F1E13A6AC75F5224DE655A, fake sha256: 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C
14:14:19.0373 0x15ac  usbhub - detected ForgedFile.Multi.Generic ( 1 )
14:14:22.0002 0x15ac  Detect skipped due to KSN trusted
14:14:22.0002 0x15ac  usbhub - ok
14:14:22.0050 0x15ac  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:14:22.0104 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\usbohci.sys. Real md5: A6FB7957EA7AFB1165991E54CE934B74, sha256: 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689, fake md5: 9828C8D14CC2676421778F0DE638CF97, fake sha256: 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453
14:14:22.0104 0x15ac  usbohci - detected ForgedFile.Multi.Generic ( 1 )
14:14:25.0221 0x15ac  Detect skipped due to KSN trusted
14:14:25.0221 0x15ac  usbohci - ok
14:14:25.0248 0x15ac  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:14:25.0303 0x15ac  usbprint - ok
14:14:25.0406 0x15ac  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:14:25.0424 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\usbscan.sys. Real md5: 576096CCBC07E7C4EA4F5E6686D6888F, sha256: 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED, fake md5: FC6B21DB4B5B398AB93DBE59CBF11036, fake sha256: A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374
14:14:25.0424 0x15ac  usbscan - detected ForgedFile.Multi.Generic ( 1 )
14:14:28.0056 0x15ac  Detect skipped due to KSN trusted
14:14:28.0056 0x15ac  usbscan - ok
14:14:28.0094 0x15ac  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:14:28.0123 0x15ac  USBSTOR - ok
14:14:28.0166 0x15ac  [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:14:28.0203 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\usbuhci.sys. Real md5: 78780C3EBCE17405B1CCD07A3A8A7D72, sha256: FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9, fake md5: 800AABFD625EEFF899F7E5496BDE37AB, fake sha256: 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2
14:14:28.0203 0x15ac  usbuhci - detected ForgedFile.Multi.Generic ( 1 )
14:14:31.0065 0x15ac  Detect skipped due to KSN trusted
14:14:31.0065 0x15ac  usbuhci - ok
14:14:31.0109 0x15ac  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
14:14:31.0114 0x15ac  UxSms - ok
14:14:31.0145 0x15ac  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc        C:\Windows\system32\lsass.exe
14:14:31.0148 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\lsass.exe. Real md5: 81951F51E318AECC2D68559E47485CC4, sha256: ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B, fake md5: DD17E1573651293D4ED31053795B3471, fake sha256: 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54
14:14:31.0148 0x15ac  VaultSvc - detected ForgedFile.Multi.Generic ( 1 )
14:14:31.0148 0x15ac  Detect skipped due to KSN trusted
14:14:31.0148 0x15ac  VaultSvc - ok
14:14:31.0201 0x15ac  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:14:31.0208 0x15ac  vdrvroot - ok
14:14:31.0443 0x15ac  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
14:14:31.0500 0x15ac  vds - ok
14:14:31.0577 0x15ac  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:14:31.0630 0x15ac  vga - ok
14:14:31.0671 0x15ac  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:14:31.0718 0x15ac  VgaSave - ok
14:14:31.0801 0x15ac  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:14:31.0826 0x15ac  vhdmp - ok
14:14:31.0883 0x15ac  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:14:31.0890 0x15ac  viaagp - ok
14:14:31.0946 0x15ac  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
14:14:31.0952 0x15ac  ViaC7 - ok
14:14:32.0088 0x15ac  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:14:32.0107 0x15ac  viaide - ok
14:14:32.0242 0x15ac  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:14:32.0284 0x15ac  vmbus - ok
14:14:32.0309 0x15ac  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:14:32.0314 0x15ac  VMBusHID - ok
14:14:32.0397 0x15ac  [ 3B8F222B23917C041E4DA29CCC57E7D0, 2764C7A11FD5672FBF72CDD4331F1895B5084664919AD4FC855DFDD451403D4C ] vncmirror       C:\Windows\system32\DRIVERS\vncmirror.sys
14:14:32.0399 0x15ac  vncmirror - ok
14:14:32.0434 0x15ac  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:14:32.0475 0x15ac  volmgr - ok
14:14:32.0575 0x15ac  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:14:32.0622 0x15ac  volmgrx - ok
14:14:32.0860 0x15ac  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:14:32.0869 0x15ac  volsnap - ok
