[RESOLVED] Got a positive on Malwarebytes - Broni can you review and guide

Printable View

Show 40 post(s) from this thread on one page

February 24th, 2014, 11:41 AM
daveandrita1

[RESOLVED] Got a positive on Malwarebytes - Broni can you review and guide

LOGS:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.23.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dave :: DAVE-PC [administrator]

2/23/2014 10:31:08 AM
mbam-log-2014-02-23 (10-31-08).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 418401
Time elapsed: 2 hour(s), 10 minute(s), 15 second(s)

Memory Processes Detected: 1
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Savingsbull) -> 648 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKLM\SYSTEM\CurrentControlSet\Services\Level Quality Watcher (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCU\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Savings Bull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> Delete on reboot.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0 (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

Files Detected: 106
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Savingsbull) -> Delete on reboot.
C:\Program Files\SavingsBull\IEOptimizer.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVD2O93C\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\background.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\bootstrap.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon128.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon16.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon32.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon48.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon64.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\icon8.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\manifest.json (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb\5.0_0\marcopolo.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\bootstrap.js.old (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\CustomActionInstall (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\CustomActionUninstall (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_addonkit_page-mod.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_addonkit_private-browsing.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_addonkit_request.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_addonkit_windows.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_addon_runner.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_api-utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_base64.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_byte-streams.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_collection.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_content.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_cortex.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_cuddlefish.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_deprecate.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_environment.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_errors.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_events.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_file.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_functional.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_globals.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_heritage.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_hidden-frame.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_light-traits.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_list.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_loader.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_match-pattern.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_memory.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_namespace.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_observer-service.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_plain-text-console.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_preferences-service.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_promise.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_querystring.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_runtime.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_sandbox.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_self.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_system.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_text-streams.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_timer.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_traceback.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_traits.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_unload.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_url.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_uuid.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_window-utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_xhr.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_xpcom.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_base_xul-app.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_bootstrap.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_content_content-proxy.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_content_content-worker.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_content_loader.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_content_symbiont.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_content_worker.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_dom_events.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_events_assembler.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_event_core.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_event_target.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_harness-options.json (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_icon.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_icon64.png (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_install.rdf (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_l10n_core.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_l10n_html.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_l10n_loader.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_l10n_locale.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_l10n_prefs.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_locales.json (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_main.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_main.js.old (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_prefs.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_privatebrowsing_utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_system_events.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_tabs_events.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_tabs_observer.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_tabs_tab.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_tabs_utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_traits_core.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_utils_data.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_utils_object.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_utils_registry.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_utils_thumbnail.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_windows_dom.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_windows_loader.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_windows_observer.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_windows_tabs.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\ff_window_utils.js (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.
C:\Program Files\SavingsBull\SendJson.dll (PUP.Optional.SavingsBull.A) -> Quarantined and deleted successfully.

(end)

RAN ADWCLEANER - LOG:
# AdwCleaner v3.019 - Report created 23/02/2014 at 13:04:20
# Updated 17/02/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Dave - DAVE-PC
# Running from : D:\downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\Softonic-Eng7
Folder Deleted : C:\Users\Dave\AppData\Local\PackageAware
Folder Deleted : C:\Users\Dave\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dave\AppData\LocalLow\Softonic-Eng7
Folder Deleted : C:\Users\Dave\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Dave\AppData\Roaming\DSite
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EC5CCD5-DCF1-4F20-A3F2-7E3BBFF44D7B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EC5CCD5-DCF1-4F20-A3F2-7E3BBFF44D7B}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5e578dd9b73ced17
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{990F43D0-0616-46A9-AF65-9508B620C243}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\bearsharemediabartb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Softonic-Eng7
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Softonic-Eng7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic-Eng7 Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [7049 octets] - [23/02/2014 13:02:16]
AdwCleaner[S0].txt - [7175 octets] - [23/02/2014 13:04:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7235 octets] ##########

RAN HITMAN - LOG:

Code:

HitmanPro 3.7.9.212 www.hitmanpro.com Computer name . . . . : DAVE-PC Windows . . . . . . . : 6.0.2.6002.X86/2 User name . . . . . . : Dave-PC\Dave UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2014-02-23 13:32:07 Scan mode . . . . . . : Normal Scan duration . . . . : 20m 55s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 1,994,211 Files scanned . . . . : 19,876 Remnants scanned . . : 285,825 files / 1,688,510 keys Cookies _____________________________________________________________________ C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cookies:hammacher.112.2o7.net C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\910JFILY.txt C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Cookies\DGSEA2N0.txt

RAN ASWMBR - LOG:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-24 10:03:17
-----------------------------
10:03:17.901 OS Version: Windows 6.0.6002 Service Pack 2
10:03:17.901 Number of processors: 2 586 0x6801
10:03:17.903 ComputerName: DAVE-PC UserName: Dave
10:03:19.190 Initialize success
10:03:23.616 AVAST engine defs: 14022301
10:04:00.176 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
10:04:00.180 Disk 0 Vendor: ST9120822AS 3.BHE Size: 114473MB BusType: 3
10:04:00.184 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-6
10:04:00.187 Disk 1 Vendor: ST9120822AS 3.BHE Size: 114473MB BusType: 3
10:04:00.468 Disk 0 MBR read successfully
10:04:00.472 Disk 0 MBR scan
10:04:00.478 Disk 0 Windows VISTA default MBR code
10:04:00.483 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 105850 MB offset 63
10:04:00.518 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7528 MB offset 216781110
10:04:00.549 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1092 MB offset 232200192
10:04:00.591 Disk 0 scanning sectors +234436608
10:04:00.839 Disk 0 scanning C:\Windows\system32\drivers
10:04:20.938 Service scanning
10:04:56.618 Modules scanning
10:05:05.419 Disk 0 trace - called modules:
10:05:05.451 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
10:05:05.459 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859b6780]
10:05:05.468 3 CLASSPNP.SYS[88bab8b3] -> nt!IofCallDriver -> [0x857a8920]
10:05:05.476 5 acpi.sys[884106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84e1ab98]
10:05:06.097 AVAST engine scan C:\Windows
10:05:08.689 AVAST engine scan C:\Windows\system32
10:09:41.177 AVAST engine scan C:\Windows\system32\drivers
10:10:12.386 AVAST engine scan C:\Users\Dave
10:17:09.434 AVAST engine scan C:\ProgramData
10:19:58.278 Scan finished successfully
10:24:39.338 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"
10:24:39.347 The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"

Need to know what else I need to do - see private email for more info on system issues.

I'm running Windows Vista on a HP dv9500 lap top. Thanks!
February 24th, 2014, 12:57 PM
Broni
You've been to this forum before so you should know better...

Please complete all steps listed here: http://discussions.virtualdr.com/sho...d-4-28-2013%29

Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
February 24th, 2014, 09:25 PM
daveandrita1

Sorry, it has been so long I didn't mean to misstep. Thanks for reminding of the steps. Will have something new for you tomorrow.
February 24th, 2014, 09:38 PM
Broni

http://discussions.virtualdr.com/
February 24th, 2014, 09:58 PM
daveandrita1

DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533 BrowserJavaVersion: 10.51.2
Run by Dave at 20:50:09 on 2014-02-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.931 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\SlimCleaner+\SlimServiceFactory.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
D:\downloads\x9r72xro.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uSearch Bar = Preserve
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [75B0C53D49D5CF4882A1C47CE2D857073EEAC1C5._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\22c15524-7701-4e94-a75d-b4ac4eb06ce1.exe /check
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoThumbnailCache = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{166FE80A-742B-470C-A759-1E930A54C1A9} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-18 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-18 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-25 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-25 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-25 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-25 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-23 21504]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-11-4 1228504]
R2 SlimService;SlimWare Utility Service Launcher;c:\program files\slimcleaner+\SlimServiceFactory.exe [2013-10-30 211264]
R3 BTWAMPFL;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2013-7-23 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2013-7-23 33832]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-11-4 16024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-11-4 660184]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2013-3-19 227896]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2011-4-13 45464]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-8-30 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-02-24 14:11:16 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2014-02-24 14:11:16 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2014-02-24 14:11:16 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2014-02-24 14:11:16 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2014-02-24 14:11:15 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2014-02-24 14:11:15 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2014-02-24 14:11:15 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2014-02-23 21:40:51 -------- d-----w- C:\DRIVERS
2014-02-23 18:01:56 -------- d-----w- C:\AdwCleaner
2014-02-23 15:01:59 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2014-02-21 20:27:58 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{373094f0-0c04-40cd-993d-42e1986eedb1}\mpengine.dll
2014-02-16 06:02:19 49940480 ----a-w- c:\program files\GUTC39C.tmp
2014-02-16 06:02:19 -------- d-----w- c:\program files\GUMC39B.tmp
2014-02-11 18:41:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-01-27 12:40:45 -------- d-----w- c:\program files\iPod
2014-01-27 12:39:28 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-27 12:39:28 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2014-02-23 13:59:47 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-02-23 05:59:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 05:59:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-11 17:07:56 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-11 17:07:56 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-11 17:07:55 43152 ----a-w- c:\windows\avastSS.scr
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-17 18:46:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-06 14:36:50 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-18 11:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-01 18:17:34 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-13 05:01:59 50053120 ----a-w- c:\program files\GUT16D5.tmp
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST9120822AS rev.3.BHE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
error: Read Insufficient system resources exist to complete the requested service.
.
============= FINISH: 20:51:24.76 ===============

Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2007 7:11:41 PM
System Uptime: 2/24/2014 9:15:43 AM (11 hours ago)
.
Motherboard: Quanta | | 30D1
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 103 GiB total, 17.238 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 65.688 GiB free.
E: is FIXED (NTFS) - 7 GiB total, 0.735 GiB free.
G: is FIXED (NTFS) - 1 GiB total, 1.017 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Aventail Access Manager
Aventail Web Proxy Agent
Bing Rewards Client Installer
Bluetooth by hp
Bonjour
Conexant HD Audio
D3DX10
DeductionPro 2007
Defraggler
EPSON Printer Software
EPSON Scan
ESU for Microsoft Vista
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0056
HP Wireless Assistant
HPNetworkAssistant
iCloud
ImageMixer3
iTunes
iTunes Sync 1.5.1
Java 7 Update 51
Java Auto Updater
LightScribe 1.6.43.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Default Manager
Microsoft Excel 97
Microsoft IntelliPoint 8.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 97
Microsoft Works
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OGA Notifier 2.0.0048.0
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
QLBCASL
QuickPlay SlingPlayer 0.4.6
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
RICOH Media Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
SavingsBull
Secunia PSI (3.0.0.9015)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Segoe UI
Shutterfly Express Uploader
SlimCleaner+
SlimDrivers
SmartAudio
SpeedFan (remove only)
swMSM
Synaptics Pointing Device Driver
TaxCut Kentucky 2007
TaxCut Kentucky 2008
TaxCut Premium + State + Efile 2008
TaxCut Premium + State 2007
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Movie Maker 2.6
WinFF 1.5 (Codename EMMA)
Wizard101
.
==== End Of File ===========================
February 24th, 2014, 10:29 PM
Broni
Download TDSSKiller and save it to your desktop.
- Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
February 25th, 2014, 08:25 AM
daveandrita1

log part 1:

06:59:19.0230 0x0d84 TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
06:59:24.0176 0x0d84 ============================================================
06:59:24.0176 0x0d84 Current date / time: 2014/02/25 06:59:24.0176
06:59:24.0176 0x0d84 SystemInfo:
06:59:24.0176 0x0d84
06:59:24.0176 0x0d84 OS Version: 6.0.6002 ServicePack: 2.0
06:59:24.0176 0x0d84 Product type: Workstation
06:59:24.0176 0x0d84 ComputerName: DAVE-PC
06:59:24.0176 0x0d84 UserName: Dave
06:59:24.0176 0x0d84 Windows directory: C:\Windows
06:59:24.0176 0x0d84 System windows directory: C:\Windows
06:59:24.0176 0x0d84 Processor architecture: Intel x86
06:59:24.0176 0x0d84 Number of processors: 2
06:59:24.0176 0x0d84 Page size: 0x1000
06:59:24.0176 0x0d84 Boot type: Normal boot
06:59:24.0176 0x0d84 ============================================================
06:59:28.0367 0x0d84 KLMD registered as C:\Windows\system32\drivers\04631031.sys
06:59:29.0180 0x0d84 System UUID: {2E700F4F-E831-B048-BAEC-46C415093DB3}
06:59:30.0197 0x0d84 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:59:30.0347 0x0d84 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:59:30.0351 0x0d84 ============================================================
06:59:30.0352 0x0d84 \Device\Harddisk0\DR0:
06:59:30.0473 0x0d84 MBR partitions:
06:59:30.0473 0x0d84 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCEBD0F7
06:59:30.0473 0x0d84 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCEBD136, BlocksNum 0xEB4688
06:59:30.0473 0x0d84 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDD71800, BlocksNum 0x222000
06:59:30.0473 0x0d84 \Device\Harddisk1\DR1:
06:59:30.0592 0x0d84 MBR partitions:
06:59:30.0592 0x0d84 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
06:59:30.0592 0x0d84 ============================================================
06:59:30.0649 0x0d84 C: <-> \Device\Harddisk0\DR0\Partition1
06:59:30.0663 0x0d84 D: <-> \Device\Harddisk1\DR1\Partition1
06:59:30.0744 0x0d84 E: <-> \Device\Harddisk0\DR0\Partition2
06:59:30.0898 0x0d84 G: <-> \Device\Harddisk0\DR0\Partition3
06:59:30.0898 0x0d84 ============================================================
06:59:30.0898 0x0d84 Initialize success
06:59:30.0898 0x0d84 ============================================================
06:59:33.0500 0x0990 ============================================================
06:59:33.0508 0x0990 Scan started
06:59:33.0508 0x0990 Mode: Manual;
06:59:33.0508 0x0990 ============================================================
06:59:33.0508 0x0990 KSN ping started
06:59:36.0393 0x0990 KSN ping finished: true
06:59:38.0330 0x0990 ================ Scan system memory ========================
06:59:38.0330 0x0990 System memory - ok
06:59:38.0331 0x0990 ================ Scan services =============================
06:59:38.0948 0x0990 [ 1C46DB7455C8BAA1CDA105BE636EA2BD, 2A4FC9D8772515EA7C669DA15756C5906DA1897362317093FABA0B8279EF8B28 ] ACPI C:\Windows\system32\drivers\acpi.sys
06:59:38.0977 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\acpi.sys. Real md5: 1C46DB7455C8BAA1CDA105BE636EA2BD, sha256: 2A4FC9D8772515EA7C669DA15756C5906DA1897362317093FABA0B8279EF8B28, fake md5: 82B296AE1892FE3DBEE00C9CF92F8AC7, fake sha256: 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3
06:59:38.0979 0x0990 ACPI - detected ForgedFile.Multi.Generic ( 1 )
06:59:42.0294 0x0990 Detect skipped due to KSN trusted
06:59:42.0314 0x0990 ACPI - ok
06:59:42.0570 0x0990 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
06:59:42.0578 0x0990 AdobeARMservice - ok
06:59:42.0652 0x0990 [ 11B230D43C64DEE264408B7BB74532C5, 3FE72D6BD5C5B868A941813F862C1A3D7093AFBCBD4E25298358E98D71FE48FE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:59:42.0698 0x0990 Suspicious file ( Forged ): C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe. Real md5: 11B230D43C64DEE264408B7BB74532C5, sha256: 3FE72D6BD5C5B868A941813F862C1A3D7093AFBCBD4E25298358E98D71FE48FE, fake md5: F7AB315A4D400CA876381D1E188A2E20, fake sha256: B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91
06:59:42.0700 0x0990 AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Generic ( 1 )
06:59:45.0409 0x0990 Detect skipped due to KSN trusted
06:59:45.0409 0x0990 AdobeFlashPlayerUpdateSvc - ok
06:59:45.0468 0x0990 [ 180296C9364B330492245C6A906DFD21, 36C797CB255B9EAB782443C287323083947CD28DDC6FC491D5A7804885FD2502 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
06:59:45.0514 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\adp94xx.sys. Real md5: 180296C9364B330492245C6A906DFD21, sha256: 36C797CB255B9EAB782443C287323083947CD28DDC6FC491D5A7804885FD2502, fake md5: 2EDC5BBAC6C651ECE337BDE8ED97C9FB, fake sha256: 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC
06:59:45.0516 0x0990 adp94xx - detected ForgedFile.Multi.Generic ( 1 )
06:59:48.0317 0x0990 Object is SCO, delete is not allowed
06:59:48.0317 0x0990 adp94xx ( ForgedFile.Multi.Generic ) - warning
06:59:50.0965 0x0990 [ F583BF71EEBE44D9D68EE1E2C95FA182, EE41902D21A9B241D368A01C99E98FAB22140A2AEA3706AAE879DD1BFC8993F5 ] adpahci C:\Windows\system32\drivers\adpahci.sys
06:59:51.0006 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\adpahci.sys. Real md5: F583BF71EEBE44D9D68EE1E2C95FA182, sha256: EE41902D21A9B241D368A01C99E98FAB22140A2AEA3706AAE879DD1BFC8993F5, fake md5: B84088CA3CDCA97DA44A984C6CE1CCAD, fake sha256: 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1
06:59:51.0008 0x0990 adpahci - detected ForgedFile.Multi.Generic ( 1 )
06:59:53.0720 0x0990 Detect skipped due to KSN trusted
06:59:53.0720 0x0990 adpahci - ok
06:59:53.0776 0x0990 [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
06:59:53.0799 0x0990 adpu160m - ok
06:59:53.0814 0x0990 [ 6B6E34A9C063B2F426C4C635B6A224BE, 5F2668928038E283881431BED13B71164382A24A6BC94043D3AB19E0419BDCAE ] adpu320 C:\Windows\system32\drivers\adpu320.sys
06:59:53.0832 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\adpu320.sys. Real md5: 6B6E34A9C063B2F426C4C635B6A224BE, sha256: 5F2668928038E283881431BED13B71164382A24A6BC94043D3AB19E0419BDCAE, fake md5: 9AE713F8E30EFC2ABCCD84904333DF4D, fake sha256: B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087
06:59:53.0833 0x0990 adpu320 - detected ForgedFile.Multi.Generic ( 1 )
06:59:56.0465 0x0990 Object is SCO, delete is not allowed
06:59:56.0485 0x0990 adpu320 ( ForgedFile.Multi.Generic ) - warning
06:59:56.0485 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\drivers\adpu320.sys
07:00:04.0628 0x0990 Object send P2P result: true
07:00:07.0275 0x0990 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:00:07.0277 0x0990 AeLookupSvc - ok
07:00:07.0341 0x0990 [ C9C34C252C2DE3DCAB88D01562FDB965, F6B33799CD70015A44D93EEDEE643F0CEDD8379E7A6906645BB3D8119F0A0FD1 ] AFD C:\Windows\system32\drivers\afd.sys
07:00:07.0387 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\afd.sys. Real md5: C9C34C252C2DE3DCAB88D01562FDB965, sha256: F6B33799CD70015A44D93EEDEE643F0CEDD8379E7A6906645BB3D8119F0A0FD1, fake md5: 3911B972B55FEA0478476B2E777B29FA, fake sha256: 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD
07:00:07.0389 0x0990 AFD - detected ForgedFile.Multi.Generic ( 1 )
07:00:10.0289 0x0990 Detect skipped due to KSN trusted
07:00:10.0290 0x0990 AFD - ok
07:00:10.0351 0x0990 [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:00:10.0367 0x0990 agp440 - ok
07:00:10.0422 0x0990 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
07:00:10.0431 0x0990 aic78xx - ok
07:00:10.0469 0x0990 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
07:00:10.0473 0x0990 ALG - ok
07:00:10.0525 0x0990 [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide C:\Windows\system32\drivers\aliide.sys
07:00:10.0525 0x0990 aliide - ok
07:00:10.0572 0x0990 [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
07:00:10.0572 0x0990 amdagp - ok
07:00:10.0588 0x0990 [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide C:\Windows\system32\drivers\amdide.sys
07:00:10.0603 0x0990 amdide - ok
07:00:10.0619 0x0990 [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
07:00:10.0619 0x0990 AmdK7 - ok
07:00:10.0666 0x0990 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:00:10.0681 0x0990 AmdK8 - ok
07:00:10.0728 0x0990 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
07:00:10.0728 0x0990 Appinfo - ok
07:00:10.0915 0x0990 [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:00:10.0931 0x0990 Apple Mobile Device - ok
07:00:10.0978 0x0990 [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc C:\Windows\system32\drivers\arc.sys
07:00:10.0993 0x0990 arc - ok
07:00:11.0025 0x0990 [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:00:11.0040 0x0990 arcsas - ok
07:00:11.0415 0x0990 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
07:00:11.0430 0x0990 aspnet_state - ok
07:00:11.0475 0x0990 [ 61953E5E1FFAEAF246A610BEE2554879, AF489668BC4DCA5CFC81BF056C6AFC7CE4E5B917413FE513B13830B210524785 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
07:00:11.0479 0x0990 aswMonFlt - ok
07:00:11.0512 0x0990 [ 98C18C78B0C3E7EFBDDA7BD0C35F5903, 92128EA70472EBA8804C2972DAA8557F460C2E082084E29B40CE93A05447592F ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
07:00:11.0515 0x0990 aswRdr - ok
07:00:11.0560 0x0990 [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
07:00:11.0564 0x0990 aswRvrt - ok
07:00:11.0612 0x0990 [ EF1A2CC2343ED2C46688ADAA98349D27, 60DB9DB5BB02B85D80163FBB7F431849D9419843FD2A9A3CA04798CFC1B120DB ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
07:00:11.0666 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\aswSnx.sys. Real md5: EF1A2CC2343ED2C46688ADAA98349D27, sha256: 60DB9DB5BB02B85D80163FBB7F431849D9419843FD2A9A3CA04798CFC1B120DB, fake md5: 8CD8710457FCC1CDE88CBFA3AA119B92, fake sha256: B750481B2D44E2D01DEF500276A7253731EDD2BCB117B083EE10FAA7A8FFF729
07:00:11.0669 0x0990 aswSnx - detected ForgedFile.Multi.Generic ( 1 )
07:00:14.0358 0x0990 aswSnx ( ForgedFile.Multi.Generic ) - warning
07:00:16.0936 0x0990 [ 427856ECDF35F3F15F4DA1645D8F581C, EEDC8FEFD5C594603B52F1E8EEAB448BE2856FF47EDA82AB84BDB7E4004A730B ] aswSP C:\Windows\system32\drivers\aswSP.sys
07:00:16.0967 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\aswSP.sys. Real md5: 427856ECDF35F3F15F4DA1645D8F581C, sha256: EEDC8FEFD5C594603B52F1E8EEAB448BE2856FF47EDA82AB84BDB7E4004A730B, fake md5: C1F95C9481F46B96E23A276639C55AC9, fake sha256: 75F7BCF74E46E3A8EC9AF0DB5D7FCA280DCAF97BD932767DCBDE66E26BF0E7CE
07:00:16.0983 0x0990 aswSP - detected ForgedFile.Multi.Generic ( 1 )
07:00:19.0408 0x0990 aswSP ( ForgedFile.Multi.Generic ) - warning
07:00:22.0008 0x0990 [ E6390554DCB2A730702188547267093C, 1F97F23A2C1767ABD52041DFA0EF9065567CDB02B12F674CF4EE4E8FBA69773B ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
07:00:22.0012 0x0990 aswTdi - ok
07:00:22.0083 0x0990 [ 4AD9FBD23EDE6FCE4C00A9CF61BBC070, A0E3DB8B6FC5C9D714EF540C79CBBCD817803C85C3DC4E77A6F466FEA542CD83 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
07:00:22.0113 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\aswVmm.sys. Real md5: 4AD9FBD23EDE6FCE4C00A9CF61BBC070, sha256: A0E3DB8B6FC5C9D714EF540C79CBBCD817803C85C3DC4E77A6F466FEA542CD83, fake md5: 1B0662514A68C3A42E60D240C5ABEF28, fake sha256: 71301759C135895C72CAED297A669BA58B3F73E0B7E46DB981F6559D5D5E2B89
07:00:22.0114 0x0990 aswVmm - detected ForgedFile.Multi.Generic ( 1 )
07:00:24.0749 0x0990 aswVmm ( ForgedFile.Multi.Generic ) - warning
07:00:27.0436 0x0990 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:00:27.0515 0x0990 AsyncMac - ok
07:00:27.0549 0x0990 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
07:00:27.0551 0x0990 atapi - ok
07:00:27.0592 0x0990 [ 0BA0A4FF706F4293AB499229D7AEEAE2, 3AE4184F969C0AE66A675A0FF3AE9F166F940C6706A32681B0610A6BAC1BEDEC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:00:27.0623 0x0990 Suspicious file ( Forged ): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, sha256: 3AE4184F969C0AE66A675A0FF3AE9F166F940C6706A32681B0610A6BAC1BEDEC, fake md5: 68E2A1A0407A66CF50DA0300852424AB, fake sha256: 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8
07:00:27.0625 0x0990 AudioEndpointBuilder - detected ForgedFile.Multi.Generic ( 1 )
07:00:31.0123 0x0990 Detect skipped due to KSN trusted
07:00:31.0138 0x0990 AudioEndpointBuilder - ok
07:00:31.0185 0x0990 [ 0BA0A4FF706F4293AB499229D7AEEAE2, 3AE4184F969C0AE66A675A0FF3AE9F166F940C6706A32681B0610A6BAC1BEDEC ] Audiosrv C:\Windows\System32\Audiosrv.dll
07:00:31.0216 0x0990 Suspicious file ( Forged ): C:\Windows\System32\Audiosrv.dll. Real md5: 0BA0A4FF706F4293AB499229D7AEEAE2, sha256: 3AE4184F969C0AE66A675A0FF3AE9F166F940C6706A32681B0610A6BAC1BEDEC, fake md5: 68E2A1A0407A66CF50DA0300852424AB, fake sha256: 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8
07:00:31.0216 0x0990 Audiosrv - detected ForgedFile.Multi.Generic ( 1 )
07:00:31.0216 0x0990 Detect skipped due to KSN trusted
07:00:31.0216 0x0990 Audiosrv - ok
07:00:31.0310 0x0990 [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:00:31.0325 0x0990 avast! Antivirus - ok
07:00:31.0388 0x0990 [ 49D726EA7838284D2A026809BBD326AA, 38B4E8C7009AFADC5F34DB81920690235720BFE9F27A22C03BF47229D143B2B0 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
07:00:31.0466 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\bcmwl6.sys. Real md5: 49D726EA7838284D2A026809BBD326AA, sha256: 38B4E8C7009AFADC5F34DB81920690235720BFE9F27A22C03BF47229D143B2B0, fake md5: 34A0A6386256080F52C74076C6157026, fake sha256: F3B7753958C4F990DA0619EA1095C0531D996593FDBB364E915FBBC7B53B8EE1
07:00:31.0481 0x0990 BCM43XV - detected ForgedFile.Multi.Generic ( 1 )
07:00:33.0908 0x0990 BCM43XV ( ForgedFile.Multi.Generic ) - warning
07:00:36.0757 0x0990 [ 49D726EA7838284D2A026809BBD326AA, 38B4E8C7009AFADC5F34DB81920690235720BFE9F27A22C03BF47229D143B2B0 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
07:00:36.0834 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\bcmwl6.sys. Real md5: 49D726EA7838284D2A026809BBD326AA, sha256: 38B4E8C7009AFADC5F34DB81920690235720BFE9F27A22C03BF47229D143B2B0, fake md5: 34A0A6386256080F52C74076C6157026, fake sha256: F3B7753958C4F990DA0619EA1095C0531D996593FDBB364E915FBBC7B53B8EE1
07:00:36.0839 0x0990 BCM43XX - detected ForgedFile.Multi.Generic ( 1 )
07:00:36.0840 0x0990 BCM43XX ( ForgedFile.Multi.Generic ) - warning
07:00:36.0840 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\bcmwl6.sys
07:00:39.0848 0x0990 Object send P2P result: true
07:00:42.0424 0x0990 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
07:00:42.0426 0x0990 Beep - ok
07:00:42.0470 0x0990 [ 4F99C5E39834F98AD426DCE8F4FD50EA, FCB744935365DEE08B418B9308526DEC2ED64F2D4B6E59DBA24E45382BC219F4 ] BFE C:\Windows\System32\bfe.dll
07:00:42.0499 0x0990 Suspicious file ( Forged ): C:\Windows\System32\bfe.dll. Real md5: 4F99C5E39834F98AD426DCE8F4FD50EA, sha256: FCB744935365DEE08B418B9308526DEC2ED64F2D4B6E59DBA24E45382BC219F4, fake md5: C789AF0F724FDA5852FB9A7D3A432381, fake sha256: 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5
07:00:42.0501 0x0990 BFE - detected ForgedFile.Multi.Generic ( 1 )
07:00:45.0232 0x0990 Detect skipped due to KSN trusted
07:00:45.0245 0x0990 BFE - ok
07:00:45.0325 0x0990 [ 2C17A8F1C97593B30DA4771F66B9D9FA, BE2A7B25808B50FE6DCE7FE13BC58BC6884D43F3A6ECE04160853EB2F44BDB5C ] BITS C:\Windows\system32\qmgr.dll
07:00:45.0401 0x0990 Suspicious file ( Forged ): C:\Windows\system32\qmgr.dll. Real md5: 2C17A8F1C97593B30DA4771F66B9D9FA, sha256: BE2A7B25808B50FE6DCE7FE13BC58BC6884D43F3A6ECE04160853EB2F44BDB5C, fake md5: 93952506C6D67330367F7E7934B6A02F, fake sha256: 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD
07:00:45.0405 0x0990 BITS - detected ForgedFile.Multi.Generic ( 1 )
07:00:48.0304 0x0990 Detect skipped due to KSN trusted
07:00:48.0304 0x0990 BITS - ok
07:00:48.0408 0x0990 [ 55F1E1F0CCF431207DCBCFE3668E5187, FABA05C8F93635F36A21A40D4B7DC698CCA72E052B56681247BF3FBAB575572C ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:00:48.0450 0x0990 Suspicious file ( Forged ): C:\Program Files\Bonjour\mDNSResponder.exe. Real md5: 55F1E1F0CCF431207DCBCFE3668E5187, sha256: FABA05C8F93635F36A21A40D4B7DC698CCA72E052B56681247BF3FBAB575572C, fake md5: DB5BEA73EDAF19AC68B2C0FAD0F92B1A, fake sha256: 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC
07:00:48.0452 0x0990 Bonjour Service - detected ForgedFile.Multi.Generic ( 1 )
07:00:50.0937 0x0990 Bonjour Service ( ForgedFile.Multi.Generic ) - warning
07:00:53.0555 0x0990 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:00:53.0555 0x0990 bowser - ok
07:00:53.0587 0x0990 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
07:00:53.0589 0x0990 BrFiltLo - ok
07:00:53.0611 0x0990 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
07:00:53.0613 0x0990 BrFiltUp - ok
07:00:53.0648 0x0990 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
07:00:53.0660 0x0990 Browser - ok
07:00:53.0688 0x0990 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
07:00:53.0692 0x0990 Brserid - ok
07:00:53.0725 0x0990 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
07:00:53.0729 0x0990 BrSerWdm - ok
07:00:53.0764 0x0990 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
07:00:53.0773 0x0990 BrUsbMdm - ok
07:00:53.0789 0x0990 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
07:00:53.0791 0x0990 BrUsbSer - ok
07:00:53.0836 0x0990 [ 6D39C954799B63BA866910234CF7D726, 1D807C3410C01C76E5810D626F23C1CCED3C9C5A65F39267B770C494C8D64114 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
07:00:53.0860 0x0990 BthEnum - ok
07:00:53.0887 0x0990 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:00:53.0890 0x0990 BTHMODEM - ok
07:00:53.0950 0x0990 [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:00:53.0968 0x0990 BthPan - ok
07:00:54.0012 0x0990 [ F22648FC6810E669C204892BAAE1B432, 9C7BE603E93F22C9CFBC9C056EFBF6ED4E531C06D7BEB4C1E8BF125034CDEA09 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
07:00:54.0050 0x0990 Suspicious file ( Forged ): C:\Windows\system32\Drivers\BTHport.sys. Real md5: F22648FC6810E669C204892BAAE1B432, sha256: 9C7BE603E93F22C9CFBC9C056EFBF6ED4E531C06D7BEB4C1E8BF125034CDEA09, fake md5: 611FF3F2F095C8D4A6D4CFD9DCC09793, fake sha256: 2F27A1287ABCDB9C316EB720D1855100666240959CF969D5B2679C9ABCBD6050
07:00:54.0053 0x0990 BTHPORT - detected ForgedFile.Multi.Generic ( 1 )
07:00:56.0499 0x0990 Detect skipped due to KSN trusted
07:00:56.0500 0x0990 BTHPORT - ok
07:00:56.0551 0x0990 [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ C:\Windows\System32\bthserv.dll
07:00:56.0554 0x0990 BthServ - ok
07:00:56.0599 0x0990 [ D330803EAB2A15CAEC7F011F1D4CB30E, 240FFF317C90AD8966DA9666F2748F98CEC3CB99C486F399D1C68FE0E393EE68 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
07:00:56.0614 0x0990 BTHUSB - ok
07:00:56.0663 0x0990 [ EDA9D50C78A7D8492CF8AE8C07B7F414, 77CCCF892B2190B65E66CD6D013362F8A7394492B056427257CDDFD43253D356 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
07:00:56.0725 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\btwampfl.sys. Real md5: EDA9D50C78A7D8492CF8AE8C07B7F414, sha256: 77CCCF892B2190B65E66CD6D013362F8A7394492B056427257CDDFD43253D356, fake md5: 2A0DE6423D6BE95C96124FC66046176E, fake sha256: 84A5074B78752074130286E06801CB778FD81FAF3EDC75B18EC0DE6CC1A10C94
07:00:56.0726 0x0990 BTWAMPFL - detected ForgedFile.Multi.Generic ( 1 )
07:00:59.0413 0x0990 Detect skipped due to KSN trusted
07:00:59.0413 0x0990 BTWAMPFL - ok
07:00:59.0471 0x0990 [ CC0A5E69D19B5C1ECC6CF9BF3ACC3969, 14FF5E9CC382EA59382D913567021EC4BC1C545435C6CE01782E91D1C886A00A ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
07:00:59.0487 0x0990 btwaudio - ok
07:00:59.0527 0x0990 [ 9ABEA4DC976E3F47DA2D4B169719CBAA, E7A45EBD4EF1E963CD4306AD56885F5C854B33F708141B920077D3B49291E9E3 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
07:00:59.0533 0x0990 btwavdt - ok
07:00:59.0633 0x0990 [ 39786128495E4EB576A110D5E17FCA21, 01C23B932B9A4A914883DFC1E33ADFE2312CF585AE9AB869DA1DF2F89F9D0080 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:00:59.0688 0x0990 Suspicious file ( Forged ): C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe. Real md5: 39786128495E4EB576A110D5E17FCA21, sha256: 01C23B932B9A4A914883DFC1E33ADFE2312CF585AE9AB869DA1DF2F89F9D0080, fake md5: EFCBB730C49B957D4FE973F3F6085217, fake sha256: 092302D49A1BCF1CAB928AFFD8535AB871F6E051317A3A53ECAA1569AB1422D3
07:00:59.0691 0x0990 btwdins - detected ForgedFile.Multi.Generic ( 1 )
February 25th, 2014, 08:57 AM
daveandrita1