14:14:32.0920 0x15ac  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:14:32.0929 0x15ac  vsmraid - ok
14:14:33.0196 0x15ac  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
14:14:33.0308 0x15ac  VSS - ok
14:14:33.0344 0x15ac  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:14:33.0346 0x15ac  vwifibus - ok
14:14:33.0470 0x15ac  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
14:14:33.0484 0x15ac  W32Time - ok
14:14:33.0641 0x15ac  W3SVC - ok
14:14:33.0668 0x15ac  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:14:33.0686 0x15ac  WacomPen - ok
14:14:33.0707 0x15ac  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:14:33.0710 0x15ac  WANARP - ok
14:14:33.0714 0x15ac  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:14:33.0715 0x15ac  Wanarpv6 - ok
14:14:33.0733 0x15ac  WAS - ok
14:14:34.0152 0x15ac  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:14:34.0245 0x15ac  WatAdminSvc - ok
14:14:34.0432 0x15ac  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
14:14:34.0576 0x15ac  wbengine - ok
14:14:34.0749 0x15ac  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:14:34.0757 0x15ac  WbioSrvc - ok
14:14:34.0890 0x15ac  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:14:34.0904 0x15ac  wcncsvc - ok
14:14:34.0950 0x15ac  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:14:34.0954 0x15ac  WcsPlugInService - ok
14:14:34.0976 0x15ac  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:14:34.0996 0x15ac  Wd - ok
14:14:35.0034 0x15ac  [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:14:35.0121 0x15ac  Suspicious file ( Forged ): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: A840213F1ACDCC175B4D1D5AAEAC0D7A, sha256: B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6, fake md5: 25944D2CC49E0A6C581D02A74B7D6645, fake sha256: AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE
14:14:35.0123 0x15ac  Wdf01000 - detected ForgedFile.Multi.Generic ( 1 )
14:14:37.0981 0x15ac  Detect skipped due to KSN trusted
14:14:37.0982 0x15ac  Wdf01000 - ok
14:14:38.0008 0x15ac  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:14:38.0012 0x15ac  WdiServiceHost - ok
14:14:38.0015 0x15ac  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:14:38.0018 0x15ac  WdiSystemHost - ok
14:14:38.0127 0x15ac  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
14:14:38.0166 0x15ac  Suspicious file ( Forged ): C:\Windows\System32\webclnt.dll. Real md5: A9D880F97530D5B8FEE278923349929D, sha256: 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834, fake md5: 75E8EBD7040CE238684333F97014762A, fake sha256: 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F
14:14:38.0166 0x15ac  WebClient - detected ForgedFile.Multi.Generic ( 1 )
14:14:48.0168 0x15ac  Object is SCO, delete is not allowed
14:14:48.0168 0x15ac  WebClient ( ForgedFile.Multi.Generic ) - warning
14:14:48.0168 0x15ac  Force sending object to P2P due to detect: WebClient
14:14:51.0038 0x15ac  Object send P2P result: true
14:14:53.0897 0x15ac  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:14:53.0904 0x15ac  Wecsvc - ok
14:14:53.0946 0x15ac  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:14:53.0950 0x15ac  wercplsupport - ok
14:14:54.0005 0x15ac  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
14:14:54.0012 0x15ac  WerSvc - ok
14:14:54.0103 0x15ac  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:14:54.0131 0x15ac  WfpLwf - ok
14:14:54.0243 0x15ac  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:14:54.0246 0x15ac  WIMMount - ok
14:14:54.0533 0x15ac  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:14:54.0633 0x15ac  WinDefend - ok
14:14:54.0671 0x15ac  WinHttpAutoProxySvc - ok
14:14:55.0017 0x15ac  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:14:55.0051 0x15ac  Winmgmt - ok
14:14:55.0397 0x15ac  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
14:14:55.0416 0x15ac  WinRM - ok
14:14:55.0476 0x15ac  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:14:55.0513 0x15ac  WinUsb - ok
14:14:56.0299 0x15ac  [ 0DE4BE346217FE574B3DED0650AECFF8, 303280122FD0F714C11A8F688D4C376E7879EEECDDFB0B37111760F0FA1C35B9 ] WinVNC4         C:\Program Files\RealVNC\VNC4\WinVNC4.exe
14:14:56.0357 0x15ac  WinVNC4 - ok
14:14:56.0612 0x15ac  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:14:56.0705 0x15ac  Wlansvc - ok