log part 2:
07:01:02.0131 0x0990 Detect skipped due to KSN trusted
07:01:02.0131 0x0990 btwdins - ok
07:01:02.0180 0x0990 [ A94032A7755164E13C75E0E7409AFD65, F7C96528381AB34088689E3253B9A7E27351319FBB0522B62F7260451A3980BD ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
07:01:02.0188 0x0990 btwl2cap - ok
07:01:02.0231 0x0990 [ 1E5468447E4D18FBEA5F01267D6495A5, 2ED322C528291D54410D2AAAC693938EEFCE1C33F6923F14902B61C6D038C48A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
07:01:02.0233 0x0990 btwrchid - ok
07:01:02.0279 0x0990 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:01:02.0283 0x0990 cdfs - ok
07:01:02.0339 0x0990 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:01:02.0352 0x0990 cdrom - ok
07:01:02.0415 0x0990 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
07:01:02.0419 0x0990 CertPropSvc - ok
07:01:02.0481 0x0990 [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys
07:01:02.0493 0x0990 circlass - ok
07:01:02.0525 0x0990 [ B3C3AFFC37D0BCDA8084B0427DEB9201, 5A7A60C37F107921198863AFC5DE6AD7CBF14C49EC02C8EBFA5CFAAB2B984B4E ] CLFS C:\Windows\system32\CLFS.sys
07:01:02.0554 0x0990 Suspicious file ( Forged ): C:\Windows\system32\CLFS.sys. Real md5: B3C3AFFC37D0BCDA8084B0427DEB9201, sha256: 5A7A60C37F107921198863AFC5DE6AD7CBF14C49EC02C8EBFA5CFAAB2B984B4E, fake md5: D7659D3B5B92C31E84E53C1431F35132, fake sha256: 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6
07:01:02.0555 0x0990 CLFS - detected ForgedFile.Multi.Generic ( 1 )
07:01:05.0476 0x0990 Detect skipped due to KSN trusted
07:01:05.0476 0x0990 CLFS - ok
07:01:05.0542 0x0990 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:01:05.0548 0x0990 clr_optimization_v2.0.50727_32 - ok
07:01:05.0618 0x0990 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:01:05.0652 0x0990 clr_optimization_v4.0.30319_32 - ok
07:01:05.0705 0x0990 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:01:05.0707 0x0990 CmBatt - ok
07:01:05.0760 0x0990 [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:01:05.0762 0x0990 cmdide - ok
07:01:05.0859 0x0990 [ 39BD5E89197CCF119CD09B789154E51B, A7F395F1FC8C31BBF912BB53144730369EA8B1906552965B1E7C0EBEDE657D0D ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
07:01:05.0892 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\CHDRT32.sys. Real md5: 39BD5E89197CCF119CD09B789154E51B, sha256: A7F395F1FC8C31BBF912BB53144730369EA8B1906552965B1E7C0EBEDE657D0D, fake md5: B6E7991E3D6146C04C85CD31AF22A381, fake sha256: 808393C7C5E59F273D03C62745A2AF759F588C102EDB6A2B8DD94C9A6AAF3F10
07:01:05.0893 0x0990 CnxtHdAudService - detected ForgedFile.Multi.Generic ( 1 )
07:01:08.0535 0x0990 Detect skipped due to KSN trusted
07:01:08.0544 0x0990 CnxtHdAudService - ok
07:01:08.0724 0x0990 [ B6009BA0D392A74566AE0AF610F2DFAD, 375E998C58151323B0D0FE008F2813B538816BE00C843BB9DBD6FCF72D2A97BF ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
07:01:08.0781 0x0990 Suspicious file ( Forged ): C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe. Real md5: B6009BA0D392A74566AE0AF610F2DFAD, sha256: 375E998C58151323B0D0FE008F2813B538816BE00C843BB9DBD6FCF72D2A97BF, fake md5: C7A0E61D5714AC20DE52D4F66EC773B8, fake sha256: 53F0C91FD62E6787221EFB4BFDB087C2087CACD6B0C0605F58FC391F546EBA7A
07:01:08.0782 0x0990 Com4QLBEx - detected ForgedFile.Multi.Generic ( 1 )
07:01:11.0435 0x0990 Com4QLBEx ( ForgedFile.Multi.Generic ) - warning
07:01:11.0453 0x0990 Force sending object to P2P due to detect: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
07:01:21.0661 0x0990 Object send P2P result: true
07:01:24.0261 0x0990 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:01:24.0284 0x0990 Compbatt - ok
07:01:24.0308 0x0990 COMSysApp - ok
07:01:24.0361 0x0990 [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:01:24.0378 0x0990 crcdisk - ok
07:01:24.0413 0x0990 [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys
07:01:24.0416 0x0990 Crusoe - ok
07:01:24.0456 0x0990 [ FD4F06A4D4B35CD18DBE7AE5932BD2BC, 0C4F8DAFE910C111D1BCD5E946E1F047D6289BC6CCD99371F76B67B6D8D20283 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:01:24.0475 0x0990 Suspicious file ( Forged ): C:\Windows\system32\cryptsvc.dll. Real md5: FD4F06A4D4B35CD18DBE7AE5932BD2BC, sha256: 0C4F8DAFE910C111D1BCD5E946E1F047D6289BC6CCD99371F76B67B6D8D20283, fake md5: 684C130BBC6DB681BAD4920A4C944AA5, fake sha256: DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92
07:01:24.0476 0x0990 CryptSvc - detected ForgedFile.Multi.Generic ( 1 )
07:01:26.0917 0x0990 Detect skipped due to KSN trusted
07:01:26.0917 0x0990 CryptSvc - ok
07:01:26.0973 0x0990 [ A407040FE3218E83C942EEBEB07030DF, 058ACE1D8EC5B36432EE7B83669D1FE12EEDE347CE5103D949289C710E1CCCD1 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
07:01:26.0988 0x0990 dc3d - ok
07:01:27.0034 0x0990 [ 6621476E1926167313D0FE6E95E98E7F, 2F711705F84C5C83F13E27855D472ED8564508CCC5C8394284745D1D28E2449D ] DcomLaunch C:\Windows\system32\rpcss.dll
07:01:27.0086 0x0990 Suspicious file ( Forged ): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, sha256: 2F711705F84C5C83F13E27855D472ED8564508CCC5C8394284745D1D28E2449D, fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9, fake sha256: EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183
07:01:27.0089 0x0990 DcomLaunch - detected ForgedFile.Multi.Generic ( 1 )
07:01:30.0113 0x0990 Detect skipped due to KSN trusted
07:01:30.0131 0x0990 DcomLaunch - ok
07:01:30.0185 0x0990 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:01:30.0189 0x0990 DfsC - ok
07:01:30.0290 0x0990 [ E64B47ECCBA21C3EB9167C21EF8DFCD6, 00F5616E54D6A263B2547190B1088A54724E68899A593C46B0016908AC42EBC0 ] DFSR C:\Windows\system32\DFSR.exe
07:01:30.0409 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DFSR.exe. Real md5: E64B47ECCBA21C3EB9167C21EF8DFCD6, sha256: 00F5616E54D6A263B2547190B1088A54724E68899A593C46B0016908AC42EBC0, fake md5: 2CC3DCFB533A1035B13DCAB6160AB38B, fake sha256: C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0
07:01:30.0418 0x0990 DFSR - detected ForgedFile.Multi.Generic ( 1 )
07:01:32.0866 0x0990 Detect skipped due to KSN trusted
07:01:32.0867 0x0990 DFSR - ok
07:01:32.0939 0x0990 [ BEE7BF9A9BC8EECF0DAB06823333EB71, 59EE79F51E0D5038AEFC9A6591C368A79709DEAC3530C4CB4369FED5621FF195 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
07:01:32.0968 0x0990 Suspicious file ( Forged ): C:\Windows\System32\dhcpcsvc.dll. Real md5: BEE7BF9A9BC8EECF0DAB06823333EB71, sha256: 59EE79F51E0D5038AEFC9A6591C368A79709DEAC3530C4CB4369FED5621FF195, fake md5: 9028559C132146FB75EB7ACF384B086A, fake sha256: 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D
07:01:32.0969 0x0990 Dhcp - detected ForgedFile.Multi.Generic ( 1 )
07:01:35.0561 0x0990 Detect skipped due to KSN trusted
07:01:35.0561 0x0990 Dhcp - ok
07:01:35.0619 0x0990 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
07:01:35.0633 0x0990 disk - ok
07:01:35.0710 0x0990 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:01:35.0716 0x0990 Dnscache - ok
07:01:35.0747 0x0990 [ 5602860034ED703E783E0AD7DDA6F685, 502BCA79C00208F2527D9AE5BE9271E0D9CD913CA3B85AF33213BB71046F06DF ] dot3svc C:\Windows\System32\dot3svc.dll
07:01:35.0777 0x0990 Suspicious file ( Forged ): C:\Windows\System32\dot3svc.dll. Real md5: 5602860034ED703E783E0AD7DDA6F685, sha256: 502BCA79C00208F2527D9AE5BE9271E0D9CD913CA3B85AF33213BB71046F06DF, fake md5: 324FD74686B1EF5E7C19A8AF49E748F6, fake sha256: DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B
07:01:35.0778 0x0990 dot3svc - detected ForgedFile.Multi.Generic ( 1 )
07:01:38.0729 0x0990 Detect skipped due to KSN trusted
07:01:38.0754 0x0990 dot3svc - ok
07:01:38.0809 0x0990 [ D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE, F8295C35A23D1687CD74FD21639F12C1F65266F8EABE7B5DADD44CABEEBB6834 ] DPS C:\Windows\system32\dps.dll
07:01:38.0836 0x0990 Suspicious file ( Forged ): C:\Windows\system32\dps.dll. Real md5: D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE, sha256: F8295C35A23D1687CD74FD21639F12C1F65266F8EABE7B5DADD44CABEEBB6834, fake md5: A622E888F8AA2F6B49E9BC466F0E5DEF, fake sha256: 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A
07:01:38.0837 0x0990 DPS - detected ForgedFile.Multi.Generic ( 1 )
07:01:41.0435 0x0990 Detect skipped due to KSN trusted
07:01:41.0435 0x0990 DPS - ok
07:01:41.0492 0x0990 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:01:41.0507 0x0990 drmkaud - ok
07:01:41.0584 0x0990 [ C21F8AA8AE207E65D83A37F04885BDBC, 970908E731A3603252CA68ACD9407E42D15D06186AB224D68167A25BA81A039F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:01:41.0628 0x0990 Suspicious file ( Forged ): C:\Windows\System32\drivers\dxgkrnl.sys. Real md5: C21F8AA8AE207E65D83A37F04885BDBC, sha256: 970908E731A3603252CA68ACD9407E42D15D06186AB224D68167A25BA81A039F, fake md5: 988670D8343EF9835FB3659DB71B2EFA, fake sha256: 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B
07:01:41.0631 0x0990 DXGKrnl - detected ForgedFile.Multi.Generic ( 1 )
07:01:44.0330 0x0990 Object is SCO, delete is not allowed
07:01:44.0331 0x0990 DXGKrnl ( ForgedFile.Multi.Generic ) - warning
07:01:46.0913 0x0990 [ E5E2C8CD720E7253A79634B39E9EE2F6, 426C6F3E12EB3FE3C80F5E3E211D4A0BDE6D1B7247310D84B81A453BC04B1C41 ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
07:01:46.0980 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\e100b325.sys. Real md5: E5E2C8CD720E7253A79634B39E9EE2F6, sha256: 426C6F3E12EB3FE3C80F5E3E211D4A0BDE6D1B7247310D84B81A453BC04B1C41, fake md5: C0B00E55CF82D122D25983C7A6A53DEA, fake sha256: 88C7A1A4907DD03F025A0E523887ADBDEB5AE0AFF7CD726FE00CDD0380BA93D7
07:01:46.0981 0x0990 E100B - detected ForgedFile.Multi.Generic ( 1 )
07:01:49.0449 0x0990 Detect skipped due to KSN trusted
07:01:49.0481 0x0990 E100B - ok
07:01:49.0529 0x0990 [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
07:01:49.0629 0x0990 E1G60 - ok
07:01:49.0707 0x0990 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
07:01:49.0707 0x0990 EapHost - ok
07:01:49.0758 0x0990 [ EB7BB3F702D7B9FA17F02902A26D3102, D19F1645ACD0102468CBBD301EABB5D4587E6ED42EB69248558D8A750272FD01 ] Ecache C:\Windows\system32\drivers\ecache.sys
07:01:49.0800 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\ecache.sys. Real md5: EB7BB3F702D7B9FA17F02902A26D3102, sha256: D19F1645ACD0102468CBBD301EABB5D4587E6ED42EB69248558D8A750272FD01, fake md5: 7F64EA048DCFAC7ACF8B4D7B4E6FE371, fake sha256: F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F
07:01:49.0801 0x0990 Ecache - detected ForgedFile.Multi.Generic ( 1 )
07:01:52.0451 0x0990 Detect skipped due to KSN trusted
07:01:52.0468 0x0990 Ecache - ok
07:01:52.0560 0x0990 [ 8BC25F382CE1C37F3462184FD1D8030C, F2EAB57AB451F77DC04A21A40D99E9213F7B605B4879BDC53AD06B2A41E9FA82 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:01:52.0629 0x0990 Suspicious file ( Forged ): C:\Windows\ehome\ehRecvr.exe. Real md5: 8BC25F382CE1C37F3462184FD1D8030C, sha256: F2EAB57AB451F77DC04A21A40D99E9213F7B605B4879BDC53AD06B2A41E9FA82, fake md5: 9BE3744D295A7701EB425332014F0797, fake sha256: 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D
07:01:52.0630 0x0990 ehRecvr - detected ForgedFile.Multi.Generic ( 1 )
07:01:55.0351 0x0990 Detect skipped due to KSN trusted
07:01:55.0366 0x0990 ehRecvr - ok
07:01:55.0413 0x0990 [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, FA43239BCEE7B97CA62F007CC68487560A39E19F74F3DDE7486DB3F98DF8E471 ] ehSched C:\Windows\ehome\ehsched.exe
07:01:55.0460 0x0990 Suspicious file ( Forged ): C:\Windows\ehome\ehsched.exe. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, sha256: FA43239BCEE7B97CA62F007CC68487560A39E19F74F3DDE7486DB3F98DF8E471, fake md5: AD1870C8E5D6DD340C829E6074BF3C3F, fake sha256: 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88
07:01:55.0460 0x0990 ehSched - detected ForgedFile.Multi.Generic ( 1 )
07:01:58.0337 0x0990 Detect skipped due to KSN trusted
07:01:58.0337 0x0990 ehSched - ok
07:01:58.0388 0x0990 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
07:01:58.0390 0x0990 ehstart - ok
07:01:58.0433 0x0990 [ A673FE699A92D5D8543D5169B998866B, CA7A3D73A2F20D0087DBEF6973C2E8A7D8D16F182E04B2AD559D4D7C397F93E1 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:01:58.0463 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\elxstor.sys. Real md5: A673FE699A92D5D8543D5169B998866B, sha256: CA7A3D73A2F20D0087DBEF6973C2E8A7D8D16F182E04B2AD559D4D7C397F93E1, fake md5: E8F3F21A71720C84BCF423B80028359F, fake sha256: 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084
07:01:58.0465 0x0990 elxstor - detected ForgedFile.Multi.Generic ( 1 )
07:02:01.0173 0x0990 Object is SCO, delete is not allowed
07:02:01.0173 0x0990 elxstor ( ForgedFile.Multi.Generic ) - warning
07:02:01.0173 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\drivers\elxstor.sys
07:02:03.0867 0x0990 Object send P2P result: true
07:02:06.0507 0x0990 [ 05724A298F2FCAF5F4711D153600379A, E4EB9424C45F0927EBE74DEC3D92D8D87F5AEF6656444FD7D904AC75D0215D35 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
07:02:06.0564 0x0990 Suspicious file ( Forged ): C:\Windows\system32\emdmgmt.dll. Real md5: 05724A298F2FCAF5F4711D153600379A, sha256: E4EB9424C45F0927EBE74DEC3D92D8D87F5AEF6656444FD7D904AC75D0215D35, fake md5: 4E6B23DFC917EA39306B529B773950F4, fake sha256: C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2
07:02:06.0566 0x0990 EMDMgmt - detected ForgedFile.Multi.Generic ( 1 )
07:02:09.0477 0x0990 Detect skipped due to KSN trusted
07:02:09.0492 0x0990 EMDMgmt - ok
07:02:09.0580 0x0990 [ 4A37B2EBCE76601F28E88E24E62AE715, E03F1F2DE3A0EA07B30025EFD9231AA4C8DFE7206207F8AA07398359FC34C04D ] EventSystem C:\Windows\system32\es.dll
07:02:09.0613 0x0990 Suspicious file ( Forged ): C:\Windows\system32\es.dll. Real md5: 4A37B2EBCE76601F28E88E24E62AE715, sha256: E03F1F2DE3A0EA07B30025EFD9231AA4C8DFE7206207F8AA07398359FC34C04D, fake md5: 67058C46504BC12D821F38CF99B7B28F, fake sha256: E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D
07:02:09.0615 0x0990 EventSystem - detected ForgedFile.Multi.Generic ( 1 )
07:02:14.0106 0x0990 Detect skipped due to KSN trusted
07:02:14.0122 0x0990 EventSystem - ok
07:02:14.0187 0x0990 [ DD5448BF498735A4AF29D9B7A08BAA98, E64F5E5C1143E4920275D83725E112F4B2941956D95E378737EE96EF12897EEB ] exfat C:\Windows\system32\drivers\exfat.sys
07:02:14.0230 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\exfat.sys. Real md5: DD5448BF498735A4AF29D9B7A08BAA98, sha256: E64F5E5C1143E4920275D83725E112F4B2941956D95E378737EE96EF12897EEB, fake md5: 22B408651F9123527BCEE54B4F6C5CAE, fake sha256: 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2
07:02:14.0230 0x0990 exfat - detected ForgedFile.Multi.Generic ( 1 )
07:02:17.0199 0x0990 Detect skipped due to KSN trusted
07:02:17.0199 0x0990 exfat - ok
07:02:17.0237 0x0990 [ 31478AB932E13E1C1D7B15EA886D4753, CCAEDB359BAFC1C49815BC0A821AE6550F6BD3B7DEE1C5A5EF7B2A4A01206FFD ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:02:17.0255 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\fastfat.sys. Real md5: 31478AB932E13E1C1D7B15EA886D4753, sha256: CCAEDB359BAFC1C49815BC0A821AE6550F6BD3B7DEE1C5A5EF7B2A4A01206FFD, fake md5: 1E9B9A70D332103C52995E957DC09EF8, fake sha256: 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3
07:02:17.0256 0x0990 fastfat - detected ForgedFile.Multi.Generic ( 1 )
07:02:19.0868 0x0990 Detect skipped due to KSN trusted
07:02:19.0868 0x0990 fastfat - ok
07:02:19.0933 0x0990 [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:02:19.0943 0x0990 fdc - ok
07:02:19.0998 0x0990 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
07:02:20.0002 0x0990 fdPHost - ok
07:02:20.0032 0x0990 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
07:02:20.0036 0x0990 FDResPub - ok
07:02:20.0086 0x0990 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:02:20.0089 0x0990 FileInfo - ok
07:02:20.0126 0x0990 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:02:20.0129 0x0990 Filetrace - ok
07:02:20.0138 0x0990 [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:02:20.0140 0x0990 flpydisk - ok
07:02:20.0152 0x0990 [ 2538353A92BCA8ABF5E0765C025845A0, 2DB6BB39F2E4E55E4A02B7742EAA929FB1161827D23FB551E3C4C380D9B17CA4 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:02:20.0175 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\fltmgr.sys. Real md5: 2538353A92BCA8ABF5E0765C025845A0, sha256: 2DB6BB39F2E4E55E4A02B7742EAA929FB1161827D23FB551E3C4C380D9B17CA4, fake md5: 01334F9EA68E6877C4EF05D3EA8ABB05, fake sha256: 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99
07:02:20.0176 0x0990 FltMgr - detected ForgedFile.Multi.Generic ( 1 )
07:02:22.0861 0x0990 Detect skipped due to KSN trusted
07:02:22.0861 0x0990 FltMgr - ok
07:02:22.0940 0x0990 [ DFA80B62A008F748F13DB0C078E745B2, FC80BAF726A0C413B72477FE231388DE3586BDB04141A8278F6ECD96DDE7A5C8 ] FontCache C:\Windows\system32\FntCache.dll
07:02:22.0997 0x0990 Suspicious file ( Forged ): C:\Windows\system32\FntCache.dll. Real md5: DFA80B62A008F748F13DB0C078E745B2, sha256: FC80BAF726A0C413B72477FE231388DE3586BDB04141A8278F6ECD96DDE7A5C8, fake md5: 2AFA3A46986AE935DAECEBC7E66314CF, fake sha256: 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D
07:02:23.0000 0x0990 FontCache - detected ForgedFile.Multi.Generic ( 1 )
07:02:25.0590 0x0990 Detect skipped due to KSN trusted
07:02:25.0604 0x0990 FontCache - ok
07:02:25.0769 0x0990 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:02:25.0804 0x0990 FontCache3.0.0.0 - ok
07:02:25.0895 0x0990 [ 9A092384170F59AC1C5351BE8029DE7C, 59BB54E7E7CED08EDF4C09CC39451B0B2FD0E7830F33FBB4B59C8F2A9329BF6C ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
07:02:25.0935 0x0990 Suspicious file ( Forged ): C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe. Real md5: 9A092384170F59AC1C5351BE8029DE7C, sha256: 59BB54E7E7CED08EDF4C09CC39451B0B2FD0E7830F33FBB4B59C8F2A9329BF6C, fake md5: 34D2E12226269789BB5F292915B089D7, fake sha256: 5B10898706CC45BC9A027EFD33A5B60BE921A9D4C8F9E05A58E0AADE6EFA2DE6
07:02:25.0938 0x0990 ForceWare Intelligent Application Manager (IAM) - detected ForgedFile.Multi.Generic ( 1 )
07:02:28.0414 0x0990 Detect skipped due to KSN trusted
07:02:28.0436 0x0990 ForceWare Intelligent Application Manager (IAM) - ok
07:02:28.0501 0x0990 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:02:28.0537 0x0990 Fs_Rec - ok
07:02:28.0581 0x0990 [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:02:28.0585 0x0990 gagp30kx - ok
07:02:28.0629 0x0990 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:02:28.0653 0x0990 GEARAspiWDM - ok
07:02:28.0711 0x0990 [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio C:\Windows\system32\giveio.sys
07:02:28.0714 0x0990 giveio - ok
07:02:28.0764 0x0990 [ 709215724B53CA227C140AD2E45F321E, 0340668E35B3A48BCB49E8D086B4048ECA997A6464DF16CC3500214C252120BB ] gpsvc C:\Windows\System32\gpsvc.dll
07:02:28.0833 0x0990 Suspicious file ( Forged ): C:\Windows\System32\gpsvc.dll. Real md5: 709215724B53CA227C140AD2E45F321E, sha256: 0340668E35B3A48BCB49E8D086B4048ECA997A6464DF16CC3500214C252120BB, fake md5: CD5D0AEEE35DFD4E986A5AA1500A6E66, fake sha256: DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F
07:02:28.0835 0x0990 gpsvc - detected ForgedFile.Multi.Generic ( 1 )
07:02:31.0625 0x0990 Detect skipped due to KSN trusted
07:02:31.0641 0x0990 gpsvc - ok
07:02:31.0781 0x0990 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:02:31.0813 0x0990 gupdate - ok
07:02:31.0813 0x0990 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:02:31.0814 0x0990 gupdatem - ok
07:02:31.0849 0x0990 [ 2F756CA2000D3A5C6D3900FDB0FA1296, 324CF2D676EBE0F23393C87ABD9E6191D2F7BF24656F2372C368E27807BB8AB6 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:02:31.0871 0x0990 Suspicious file ( Forged ): C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe. Real md5: 2F756CA2000D3A5C6D3900FDB0FA1296, sha256: 324CF2D676EBE0F23393C87ABD9E6191D2F7BF24656F2372C368E27807BB8AB6, fake md5: 751C1D2CA2ABF4A9F5A6B8D7D45B907C, fake sha256: 8F62DF65DB30770448E297D000B570683DEA454A5D84B5BCB1478D91030212DB
07:02:31.0872 0x0990 gusvc - detected ForgedFile.Multi.Generic ( 1 )
07:02:34.0767 0x0990 Detect skipped due to KSN trusted
07:02:34.0768 0x0990 gusvc - ok
07:02:34.0831 0x0990 [ 93AEE3434935FC2F805FEFD8DC5ED1B4, EF4A76725B76FFB9EA14E6274A1FDE8482DA907A9B967E3D7EDD365BF132AD42 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
07:02:34.0855 0x0990 HBtnKey - ok
07:02:34.0888 0x0990 [ 3E4A063053E37B20D74D15201559BD56, B0D1FBD663BB147EEA8D14164BB1F1C6D9540071FD6C8C0916C4693A48018EEB ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
07:02:34.0942 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\CHDART.sys. Real md5: 3E4A063053E37B20D74D15201559BD56, sha256: B0D1FBD663BB147EEA8D14164BB1F1C6D9540071FD6C8C0916C4693A48018EEB, fake md5: A08F4808FB19A40792A6056848187AFE, fake sha256: 3988DC8A995E11531EDD32A8816E0CC215EF60111AC4C05AA087472E620D8D68
07:02:34.0943 0x0990 HdAudAddService - detected ForgedFile.Multi.Generic ( 1 )
07:02:37.0651 0x0990 Detect skipped due to KSN trusted
07:02:37.0651 0x0990 HdAudAddService - ok
07:02:37.0701 0x0990 [ 7B0576051613B2B104C13014FE46280B, 2C199F84198E5ACA169676C7E43FBAD22A3951E78E75AB5D63505F3110D5449F ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:02:37.0929 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\HDAudBus.sys. Real md5: 7B0576051613B2B104C13014FE46280B, sha256: 2C199F84198E5ACA169676C7E43FBAD22A3951E78E75AB5D63505F3110D5449F, fake md5: 062452B7FFD68C8C042A6261FE8DFF4A, fake sha256: DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56
07:02:37.0932 0x0990 HDAudBus - detected ForgedFile.Multi.Generic ( 1 )
07:02:40.0546 0x0990 Detect skipped due to KSN trusted
07:02:40.0546 0x0990 HDAudBus - ok
07:02:40.0597 0x0990 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:02:40.0608 0x0990 HidBth - ok
07:02:40.0650 0x0990 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
07:02:40.0743 0x0990 HidIr - ok
07:02:40.0795 0x0990 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
07:02:40.0806 0x0990 hidserv - ok
07:02:40.0848 0x0990 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:02:40.0850 0x0990 HidUsb - ok
07:02:40.0902 0x0990 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
07:02:40.0921 0x0990 hkmsvc - ok
07:02:41.0048 0x0990 [ A19B0BB5A7EB6DF2DD4A0711D36955EE, 307648CAFB3DDCD76FD730CA623945ED71D4276715A38D8CBB203C157C45F691 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
07:02:41.0053 0x0990 HP Health Check Service - ok
07:02:41.0113 0x0990 [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
07:02:41.0126 0x0990 HpCISSs - ok
07:02:41.0189 0x0990 [ 1210960FF8928950D2A786895B0C424A, 22C8785E024CFDD3A43FAEAAA96B8332C37E9B6C765AB7AFBCD3DAA2DC9EFFC7 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
07:02:41.0191 0x0990 HpqKbFiltr - ok
07:02:41.0257 0x0990 [ 341AE480B7751B9BE2C56B6F6A638E88, D69CE625FE7A46AD7B0C1B74F51540EFB6C0AA68A44F7D2F954AFCC2AF0486A9 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
07:02:41.0292 0x0990 Suspicious file ( Forged ): C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe. Real md5: 341AE480B7751B9BE2C56B6F6A638E88, sha256: D69CE625FE7A46AD7B0C1B74F51540EFB6C0AA68A44F7D2F954AFCC2AF0486A9, fake md5: FDF273A845F1FFCCEADF363AAF47582F, fake sha256: 9BB99346A977225EF77261CD3CF4219A238EB06FFE2DB91D00A0037BDCFECEF1
07:02:41.0293 0x0990 hpqwmiex - detected ForgedFile.Multi.Generic ( 1 )
07:02:43.0733 0x0990 Detect skipped due to KSN trusted
07:02:43.0734 0x0990 hpqwmiex - ok
07:02:43.0782 0x0990 [ E4EFE9F0DD1EDCD7769C9423596DABCC, BA0EE4B797B99449EBC7396D09562A0F64EC8795EABF62376FE36E289FB0F3C8 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:02:43.0835 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\VSTAZL3.SYS. Real md5: E4EFE9F0DD1EDCD7769C9423596DABCC, sha256: BA0EE4B797B99449EBC7396D09562A0F64EC8795EABF62376FE36E289FB0F3C8, fake md5: 46D67209550973257601A533E2AC5785, fake sha256: 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C
07:02:43.0835 0x0990 HSFHWAZL - detected ForgedFile.Multi.Generic ( 1 )
07:02:46.0515 0x0990 Detect skipped due to KSN trusted
07:02:46.0537 0x0990 HSFHWAZL - ok
07:02:46.0603 0x0990 [ F4CC13832707CBCEA205C1BE8175A03C, 2149AD50697D7D3DDFC532C8A1C4CCC2DA9F9A1454E89D7B719BCE6A43BDF482 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
07:02:46.0672 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\HSX_DPV.sys. Real md5: F4CC13832707CBCEA205C1BE8175A03C, sha256: 2149AD50697D7D3DDFC532C8A1C4CCC2DA9F9A1454E89D7B719BCE6A43BDF482, fake md5: 1882827F41DEE51C70E24C567C35BFB5, fake sha256: C3508BDB045F0CB2205733D9F0CF7A2BEE03C4E4A8690B7D305EBEE887E588C6
07:02:46.0676 0x0990 HSF_DPV - detected ForgedFile.Multi.Generic ( 1 )
07:02:49.0330 0x0990 Detect skipped due to KSN trusted
07:02:49.0358 0x0990 HSF_DPV - ok
07:02:49.0426 0x0990 [ 233566D0EE963948D3C4B6C31FD5D64F, 3A5C996A2F0859426D2F30527D3DD653CE6068B0C0FC48758C4500AA79D1E979 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
07:02:49.0452 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\HSXHWAZL.sys. Real md5: 233566D0EE963948D3C4B6C31FD5D64F, sha256: 3A5C996A2F0859426D2F30527D3DD653CE6068B0C0FC48758C4500AA79D1E979, fake md5: A44DDF3BA83E4664BF4DE9220097578C, fake sha256: 1EF22D06F6954F8E46241E8D7F231DC4BC2F78D898A9515D95BDEB4A0D372194
07:02:49.0453 0x0990 HSXHWAZL - detected ForgedFile.Multi.Generic ( 1 )
07:02:51.0895 0x0990 Detect skipped due to KSN trusted
07:02:51.0895 0x0990 HSXHWAZL - ok
07:02:51.0936 0x0990 [ 5D2F2BE05E2B89926F215648CB978659, F4C7BAF51386C26EEF006AFC1751F795D42E82E6A600792C4352126A3197F26C ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:02:52.0001 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\HTTP.sys. Real md5: 5D2F2BE05E2B89926F215648CB978659, sha256: F4C7BAF51386C26EEF006AFC1751F795D42E82E6A600792C4352126A3197F26C, fake md5: F870AA3E254628EBEAFE754108D664DE, fake sha256: B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70
07:02:52.0003 0x0990 HTTP - detected ForgedFile.Multi.Generic ( 1 )
07:02:54.0694 0x0990 Detect skipped due to KSN trusted
07:02:54.0694 0x0990 HTTP - ok
07:02:54.0754 0x0990 [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys
07:02:54.0756 0x0990 i2omp - ok
07:02:54.0806 0x0990 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:02:54.0809 0x0990 i8042prt - ok
07:02:54.0866 0x0990 [ 08B89693772067C866C63309876482CA, E0B0354686DDE41BB5A938B4A9EC1036BBD802687757908C3F9B5C0C752171AF ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
07:02:54.0945 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\igdkmd32.sys. Real md5: 08B89693772067C866C63309876482CA, sha256: E0B0354686DDE41BB5A938B4A9EC1036BBD802687757908C3F9B5C0C752171AF, fake md5: 496DB78E6A0C4C44023D9A92B4A7AC31, fake sha256: 2B44213C39F05090D2057E3A21C1718DFC4478E976D44255B6FA5C3B8CF20FFF
07:02:54.0950 0x0990 ialm - detected ForgedFile.Multi.Generic ( 1 )
07:02:57.0651 0x0990 Detect skipped due to KSN trusted
07:02:57.0651 0x0990 ialm - ok
07:02:57.0689 0x0990 [ 9DCF37FC5B8F3792267FDE48E9F4C977, 6827C06F06F62FB54B7E590FEC2DF8EA3CBF6C252566E8D242D9A47B86A77FFC ] iaStorV C:\Windows\system32\drivers\iastorv.sys
07:02:57.0713 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\iastorv.sys. Real md5: 9DCF37FC5B8F3792267FDE48E9F4C977, sha256: 6827C06F06F62FB54B7E590FEC2DF8EA3CBF6C252566E8D242D9A47B86A77FFC, fake md5: C957BF4B5D80B46C5017BF0101E6C906, fake sha256: 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880
07:02:57.0714 0x0990 iaStorV - detected ForgedFile.Multi.Generic ( 1 )
07:03:00.0301 0x0990 Detect skipped due to KSN trusted
07:03:00.0301 0x0990 iaStorV - ok
07:03:00.0403 0x0990 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:03:00.0408 0x0990 IDriverT - ok
07:03:00.0475 0x0990 [ 0CCB927A147D18781E9D1DB3C285B8D9, 54D0323D3766C2E9A6B68650761C419AC6A03951F6333083A99B3C7F79278ECD ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:03:00.0549 0x0990 Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 0CCB927A147D18781E9D1DB3C285B8D9, sha256: 54D0323D3766C2E9A6B68650761C419AC6A03951F6333083A99B3C7F79278ECD, fake md5: 98477B08E61945F974ED9FDC4CB6BDAB, fake sha256: C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC
07:03:00.0552 0x0990 idsvc - detected ForgedFile.Multi.Generic ( 1 )
07:03:03.0053 0x0990 Detect skipped due to KSN trusted
07:03:03.0072 0x0990 idsvc - ok
07:03:03.0137 0x0990 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:03:03.0140 0x0990 iirsp - ok
07:03:03.0194 0x0990 [ 35EF641B57560567EA1CDBB2FF83B759, 79CC69E859819EB7EB4771129F3BE5E8FE26C9F06B8038F46E0BBB11C4A85ABE ] IKEEXT C:\Windows\System32\ikeext.dll
07:03:03.0238 0x0990 Suspicious file ( Forged ): C:\Windows\System32\ikeext.dll. Real md5: 35EF641B57560567EA1CDBB2FF83B759, sha256: 79CC69E859819EB7EB4771129F3BE5E8FE26C9F06B8038F46E0BBB11C4A85ABE, fake md5: 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, fake sha256: FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3
07:03:03.0241 0x0990 IKEEXT - detected ForgedFile.Multi.Generic ( 1 )
07:03:05.0885 0x0990 Detect skipped due to KSN trusted
07:03:05.0893 0x0990 IKEEXT - ok
07:03:05.0970 0x0990 [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide C:\Windows\system32\drivers\intelide.sys
07:03:05.0973 0x0990 intelide - ok
07:03:06.0024 0x0990 [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:03:06.0027 0x0990 intelppm - ok
07:03:06.0106 0x0990 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:03:06.0125 0x0990 IPBusEnum - ok
07:03:06.0173 0x0990 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:03:06.0205 0x0990 IpFilterDriver - ok
07:03:06.0239 0x0990 [ E4EFE9F0DD1EDCD7769C9423596DABCC, BA0EE4B797B99449EBC7396D09562A0F64EC8795EABF62376FE36E289FB0F3C8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:03:06.0267 0x0990 Suspicious file ( Forged ): C:\Windows\System32\iphlpsvc.dll. Real md5: E4EFE9F0DD1EDCD7769C9423596DABCC, sha256: BA0EE4B797B99449EBC7396D09562A0F64EC8795EABF62376FE36E289FB0F3C8, fake md5: 1998BD97F950680BB55F55A7244679C2, fake sha256: A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8
07:03:06.0268 0x0990 iphlpsvc - detected ForgedFile.Multi.Generic ( 1 )
07:03:06.0268 0x0990 Detect skipped due to KSN trusted
07:03:06.0268 0x0990 iphlpsvc - ok
07:03:06.0338 0x0990 [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
07:03:06.0343 0x0990 IPMIDRV - ok
07:03:06.0389 0x0990 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
07:03:06.0402 0x0990 IPNAT - ok
07:03:06.0467 0x0990 [ B2179A1F99818EFF32BB644A54FB35B7, 43DE4F8CC632C899D0FA8886BCEDFCD21EEEB8F09B829E1019D2612160DB860A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:03:06.0557 0x0990 Suspicious file ( Forged ): C:\Program Files\iPod\bin\iPodService.exe. Real md5: B2179A1F99818EFF32BB644A54FB35B7, sha256: 43DE4F8CC632C899D0FA8886BCEDFCD21EEEB8F09B829E1019D2612160DB860A, fake md5: 9AE882A67F019CF30E8C9D7D60B05DDA, fake sha256: FB5D71F94529F37C8B45A5B4FBD15C66AECBFABB7E51C3B9BF63AEAFBE89F8BC
07:03:06.0573 0x0990 iPod Service - detected ForgedFile.Multi.Generic ( 1 )
07:03:09.0041 0x0990 iPod Service ( ForgedFile.Multi.Generic ) - warning
07:03:09.0069 0x0990 Force sending object to P2P due to detect: C:\Program Files\iPod\bin\iPodService.exe
07:03:13.0368 0x0990 Object send P2P result: true
07:03:16.0095 0x0990 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:03:16.0098 0x0990 IRENUM - ok
07:03:16.0170 0x0990 [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:03:16.0173 0x0990 isapnp - ok
07:03:16.0226 0x0990 [ AB9208FAF0F529FC3EED3B7761029859, 308D6D721A317B77D2F0660B12E24ADE0294464A46472252DEBE3D164AE6F565 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
07:03:16.0257 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\msiscsi.sys. Real md5: AB9208FAF0F529FC3EED3B7761029859, sha256: 308D6D721A317B77D2F0660B12E24ADE0294464A46472252DEBE3D164AE6F565, fake md5: 232FA340531D940AAC623B121A595034, fake sha256: 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1
07:03:16.0258 0x0990 iScsiPrt - detected ForgedFile.Multi.Generic ( 1 )
07:03:18.0847 0x0990 Detect skipped due to KSN trusted
07:03:18.0848 0x0990 iScsiPrt - ok
07:03:18.0902 0x0990 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
07:03:18.0909 0x0990 iteatapi - ok
07:03:18.0923 0x0990 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
07:03:18.0926 0x0990 iteraid - ok
07:03:18.0972 0x0990 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:03:18.0976 0x0990 kbdclass - ok
07:03:19.0022 0x0990 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:03:19.0024 0x0990 kbdhid - ok
07:03:19.0070 0x0990 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
07:03:19.0074 0x0990 KeyIso - ok
07:03:19.0094 0x0990 [ 0A433A51020CD61594EE0AB8435B2176, 40156A760C5717F26C8B22F6DA249F67E0F345BA71E2251C8F9CAEACCA3F194C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:03:19.0133 0x0990 Suspicious file ( Forged ): C:\Windows\system32\Drivers\ksecdd.sys. Real md5: 0A433A51020CD61594EE0AB8435B2176, sha256: 40156A760C5717F26C8B22F6DA249F67E0F345BA71E2251C8F9CAEACCA3F194C, fake md5: 4A1445EFA932A3BAF5BDB02D7131EE20, fake sha256: 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2
07:03:19.0135 0x0990 KSecDD - detected ForgedFile.Multi.Generic ( 1 )
07:03:21.0621 0x0990 Detect skipped due to KSN trusted
07:03:21.0639 0x0990 KSecDD - ok
07:03:21.0704 0x0990 [ C6DCDF88AE75644704F35CAF5337C0B6, 1D6A7E3B2688332F3A1E84C84C468F1207889EAB963A871B0D8022BD59C03EC0 ] KtmRm C:\Windows\system32\msdtckrm.dll
07:03:21.0740 0x0990 Suspicious file ( Forged ): C:\Windows\system32\msdtckrm.dll. Real md5: C6DCDF88AE75644704F35CAF5337C0B6, sha256: 1D6A7E3B2688332F3A1E84C84C468F1207889EAB963A871B0D8022BD59C03EC0, fake md5: 8078F8F8F7A79E2E6B494523A828C585, fake sha256: BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347
07:03:21.0742 0x0990 KtmRm - detected ForgedFile.Multi.Generic ( 1 )
07:03:24.0579 0x0990 Detect skipped due to KSN trusted
07:03:24.0604 0x0990 KtmRm - ok
07:03:24.0695 0x0990 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
07:03:24.0711 0x0990 LanmanServer - ok
07:03:24.0756 0x0990 [ A3D96945791156D3AAF9CF34FEEFA21C, 7C9326FC5B2F7AE0FA9228F57B956BF697046C4A9AC75EC365FC814F6F4E2C0B ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:03:24.0787 0x0990 Suspicious file ( Forged ): C:\Windows\System32\wkssvc.dll. Real md5: A3D96945791156D3AAF9CF34FEEFA21C, sha256: 7C9326FC5B2F7AE0FA9228F57B956BF697046C4A9AC75EC365FC814F6F4E2C0B, fake md5: 1DB69705B695B987082C8BAEC0C6B34F, fake sha256: D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3
07:03:24.0788 0x0990 LanmanWorkstation - detected ForgedFile.Multi.Generic ( 1 )
07:03:27.0483 0x0990 Detect skipped due to KSN trusted
07:03:27.0483 0x0990 LanmanWorkstation - ok
07:03:27.0606 0x0990 [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:03:27.0616 0x0990 LightScribeService - ok
07:03:27.0663 0x0990 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:03:27.0693 0x0990 lltdio - ok
07:03:27.0729 0x0990 [ B98524C2784030C4ECFE3DEA47002A80, D9E409CB77949AB777928BA1F993C7BF05C67B4C4D6786A3EAE05F81D8244120 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:03:27.0756 0x0990 Suspicious file ( Forged ): C:\Windows\System32\lltdsvc.dll. Real md5: B98524C2784030C4ECFE3DEA47002A80, sha256: D9E409CB77949AB777928BA1F993C7BF05C67B4C4D6786A3EAE05F81D8244120, fake md5: 2D5A428872F1442631D0959A34ABFF63, fake sha256: E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0
07:03:27.0758 0x0990 lltdsvc - detected ForgedFile.Multi.Generic ( 1 )
February 25th, 2014, 08:58 AM
daveandrita1

log part 2:
07:01:02.0131 0x0990 Detect skipped due to KSN trusted
07:01:02.0131 0x0990 btwdins - ok
07:01:02.0180 0x0990 [ A94032A7755164E13C75E0E7409AFD65, F7C96528381AB34088689E3253B9A7E27351319FBB0522B62F7260451A3980BD ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
07:01:02.0188 0x0990 btwl2cap - ok
07:01:02.0231 0x0990 [ 1E5468447E4D18FBEA5F01267D6495A5, 2ED322C528291D54410D2AAAC693938EEFCE1C33F6923F14902B61C6D038C48A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
07:01:02.0233 0x0990 btwrchid - ok
07:01:02.0279 0x0990 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:01:02.0283 0x0990 cdfs - ok
07:01:02.0339 0x0990 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:01:02.0352 0x0990 cdrom - ok
07:01:02.0415 0x0990 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
07:01:02.0419 0x0990 CertPropSvc - ok
07:01:02.0481 0x0990 [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass C:\Windows\system32\drivers\circlass.sys
07:01:02.0493 0x0990 circlass - ok
07:01:02.0525 0x0990 [ B3C3AFFC37D0BCDA8084B0427DEB9201, 5A7A60C37F107921198863AFC5DE6AD7CBF14C49EC02C8EBFA5CFAAB2B984B4E ] CLFS C:\Windows\system32\CLFS.sys
07:01:02.0554 0x0990 Suspicious file ( Forged ): C:\Windows\system32\CLFS.sys. Real md5: B3C3AFFC37D0BCDA8084B0427DEB9201, sha256: 5A7A60C37F107921198863AFC5DE6AD7CBF14C49EC02C8EBFA5CFAAB2B984B4E, fake md5: D7659D3B5B92C31E84E53C1431F35132, fake sha256: 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6
07:01:02.0555 0x0990 CLFS - detected ForgedFile.Multi.Generic ( 1 )
07:01:05.0476 0x0990 Detect skipped due to KSN trusted
07:01:05.0476 0x0990 CLFS - ok
07:01:05.0542 0x0990 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:01:05.0548 0x0990 clr_optimization_v2.0.50727_32 - ok
07:01:05.0618 0x0990 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:01:05.0652 0x0990 clr_optimization_v4.0.30319_32 - ok
07:01:05.0705 0x0990 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:01:05.0707 0x0990 CmBatt - ok
07:01:05.0760 0x0990 [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:01:05.0762 0x0990 cmdide - ok
07:01:05.0859 0x0990 [ 39BD5E89197CCF119CD09B789154E51B, A7F395F1FC8C31BBF912BB53144730369EA8B1906552965B1E7C0EBEDE657D0D ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
07:01:05.0892 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\CHDRT32.sys. Real md5: 39BD5E89197CCF119CD09B789154E51B, sha256: A7F395F1FC8C31BBF912BB53144730369EA8B1906552965B1E7C0EBEDE657D0D, fake md5: B6E7991E3D6146C04C85CD31AF22A381, fake sha256: 808393C7C5E59F273D03C62745A2AF759F588C102EDB6A2B8DD94C9A6AAF3F10
07:01:05.0893 0x0990 CnxtHdAudService - detected ForgedFile.Multi.Generic ( 1 )
07:01:08.0535 0x0990 Detect skipped due to KSN trusted
07:01:08.0544 0x0990 CnxtHdAudService - ok
07:01:08.0724 0x0990 [ B6009BA0D392A74566AE0AF610F2DFAD, 375E998C58151323B0D0FE008F2813B538816BE00C843BB9DBD6FCF72D2A97BF ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
07:01:08.0781 0x0990 Suspicious file ( Forged ): C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe. Real md5: B6009BA0D392A74566AE0AF610F2DFAD, sha256: 375E998C58151323B0D0FE008F2813B538816BE00C843BB9DBD6FCF72D2A97BF, fake md5: C7A0E61D5714AC20DE52D4F66EC773B8, fake sha256: 53F0C91FD62E6787221EFB4BFDB087C2087CACD6B0C0605F58FC391F546EBA7A
07:01:08.0782 0x0990 Com4QLBEx - detected ForgedFile.Multi.Generic ( 1 )
07:01:11.0435 0x0990 Com4QLBEx ( ForgedFile.Multi.Generic ) - warning
07:01:11.0453 0x0990 Force sending object to P2P due to detect: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
07:01:21.0661 0x0990 Object send P2P result: true
07:01:24.0261 0x0990 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:01:24.0284 0x0990 Compbatt - ok
07:01:24.0308 0x0990 COMSysApp - ok
07:01:24.0361 0x0990 [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:01:24.0378 0x0990 crcdisk - ok
07:01:24.0413 0x0990 [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe C:\Windows\system32\drivers\crusoe.sys
07:01:24.0416 0x0990 Crusoe - ok
07:01:24.0456 0x0990 [ FD4F06A4D4B35CD18DBE7AE5932BD2BC, 0C4F8DAFE910C111D1BCD5E946E1F047D6289BC6CCD99371F76B67B6D8D20283 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:01:24.0475 0x0990 Suspicious file ( Forged ): C:\Windows\system32\cryptsvc.dll. Real md5: FD4F06A4D4B35CD18DBE7AE5932BD2BC, sha256: 0C4F8DAFE910C111D1BCD5E946E1F047D6289BC6CCD99371F76B67B6D8D20283, fake md5: 684C130BBC6DB681BAD4920A4C944AA5, fake sha256: DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92
07:01:24.0476 0x0990 CryptSvc - detected ForgedFile.Multi.Generic ( 1 )
07:01:26.0917 0x0990 Detect skipped due to KSN trusted
07:01:26.0917 0x0990 CryptSvc - ok
07:01:26.0973 0x0990 [ A407040FE3218E83C942EEBEB07030DF, 058ACE1D8EC5B36432EE7B83669D1FE12EEDE347CE5103D949289C710E1CCCD1 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
07:01:26.0988 0x0990 dc3d - ok
07:01:27.0034 0x0990 [ 6621476E1926167313D0FE6E95E98E7F, 2F711705F84C5C83F13E27855D472ED8564508CCC5C8394284745D1D28E2449D ] DcomLaunch C:\Windows\system32\rpcss.dll
07:01:27.0086 0x0990 Suspicious file ( Forged ): C:\Windows\system32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, sha256: 2F711705F84C5C83F13E27855D472ED8564508CCC5C8394284745D1D28E2449D, fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9, fake sha256: EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183
07:01:27.0089 0x0990 DcomLaunch - detected ForgedFile.Multi.Generic ( 1 )
07:01:30.0113 0x0990 Detect skipped due to KSN trusted
07:01:30.0131 0x0990 DcomLaunch - ok
07:01:30.0185 0x0990 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:01:30.0189 0x0990 DfsC - ok
07:01:30.0290 0x0990 [ E64B47ECCBA21C3EB9167C21EF8DFCD6, 00F5616E54D6A263B2547190B1088A54724E68899A593C46B0016908AC42EBC0 ] DFSR C:\Windows\system32\DFSR.exe
07:01:30.0409 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DFSR.exe. Real md5: E64B47ECCBA21C3EB9167C21EF8DFCD6, sha256: 00F5616E54D6A263B2547190B1088A54724E68899A593C46B0016908AC42EBC0, fake md5: 2CC3DCFB533A1035B13DCAB6160AB38B, fake sha256: C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0
07:01:30.0418 0x0990 DFSR - detected ForgedFile.Multi.Generic ( 1 )
07:01:32.0866 0x0990 Detect skipped due to KSN trusted
07:01:32.0867 0x0990 DFSR - ok
07:01:32.0939 0x0990 [ BEE7BF9A9BC8EECF0DAB06823333EB71, 59EE79F51E0D5038AEFC9A6591C368A79709DEAC3530C4CB4369FED5621FF195 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
07:01:32.0968 0x0990 Suspicious file ( Forged ): C:\Windows\System32\dhcpcsvc.dll. Real md5: BEE7BF9A9BC8EECF0DAB06823333EB71, sha256: 59EE79F51E0D5038AEFC9A6591C368A79709DEAC3530C4CB4369FED5621FF195, fake md5: 9028559C132146FB75EB7ACF384B086A, fake sha256: 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D
07:01:32.0969 0x0990 Dhcp - detected ForgedFile.Multi.Generic ( 1 )
07:01:35.0561 0x0990 Detect skipped due to KSN trusted
07:01:35.0561 0x0990 Dhcp - ok
07:01:35.0619 0x0990 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
07:01:35.0633 0x0990 disk - ok
07:01:35.0710 0x0990 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:01:35.0716 0x0990 Dnscache - ok
07:01:35.0747 0x0990 [ 5602860034ED703E783E0AD7DDA6F685, 502BCA79C00208F2527D9AE5BE9271E0D9CD913CA3B85AF33213BB71046F06DF ] dot3svc C:\Windows\System32\dot3svc.dll
07:01:35.0777 0x0990 Suspicious file ( Forged ): C:\Windows\System32\dot3svc.dll. Real md5: 5602860034ED703E783E0AD7DDA6F685, sha256: 502BCA79C00208F2527D9AE5BE9271E0D9CD913CA3B85AF33213BB71046F06DF, fake md5: 324FD74686B1EF5E7C19A8AF49E748F6, fake sha256: DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B
07:01:35.0778 0x0990 dot3svc - detected ForgedFile.Multi.Generic ( 1 )
07:01:38.0729 0x0990 Detect skipped due to KSN trusted
07:01:38.0754 0x0990 dot3svc - ok
07:01:38.0809 0x0990 [ D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE, F8295C35A23D1687CD74FD21639F12C1F65266F8EABE7B5DADD44CABEEBB6834 ] DPS C:\Windows\system32\dps.dll
07:01:38.0836 0x0990 Suspicious file ( Forged ): C:\Windows\system32\dps.dll. Real md5: D9FA2A14A9A7CC3CC47AA0E6C7FDC2AE, sha256: F8295C35A23D1687CD74FD21639F12C1F65266F8EABE7B5DADD44CABEEBB6834, fake md5: A622E888F8AA2F6B49E9BC466F0E5DEF, fake sha256: 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A
07:01:38.0837 0x0990 DPS - detected ForgedFile.Multi.Generic ( 1 )
07:01:41.0435 0x0990 Detect skipped due to KSN trusted
07:01:41.0435 0x0990 DPS - ok
07:01:41.0492 0x0990 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:01:41.0507 0x0990 drmkaud - ok
07:01:41.0584 0x0990 [ C21F8AA8AE207E65D83A37F04885BDBC, 970908E731A3603252CA68ACD9407E42D15D06186AB224D68167A25BA81A039F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:01:41.0628 0x0990 Suspicious file ( Forged ): C:\Windows\System32\drivers\dxgkrnl.sys. Real md5: C21F8AA8AE207E65D83A37F04885BDBC, sha256: 970908E731A3603252CA68ACD9407E42D15D06186AB224D68167A25BA81A039F, fake md5: 988670D8343EF9835FB3659DB71B2EFA, fake sha256: 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B
07:01:41.0631 0x0990 DXGKrnl - detected ForgedFile.Multi.Generic ( 1 )
07:01:44.0330 0x0990 Object is SCO, delete is not allowed
07:01:44.0331 0x0990 DXGKrnl ( ForgedFile.Multi.Generic ) - warning
07:01:46.0913 0x0990 [ E5E2C8CD720E7253A79634B39E9EE2F6, 426C6F3E12EB3FE3C80F5E3E211D4A0BDE6D1B7247310D84B81A453BC04B1C41 ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
07:01:46.0980 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\e100b325.sys. Real md5: E5E2C8CD720E7253A79634B39E9EE2F6, sha256: 426C6F3E12EB3FE3C80F5E3E211D4A0BDE6D1B7247310D84B81A453BC04B1C41, fake md5: C0B00E55CF82D122D25983C7A6A53DEA, fake sha256: 88C7A1A4907DD03F025A0E523887ADBDEB5AE0AFF7CD726FE00CDD0380BA93D7
07:01:46.0981 0x0990 E100B - detected ForgedFile.Multi.Generic ( 1 )
07:01:49.0449 0x0990 Detect skipped due to KSN trusted
07:01:49.0481 0x0990 E100B - ok
07:01:49.0529 0x0990 [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
07:01:49.0629 0x0990 E1G60 - ok
07:01:49.0707 0x0990 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
07:01:49.0707 0x0990 EapHost - ok
07:01:49.0758 0x0990 [ EB7BB3F702D7B9FA17F02902A26D3102, D19F1645ACD0102468CBBD301EABB5D4587E6ED42EB69248558D8A750272FD01 ] Ecache C:\Windows\system32\drivers\ecache.sys
07:01:49.0800 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\ecache.sys. Real md5: EB7BB3F702D7B9FA17F02902A26D3102, sha256: D19F1645ACD0102468CBBD301EABB5D4587E6ED42EB69248558D8A750272FD01, fake md5: 7F64EA048DCFAC7ACF8B4D7B4E6FE371, fake sha256: F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F
07:01:49.0801 0x0990 Ecache - detected ForgedFile.Multi.Generic ( 1 )
07:01:52.0451 0x0990 Detect skipped due to KSN trusted
07:01:52.0468 0x0990 Ecache - ok
07:01:52.0560 0x0990 [ 8BC25F382CE1C37F3462184FD1D8030C, F2EAB57AB451F77DC04A21A40D99E9213F7B605B4879BDC53AD06B2A41E9FA82 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:01:52.0629 0x0990 Suspicious file ( Forged ): C:\Windows\ehome\ehRecvr.exe. Real md5: 8BC25F382CE1C37F3462184FD1D8030C, sha256: F2EAB57AB451F77DC04A21A40D99E9213F7B605B4879BDC53AD06B2A41E9FA82, fake md5: 9BE3744D295A7701EB425332014F0797, fake sha256: 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D
07:01:52.0630 0x0990 ehRecvr - detected ForgedFile.Multi.Generic ( 1 )
07:01:55.0351 0x0990 Detect skipped due to KSN trusted
07:01:55.0366 0x0990 ehRecvr - ok
07:01:55.0413 0x0990 [ 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, FA43239BCEE7B97CA62F007CC68487560A39E19F74F3DDE7486DB3F98DF8E471 ] ehSched C:\Windows\ehome\ehsched.exe
07:01:55.0460 0x0990 Suspicious file ( Forged ): C:\Windows\ehome\ehsched.exe. Real md5: 0DFBE8AA4C20B52E1B8BF3CB6CBDF193, sha256: FA43239BCEE7B97CA62F007CC68487560A39E19F74F3DDE7486DB3F98DF8E471, fake md5: AD1870C8E5D6DD340C829E6074BF3C3F, fake sha256: 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88
07:01:55.0460 0x0990 ehSched - detected ForgedFile.Multi.Generic ( 1 )
07:01:58.0337 0x0990 Detect skipped due to KSN trusted
07:01:58.0337 0x0990 ehSched - ok
07:01:58.0388 0x0990 [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart C:\Windows\ehome\ehstart.dll
07:01:58.0390 0x0990 ehstart - ok
07:01:58.0433 0x0990 [ A673FE699A92D5D8543D5169B998866B, CA7A3D73A2F20D0087DBEF6973C2E8A7D8D16F182E04B2AD559D4D7C397F93E1 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:01:58.0463 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\elxstor.sys. Real md5: A673FE699A92D5D8543D5169B998866B, sha256: CA7A3D73A2F20D0087DBEF6973C2E8A7D8D16F182E04B2AD559D4D7C397F93E1, fake md5: E8F3F21A71720C84BCF423B80028359F, fake sha256: 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084
07:01:58.0465 0x0990 elxstor - detected ForgedFile.Multi.Generic ( 1 )
07:02:01.0173 0x0990 Object is SCO, delete is not allowed
07:02:01.0173 0x0990 elxstor ( ForgedFile.Multi.Generic ) - warning
07:02:01.0173 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\drivers\elxstor.sys
07:02:03.0867 0x0990 Object send P2P result: true
07:02:06.0507 0x0990 [ 05724A298F2FCAF5F4711D153600379A, E4EB9424C45F0927EBE74DEC3D92D8D87F5AEF6656444FD7D904AC75D0215D35 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
07:02:06.0564 0x0990 Suspicious file ( Forged ): C:\Windows\system32\emdmgmt.dll. Real md5: 05724A298F2FCAF5F4711D153600379A, sha256: E4EB9424C45F0927EBE74DEC3D92D8D87F5AEF6656444FD7D904AC75D0215D35, fake md5: 4E6B23DFC917EA39306B529B773950F4, fake sha256: C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2
07:02:06.0566 0x0990 EMDMgmt - detected ForgedFile.Multi.Generic ( 1 )
07:02:09.0477 0x0990 Detect skipped due to KSN trusted
07:02:09.0492 0x0990 EMDMgmt - ok
07:02:09.0580 0x0990 [ 4A37B2EBCE76601F28E88E24E62AE715, E03F1F2DE3A0EA07B30025EFD9231AA4C8DFE7206207F8AA07398359FC34C04D ] EventSystem C:\Windows\system32\es.dll
07:02:09.0613 0x0990 Suspicious file ( Forged ): C:\Windows\system32\es.dll. Real md5: 4A37B2EBCE76601F28E88E24E62AE715, sha256: E03F1F2DE3A0EA07B30025EFD9231AA4C8DFE7206207F8AA07398359FC34C04D, fake md5: 67058C46504BC12D821F38CF99B7B28F, fake sha256: E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D
07:02:09.0615 0x0990 EventSystem - detected ForgedFile.Multi.Generic ( 1 )
07:02:14.0106 0x0990 Detect skipped due to KSN trusted
07:02:14.0122 0x0990 EventSystem - ok
07:02:14.0187 0x0990 [ DD5448BF498735A4AF29D9B7A08BAA98, E64F5E5C1143E4920275D83725E112F4B2941956D95E378737EE96EF12897EEB ] exfat C:\Windows\system32\drivers\exfat.sys
07:02:14.0230 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\exfat.sys. Real md5: DD5448BF498735A4AF29D9B7A08BAA98, sha256: E64F5E5C1143E4920275D83725E112F4B2941956D95E378737EE96EF12897EEB, fake md5: 22B408651F9123527BCEE54B4F6C5CAE, fake sha256: 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2
07:02:14.0230 0x0990 exfat - detected ForgedFile.Multi.Generic ( 1 )
07:02:17.0199 0x0990 Detect skipped due to KSN trusted
07:02:17.0199 0x0990 exfat - ok
07:02:17.0237 0x0990 [ 31478AB932E13E1C1D7B15EA886D4753, CCAEDB359BAFC1C49815BC0A821AE6550F6BD3B7DEE1C5A5EF7B2A4A01206FFD ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:02:17.0255 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\fastfat.sys. Real md5: 31478AB932E13E1C1D7B15EA886D4753, sha256: CCAEDB359BAFC1C49815BC0A821AE6550F6BD3B7DEE1C5A5EF7B2A4A01206FFD, fake md5: 1E9B9A70D332103C52995E957DC09EF8, fake sha256: 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3
07:02:17.0256 0x0990 fastfat - detected ForgedFile.Multi.Generic ( 1 )
07:02:19.0868 0x0990 Detect skipped due to KSN trusted
07:02:19.0868 0x0990 fastfat - ok
07:02:19.0933 0x0990 [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:02:19.0943 0x0990 fdc - ok
07:02:19.0998 0x0990 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
07:02:20.0002 0x0990 fdPHost - ok
07:02:20.0032 0x0990 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
07:02:20.0036 0x0990 FDResPub - ok
07:02:20.0086 0x0990 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:02:20.0089 0x0990 FileInfo - ok
07:02:20.0126 0x0990 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:02:20.0129 0x0990 Filetrace - ok
07:02:20.0138 0x0990 [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:02:20.0140 0x0990 flpydisk - ok
07:02:20.0152 0x0990 [ 2538353A92BCA8ABF5E0765C025845A0, 2DB6BB39F2E4E55E4A02B7742EAA929FB1161827D23FB551E3C4C380D9B17CA4 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:02:20.0175 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\fltmgr.sys. Real md5: 2538353A92BCA8ABF5E0765C025845A0, sha256: 2DB6BB39F2E4E55E4A02B7742EAA929FB1161827D23FB551E3C4C380D9B17CA4, fake md5: 01334F9EA68E6877C4EF05D3EA8ABB05, fake sha256: 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99
07:02:20.0176 0x0990 FltMgr - detected ForgedFile.Multi.Generic ( 1 )
07:02:22.0861 0x0990 Detect skipped due to KSN trusted
07:02:22.0861 0x0990 FltMgr - ok
07:02:22.0940 0x0990 [ DFA80B62A008F748F13DB0C078E745B2, FC80BAF726A0C413B72477FE231388DE3586BDB04141A8278F6ECD96DDE7A5C8 ] FontCache C:\Windows\system32\FntCache.dll
07:02:22.0997 0x0990 Suspicious file ( Forged ): C:\Windows\system32\FntCache.dll. Real md5: DFA80B62A008F748F13DB0C078E745B2, sha256: FC80BAF726A0C413B72477FE231388DE3586BDB04141A8278F6ECD96DDE7A5C8, fake md5: 2AFA3A46986AE935DAECEBC7E66314CF, fake sha256: 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D
07:02:23.0000 0x0990 FontCache - detected ForgedFile.Multi.Generic ( 1 )
07:02:25.0590 0x0990 Detect skipped due to KSN trusted
07:02:25.0604 0x0990 FontCache - ok
07:02:25.0769 0x0990 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:02:25.0804 0x0990 FontCache3.0.0.0 - ok
07:02:25.0895 0x0990 [ 9A092384170F59AC1C5351BE8029DE7C, 59BB54E7E7CED08EDF4C09CC39451B0B2FD0E7830F33FBB4B59C8F2A9329BF6C ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