14:14:56.0837 0x15ac  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:14:56.0918 0x15ac  wlcrasvc - ok
14:14:57.0681 0x15ac  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:14:57.0797 0x15ac  wlidsvc - ok
14:14:57.0854 0x15ac  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:14:57.0856 0x15ac  WmiAcpi - ok
14:14:57.0923 0x15ac  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:14:57.0931 0x15ac  wmiApSrv - ok
14:14:58.0275 0x15ac  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:14:58.0292 0x15ac  WMPNetworkSvc - ok
14:14:58.0320 0x15ac  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:14:58.0325 0x15ac  WPCSvc - ok
14:14:58.0387 0x15ac  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:14:58.0395 0x15ac  WPDBusEnum - ok
14:14:58.0747 0x15ac  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:14:58.0929 0x15ac  ws2ifsl - ok
14:14:59.0000 0x15ac  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
14:14:59.0008 0x15ac  wscsvc - ok
14:14:59.0013 0x15ac  WSearch - ok
14:14:59.0542 0x15ac  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:14:59.0571 0x15ac  wuauserv - ok
14:14:59.0626 0x15ac  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:14:59.0629 0x15ac  WudfPf - ok
14:14:59.0686 0x15ac  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:14:59.0712 0x15ac  WUDFRd - ok
14:14:59.0742 0x15ac  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:14:59.0747 0x15ac  wudfsvc - ok
14:14:59.0861 0x15ac  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4, 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:14:59.0910 0x15ac  Suspicious file ( Forged ): C:\Windows\System32\wwansvc.dll. Real md5: 3C5E51C05BE9B56EAFF4E388C3AB25E4, sha256: 10D9FDEDAB1FB2E76D54661AFA5C1A6B1B0980525F38F5D061537077841C6AEE, fake md5: 7CC38741B8F68F1E0D5D79DA6123666A, fake sha256: F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA
14:14:59.0911 0x15ac  WwanSvc - detected ForgedFile.Multi.Generic ( 1 )
14:15:02.0544 0x15ac  Detect skipped due to KSN trusted
14:15:02.0544 0x15ac  WwanSvc - ok
14:15:02.0569 0x15ac  ================ Scan global ===============================
14:15:02.0629 0x15ac  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:15:02.0718 0x15ac  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:15:02.0749 0x15ac  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:15:02.0829 0x15ac  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:15:02.0947 0x15ac  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:15:02.0997 0x15ac  [ Global ] - ok
14:15:02.0998 0x15ac  ================ Scan MBR ==================================
14:15:03.0049 0x15ac  [ 6188982AEA28899DF8B04FE0722B932E ] \Device\Harddisk0\DR0
14:15:03.0150 0x15ac  Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:15:03.0832 0x15ac  \Device\Harddisk0\DR0 - ok
14:15:03.0835 0x15ac  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:15:03.0839 0x15ac  \Device\Harddisk1\DR1 - ok
14:15:03.0839 0x15ac  ================ Scan VBR ==================================
14:15:03.0859 0x15ac  [ 84568EF2A7FE1F2933D56BA8D7760C40 ] \Device\Harddisk0\DR0\Partition1
14:15:03.0861 0x15ac  \Device\Harddisk0\DR0\Partition1 - ok
14:15:03.0906 0x15ac  [ D184C3E868BDCF42F52E897602E76F78 ] \Device\Harddisk0\DR0\Partition2
14:15:03.0916 0x15ac  \Device\Harddisk0\DR0\Partition2 - ok
14:15:03.0961 0x15ac  [ B8EBE452DB6E62EA6FADCE407205F3D5 ] \Device\Harddisk0\DR0\Partition3
14:15:03.0966 0x15ac  \Device\Harddisk0\DR0\Partition3 - ok
14:15:03.0970 0x15ac  [ FD7C9B251CB6237220D800A06B73F0BE ] \Device\Harddisk1\DR1\Partition1
14:15:04.0011 0x15ac  \Device\Harddisk1\DR1\Partition1 - ok
14:15:04.0012 0x15ac  ================ Scan generic autorun ======================
14:15:04.0688 0x15ac  [ 31B37D8376846E2A711CF13F78571E05, AAE9939CAB153F294F9C4DED12F0EA3E6E6AE31AD96285A9CD3A3D03387D6806 ] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
14:15:04.0779 0x15ac  RtHDVCpl - ok
14:15:04.0989 0x15ac  [ 25107F58D1B8F60D67D1EE95798C0DE8, C3B5205E8818576EBF33E3B9FD8664A498714B823D9128FC1CA0A64F81499263 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
14:15:05.0063 0x15ac  IAStorIcon - ok
14:15:05.0145 0x15ac  [ D0DFF1D0AEA64591ABBDE4BDB5F033E8, E085BDAC25C3E244C2AB4D4F23E50630BA4CA9DAE8183E4356CF992975F1E1AB ] D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