07:02:25.0935 0x0990 Suspicious file ( Forged ): C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe. Real md5: 9A092384170F59AC1C5351BE8029DE7C, sha256: 59BB54E7E7CED08EDF4C09CC39451B0B2FD0E7830F33FBB4B59C8F2A9329BF6C, fake md5: 34D2E12226269789BB5F292915B089D7, fake sha256: 5B10898706CC45BC9A027EFD33A5B60BE921A9D4C8F9E05A58E0AADE6EFA2DE6
07:02:25.0938 0x0990 ForceWare Intelligent Application Manager (IAM) - detected ForgedFile.Multi.Generic ( 1 )
07:02:28.0414 0x0990 Detect skipped due to KSN trusted
07:02:28.0436 0x0990 ForceWare Intelligent Application Manager (IAM) - ok
07:02:28.0501 0x0990 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:02:28.0537 0x0990 Fs_Rec - ok
07:02:28.0581 0x0990 [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:02:28.0585 0x0990 gagp30kx - ok
07:02:28.0629 0x0990 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:02:28.0653 0x0990 GEARAspiWDM - ok
07:02:28.0711 0x0990 [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio C:\Windows\system32\giveio.sys
07:02:28.0714 0x0990 giveio - ok
07:02:28.0764 0x0990 [ 709215724B53CA227C140AD2E45F321E, 0340668E35B3A48BCB49E8D086B4048ECA997A6464DF16CC3500214C252120BB ] gpsvc C:\Windows\System32\gpsvc.dll
07:02:28.0833 0x0990 Suspicious file ( Forged ): C:\Windows\System32\gpsvc.dll. Real md5: 709215724B53CA227C140AD2E45F321E, sha256: 0340668E35B3A48BCB49E8D086B4048ECA997A6464DF16CC3500214C252120BB, fake md5: CD5D0AEEE35DFD4E986A5AA1500A6E66, fake sha256: DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F
07:02:28.0835 0x0990 gpsvc - detected ForgedFile.Multi.Generic ( 1 )
07:02:31.0625 0x0990 Detect skipped due to KSN trusted
07:02:31.0641 0x0990 gpsvc - ok
07:02:31.0781 0x0990 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:02:31.0813 0x0990 gupdate - ok
07:02:31.0813 0x0990 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:02:31.0814 0x0990 gupdatem - ok
07:02:31.0849 0x0990 [ 2F756CA2000D3A5C6D3900FDB0FA1296, 324CF2D676EBE0F23393C87ABD9E6191D2F7BF24656F2372C368E27807BB8AB6 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:02:31.0871 0x0990 Suspicious file ( Forged ): C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe. Real md5: 2F756CA2000D3A5C6D3900FDB0FA1296, sha256: 324CF2D676EBE0F23393C87ABD9E6191D2F7BF24656F2372C368E27807BB8AB6, fake md5: 751C1D2CA2ABF4A9F5A6B8D7D45B907C, fake sha256: 8F62DF65DB30770448E297D000B570683DEA454A5D84B5BCB1478D91030212DB
07:02:31.0872 0x0990 gusvc - detected ForgedFile.Multi.Generic ( 1 )
07:02:34.0767 0x0990 Detect skipped due to KSN trusted
07:02:34.0768 0x0990 gusvc - ok
07:02:34.0831 0x0990 [ 93AEE3434935FC2F805FEFD8DC5ED1B4, EF4A76725B76FFB9EA14E6274A1FDE8482DA907A9B967E3D7EDD365BF132AD42 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
07:02:34.0855 0x0990 HBtnKey - ok
07:02:34.0888 0x0990 [ 3E4A063053E37B20D74D15201559BD56, B0D1FBD663BB147EEA8D14164BB1F1C6D9540071FD6C8C0916C4693A48018EEB ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
07:02:34.0942 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\CHDART.sys. Real md5: 3E4A063053E37B20D74D15201559BD56, sha256: B0D1FBD663BB147EEA8D14164BB1F1C6D9540071FD6C8C0916C4693A48018EEB, fake md5: A08F4808FB19A40792A6056848187AFE, fake sha256: 3988DC8A995E11531EDD32A8816E0CC215EF60111AC4C05AA087472E620D8D68
07:02:34.0943 0x0990 HdAudAddService - detected ForgedFile.Multi.Generic ( 1 )
07:02:37.0651 0x0990 Detect skipped due to KSN trusted
07:02:37.0651 0x0990 HdAudAddService - ok
07:02:37.0701 0x0990 [ 7B0576051613B2B104C13014FE46280B, 2C199F84198E5ACA169676C7E43FBAD22A3951E78E75AB5D63505F3110D5449F ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:02:37.0929 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\HDAudBus.sys. Real md5: 7B0576051613B2B104C13014FE46280B, sha256: 2C199F84198E5ACA169676C7E43FBAD22A3951E78E75AB5D63505F3110D5449F, fake md5: 062452B7FFD68C8C042A6261FE8DFF4A, fake sha256: DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56
07:02:37.0932 0x0990 HDAudBus - detected ForgedFile.Multi.Generic ( 1 )
07:02:40.0546 0x0990 Detect skipped due to KSN trusted
07:02:40.0546 0x0990 HDAudBus - ok
07:02:40.0597 0x0990 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:02:40.0608 0x0990 HidBth - ok
07:02:40.0650 0x0990 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
07:02:40.0743 0x0990 HidIr - ok
07:02:40.0795 0x0990 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
07:02:40.0806 0x0990 hidserv - ok
07:02:40.0848 0x0990 [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:02:40.0850 0x0990 HidUsb - ok
07:02:40.0902 0x0990 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
07:02:40.0921 0x0990 hkmsvc - ok
07:02:41.0048 0x0990 [ A19B0BB5A7EB6DF2DD4A0711D36955EE, 307648CAFB3DDCD76FD730CA623945ED71D4276715A38D8CBB203C157C45F691 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
07:02:41.0053 0x0990 HP Health Check Service - ok
07:02:41.0113 0x0990 [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
07:02:41.0126 0x0990 HpCISSs - ok
07:02:41.0189 0x0990 [ 1210960FF8928950D2A786895B0C424A, 22C8785E024CFDD3A43FAEAAA96B8332C37E9B6C765AB7AFBCD3DAA2DC9EFFC7 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
07:02:41.0191 0x0990 HpqKbFiltr - ok
07:02:41.0257 0x0990 [ 341AE480B7751B9BE2C56B6F6A638E88, D69CE625FE7A46AD7B0C1B74F51540EFB6C0AA68A44F7D2F954AFCC2AF0486A9 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
07:02:41.0292 0x0990 Suspicious file ( Forged ): C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe. Real md5: 341AE480B7751B9BE2C56B6F6A638E88, sha256: D69CE625FE7A46AD7B0C1B74F51540EFB6C0AA68A44F7D2F954AFCC2AF0486A9, fake md5: FDF273A845F1FFCCEADF363AAF47582F, fake sha256: 9BB99346A977225EF77261CD3CF4219A238EB06FFE2DB91D00A0037BDCFECEF1
07:02:41.0293 0x0990 hpqwmiex - detected ForgedFile.Multi.Generic ( 1 )
07:02:43.0733 0x0990 Detect skipped due to KSN trusted
07:02:43.0734 0x0990 hpqwmiex - ok
07:02:43.0782 0x0990 [ E4EFE9F0DD1EDCD7769C9423596DABCC, BA0EE4B797B99449EBC7396D09562A0F64EC8795EABF62376FE36E289FB0F3C8 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:02:43.0835 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\VSTAZL3.SYS. Real md5: E4EFE9F0DD1EDCD7769C9423596DABCC, sha256: BA0EE4B797B99449EBC7396D09562A0F64EC8795EABF62376FE36E289FB0F3C8, fake md5: 46D67209550973257601A533E2AC5785, fake sha256: 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C
07:02:43.0835 0x0990 HSFHWAZL - detected ForgedFile.Multi.Generic ( 1 )
07:02:46.0515 0x0990 Detect skipped due to KSN trusted
07:02:46.0537 0x0990 HSFHWAZL - ok
07:02:46.0603 0x0990 [ F4CC13832707CBCEA205C1BE8175A03C, 2149AD50697D7D3DDFC532C8A1C4CCC2DA9F9A1454E89D7B719BCE6A43BDF482 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
07:02:46.0672 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\HSX_DPV.sys. Real md5: F4CC13832707CBCEA205C1BE8175A03C, sha256: 2149AD50697D7D3DDFC532C8A1C4CCC2DA9F9A1454E89D7B719BCE6A43BDF482, fake md5: 1882827F41DEE51C70E24C567C35BFB5, fake sha256: C3508BDB045F0CB2205733D9F0CF7A2BEE03C4E4A8690B7D305EBEE887E588C6
07:02:46.0676 0x0990 HSF_DPV - detected ForgedFile.Multi.Generic ( 1 )
07:02:49.0330 0x0990 Detect skipped due to KSN trusted
07:02:49.0358 0x0990 HSF_DPV - ok
07:02:49.0426 0x0990 [ 233566D0EE963948D3C4B6C31FD5D64F, 3A5C996A2F0859426D2F30527D3DD653CE6068B0C0FC48758C4500AA79D1E979 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
07:02:49.0452 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\HSXHWAZL.sys. Real md5: 233566D0EE963948D3C4B6C31FD5D64F, sha256: 3A5C996A2F0859426D2F30527D3DD653CE6068B0C0FC48758C4500AA79D1E979, fake md5: A44DDF3BA83E4664BF4DE9220097578C, fake sha256: 1EF22D06F6954F8E46241E8D7F231DC4BC2F78D898A9515D95BDEB4A0D372194
07:02:49.0453 0x0990 HSXHWAZL - detected ForgedFile.Multi.Generic ( 1 )
07:02:51.0895 0x0990 Detect skipped due to KSN trusted
07:02:51.0895 0x0990 HSXHWAZL - ok
07:02:51.0936 0x0990 [ 5D2F2BE05E2B89926F215648CB978659, F4C7BAF51386C26EEF006AFC1751F795D42E82E6A600792C4352126A3197F26C ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:02:52.0001 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\HTTP.sys. Real md5: 5D2F2BE05E2B89926F215648CB978659, sha256: F4C7BAF51386C26EEF006AFC1751F795D42E82E6A600792C4352126A3197F26C, fake md5: F870AA3E254628EBEAFE754108D664DE, fake sha256: B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70
07:02:52.0003 0x0990 HTTP - detected ForgedFile.Multi.Generic ( 1 )
07:02:54.0694 0x0990 Detect skipped due to KSN trusted
07:02:54.0694 0x0990 HTTP - ok
07:02:54.0754 0x0990 [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp C:\Windows\system32\drivers\i2omp.sys
07:02:54.0756 0x0990 i2omp - ok
07:02:54.0806 0x0990 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:02:54.0809 0x0990 i8042prt - ok
07:02:54.0866 0x0990 [ 08B89693772067C866C63309876482CA, E0B0354686DDE41BB5A938B4A9EC1036BBD802687757908C3F9B5C0C752171AF ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
07:02:54.0945 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\igdkmd32.sys. Real md5: 08B89693772067C866C63309876482CA, sha256: E0B0354686DDE41BB5A938B4A9EC1036BBD802687757908C3F9B5C0C752171AF, fake md5: 496DB78E6A0C4C44023D9A92B4A7AC31, fake sha256: 2B44213C39F05090D2057E3A21C1718DFC4478E976D44255B6FA5C3B8CF20FFF
07:02:54.0950 0x0990 ialm - detected ForgedFile.Multi.Generic ( 1 )
07:02:57.0651 0x0990 Detect skipped due to KSN trusted
07:02:57.0651 0x0990 ialm - ok
07:02:57.0689 0x0990 [ 9DCF37FC5B8F3792267FDE48E9F4C977, 6827C06F06F62FB54B7E590FEC2DF8EA3CBF6C252566E8D242D9A47B86A77FFC ] iaStorV C:\Windows\system32\drivers\iastorv.sys
07:02:57.0713 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\iastorv.sys. Real md5: 9DCF37FC5B8F3792267FDE48E9F4C977, sha256: 6827C06F06F62FB54B7E590FEC2DF8EA3CBF6C252566E8D242D9A47B86A77FFC, fake md5: C957BF4B5D80B46C5017BF0101E6C906, fake sha256: 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880
07:02:57.0714 0x0990 iaStorV - detected ForgedFile.Multi.Generic ( 1 )
07:03:00.0301 0x0990 Detect skipped due to KSN trusted
07:03:00.0301 0x0990 iaStorV - ok
07:03:00.0403 0x0990 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:03:00.0408 0x0990 IDriverT - ok
07:03:00.0475 0x0990 [ 0CCB927A147D18781E9D1DB3C285B8D9, 54D0323D3766C2E9A6B68650761C419AC6A03951F6333083A99B3C7F79278ECD ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:03:00.0549 0x0990 Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 0CCB927A147D18781E9D1DB3C285B8D9, sha256: 54D0323D3766C2E9A6B68650761C419AC6A03951F6333083A99B3C7F79278ECD, fake md5: 98477B08E61945F974ED9FDC4CB6BDAB, fake sha256: C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC
07:03:00.0552 0x0990 idsvc - detected ForgedFile.Multi.Generic ( 1 )
07:03:03.0053 0x0990 Detect skipped due to KSN trusted
07:03:03.0072 0x0990 idsvc - ok
07:03:03.0137 0x0990 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:03:03.0140 0x0990 iirsp - ok
07:03:03.0194 0x0990 [ 35EF641B57560567EA1CDBB2FF83B759, 79CC69E859819EB7EB4771129F3BE5E8FE26C9F06B8038F46E0BBB11C4A85ABE ] IKEEXT C:\Windows\System32\ikeext.dll
07:03:03.0238 0x0990 Suspicious file ( Forged ): C:\Windows\System32\ikeext.dll. Real md5: 35EF641B57560567EA1CDBB2FF83B759, sha256: 79CC69E859819EB7EB4771129F3BE5E8FE26C9F06B8038F46E0BBB11C4A85ABE, fake md5: 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, fake sha256: FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3
07:03:03.0241 0x0990 IKEEXT - detected ForgedFile.Multi.Generic ( 1 )
07:03:05.0885 0x0990 Detect skipped due to KSN trusted
07:03:05.0893 0x0990 IKEEXT - ok
07:03:05.0970 0x0990 [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide C:\Windows\system32\drivers\intelide.sys
07:03:05.0973 0x0990 intelide - ok
07:03:06.0024 0x0990 [ CE44CC04262F28216DD4341E9E36A16F, 2B316C4124DCFEAD7838B3D8FB8DBEC3F3B1EA8EA612AABB05B1275D0B230CCD ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:03:06.0027 0x0990 intelppm - ok
07:03:06.0106 0x0990 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:03:06.0125 0x0990 IPBusEnum - ok
07:03:06.0173 0x0990 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:03:06.0205 0x0990 IpFilterDriver - ok
07:03:06.0239 0x0990 [ E4EFE9F0DD1EDCD7769C9423596DABCC, BA0EE4B797B99449EBC7396D09562A0F64EC8795EABF62376FE36E289FB0F3C8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:03:06.0267 0x0990 Suspicious file ( Forged ): C:\Windows\System32\iphlpsvc.dll. Real md5: E4EFE9F0DD1EDCD7769C9423596DABCC, sha256: BA0EE4B797B99449EBC7396D09562A0F64EC8795EABF62376FE36E289FB0F3C8, fake md5: 1998BD97F950680BB55F55A7244679C2, fake sha256: A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8
07:03:06.0268 0x0990 iphlpsvc - detected ForgedFile.Multi.Generic ( 1 )
07:03:06.0268 0x0990 Detect skipped due to KSN trusted
07:03:06.0268 0x0990 iphlpsvc - ok
07:03:06.0338 0x0990 [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
07:03:06.0343 0x0990 IPMIDRV - ok
07:03:06.0389 0x0990 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
07:03:06.0402 0x0990 IPNAT - ok
07:03:06.0467 0x0990 [ B2179A1F99818EFF32BB644A54FB35B7, 43DE4F8CC632C899D0FA8886BCEDFCD21EEEB8F09B829E1019D2612160DB860A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:03:06.0557 0x0990 Suspicious file ( Forged ): C:\Program Files\iPod\bin\iPodService.exe. Real md5: B2179A1F99818EFF32BB644A54FB35B7, sha256: 43DE4F8CC632C899D0FA8886BCEDFCD21EEEB8F09B829E1019D2612160DB860A, fake md5: 9AE882A67F019CF30E8C9D7D60B05DDA, fake sha256: FB5D71F94529F37C8B45A5B4FBD15C66AECBFABB7E51C3B9BF63AEAFBE89F8BC
07:03:06.0573 0x0990 iPod Service - detected ForgedFile.Multi.Generic ( 1 )
07:03:09.0041 0x0990 iPod Service ( ForgedFile.Multi.Generic ) - warning
07:03:09.0069 0x0990 Force sending object to P2P due to detect: C:\Program Files\iPod\bin\iPodService.exe
07:03:13.0368 0x0990 Object send P2P result: true
07:03:16.0095 0x0990 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:03:16.0098 0x0990 IRENUM - ok
07:03:16.0170 0x0990 [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:03:16.0173 0x0990 isapnp - ok
07:03:16.0226 0x0990 [ AB9208FAF0F529FC3EED3B7761029859, 308D6D721A317B77D2F0660B12E24ADE0294464A46472252DEBE3D164AE6F565 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
07:03:16.0257 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\msiscsi.sys. Real md5: AB9208FAF0F529FC3EED3B7761029859, sha256: 308D6D721A317B77D2F0660B12E24ADE0294464A46472252DEBE3D164AE6F565, fake md5: 232FA340531D940AAC623B121A595034, fake sha256: 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1
07:03:16.0258 0x0990 iScsiPrt - detected ForgedFile.Multi.Generic ( 1 )
07:03:18.0847 0x0990 Detect skipped due to KSN trusted
07:03:18.0848 0x0990 iScsiPrt - ok
07:03:18.0902 0x0990 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
07:03:18.0909 0x0990 iteatapi - ok
07:03:18.0923 0x0990 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
07:03:18.0926 0x0990 iteraid - ok
07:03:18.0972 0x0990 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:03:18.0976 0x0990 kbdclass - ok
07:03:19.0022 0x0990 [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:03:19.0024 0x0990 kbdhid - ok
07:03:19.0070 0x0990 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
07:03:19.0074 0x0990 KeyIso - ok
07:03:19.0094 0x0990 [ 0A433A51020CD61594EE0AB8435B2176, 40156A760C5717F26C8B22F6DA249F67E0F345BA71E2251C8F9CAEACCA3F194C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:03:19.0133 0x0990 Suspicious file ( Forged ): C:\Windows\system32\Drivers\ksecdd.sys. Real md5: 0A433A51020CD61594EE0AB8435B2176, sha256: 40156A760C5717F26C8B22F6DA249F67E0F345BA71E2251C8F9CAEACCA3F194C, fake md5: 4A1445EFA932A3BAF5BDB02D7131EE20, fake sha256: 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2
07:03:19.0135 0x0990 KSecDD - detected ForgedFile.Multi.Generic ( 1 )
07:03:21.0621 0x0990 Detect skipped due to KSN trusted
07:03:21.0639 0x0990 KSecDD - ok
07:03:21.0704 0x0990 [ C6DCDF88AE75644704F35CAF5337C0B6, 1D6A7E3B2688332F3A1E84C84C468F1207889EAB963A871B0D8022BD59C03EC0 ] KtmRm C:\Windows\system32\msdtckrm.dll
07:03:21.0740 0x0990 Suspicious file ( Forged ): C:\Windows\system32\msdtckrm.dll. Real md5: C6DCDF88AE75644704F35CAF5337C0B6, sha256: 1D6A7E3B2688332F3A1E84C84C468F1207889EAB963A871B0D8022BD59C03EC0, fake md5: 8078F8F8F7A79E2E6B494523A828C585, fake sha256: BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347
07:03:21.0742 0x0990 KtmRm - detected ForgedFile.Multi.Generic ( 1 )
07:03:24.0579 0x0990 Detect skipped due to KSN trusted
07:03:24.0604 0x0990 KtmRm - ok
07:03:24.0695 0x0990 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
07:03:24.0711 0x0990 LanmanServer - ok
07:03:24.0756 0x0990 [ A3D96945791156D3AAF9CF34FEEFA21C, 7C9326FC5B2F7AE0FA9228F57B956BF697046C4A9AC75EC365FC814F6F4E2C0B ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:03:24.0787 0x0990 Suspicious file ( Forged ): C:\Windows\System32\wkssvc.dll. Real md5: A3D96945791156D3AAF9CF34FEEFA21C, sha256: 7C9326FC5B2F7AE0FA9228F57B956BF697046C4A9AC75EC365FC814F6F4E2C0B, fake md5: 1DB69705B695B987082C8BAEC0C6B34F, fake sha256: D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3
07:03:24.0788 0x0990 LanmanWorkstation - detected ForgedFile.Multi.Generic ( 1 )
07:03:27.0483 0x0990 Detect skipped due to KSN trusted
07:03:27.0483 0x0990 LanmanWorkstation - ok
07:03:27.0606 0x0990 [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:03:27.0616 0x0990 LightScribeService - ok
07:03:27.0663 0x0990 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:03:27.0693 0x0990 lltdio - ok
07:03:27.0729 0x0990 [ B98524C2784030C4ECFE3DEA47002A80, D9E409CB77949AB777928BA1F993C7BF05C67B4C4D6786A3EAE05F81D8244120 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:03:27.0756 0x0990 Suspicious file ( Forged ): C:\Windows\System32\lltdsvc.dll. Real md5: B98524C2784030C4ECFE3DEA47002A80, sha256: D9E409CB77949AB777928BA1F993C7BF05C67B4C4D6786A3EAE05F81D8244120, fake md5: 2D5A428872F1442631D0959A34ABFF63, fake sha256: E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0
07:03:27.0758 0x0990 lltdsvc - detected ForgedFile.Multi.Generic ( 1 )
February 25th, 2014, 09:00 AM
daveandrita1

part 3

07:03:31.0096 0x0990 Detect skipped due to KSN trusted
07:03:31.0096 0x0990 lltdsvc - ok
07:03:31.0174 0x0990 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:03:31.0174 0x0990 lmhosts - ok
07:03:31.0252 0x0990 [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:03:31.0268 0x0990 LSI_FC - ok
07:03:31.0283 0x0990 [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:03:31.0299 0x0990 LSI_SAS - ok
07:03:31.0330 0x0990 [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:03:31.0330 0x0990 LSI_SCSI - ok
07:03:31.0377 0x0990 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
07:03:31.0377 0x0990 luafv - ok
07:03:31.0455 0x0990 [ 9D103E87A34A37ADDA6498EB2778C763, 1177B10DF2EB00925ED12655CEAC530997FBFADF6CD60D375E941E3F322440AA ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
07:03:31.0486 0x0990 Suspicious file ( Forged ): C:\Program Files\Common Files\Motive\McciCMService.exe. Real md5: 9D103E87A34A37ADDA6498EB2778C763, sha256: 1177B10DF2EB00925ED12655CEAC530997FBFADF6CD60D375E941E3F322440AA, fake md5: E6CB119EF2E148EAA1A247343550756E, fake sha256: 11729FDA2D41D00B43107391416651E674F23DE21D398DA299FFFF61032A98D0
07:03:31.0502 0x0990 McciCMService - detected ForgedFile.Multi.Generic ( 1 )
07:03:33.0912 0x0990 Detect skipped due to KSN trusted
07:03:33.0912 0x0990 McciCMService - ok
07:03:33.0959 0x0990 [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:03:33.0966 0x0990 Mcx2Svc - ok
07:03:34.0023 0x0990 [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
07:03:34.0025 0x0990 mdmxsdk - ok
07:03:34.0075 0x0990 [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas C:\Windows\system32\drivers\megasas.sys
07:03:34.0078 0x0990 megasas - ok
07:03:34.0236 0x0990 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:03:34.0251 0x0990 Microsoft Office Groove Audit Service - ok
07:03:34.0295 0x0990 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
07:03:34.0306 0x0990 MMCSS - ok
07:03:34.0359 0x0990 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
07:03:34.0365 0x0990 Modem - ok
07:03:34.0410 0x0990 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:03:34.0413 0x0990 monitor - ok
07:03:34.0470 0x0990 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:03:34.0474 0x0990 mouclass - ok
07:03:34.0498 0x0990 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:03:34.0501 0x0990 mouhid - ok
07:03:34.0561 0x0990 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
07:03:34.0570 0x0990 MountMgr - ok
07:03:34.0637 0x0990 [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio C:\Windows\system32\drivers\mpio.sys
07:03:34.0749 0x0990 mpio - ok
07:03:34.0796 0x0990 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:03:34.0808 0x0990 mpsdrv - ok
07:03:34.0839 0x0990 [ C46DF109D49B7827F326885D1367C964, EC1897038A31996B807BDAD1CBACEAD26321406A0EDB118270EA76512ACC3799 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:03:34.0873 0x0990 Suspicious file ( Forged ): C:\Windows\system32\mpssvc.dll. Real md5: C46DF109D49B7827F326885D1367C964, sha256: EC1897038A31996B807BDAD1CBACEAD26321406A0EDB118270EA76512ACC3799, fake md5: 5DE62C6E9108F14F6794060A9BDECAEC, fake sha256: 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9
07:03:34.0876 0x0990 MpsSvc - detected ForgedFile.Multi.Generic ( 1 )
07:03:37.0471 0x0990 Detect skipped due to KSN trusted
07:03:37.0471 0x0990 MpsSvc - ok
07:03:37.0525 0x0990 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
07:03:37.0550 0x0990 Mraid35x - ok
07:03:37.0592 0x0990 [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
07:03:37.0638 0x0990 MREMP50 - ok
07:03:37.0692 0x0990 [ 2BC9E43F55DE8C30FC817ED56D0EE907, 0100BE629A0B80DDBC87AECA8E558C8B90A9884CE0530673899DC946D3A6C069 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
07:03:37.0694 0x0990 MREMPR5 - ok
07:03:37.0745 0x0990 [ 594B9D8194E3F4ECBF0325BD10BBEB05, BA002410AB77F129564FBA4BA2989B8E4E7128F81C016D742ADBAA40D55728F3 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
07:03:37.0748 0x0990 MRENDIS5 - ok
07:03:37.0776 0x0990 [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
07:03:37.0779 0x0990 MRESP50 - ok
07:03:37.0822 0x0990 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:03:37.0828 0x0990 MRxDAV - ok
07:03:37.0884 0x0990 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:03:37.0893 0x0990 mrxsmb - ok
07:03:37.0950 0x0990 [ B094DB2537AAEDACCB66B3707A5BB91C, B6A1C9B2349E91BCD2DE67F7DC0FF5F33CCE7450B58D5DBCE8CD62D80D20E1C6 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:03:37.0957 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. Real md5: B094DB2537AAEDACCB66B3707A5BB91C, sha256: B6A1C9B2349E91BCD2DE67F7DC0FF5F33CCE7450B58D5DBCE8CD62D80D20E1C6, fake md5: 4FCCB34D793B116423209C0F8B7A3B03, fake sha256: 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143
07:03:37.0958 0x0990 mrxsmb10 - detected ForgedFile.Multi.Generic ( 1 )
07:03:40.0415 0x0990 Detect skipped due to KSN trusted
07:03:40.0429 0x0990 mrxsmb10 - ok
07:03:40.0501 0x0990 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:03:40.0512 0x0990 mrxsmb20 - ok
07:03:40.0581 0x0990 [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci C:\Windows\system32\drivers\msahci.sys
07:03:40.0584 0x0990 msahci - ok
07:03:40.0632 0x0990 [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:03:40.0637 0x0990 msdsm - ok
07:03:40.0678 0x0990 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
07:03:40.0701 0x0990 MSDTC - ok
07:03:40.0756 0x0990 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:03:40.0769 0x0990 Msfs - ok
07:03:40.0831 0x0990 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:03:40.0833 0x0990 msisadrv - ok
07:03:40.0877 0x0990 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:03:40.0891 0x0990 MSiSCSI - ok
07:03:40.0917 0x0990 msiserver - ok
07:03:40.0967 0x0990 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:03:41.0037 0x0990 MSKSSRV - ok
07:03:41.0057 0x0990 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:03:41.0059 0x0990 MSPCLOCK - ok
07:03:41.0072 0x0990 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:03:41.0074 0x0990 MSPQM - ok
07:03:41.0104 0x0990 [ 22CDB67DE48B43458FEAF4025CFF9E6A, 5A40D6CB0BAB84A24A61E966905082D8B5DC45324C20726D512C9EC347C09EDD ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:03:41.0125 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\MsRPC.sys. Real md5: 22CDB67DE48B43458FEAF4025CFF9E6A, sha256: 5A40D6CB0BAB84A24A61E966905082D8B5DC45324C20726D512C9EC347C09EDD, fake md5: B49456D70555DE905C311BCDA6EC6ADB, fake sha256: 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F
07:03:41.0126 0x0990 MsRPC - detected ForgedFile.Multi.Generic ( 1 )
07:03:43.0724 0x0990 Detect skipped due to KSN trusted
07:03:43.0739 0x0990 MsRPC - ok
07:03:43.0823 0x0990 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:03:43.0829 0x0990 mssmbios - ok
07:03:43.0884 0x0990 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:03:43.0930 0x0990 MSTEE - ok
07:03:43.0962 0x0990 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
07:03:43.0962 0x0990 Mup - ok
07:03:43.0999 0x0990 [ BF16B6BE3E81BF3A03898E51FE2BA197, 44A7075D43E5422B2AD4376A98FBDD6F4B23DB78732B4EC1447AEC16F50D4C87 ] napagent C:\Windows\system32\qagentRT.dll
07:03:44.0031 0x0990 Suspicious file ( Forged ): C:\Windows\system32\qagentRT.dll. Real md5: BF16B6BE3E81BF3A03898E51FE2BA197, sha256: 44A7075D43E5422B2AD4376A98FBDD6F4B23DB78732B4EC1447AEC16F50D4C87, fake md5: E4EAF0C5C1B41B5C83386CF212CA9584, fake sha256: 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF
07:03:44.0033 0x0990 napagent - detected ForgedFile.Multi.Generic ( 1 )
07:03:46.0509 0x0990 Detect skipped due to KSN trusted
07:03:46.0527 0x0990 napagent - ok
07:03:46.0576 0x0990 [ 0745D9564DDCAC4884B38533C5A9D100, 76729054429E44B77122EA89246165164E80E50AF549203248688F593449BCA8 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:03:46.0615 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\nwifi.sys. Real md5: 0745D9564DDCAC4884B38533C5A9D100, sha256: 76729054429E44B77122EA89246165164E80E50AF549203248688F593449BCA8, fake md5: 85C44FDFF9CF7E72A40DCB7EC06A4416, fake sha256: DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956
07:03:46.0616 0x0990 NativeWifiP - detected ForgedFile.Multi.Generic ( 1 )
07:03:49.0236 0x0990 Detect skipped due to KSN trusted
07:03:49.0236 0x0990 NativeWifiP - ok
07:03:49.0293 0x0990 [ 1E55E310420D50A24403B5FC3902668F, 5FD4011C93C15944D02F846D61511041C43DFD59142F5230E5B3EC29DF0AA7D8 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:03:49.0342 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\ndis.sys. Real md5: 1E55E310420D50A24403B5FC3902668F, sha256: 5FD4011C93C15944D02F846D61511041C43DFD59142F5230E5B3EC29DF0AA7D8, fake md5: 1357274D1883F68300AEADD15D7BBB42, fake sha256: EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300
07:03:49.0344 0x0990 NDIS - detected ForgedFile.Multi.Generic ( 1 )
07:03:51.0786 0x0990 Detect skipped due to KSN trusted
07:03:51.0786 0x0990 NDIS - ok
07:03:51.0838 0x0990 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:03:51.0845 0x0990 NdisTapi - ok
07:03:51.0887 0x0990 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:03:51.0889 0x0990 Ndisuio - ok
07:03:51.0960 0x0990 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:03:51.0976 0x0990 NdisWan - ok
07:03:51.0993 0x0990 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:03:51.0999 0x0990 NDProxy - ok
07:03:52.0020 0x0990 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:03:52.0023 0x0990 NetBIOS - ok
07:03:52.0064 0x0990 [ 78E78900E441476A988389AE05503FD9, D2B7CB52966A901A3586A3582B61F45B209F9AED4B81D934E1D2E0FB493F1B37 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
07:03:52.0072 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 78E78900E441476A988389AE05503FD9, sha256: D2B7CB52966A901A3586A3582B61F45B209F9AED4B81D934E1D2E0FB493F1B37, fake md5: ECD64230A59CBD93C85F1CD1CAB9F3F6, fake sha256: 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F
07:03:52.0073 0x0990 netbt - detected ForgedFile.Multi.Generic ( 1 )
07:03:54.0686 0x0990 Detect skipped due to KSN trusted
07:03:54.0686 0x0990 netbt - ok
07:03:54.0704 0x0990 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
07:03:54.0718 0x0990 Netlogon - ok
07:03:54.0768 0x0990 [ 3DCB0CE00A2ADEE38D7B96AFC169C680, E88BBED1C8D4F548FD47A40F5BE2F2541D8258BA2058230335F2E46E5F185CBC ] Netman C:\Windows\System32\netman.dll
07:03:54.0812 0x0990 Suspicious file ( Forged ): C:\Windows\System32\netman.dll. Real md5: 3DCB0CE00A2ADEE38D7B96AFC169C680, sha256: E88BBED1C8D4F548FD47A40F5BE2F2541D8258BA2058230335F2E46E5F185CBC, fake md5: C8052711DAECC48B982434C5116CA401, fake sha256: 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35
07:03:54.0813 0x0990 Netman - detected ForgedFile.Multi.Generic ( 1 )
07:03:57.0261 0x0990 Detect skipped due to KSN trusted
07:03:57.0262 0x0990 Netman - ok
07:03:57.0305 0x0990 [ 75BAB4A799E3522EF12F70CBDE9560A2, EECD8DCB62CF0C1E193B2E30E05B7F8CFA127A2331051B304DF2D479948F5758 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:03:57.0353 0x0990 Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: 75BAB4A799E3522EF12F70CBDE9560A2, sha256: EECD8DCB62CF0C1E193B2E30E05B7F8CFA127A2331051B304DF2D479948F5758, fake md5: 21318671BCAD3ACF16638F98D4D00973, fake sha256: CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11
07:03:57.0353 0x0990 NetMsmqActivator - detected ForgedFile.Multi.Generic ( 1 )
07:03:59.0999 0x0990 NetMsmqActivator ( ForgedFile.Multi.Generic ) - warning
07:03:59.0999 0x0990 Force sending object to P2P due to detect: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:04:12.0272 0x0990 Object send P2P result: true
07:04:14.0838 0x0990 [ 75BAB4A799E3522EF12F70CBDE9560A2, EECD8DCB62CF0C1E193B2E30E05B7F8CFA127A2331051B304DF2D479948F5758 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:04:14.0964 0x0990 Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: 75BAB4A799E3522EF12F70CBDE9560A2, sha256: EECD8DCB62CF0C1E193B2E30E05B7F8CFA127A2331051B304DF2D479948F5758, fake md5: 21318671BCAD3ACF16638F98D4D00973, fake sha256: CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11
07:04:14.0965 0x0990 NetPipeActivator - detected ForgedFile.Multi.Generic ( 1 )
07:04:14.0965 0x0990 NetPipeActivator ( ForgedFile.Multi.Generic ) - warning
07:04:17.0568 0x0990 [ 625E3E643559D386D809FC1F29B94496, B04F3F659E13858E5DBF1568CCADF1E9F4A88FDE9798816BC2ED19BD13D0C7A5 ] netprofm C:\Windows\System32\netprofm.dll
07:04:17.0608 0x0990 Suspicious file ( Forged ): C:\Windows\System32\netprofm.dll. Real md5: 625E3E643559D386D809FC1F29B94496, sha256: B04F3F659E13858E5DBF1568CCADF1E9F4A88FDE9798816BC2ED19BD13D0C7A5, fake md5: 2EF3BBE22E5A5ACD1428EE387A0D0172, fake sha256: 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF
07:04:17.0609 0x0990 netprofm - detected ForgedFile.Multi.Generic ( 1 )
07:04:20.0266 0x0990 Detect skipped due to KSN trusted
07:04:20.0517 0x0990 netprofm - ok
07:04:20.0565 0x0990 [ 75BAB4A799E3522EF12F70CBDE9560A2, EECD8DCB62CF0C1E193B2E30E05B7F8CFA127A2331051B304DF2D479948F5758 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:04:20.0627 0x0990 Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: 75BAB4A799E3522EF12F70CBDE9560A2, sha256: EECD8DCB62CF0C1E193B2E30E05B7F8CFA127A2331051B304DF2D479948F5758, fake md5: 21318671BCAD3ACF16638F98D4D00973, fake sha256: CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11
07:04:20.0628 0x0990 NetTcpActivator - detected ForgedFile.Multi.Generic ( 1 )
07:04:20.0628 0x0990 NetTcpActivator ( ForgedFile.Multi.Generic ) - warning
07:04:20.0628 0x0990 Force sending object to P2P due to detect: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:04:24.0241 0x0990 Object send P2P result: true
07:04:26.0838 0x0990 [ 75BAB4A799E3522EF12F70CBDE9560A2, EECD8DCB62CF0C1E193B2E30E05B7F8CFA127A2331051B304DF2D479948F5758 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:04:26.0902 0x0990 Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe. Real md5: 75BAB4A799E3522EF12F70CBDE9560A2, sha256: EECD8DCB62CF0C1E193B2E30E05B7F8CFA127A2331051B304DF2D479948F5758, fake md5: 21318671BCAD3ACF16638F98D4D00973, fake sha256: CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11
07:04:26.0902 0x0990 NetTcpPortSharing - detected ForgedFile.Multi.Generic ( 1 )
07:04:26.0903 0x0990 NetTcpPortSharing ( ForgedFile.Multi.Generic ) - warning
07:04:26.0903 0x0990 Force sending object to P2P due to detect: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
07:04:40.0406 0x0990 Object send P2P result: true
07:04:43.0053 0x0990 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:04:43.0074 0x0990 nfrd960 - ok
07:04:43.0121 0x0990 [ 1E517742239024F78839DAEE35CB395B, 501388E87A5DF737CB5353DC0EF7F01182F2FEE6D317DF9C26C031532850238E ] NlaSvc C:\Windows\System32\nlasvc.dll
07:04:43.0145 0x0990 Suspicious file ( Forged ): C:\Windows\System32\nlasvc.dll. Real md5: 1E517742239024F78839DAEE35CB395B, sha256: 501388E87A5DF737CB5353DC0EF7F01182F2FEE6D317DF9C26C031532850238E, fake md5: 2997B15415F9BBE05B5A4C1C85E0C6A2, fake sha256: 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E
07:04:43.0146 0x0990 NlaSvc - detected ForgedFile.Multi.Generic ( 1 )
07:04:46.0089 0x0990 Detect skipped due to KSN trusted
07:04:46.0089 0x0990 NlaSvc - ok
07:04:46.0132 0x0990 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:04:46.0145 0x0990 Npfs - ok
07:04:46.0187 0x0990 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
07:04:46.0193 0x0990 nsi - ok
07:04:46.0225 0x0990 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:04:46.0228 0x0990 nsiproxy - ok
07:04:46.0260 0x0990 [ 59C83CE798E71455616640226D32AFDF, 4BAA60E896C7199CEC8FEE30D2991F1A8030B8BB42D66D38F4C3F7D623FBBC57 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
07:04:46.0296 0x0990 Suspicious file ( Forged ): C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe. Real md5: 59C83CE798E71455616640226D32AFDF, sha256: 4BAA60E896C7199CEC8FEE30D2991F1A8030B8BB42D66D38F4C3F7D623FBBC57, fake md5: 0DC1D52722CEBA645B4D460E66D58AEE, fake sha256: 627C05A2AF624A59EFCAA9C5464FD605F2700711EAFCECE8EFA2DA212274B97A
07:04:46.0297 0x0990 nSvcIp - detected ForgedFile.Multi.Generic ( 1 )
07:04:48.0921 0x0990 Detect skipped due to KSN trusted
07:04:48.0921 0x0990 nSvcIp - ok
07:04:49.0002 0x0990 [ DFFEEC51065992A4E6F9395254A1C1DF, 27B331B6DF1ECFA4C8612A6E98C8173C56AAFEB37788BBEA83CB8E64D0F613D0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:04:49.0069 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\Ntfs.sys. Real md5: DFFEEC51065992A4E6F9395254A1C1DF, sha256: 27B331B6DF1ECFA4C8612A6E98C8173C56AAFEB37788BBEA83CB8E64D0F613D0, fake md5: 2C1121F2B87E9A6B12485DF53CD848C7, fake sha256: E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936
07:04:49.0073 0x0990 Ntfs - detected ForgedFile.Multi.Generic ( 1 )
07:04:51.0517 0x0990 Object is SCO, delete is not allowed
07:04:51.0517 0x0990 Ntfs ( ForgedFile.Multi.Generic ) - warning
07:04:54.0094 0x0990 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
07:04:54.0097 0x0990 ntrigdigi - ok
07:04:54.0151 0x0990 [ CF7E041663119E09D2E118521ADA9300, 0BDDEDA787CCBE34D515945717AF972143A3684F6D37F87B639D6A5371F381CC ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
07:04:54.0154 0x0990 NuidFltr - ok
07:04:54.0198 0x0990 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
07:04:54.0210 0x0990 Null - ok
07:04:54.0276 0x0990 [ 9F7CFCD10505C852F2931ECCABC249B8, 2AAA7CAD64EB44E9D74A6B400B204D969911B5876B2EF64FC6C994CB8412B81F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
07:04:54.0348 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\nvmfdx32.sys. Real md5: 9F7CFCD10505C852F2931ECCABC249B8, sha256: 2AAA7CAD64EB44E9D74A6B400B204D969911B5876B2EF64FC6C994CB8412B81F, fake md5: D958A2B5F6AD5C3B8CCDC4D7DA62466C, fake sha256: 574DC2C4C1C46E3B6F53E0A14E0595493E73EEE03EA1FF9DD1D3266B414B9941
07:04:54.0352 0x0990 NVENETFD - detected ForgedFile.Multi.Generic ( 1 )
07:04:56.0961 0x0990 NVENETFD ( ForgedFile.Multi.Generic ) - warning
07:04:56.0961 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\nvmfdx32.sys
February 25th, 2014, 09:00 AM
daveandrita1