14:15:05.0200 0x15ac  DellBtrEvent - ok
14:15:05.0329 0x15ac  [ F5FBA8724DE219E96D9ABAF4772D31A3, C36CF6E40F831E01BA029B571EFCB46C5EA5A11750D13FE979DDFAE8B916AFFB ] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
14:15:05.0337 0x15ac  RemoteControl9 - ok
14:15:05.0470 0x15ac  [ 38DD8C528516755C37619DB364826055, 6CA2C4D289C56E5AE4A839DC085F379E3E53EFCE1F0EE99F38FCF348D5B42B04 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
14:15:05.0473 0x15ac  PDVD9LanguageShortcut - ok
14:15:05.0597 0x15ac  [ A7749965A3923D024922A86BAAECAFF4, 70CC52E58881F405B334EDE68913EAB1B7FADBFB19B92F42B40E4737C6F073F7 ] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
14:15:05.0673 0x15ac  RoxWatchTray - ok
14:15:05.0956 0x15ac  [ 4164A47F3A2DA7EA44572904C3DF44A4, 192097A694949269CD642C4F832715F48F4448669951D027DBECE9D873E9DA94 ] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
14:15:05.0997 0x15ac  Desktop Disc Tool - ok
14:15:06.0463 0x15ac  [ 97BE1B365FD5619CB06F6FB30483847F, 09CE9F67907871363117572A55F01BC4633435F9AC49D095283A810974AA0B5E ] C:\Program Files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe
14:15:06.0531 0x15ac  BackupAndRecoveryMonitor.exe - ok
14:15:06.0823 0x15ac  [ AB52D3987157C62919177F715C49176C, A15FCCEB08C6AEB587A71B13F434FEE0623A07DD47552FDF2B11EE653CDEF447 ] C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe
14:15:06.0891 0x15ac  AcronisTimounterMonitor - ok
14:15:07.0031 0x15ac  [ 3E8B5DEDD1DA1335E5766A35251EE95F, EB4741AAD34AC81044B1BAA7E749CD6289B5DD5DA005828C89F8B9D388D1B22C ] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
14:15:07.0071 0x15ac  Acronis Scheduler2 Service - ok
14:15:07.0385 0x15ac  [ C5D6536545A2C817E104E5ACCC97C36D, 2C62957175E4965B61B4FE3E2568270776BABB800540C6B6769857C40493A6E6 ] C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe
14:15:07.0454 0x15ac  TrayMonitor.exe - ok
14:15:08.0004 0x15ac  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:15:08.0053 0x15ac  Suspicious file ( Forged ): C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe. Real md5: 48BE298F7FD1BEF4D8FBACB04D8D95C4, sha256: D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB, fake md5: 048EA4B978851788E9F5E8E4F081DF7A, fake sha256: EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC
14:15:08.0054 0x15ac  Adobe ARM - detected ForgedFile.Multi.Generic ( 1 )
14:15:10.0684 0x15ac  Detect skipped due to KSN trusted
14:15:10.0684 0x15ac  Adobe ARM - ok
14:15:10.0920 0x15ac  [ B06B80A4C0324ACF89E73E9BEE2AD64D, 438E72D7A9865A038E9319E1CF326143B5C757282BA112125734017FBE9AA506 ] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
14:15:10.0956 0x15ac  Suspicious file ( Forged ): C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe. Real md5: B06B80A4C0324ACF89E73E9BEE2AD64D, sha256: 438E72D7A9865A038E9319E1CF326143B5C757282BA112125734017FBE9AA506, fake md5: 61ABC99B227B357F6569202C34879A36, fake sha256: 29148D22FDCA3FFE6F92196A7449F4C852AECEDA465334EF591ACBBA26EA4DDE
14:15:10.0956 0x15ac  Adobe Acrobat Speed Launcher - detected ForgedFile.Multi.Generic ( 1 )
14:15:13.0584 0x15ac  Detect skipped due to KSN trusted
14:15:13.0584 0x15ac  Adobe Acrobat Speed Launcher - ok
14:15:13.0720 0x15ac  [ 57AF9F47253E53E94D22C790FA5D6024, 70505CBDE8F8614DE1203A7544F373DF6DCF1E542A6E4ACA8FAA60A65E22B10D ] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
14:15:13.0796 0x15ac  Suspicious file ( Forged ): C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe. Real md5: 57AF9F47253E53E94D22C790FA5D6024, sha256: 70505CBDE8F8614DE1203A7544F373DF6DCF1E542A6E4ACA8FAA60A65E22B10D, fake md5: 363C8F7EB51B14957CA84CD3751C1749, fake sha256: C16998825E70BF9B4EF9D5C322C1158BED03D6E300AC35D814E9A52DBE5ED109
14:15:13.0798 0x15ac  Acrobat Assistant 8.0 - detected ForgedFile.Multi.Generic ( 1 )
14:15:16.0580 0x15ac  Detect skipped due to KSN trusted
14:15:16.0580 0x15ac  Acrobat Assistant 8.0 - ok
14:15:17.0042 0x15ac  [ 4D2F7561D8A840450AABFAD3740B0E6B, 10D26337DE49DF55FCE83E0A7973A53D895B68917940BA8CFBC39D01EC575CA5 ] C:\Program Files\Microsoft Security Client\msseces.exe
14:15:17.0113 0x15ac  Suspicious file ( Forged ): C:\Program Files\Microsoft Security Client\msseces.exe. Real md5: 4D2F7561D8A840450AABFAD3740B0E6B, sha256: 10D26337DE49DF55FCE83E0A7973A53D895B68917940BA8CFBC39D01EC575CA5, fake md5: 882B5B999A71F56D5DF294D93AE1E7D1, fake sha256: 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4
14:15:17.0114 0x15ac  MSC - detected ForgedFile.Multi.Generic ( 1 )
14:15:19.0976 0x15ac  Detect skipped due to KSN trusted
14:15:19.0976 0x15ac  MSC - ok
14:15:20.0066 0x15ac  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:15:20.0099 0x15ac  Suspicious file ( Forged ): C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe. Real md5: 61E4289E91E88C90478D7F4BEB10DCF7, sha256: 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55, fake md5: 94A4D6915D4F572309DF6137E1846528, fake sha256: E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455
14:15:20.0100 0x15ac  APSDaemon - detected ForgedFile.Multi.Generic ( 1 )
14:15:23.0033 0x15ac  Detect skipped due to KSN trusted
14:15:23.0033 0x15ac  APSDaemon - ok
14:15:23.0769 0x15ac  [ 0602F20832451037D9FFAC2B09E447B3, 81C06D1FD5A288414AD4474A8C0D703A49E8495092460541456DD069744C2D6A ] C:\Program Files\Shield\shieldtray.exe
14:15:25.0104 0x15ac  shield - ok
14:15:25.0648 0x15ac  [ 70F40294A8BF20CF0A5473BC60730BD5, 463BB26929FC939957A9C1A610271D41D9BED8094D6B362CA0C96ACAB3B33B32 ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
14:15:25.0800 0x15ac  Suspicious file ( Forged ): C:\Program Files\Logitech\SetPointP\SetPoint.exe. Real md5: 70F40294A8BF20CF0A5473BC60730BD5, sha256: 463BB26929FC939957A9C1A610271D41D9BED8094D6B362CA0C96ACAB3B33B32, fake md5: 8AFA9E689D0517A7F99928C62880A1D0, fake sha256: EE8425858198D345262F8F75DF6082422A3487A2A6DECEA9FAAFBED9603D8163
14:15:25.0803 0x15ac  EvtMgr6 - detected ForgedFile.Multi.Generic ( 1 )
14:15:35.0803 0x15ac  EvtMgr6 ( ForgedFile.Multi.Generic ) - warning
14:15:35.0803 0x15ac  Force sending object to P2P due to detect: C:\Program Files\Logitech\SetPointP\SetPoint.exe
14:15:38.0838 0x15ac  Object send P2P result: true
14:15:41.0628 0x15ac  CDAServer - ok
14:15:42.0172 0x15ac  [ 8DDA2B606279753601F9415DA503CA63, 2C9AD8218E150B6D50817991377ED3230A1672EFBD7AE29D0CD9E55E2418C800 ] C:\Program Files\QuickTime Alternative\QTTask.exe
14:15:42.0444 0x15ac  Suspicious file ( Forged ): C:\Program Files\QuickTime Alternative\QTTask.exe. Real md5: 8DDA2B606279753601F9415DA503CA63, sha256: 2C9AD8218E150B6D50817991377ED3230A1672EFBD7AE29D0CD9E55E2418C800, fake md5: 08E7173D1B74095335052459200CB1EA, fake sha256: 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F
14:15:42.0445 0x15ac  QuickTime Task - detected ForgedFile.Multi.Generic ( 1 )
14:15:45.0068 0x15ac  Detect skipped due to KSN trusted
14:15:45.0068 0x15ac  QuickTime Task - ok
14:15:45.0185 0x15ac  [ 4476C54D84C792E6B9ECFE4C68BE50D0, 5F82A8EF8131EBD9B465E33604CB9E6A81C53588F4CF476CB2C1E97F2C8EDC11 ] C:\Program Files\iTunes\iTunesHelper.exe
14:15:45.0202 0x15ac  Suspicious file ( Forged ): C:\Program Files\iTunes\iTunesHelper.exe. Real md5: 4476C54D84C792E6B9ECFE4C68BE50D0, sha256: 5F82A8EF8131EBD9B465E33604CB9E6A81C53588F4CF476CB2C1E97F2C8EDC11, fake md5: D2E3E6D94A9E1CFA1561D9C748136FD0, fake sha256: C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3
14:15:45.0203 0x15ac  iTunesHelper - detected ForgedFile.Multi.Generic ( 1 )
14:15:48.0340 0x15ac  Detect skipped due to KSN trusted
14:15:48.0340 0x15ac  iTunesHelper - ok
14:15:48.0576 0x15ac  [ D4B2479756A397805ACEA19BA3596E2A, C9683EFB1713B1775EFD7B1B9FE7A3FF2B8B0A7007B4CE45CF4CBA62A7D5A9C5 ] C:\Program Files\Sandboxie\SbieCtrl.exe
14:15:48.0732 0x15ac  Suspicious file ( Forged ): C:\Program Files\Sandboxie\SbieCtrl.exe. Real md5: D4B2479756A397805ACEA19BA3596E2A, sha256: C9683EFB1713B1775EFD7B1B9FE7A3FF2B8B0A7007B4CE45CF4CBA62A7D5A9C5, fake md5: 9BA7143CA1769BFE8A5FC03F523F2EE5, fake sha256: 2323CBBF3FB32E946D274E9B1532253BFB0918D3B816A8193C603A0F8315B67A
14:15:48.0733 0x15ac  SandboxieControl - detected ForgedFile.Multi.Generic ( 1 )
14:15:51.0357 0x15ac  Detect skipped due to KSN trusted
14:15:51.0357 0x15ac  SandboxieControl - ok
14:15:51.0851 0x15ac  [ 760DF1D09A91781F25F178595E4FDC47, D2DA41AE69770F84FBDCC1B218ED18AF3CB08193DA044D7BF215EEB85887B13A ] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
14:15:51.0972 0x15ac  Suspicious file ( Forged ): C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe. Real md5: 760DF1D09A91781F25F178595E4FDC47, sha256: D2DA41AE69770F84FBDCC1B218ED18AF3CB08193DA044D7BF215EEB85887B13A, fake md5: D318DFC1700449A74C5E28A451DBAD5B, fake sha256: 7C3A5199A1CF9BE39C7DFE3F11E2A902469B5B99205D2D80C18B9B64B87642A3