part 4

07:05:16.0141 0x0990 Object send P2P result: true
07:05:18.0944 0x0990 [ AA23811B0D87C14DB32B3F2B89F6F558, FB4978F4B679F4094FFB3AEABE2060AA1183CBCEBBD2D5BA7139C7EB6AA27CBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:05:19.0318 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. Real md5: AA23811B0D87C14DB32B3F2B89F6F558, sha256: FB4978F4B679F4094FFB3AEABE2060AA1183CBCEBBD2D5BA7139C7EB6AA27CBE, fake md5: D65BC32C1795191B7F2B028351AB4FE2, fake sha256: 16A345F3A0AC24EED2E55A47C0011CD4EB793EC3C81B2B36D8EAD9C60C949353
07:05:19.0347 0x0990 nvlddmkm - detected ForgedFile.Multi.Generic ( 1 )
07:05:21.0804 0x0990 nvlddmkm ( ForgedFile.Multi.Generic ) - warning
07:05:24.0469 0x0990 [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:05:24.0485 0x0990 nvraid - ok
07:05:24.0535 0x0990 [ AF1BD777AF00E96C45C77192D7453369, EBD81E27044130486B36111F583288517046D0930CD6614EB9251C85302BA822 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
07:05:24.0547 0x0990 nvsmu - ok
07:05:24.0578 0x0990 [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:05:24.0581 0x0990 nvstor - ok
07:05:24.0637 0x0990 [ 61612297D1E7984F51B200E75C480D71, F923C6D868525BFCF863699EBC6452624C7456D75F4A32F0872AB38DE96F854F ] nvsvc C:\Windows\system32\nvvsvc.exe
07:05:24.0668 0x0990 Suspicious file ( Forged ): C:\Windows\system32\nvvsvc.exe. Real md5: 61612297D1E7984F51B200E75C480D71, sha256: F923C6D868525BFCF863699EBC6452624C7456D75F4A32F0872AB38DE96F854F, fake md5: A8C043670699C956D56B9F1F3DAEFC98, fake sha256: 1D951638546C426737872C1A64A11597DD02A736CEEE789024968437DAD2FC94
07:05:24.0669 0x0990 nvsvc - detected ForgedFile.Multi.Generic ( 1 )
07:05:27.0260 0x0990 Detect skipped due to KSN trusted
07:05:27.0261 0x0990 nvsvc - ok
07:05:27.0317 0x0990 [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:05:27.0334 0x0990 nv_agp - ok
07:05:27.0446 0x0990 [ 087DFF37488245EC9717B29C4E818056, 71488DDCA5B0008297CDBAE948DBE8E7F0383A2DC2A096F9AAE3DC979E004406 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:05:27.0479 0x0990 Suspicious file ( Forged ): C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE. Real md5: 087DFF37488245EC9717B29C4E818056, sha256: 71488DDCA5B0008297CDBAE948DBE8E7F0383A2DC2A096F9AAE3DC979E004406, fake md5: 785F487A64950F3CB8E9F16253BA3B7B, fake sha256: 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6
07:05:27.0482 0x0990 odserv - detected ForgedFile.Multi.Generic ( 1 )
07:05:30.0745 0x0990 odserv ( ForgedFile.Multi.Generic ) - warning
07:05:33.0382 0x0990 [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
07:05:33.0401 0x0990 ohci1394 - ok
07:05:33.0459 0x0990 [ 23345305EDC5827EDE315B8491292308, 86147691D9710BDFDC263D7D2167C9D1954D2BD22BD6BE251DBDFB62FBF4A591 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:05:33.0509 0x0990 Suspicious file ( Forged ): C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE. Real md5: 23345305EDC5827EDE315B8491292308, sha256: 86147691D9710BDFDC263D7D2167C9D1954D2BD22BD6BE251DBDFB62FBF4A591, fake md5: 5A432A042DAE460ABE7199B758E8606C, fake sha256: 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71
07:05:33.0509 0x0990 ose - detected ForgedFile.Multi.Generic ( 1 )
07:05:36.0173 0x0990 Detect skipped due to KSN trusted
07:05:36.0189 0x0990 ose - ok
07:05:36.0254 0x0990 [ 5D419559B02E305B06B6A96C8E4F78A2, EF8CEA8EFB4797464A76CA9C5561DF8C572BEF4A514C8ED2D77C1D57B3F121CB ] p2pimsvc C:\Windows\system32\p2psvc.dll
07:05:36.0337 0x0990 Suspicious file ( Forged ): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, sha256: EF8CEA8EFB4797464A76CA9C5561DF8C572BEF4A514C8ED2D77C1D57B3F121CB, fake md5: 0C8E8E61AD1EB0B250B846712C917506, fake sha256: 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649
07:05:36.0340 0x0990 p2pimsvc - detected ForgedFile.Multi.Generic ( 1 )
07:05:38.0818 0x0990 Detect skipped due to KSN trusted
07:05:38.0838 0x0990 p2pimsvc - ok
07:05:38.0908 0x0990 [ 5D419559B02E305B06B6A96C8E4F78A2, EF8CEA8EFB4797464A76CA9C5561DF8C572BEF4A514C8ED2D77C1D57B3F121CB ] p2psvc C:\Windows\system32\p2psvc.dll
07:05:38.0957 0x0990 Suspicious file ( Forged ): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, sha256: EF8CEA8EFB4797464A76CA9C5561DF8C572BEF4A514C8ED2D77C1D57B3F121CB, fake md5: 0C8E8E61AD1EB0B250B846712C917506, fake sha256: 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649
07:05:38.0960 0x0990 p2psvc - detected ForgedFile.Multi.Generic ( 1 )
07:05:38.0960 0x0990 Detect skipped due to KSN trusted
07:05:38.0960 0x0990 p2psvc - ok
07:05:39.0016 0x0990 [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport C:\Windows\system32\drivers\parport.sys
07:05:39.0102 0x0990 Parport - ok
07:05:39.0160 0x0990 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:05:39.0163 0x0990 partmgr - ok
07:05:39.0203 0x0990 [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
07:05:39.0205 0x0990 Parvdm - ok
07:05:39.0257 0x0990 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
07:05:39.0264 0x0990 PcaSvc - ok
07:05:39.0312 0x0990 [ F408E154834EE6CB75FA90E27C4BE3FB, E8541C1A9E4BB7319F82F78F4D5BAC6948CFFAA6B1528B958F1B3EA70F9E4930 ] pci C:\Windows\system32\drivers\pci.sys
07:05:39.0343 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\pci.sys. Real md5: F408E154834EE6CB75FA90E27C4BE3FB, sha256: E8541C1A9E4BB7319F82F78F4D5BAC6948CFFAA6B1528B958F1B3EA70F9E4930, fake md5: 941DC1D19E7E8620F40BBC206981EFDB, fake sha256: 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802
07:05:39.0344 0x0990 pci - detected ForgedFile.Multi.Generic ( 1 )
07:05:42.0076 0x0990 Detect skipped due to KSN trusted
07:05:42.0092 0x0990 pci - ok
07:05:42.0199 0x0990 [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide C:\Windows\system32\drivers\pciide.sys
07:05:42.0199 0x0990 pciide - ok
07:05:42.0216 0x0990 [ A28B72293068A892C687681EE70B9544, 2A7C4A310F0440D19E95B4BF1861EC04FBD148C1285B79E507BFE4E1307E3F59 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:05:42.0247 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\pcmcia.sys. Real md5: A28B72293068A892C687681EE70B9544, sha256: 2A7C4A310F0440D19E95B4BF1861EC04FBD148C1285B79E507BFE4E1307E3F59, fake md5: E6F3FB1B86AA519E7698AD05E58B04E5, fake sha256: 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C
07:05:42.0247 0x0990 pcmcia - detected ForgedFile.Multi.Generic ( 1 )
07:05:44.0869 0x0990 Object is SCO, delete is not allowed
07:05:44.0869 0x0990 pcmcia ( ForgedFile.Multi.Generic ) - warning
07:05:44.0869 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\drivers\pcmcia.sys
07:05:47.0808 0x0990 Object send P2P result: true
07:05:50.0464 0x0990 [ 1BD9BE9899B531181E5E4634768C97D1, 7932328E97BA17DEA263376C6799E7F4B94C90BBFD90523101881C60DC4EC02F ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:05:50.0524 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\peauth.sys. Real md5: 1BD9BE9899B531181E5E4634768C97D1, sha256: 7932328E97BA17DEA263376C6799E7F4B94C90BBFD90523101881C60DC4EC02F, fake md5: 6349F6ED9C623B44B52EA3C63C831A92, fake sha256: 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92
07:05:50.0528 0x0990 PEAUTH - detected ForgedFile.Multi.Generic ( 1 )
07:05:53.0182 0x0990 Detect skipped due to KSN trusted
07:05:53.0197 0x0990 PEAUTH - ok
07:05:53.0310 0x0990 [ 0BBDA46E800FA755DBF6637A974CAE08, A816AE8D7CC424EE2CA329873CF770D16F89056CE380C35C70621D5371A145D6 ] pla C:\Windows\system32\pla.dll
07:05:53.0403 0x0990 Suspicious file ( Forged ): C:\Windows\system32\pla.dll. Real md5: 0BBDA46E800FA755DBF6637A974CAE08, sha256: A816AE8D7CC424EE2CA329873CF770D16F89056CE380C35C70621D5371A145D6, fake md5: B1689DF169143F57053F795390C99DB3, fake sha256: 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF
07:05:53.0411 0x0990 pla - detected ForgedFile.Multi.Generic ( 1 )
07:05:55.0929 0x0990 Detect skipped due to KSN trusted
07:05:55.0960 0x0990 pla - ok
07:05:56.0023 0x0990 [ 63369EA0128CAEB9771F59C9F056A4E4, 061F8D279EB760A64DBC1D62B5FA299DF9E274F22192C3E58CC568A03A721423 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:05:56.0054 0x0990 Suspicious file ( Forged ): C:\Windows\system32\umpnpmgr.dll. Real md5: 63369EA0128CAEB9771F59C9F056A4E4, sha256: 061F8D279EB760A64DBC1D62B5FA299DF9E274F22192C3E58CC568A03A721423, fake md5: C5E7F8A996EC0A82D508FD9064A5569E, fake sha256: 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F
07:05:56.0054 0x0990 PlugPlay - detected ForgedFile.Multi.Generic ( 1 )
07:05:58.0694 0x0990 Detect skipped due to KSN trusted
07:05:58.0705 0x0990 PlugPlay - ok
07:05:58.0766 0x0990 [ 5D419559B02E305B06B6A96C8E4F78A2, EF8CEA8EFB4797464A76CA9C5561DF8C572BEF4A514C8ED2D77C1D57B3F121CB ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
07:05:58.0857 0x0990 Suspicious file ( Forged ): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, sha256: EF8CEA8EFB4797464A76CA9C5561DF8C572BEF4A514C8ED2D77C1D57B3F121CB, fake md5: 0C8E8E61AD1EB0B250B846712C917506, fake sha256: 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649
07:05:58.0859 0x0990 PNRPAutoReg - detected ForgedFile.Multi.Generic ( 1 )
07:05:58.0860 0x0990 Detect skipped due to KSN trusted
07:05:58.0860 0x0990 PNRPAutoReg - ok
07:05:58.0883 0x0990 [ 5D419559B02E305B06B6A96C8E4F78A2, EF8CEA8EFB4797464A76CA9C5561DF8C572BEF4A514C8ED2D77C1D57B3F121CB ] PNRPsvc C:\Windows\system32\p2psvc.dll
07:05:58.0905 0x0990 Suspicious file ( Forged ): C:\Windows\system32\p2psvc.dll. Real md5: 5D419559B02E305B06B6A96C8E4F78A2, sha256: EF8CEA8EFB4797464A76CA9C5561DF8C572BEF4A514C8ED2D77C1D57B3F121CB, fake md5: 0C8E8E61AD1EB0B250B846712C917506, fake sha256: 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649
07:05:58.0908 0x0990 PNRPsvc - detected ForgedFile.Multi.Generic ( 1 )
07:05:58.0909 0x0990 Detect skipped due to KSN trusted
07:05:58.0909 0x0990 PNRPsvc - ok
07:05:58.0951 0x0990 [ D82AC5B7DA8FDCCDA1323836516405EC, 45B68111468B6688A44967523EE5F7909F571DF209165B890633D518AD5EDE76 ] Point32 C:\Windows\system32\DRIVERS\point32k.sys
07:05:58.0954 0x0990 Point32 - ok
07:05:58.0991 0x0990 [ 004ED2668CD0E02186B518A76BFA7305, 0964E7DBB74C471CE8EBEC74439F472CF8E8E2409DDEABDAB09C101390D9B913 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:05:59.0026 0x0990 Suspicious file ( Forged ): C:\Windows\System32\ipsecsvc.dll. Real md5: 004ED2668CD0E02186B518A76BFA7305, sha256: 0964E7DBB74C471CE8EBEC74439F472CF8E8E2409DDEABDAB09C101390D9B913, fake md5: D0494460421A03CD5225CCA0059AA146, fake sha256: FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90
07:05:59.0028 0x0990 PolicyAgent - detected ForgedFile.Multi.Generic ( 1 )
07:06:01.0537 0x0990 Detect skipped due to KSN trusted
07:06:01.0552 0x0990 PolicyAgent - ok
07:06:01.0620 0x0990 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:06:01.0732 0x0990 PptpMiniport - ok
07:06:01.0779 0x0990 [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor C:\Windows\system32\drivers\processr.sys
07:06:01.0782 0x0990 Processor - ok
07:06:01.0826 0x0990 [ D94085B36C265D5E7F49C6B6E817C992, E2057FF7B34E59217032A7293507E0A0DA503E5F00B83946E2A0E59C30C7135B ] ProfSvc C:\Windows\system32\profsvc.dll
07:06:01.0851 0x0990 Suspicious file ( Forged ): C:\Windows\system32\profsvc.dll. Real md5: D94085B36C265D5E7F49C6B6E817C992, sha256: E2057FF7B34E59217032A7293507E0A0DA503E5F00B83946E2A0E59C30C7135B, fake md5: 0508FAA222D28835310B7BFCA7A77346, fake sha256: 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C
07:06:01.0852 0x0990 ProfSvc - detected ForgedFile.Multi.Generic ( 1 )
07:06:04.0458 0x0990 Detect skipped due to KSN trusted
07:06:04.0458 0x0990 ProfSvc - ok
07:06:04.0494 0x0990 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
07:06:04.0499 0x0990 ProtectedStorage - ok
07:06:04.0552 0x0990 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
07:06:04.0556 0x0990 PSched - ok
07:06:04.0624 0x0990 [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI C:\Windows\system32\DRIVERS\psi_mf_x86.sys
07:06:04.0627 0x0990 PSI - ok
07:06:04.0663 0x0990 [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
07:06:04.0667 0x0990 PxHelp20 - ok
07:06:04.0701 0x0990 [ 5AF2613C3656B3CC9BF2395F60E05566, 599772B1B0C4D0EE8604DBF6F70F262D68FE991E84EF9C6D4C7D596B24A3DAE8 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:06:04.0757 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\ql2300.sys. Real md5: 5AF2613C3656B3CC9BF2395F60E05566, sha256: 599772B1B0C4D0EE8604DBF6F70F262D68FE991E84EF9C6D4C7D596B24A3DAE8, fake md5: CCDAC889326317792480C0A67156A1EC, fake sha256: 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF
07:06:04.0761 0x0990 ql2300 - detected ForgedFile.Multi.Generic ( 1 )
07:06:07.0202 0x0990 Object is SCO, delete is not allowed
07:06:07.0202 0x0990 ql2300 ( ForgedFile.Multi.Generic ) - warning
07:06:09.0754 0x0990 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:06:09.0763 0x0990 ql40xx - ok
07:06:09.0814 0x0990 [ 5F04EBF515737B3A3A3E13EAE4FD6339, 8E1049613F530C573546C52A3AF5A7140024142EAE120FD12C63AC4CBE169A11 ] QWAVE C:\Windows\system32\qwave.dll
07:06:09.0842 0x0990 Suspicious file ( Forged ): C:\Windows\system32\qwave.dll. Real md5: 5F04EBF515737B3A3A3E13EAE4FD6339, sha256: 8E1049613F530C573546C52A3AF5A7140024142EAE120FD12C63AC4CBE169A11, fake md5: E9ECAE663F47E6CB43962D18AB18890F, fake sha256: F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432
07:06:09.0843 0x0990 QWAVE - detected ForgedFile.Multi.Generic ( 1 )
07:06:12.0463 0x0990 Detect skipped due to KSN trusted
07:06:12.0463 0x0990 QWAVE - ok
07:06:12.0524 0x0990 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:06:12.0537 0x0990 QWAVEdrv - ok
07:06:12.0594 0x0990 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:06:12.0596 0x0990 RasAcd - ok
07:06:12.0652 0x0990 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
07:06:12.0665 0x0990 RasAuto - ok
07:06:12.0709 0x0990 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:06:12.0715 0x0990 Rasl2tp - ok
07:06:12.0754 0x0990 [ EC87A838931D4D5D2E94A04644788A55, 8A39D2ABD3999AB73C34DB2476849CDDF303CE389B35826850F9A700589B4A90 ] RasMan C:\Windows\System32\rasmans.dll
07:06:12.0786 0x0990 Suspicious file ( Forged ): C:\Windows\System32\rasmans.dll. Real md5: EC87A838931D4D5D2E94A04644788A55, sha256: 8A39D2ABD3999AB73C34DB2476849CDDF303CE389B35826850F9A700589B4A90, fake md5: 75D47445D70CA6F9F894B032FBC64FCF, fake sha256: 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14
07:06:12.0787 0x0990 RasMan - detected ForgedFile.Multi.Generic ( 1 )
07:06:15.0385 0x0990 Detect skipped due to KSN trusted
07:06:15.0410 0x0990 RasMan - ok
07:06:15.0489 0x0990 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:06:15.0493 0x0990 RasPppoe - ok
07:06:15.0548 0x0990 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:06:15.0552 0x0990 RasSstp - ok
07:06:15.0585 0x0990 [ 3E02DA96A403154487761734F342C2C9, 97A953E93E29D5703BB995DDE21E7122557C4EB80E63533D4BF5D66666898AD3 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:06:15.0614 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\rdbss.sys. Real md5: 3E02DA96A403154487761734F342C2C9, sha256: 97A953E93E29D5703BB995DDE21E7122557C4EB80E63533D4BF5D66666898AD3, fake md5: B14C9D5B9ADD2F84F70570BBBFAA7935, fake sha256: 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269
07:06:15.0615 0x0990 rdbss - detected ForgedFile.Multi.Generic ( 1 )
07:06:18.0140 0x0990 Detect skipped due to KSN trusted
07:06:18.0164 0x0990 rdbss - ok
07:06:18.0227 0x0990 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:06:18.0286 0x0990 RDPCDD - ok
07:06:18.0308 0x0990 [ 689CB8A9930F9D6F3838F751619FA22F, 7B67C5FDF747A7A7A64A2B203C9E251C063CE6FEDC4FD3D23DA417B56CFDDE40 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
07:06:18.0337 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\rdpdr.sys. Real md5: 689CB8A9930F9D6F3838F751619FA22F, sha256: 7B67C5FDF747A7A7A64A2B203C9E251C063CE6FEDC4FD3D23DA417B56CFDDE40, fake md5: E8BD98D46F2ED77132BA927FCCB47D8B, fake sha256: 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8
07:06:18.0338 0x0990 rdpdr - detected ForgedFile.Multi.Generic ( 1 )
07:06:20.0953 0x0990 Detect skipped due to KSN trusted
07:06:20.0962 0x0990 rdpdr - ok
07:06:21.0011 0x0990 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:06:21.0013 0x0990 RDPENCDD - ok
07:06:21.0068 0x0990 [ 5C8871B41E0604F375A577760391CB24, C6126AF9ACE0AA235071EB5D5FE2A8581D7BE523BF133C402A423E9C14E4BDBB ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:06:21.0102 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\RDPWD.sys. Real md5: 5C8871B41E0604F375A577760391CB24, sha256: C6126AF9ACE0AA235071EB5D5FE2A8581D7BE523BF133C402A423E9C14E4BDBB, fake md5: C127EBD5AFAB31524662C48DFCEB773A, fake sha256: 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89
07:06:21.0103 0x0990 RDPWD - detected ForgedFile.Multi.Generic ( 1 )
07:06:23.0859 0x0990 Detect skipped due to KSN trusted
07:06:23.0890 0x0990 RDPWD - ok
07:06:24.0062 0x0990 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
07:06:24.0062 0x0990 RealNetworks Downloader Resolver Service - ok
07:06:24.0124 0x0990 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
07:06:24.0171 0x0990 RemoteAccess - ok
07:06:24.0218 0x0990 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:06:24.0234 0x0990 RemoteRegistry - ok
07:06:24.0280 0x0990 [ 1B2B0B7FA7937CD057AA6ED27273EC68, 74041E57FFFED495E8EC794B7827535A35AFCDA6963B3C4C54958283E80F0896 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:06:24.0327 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\rfcomm.sys. Real md5: 1B2B0B7FA7937CD057AA6ED27273EC68, sha256: 74041E57FFFED495E8EC794B7827535A35AFCDA6963B3C4C54958283E80F0896, fake md5: 6482707F9F4DA0ECBAB43B2E0398A101, fake sha256: 7D57FC36577121D7E26A4F2D46DCA8725D55EC9F75B91DF994DB742BC4FB89C2
07:06:24.0327 0x0990 RFCOMM - detected ForgedFile.Multi.Generic ( 1 )
07:06:26.0937 0x0990 Detect skipped due to KSN trusted
07:06:26.0948 0x0990 RFCOMM - ok
07:06:27.0021 0x0990 [ DF672613FBBCD58C38BB0BC2694BCFB0, 9B574773C7E796B7E30481F7A22D996078D5D3D295270B5BA5931A2D2F03EB4B ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
07:06:27.0030 0x0990 rimmptsk - ok
07:06:27.0078 0x0990 [ 9BFB54D3559F2FF7301271D29D383564, DA7F9D7432D2DD4B8FCEEB5D995E4E0A2BF6226C3A244BE4EE6BF08EF29C8687 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
07:06:27.0081 0x0990 rimsptsk - ok
07:06:27.0115 0x0990 [ DCB87DA83CC1010CBC9FC4DC9E395BBC, 2123B7CAD746141C69F7DFCB4C351905C32E5B433F806EDA50074B088DC886DC ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
07:06:27.0119 0x0990 rismxdp - ok
07:06:27.0280 0x0990 [ 98E6DBA60CB31886FBF8A5C45ADD17D5, 9B732FA7361523D898C9F0AD03DE882F1DEE5F436DB1212FD55833B3C76CA2D2 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
07:06:27.0335 0x0990 Suspicious file ( Forged ): C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe. Real md5: 98E6DBA60CB31886FBF8A5C45ADD17D5, sha256: 9B732FA7361523D898C9F0AD03DE882F1DEE5F436DB1212FD55833B3C76CA2D2, fake md5: 08FB7D968805001C7ADCBB14B0651FA2, fake sha256: 1339832EA9DB66678C524AE6BAD6C5C412AD2B77BA5ED45E64B85536DA9836CA
07:06:27.0338 0x0990 RoxMediaDB9 - detected ForgedFile.Multi.Generic ( 1 )
07:06:30.0439 0x0990 Detect skipped due to KSN trusted
07:06:30.0457 0x0990 RoxMediaDB9 - ok
07:06:30.0522 0x0990 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
07:06:30.0530 0x0990 RpcLocator - ok
07:06:30.0577 0x0990 [ 6621476E1926167313D0FE6E95E98E7F, 2F711705F84C5C83F13E27855D472ED8564508CCC5C8394284745D1D28E2449D ] RpcSs C:\Windows\System32\rpcss.dll
07:06:30.0629 0x0990 Suspicious file ( Forged ): C:\Windows\System32\rpcss.dll. Real md5: 6621476E1926167313D0FE6E95E98E7F, sha256: 2F711705F84C5C83F13E27855D472ED8564508CCC5C8394284745D1D28E2449D, fake md5: 3B5B4D53FEC14F7476CA29A20CC31AC9, fake sha256: EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183
07:06:30.0632 0x0990 RpcSs - detected ForgedFile.Multi.Generic ( 1 )
07:06:30.0632 0x0990 Detect skipped due to KSN trusted
07:06:30.0632 0x0990 RpcSs - ok
07:06:30.0685 0x0990 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:06:30.0697 0x0990 rspndr - ok
07:06:30.0712 0x0990 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
07:06:30.0716 0x0990 SamSs - ok
07:06:30.0777 0x0990 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:06:30.0795 0x0990 sbp2port - ok
07:06:30.0846 0x0990 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:06:30.0856 0x0990 SCardSvr - ok
07:06:30.0905 0x0990 [ 6A325B709D328A46B39F3C8EB55347AF, 1DC8FA5FF970204A22F65A35A7167135F9492163E49F6D79237176696B8E4341 ] Schedule C:\Windows\system32\schedsvc.dll
07:06:30.0963 0x0990 Suspicious file ( Forged ): C:\Windows\system32\schedsvc.dll. Real md5: 6A325B709D328A46B39F3C8EB55347AF, sha256: 1DC8FA5FF970204A22F65A35A7167135F9492163E49F6D79237176696B8E4341, fake md5: 1A58069DB21D05EB2AB58EE5753EBE8D, fake sha256: EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4
07:06:30.0966 0x0990 Schedule - detected ForgedFile.Multi.Generic ( 1 )
07:06:33.0699 0x0990 Detect skipped due to KSN trusted
07:06:33.0711 0x0990 Schedule - ok
07:06:33.0787 0x0990 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
07:06:33.0790 0x0990 SCPolicySvc - ok
07:06:33.0850 0x0990 [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
07:06:33.0855 0x0990 sdbus - ok
07:06:33.0911 0x0990 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:06:33.0921 0x0990 SDRSVC - ok
07:06:33.0949 0x0990 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:06:33.0952 0x0990 secdrv - ok
07:06:33.0976 0x0990 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
07:06:33.0983 0x0990 seclogon - ok
07:06:34.0093 0x0990 [ 4840AB201DB69434488A6159910DA035, F3039BCCFE0D2079FF71A4EEFDF0FCA075AE5D15807F98291BF569A8501E38D4 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
07:06:34.0174 0x0990 Suspicious file ( Forged ): C:\Program Files\Secunia\PSI\PSIA.exe. Real md5: 4840AB201DB69434488A6159910DA035, sha256: F3039BCCFE0D2079FF71A4EEFDF0FCA075AE5D15807F98291BF569A8501E38D4, fake md5: DA6C0E0B15CD0B135FD385AEABAE3A4C, fake sha256: 1DBED093D4BD1E800828D8E0EB19EDA7FD1E963AABD4F71D61F1AD04F669290F
07:06:34.0179 0x0990 Secunia PSI Agent - detected ForgedFile.Multi.Generic ( 1 )
07:06:36.0666 0x0990 Secunia PSI Agent ( ForgedFile.Multi.Generic ) - warning
07:06:36.0698 0x0990 Force sending object to P2P due to detect: C:\Program Files\Secunia\PSI\PSIA.exe
07:06:43.0609 0x0990 Object send P2P result: true
07:06:46.0246 0x0990 [ 28DADC6A864E8AE5548E94CA00226CB4, 1BD1DE932984B7E285FEDB544BCE25FE646FF77A9AEB6DD3EA332AAA63EFA2A0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
07:06:46.0306 0x0990 Suspicious file ( Forged ): C:\Program Files\Secunia\PSI\sua.exe. Real md5: 28DADC6A864E8AE5548E94CA00226CB4, sha256: 1BD1DE932984B7E285FEDB544BCE25FE646FF77A9AEB6DD3EA332AAA63EFA2A0, fake md5: 71761EDC432A0E39CF621105884E738E, fake sha256: 935133326B794F6DEAA97B9B6B6295AC6A884C3B73ABCD5662A79CEAD8EEA5EE
07:06:46.0309 0x0990 Secunia Update Agent - detected ForgedFile.Multi.Generic ( 1 )
07:06:48.0970 0x0990 Secunia Update Agent ( ForgedFile.Multi.Generic ) - warning
07:06:48.0980 0x0990 Force sending object to P2P due to detect: C:\Program Files\Secunia\PSI\sua.exe
07:06:51.0808 0x0990 Object send P2P result: true
07:06:54.0419 0x0990 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
07:06:54.0427 0x0990 SENS - ok
07:06:54.0486 0x0990 [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum C:\Windows\system32\drivers\serenum.sys
07:06:54.0489 0x0990 Serenum - ok
07:06:54.0517 0x0990 [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial C:\Windows\system32\drivers\serial.sys
07:06:54.0522 0x0990 Serial - ok
07:06:54.0556 0x0990 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:06:54.0558 0x0990 sermouse - ok
07:06:54.0622 0x0990 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
07:06:54.0630 0x0990 SessionEnv - ok
07:06:54.0686 0x0990 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
07:06:54.0702 0x0990 sffdisk - ok
07:06:54.0744 0x0990 [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:06:54.0746 0x0990 sffp_mmc - ok
07:06:54.0811 0x0990 [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
07:06:54.0820 0x0990 sffp_sd - ok
07:06:54.0850 0x0990 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:06:54.0853 0x0990 sfloppy - ok
07:06:54.0903 0x0990 [ BE808F75A548431F70DD63967B466661, BE3608E547E9A7268A63D1D086AA58756904F4BD13E4DDDFACC46C62EB9FD92D ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:06:54.0947 0x0990 Suspicious file ( Forged ): C:\Windows\System32\ipnathlp.dll. Real md5: BE808F75A548431F70DD63967B466661, sha256: BE3608E547E9A7268A63D1D086AA58756904F4BD13E4DDDFACC46C62EB9FD92D, fake md5: E1499BD0FF76B1B2FBBF1AF339D91165, fake sha256: 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5
07:06:54.0966 0x0990 SharedAccess - detected ForgedFile.Multi.Generic ( 1 )
07:06:57.0453 0x0990 Detect skipped due to KSN trusted
07:06:57.0463 0x0990 SharedAccess - ok
07:06:57.0531 0x0990 [ F2F577D6BBA24BD4F1882E289203F358, 4FF0B04EFF4309987304E390BB94E37CA328320D2DC28B18EF172D99EC51EF80 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:06:57.0562 0x0990 Suspicious file ( Forged ): C:\Windows\System32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, sha256: 4FF0B04EFF4309987304E390BB94E37CA328320D2DC28B18EF172D99EC51EF80, fake md5: C7230FBEE14437716701C15BE02C27B8, fake sha256: 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774
07:06:57.0563 0x0990 ShellHWDetection - detected ForgedFile.Multi.Generic ( 1 )
February 25th, 2014, 09:01 AM
daveandrita1