14:15:51.0973 0x15ac  Adobe Acrobat Synchronizer - detected ForgedFile.Multi.Generic ( 1 )
14:15:55.0161 0x15ac  Detect skipped due to KSN trusted
14:15:55.0161 0x15ac  Adobe Acrobat Synchronizer - ok
14:15:56.0565 0x15ac  [ 75104EF85D639C0976DBC4A1C76D30A4, 2DC45D11E82815753D4E74BBEA5FCA1EBA1390A76249906974C96DDFA368CEED ] C:\Program Files\LifeSize\Connections\LifeSizeConnections.exe
14:15:56.0721 0x15ac  LifeSize Connections - ok
14:15:56.0784 0x15ac  [ 19384B2D2976C16971DA567653D5DF95, FA5F129C5EC69B4BAA2A9B4094396B5DCABA79DDDFB31B20AB4FDF5A6BA7B53E ] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
14:15:56.0830 0x15ac  Suspicious file ( Forged ): C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe. Real md5: 19384B2D2976C16971DA567653D5DF95, sha256: FA5F129C5EC69B4BAA2A9B4094396B5DCABA79DDDFB31B20AB4FDF5A6BA7B53E, fake md5: 799BCC829F48F19C5689478179060435, fake sha256: 495C6E363982F7BE1785A46C12ED4AC99E0AF98F340F1CE3C55D39EBE6FE33AA
14:15:56.0831 0x15ac  ApplePhotoStreams - detected ForgedFile.Multi.Generic ( 1 )
14:15:59.0460 0x15ac  Detect skipped due to KSN trusted
14:15:59.0461 0x15ac  ApplePhotoStreams - ok
14:15:59.0512 0x15ac  LDM - ok
14:15:59.0549 0x15ac  [ C7391769FCD6E04196EE8CA831E2C7E8, 0F23B04F349328183D8BFEF2A6BB67B0E87F154171DE68E31536ABDCBDFFA67D ] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
14:15:59.0575 0x15ac  Suspicious file ( Forged ): C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe. Real md5: C7391769FCD6E04196EE8CA831E2C7E8, sha256: 0F23B04F349328183D8BFEF2A6BB67B0E87F154171DE68E31536ABDCBDFFA67D, fake md5: 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, fake sha256: 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59
14:15:59.0575 0x15ac  iCloudServices - detected ForgedFile.Multi.Generic ( 1 )
14:16:02.0558 0x15ac  Detect skipped due to KSN trusted
14:16:02.0558 0x15ac  iCloudServices - ok
14:16:02.0559 0x15ac  AppleIEDAV - ok
14:16:02.0716 0x15ac  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
14:16:02.0851 0x15ac  Sidebar - ok
14:16:02.0949 0x15ac  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
14:16:02.0975 0x15ac  mctadmin - ok
14:16:03.0018 0x15ac  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
14:16:03.0034 0x15ac  Sidebar - ok
14:16:03.0041 0x15ac  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
14:16:03.0044 0x15ac  mctadmin - ok
14:16:03.0071 0x15ac  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
14:16:03.0087 0x15ac  Sidebar - ok
14:16:03.0092 0x15ac  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
14:16:03.0095 0x15ac  mctadmin - ok
14:16:03.0096 0x15ac  Waiting for KSN requests completion. In queue: 6
14:16:04.0096 0x15ac  Waiting for KSN requests completion. In queue: 6
14:16:05.0096 0x15ac  Waiting for KSN requests completion. In queue: 6
14:16:06.0109 0x15ac  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )
14:16:06.0112 0x15ac  Win FW state via NFP2: enabled
14:16:08.0811 0x15ac  ============================================================
14:16:08.0811 0x15ac  Scan finished
14:16:08.0811 0x15ac  ============================================================
14:16:08.0830 0x0bd8  Detected object count: 6
14:16:08.0830 0x0bd8  Actual detected object count: 6
14:16:57.0599 0x0bd8  dSSEventSvc ( ForgedFile.Multi.Generic ) - skipped by user
14:16:57.0599 0x0bd8  dSSEventSvc ( ForgedFile.Multi.Generic ) - User select action: Skip 
14:16:57.0600 0x0bd8  GoToMyPC ( ForgedFile.Multi.Generic ) - skipped by user
14:16:57.0600 0x0bd8  GoToMyPC ( ForgedFile.Multi.Generic ) - User select action: Skip 
14:16:57.0600 0x0bd8  Ntfs ( ForgedFile.Multi.Generic ) - skipped by user
14:16:57.0600 0x0bd8  Ntfs ( ForgedFile.Multi.Generic ) - User select action: Skip 
14:16:57.0601 0x0bd8  usbccgp ( ForgedFile.Multi.Generic ) - skipped by user
14:16:57.0601 0x0bd8  usbccgp ( ForgedFile.Multi.Generic ) - User select action: Skip 
14:16:57.0602 0x0bd8  WebClient ( ForgedFile.Multi.Generic ) - skipped by user
14:16:57.0602 0x0bd8  WebClient ( ForgedFile.Multi.Generic ) - User select action: Skip 
14:16:57.0602 0x0bd8  EvtMgr6 ( ForgedFile.Multi.Generic ) - skipped by user
14:16:57.0602 0x0bd8  EvtMgr6 ( ForgedFile.Multi.Generic ) - User select action: Skip 
--------------------------------------------------------------------------------------------------------------------

ADW Cleaner log:

 

 

# AdwCleaner v3.216 - Report created 18/07/2014 at 13:55:56
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : nicole - NICOLE-PC
# Running from : C:\Users\nicole\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\System32\Tasks\Digital Sites
Folder Found : C:\Users\nicole\AppData\Roaming\DigitalSites
Folder Found : C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bn5gwpx7.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5F30C80-9B96-4981-885E-290D60B0E4E7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5F30C80-9B96-4981-885E-290D60B0E4E7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bn5gwpx7.default\prefs.js ]
 
Line Found : user_pref("extensions.enabledItems", "{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908,web2pdfextension@web2pdf.adobedotcom:1.2,{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31,toolbar@ask.com:3.13.1.1000[...]
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\nicole\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3740 octets] - [18/07/2014 13:55:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3800 octets] ##########
-----------------------------------------------------------------------------------------------------------
 
JRT Log: 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by nicole on Fri 07/18/2014 at 14:35:34.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/18/2014 at 14:39:00.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:56 AM

Posted 18 July 2014 - 03:27 PM

Ok good.. It can be very long it just depends on a lot of things..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 July 2014 - 07:50 AM

Below is the ESETScan log: 

 

C:\Support\d7\3rd Party Tools\mtbtoolkit\Windows Updates\AllMyApps\Allmyapps_TSV46Y6BY.exe a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined



#6 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 July 2014 - 08:30 AM

I just ran Malwarebytes Pro again and the PUPS are all still there. What should I do next?



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:56 AM

Posted 21 July 2014 - 03:08 PM

Hi... You did after running MBAM and view the  results and select ‘Check all items‘ then click ‘Remove Selected‘.

 

If it still persists we  to restore your settings from your favorite browser to default settings to remove Mndspark.

If you need help with that, I need to know your browser.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:56 AM

Posted 21 July 2014 - 03:51 PM

We need to see the complete results of your Malwarebytes scan. If you cannot use copy and paste, then we really need a screenshot of the exact detections.

How do I post a screen shot?

You can also create a screenshot, upload it to an image site such as Photobucket, Glowfoto, TinyPic or ImageShack and provide a link to the url address back here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 jane doe

jane doe
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 22 July 2014 - 10:49 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/22/2014
Scan Time: 10:37:44 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.22.03
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: nicole
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 459412
Time Elapsed: 18 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 18
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com, Quarantined, [3170f3ad314a59ddbf25109e42c003fd], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\chrome, Quarantined, [3170f3ad314a59ddbf25109e42c003fd], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\chrome, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\thirdpartyinstallers, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\gen1, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\ie9mesg, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\message, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\settings, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\settings, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\myfuncards_5m, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\myfuncards_5m\cache, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
 
Files: 125
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\afd.sys, Replace-on-Reboot, [9ebbba55060f786f0fcaa3893bfa2806], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\cng.sys, Replace-on-Reboot, [247b4ce2dab1160cd422d532d5241e1f], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\Diskdump.sys, Replace-on-Reboot, [d0f0d7a97c90fe72a79732812e65f822], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\drmk.sys, Replace-on-Reboot, [27f9288af019e6daca281ede51ff5928], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys, Replace-on-Reboot, [16498ebc04ae9dd07049a8884b205c05], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys, Replace-on-Reboot, [cb7a9abb12b8415bce5d74994c7ba3ae], 
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\FWPKCLNT.SYS, Replace-on-Reboot, [aab149ee616952bb84308c28e75ed20d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\bootstrap.js, Quarantined, [3170f3ad314a59ddbf25109e42c003fd], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\chrome.manifest, Quarantined, [3170f3ad314a59ddbf25109e42c003fd], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\install.rdf, Quarantined, [3170f3ad314a59ddbf25109e42c003fd], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\installkeys.js, Quarantined, [3170f3ad314a59ddbf25109e42c003fd], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\roaming\mozilla\firefox\profiles\bn5gwpx7.default\extensions\5mffxtbr@myfuncards_5m.com\chrome\5mffxtbr.jar, Quarantined, [3170f3ad314a59ddbf25109e42c003fd], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mmlbtn.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mauxstb.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbar.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbarsvc.exe, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbprtct.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbrmon.exe, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mbrstub.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mdatact.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mdlghk.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mdyn.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mfeedmg.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mhighin.exe, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mhkstub.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mhtmlmu.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mhttpct.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5midle.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mieovr.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mimpipe.exe, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mmedint.exe, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mmsg.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mplugin.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mradio.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mregfft.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mreghk.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mregiet.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mscript.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mskin.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5msknlcr.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mskplay.exe, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5msrcas.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5msrchmn.exe, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5mtpinst.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\5muabtn.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\bootstrap.js, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\chrome.manifest, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\crext.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\crextp5m.exe, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\install.rdf, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\installkeys.js, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\logo.bmp, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\np5mstub.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8extex.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8extpex.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8html.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8res.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\t8ticker.dll, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\1.bin\chrome\5mffxtbr.jar, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\gen1\common.t8s, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\ie9mesg\common.t8s, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\message\common.t8s, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\program files\myfuncards_5m\bar\settings\s_pid.dat, Quarantined, [a9f8762a4f2c221481720da1e41efe02], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ldb.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lobm.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\btmarrow.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\cancel.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\config.js, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\continue.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\dispatch.js, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\divider.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\gcancel.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\index.htm, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\infobar.js, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\jquery.js, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\la.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lbcs.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lbms.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lca.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lcfc.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lcm.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lcs.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lcso.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lctn.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ldbg.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lddg.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lff.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lffb.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lg.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lgs.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lgw.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lha.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lhp.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lia.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\liwon.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lkazulah.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmd.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmfc.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmh.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmma.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmosh.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmwf.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lmws.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\loryte.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lpss.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lqc.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lrb.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lrg.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lrr.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lsc.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lscr.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lsi.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lssd.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ltrs.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ltvf.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lvs.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lwb.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lwf.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\lzwinky.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\ok.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\overlay.js, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\pid.js, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\qstring.js, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\shield.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\spacer.swf, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\toolbar.js, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\yelgrey.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\yellowbg.png, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\zenable.css, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\zenable.htm, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\ie9mesg\common\zenable.js, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
PUP.Optional.MindSpark.A, c:\users\nicole\appdata\locallow\myfuncards_5m\bar\settings\s_ie9mrd.dat, Quarantined, [1190b5ebd1aa57dff93cc5f1d42e936d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:56 AM

Posted 22 July 2014 - 02:41 PM

Sorry for the delay, we lost internet here for several hours.
 
 So that just keeps returning  with every scan? If so, We will need a deeper look at the cause.
 
Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users