part 5

07:07:00.0297 0x0990 Detect skipped due to KSN trusted
07:07:00.0306 0x0990 ShellHWDetection - ok
07:07:00.0356 0x0990 [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp C:\Windows\system32\drivers\sisagp.sys
07:07:00.0360 0x0990 sisagp - ok
07:07:00.0433 0x0990 [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
07:07:00.0433 0x0990 SiSRaid2 - ok
07:07:00.0452 0x0990 [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:07:00.0456 0x0990 SiSRaid4 - ok
07:07:00.0539 0x0990 [ 8F51C57AE5F9B134EFDE715CA895F167, 7166319ED848DF558B888294EF6FA49B3D868F0C6B44572A62859118BECBD620 ] SlimService C:\Program Files\SlimCleaner+\SlimServiceFactory.exe
07:07:00.0545 0x0990 Suspicious file ( Forged ): C:\Program Files\SlimCleaner+\SlimServiceFactory.exe. Real md5: 8F51C57AE5F9B134EFDE715CA895F167, sha256: 7166319ED848DF558B888294EF6FA49B3D868F0C6B44572A62859118BECBD620, fake md5: B451C65CCEFE6B7DFCE7E36EF223B8B5, fake sha256: 204F6C6E325023B1E3545ED5CA41C84639FA117624C59E6EADE815F564D9D7B1
07:07:00.0546 0x0990 SlimService - detected ForgedFile.Multi.Generic ( 1 )
07:07:03.0025 0x0990 SlimService ( ForgedFile.Multi.Generic ) - warning
07:07:03.0038 0x0990 Force sending object to P2P due to detect: C:\Program Files\SlimCleaner+\SlimServiceFactory.exe
07:07:06.0505 0x0990 Object send P2P result: true
07:07:09.0222 0x0990 [ 26C1DCA2184E7E9911D714A55D349CE6, BC845636236A1DC835E1444FAB57C2E48B2BF006895A5F8CB254571AEEA960F8 ] slsvc C:\Windows\system32\SLsvc.exe
07:07:09.0409 0x0990 Suspicious file ( Forged ): C:\Windows\system32\SLsvc.exe. Real md5: 26C1DCA2184E7E9911D714A55D349CE6, sha256: BC845636236A1DC835E1444FAB57C2E48B2BF006895A5F8CB254571AEEA960F8, fake md5: 862BB4CBC05D80C5B45BE430E5EF872F, fake sha256: F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D
07:07:09.0422 0x0990 slsvc - detected ForgedFile.Multi.Generic ( 1 )
07:07:12.0027 0x0990 Detect skipped due to KSN trusted
07:07:12.0028 0x0990 slsvc - ok
07:07:12.0097 0x0990 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
07:07:12.0105 0x0990 SLUINotify - ok
07:07:12.0165 0x0990 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:07:12.0191 0x0990 Smb - ok
07:07:12.0254 0x0990 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:07:12.0261 0x0990 SNMPTRAP - ok
07:07:12.0310 0x0990 [ 9F70CD5EDCC4EFC48AE21E04FB03BE9D, AD23D77A38655ACB71216824E363DF8AC41A48A1A0080F35A0D23AA14B54460B ] speedfan C:\Windows\system32\speedfan.sys
07:07:12.0326 0x0990 speedfan - ok
07:07:12.0381 0x0990 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
07:07:12.0389 0x0990 spldr - ok
07:07:12.0438 0x0990 [ 05DBBD20D38DEC7598E4AE3E255200AD, EEC19BC6AF0B3B6DFB97A08782C65F4BB3C3203E789A015D2008B0D689AD08BE ] Spooler C:\Windows\System32\spoolsv.exe
07:07:12.0454 0x0990 Suspicious file ( Forged ): C:\Windows\System32\spoolsv.exe. Real md5: 05DBBD20D38DEC7598E4AE3E255200AD, sha256: EEC19BC6AF0B3B6DFB97A08782C65F4BB3C3203E789A015D2008B0D689AD08BE, fake md5: 8554097E5136C3BF9F69FE578A1B35F4, fake sha256: 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0
07:07:12.0454 0x0990 Spooler - detected ForgedFile.Multi.Generic ( 1 )
07:07:15.0180 0x0990 Detect skipped due to KSN trusted
07:07:15.0186 0x0990 Spooler - ok
07:07:15.0251 0x0990 [ 397039AF02D50D15C70B74088EB8A1CB, A0BD70FE09DA570AAA5F83444852E45885E3F277564CC24370E9CDDDE9B28828 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:07:15.0279 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\srv.sys. Real md5: 397039AF02D50D15C70B74088EB8A1CB, sha256: A0BD70FE09DA570AAA5F83444852E45885E3F277564CC24370E9CDDDE9B28828, fake md5: 41987F9FC0E61ADF54F581E15029AD91, fake sha256: A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E
07:07:15.0281 0x0990 srv - detected ForgedFile.Multi.Generic ( 1 )
07:07:17.0884 0x0990 Detect skipped due to KSN trusted
07:07:17.0884 0x0990 srv - ok
07:07:17.0948 0x0990 [ 1AA21A40A1067F5BF80513656735A2BF, 367D887F725ECBB5E5734A4388B04DB927D60898B023EE456336C3F6A95C6857 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:07:17.0970 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\srv2.sys. Real md5: 1AA21A40A1067F5BF80513656735A2BF, sha256: 367D887F725ECBB5E5734A4388B04DB927D60898B023EE456336C3F6A95C6857, fake md5: FF33AFF99564B1AA534F58868CBE41EF, fake sha256: EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49
07:07:17.0970 0x0990 srv2 - detected ForgedFile.Multi.Generic ( 1 )
07:07:20.0656 0x0990 Detect skipped due to KSN trusted
07:07:20.0656 0x0990 srv2 - ok
07:07:20.0730 0x0990 [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:07:20.0755 0x0990 srvnet - ok
07:07:20.0806 0x0990 [ 3DABE639076AEA4BE21608FEBC95C1B5, BEA46ECDB78D8820477EB558D9A28B7752FD6D1FE8C6246E187C3DA419531F68 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:07:20.0841 0x0990 Suspicious file ( Forged ): C:\Windows\System32\ssdpsrv.dll. Real md5: 3DABE639076AEA4BE21608FEBC95C1B5, sha256: BEA46ECDB78D8820477EB558D9A28B7752FD6D1FE8C6246E187C3DA419531F68, fake md5: 03D50B37234967433A5EA5BA72BC0B62, fake sha256: 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327
07:07:20.0841 0x0990 SSDPSRV - detected ForgedFile.Multi.Generic ( 1 )
07:07:23.0479 0x0990 Detect skipped due to KSN trusted
07:07:23.0479 0x0990 SSDPSRV - ok
07:07:23.0617 0x0990 [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:07:23.0628 0x0990 SstpSvc - ok
07:07:23.0678 0x0990 [ A89777E9809EC6EA3190114E59C67BCB, CD5A8ED062B3EDF37B6664E1AE88B25AE628A28464304C6A5FAD5F70FA16B991 ] stisvc C:\Windows\System32\wiaservc.dll
07:07:23.0727 0x0990 Suspicious file ( Forged ): C:\Windows\System32\wiaservc.dll. Real md5: A89777E9809EC6EA3190114E59C67BCB, sha256: CD5A8ED062B3EDF37B6664E1AE88B25AE628A28464304C6A5FAD5F70FA16B991, fake md5: 5DE7D67E49B88F5F07F3E53C4B92A352, fake sha256: 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997
07:07:23.0730 0x0990 stisvc - detected ForgedFile.Multi.Generic ( 1 )
07:07:26.0166 0x0990 Detect skipped due to KSN trusted
07:07:26.0166 0x0990 stisvc - ok
07:07:26.0283 0x0990 [ A9A23C8AF361F7A93FD632E91A8C346F, A353E69B60E2A904E4079D05B2DF25354B2A590ECA843822E3FA3B7923012142 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
07:07:26.0312 0x0990 stllssvr - ok
07:07:26.0386 0x0990 [ 75A8EE6F0917AD9355367DBF25DB8415, B6188D940126EDA400E0C75E1DD75CE7542F32B94D8CC5947EC68523845C4307 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
07:07:26.0396 0x0990 SWDUMon - ok
07:07:26.0430 0x0990 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:07:26.0462 0x0990 swenum - ok
07:07:26.0487 0x0990 [ 6A66D33C6A7B55416D843AEE2FF2BF93, FC27B333BC91BE61ECF84E41D8AE086AF9F8977C719D4A5EF47BEFC7E9DA7C19 ] swprv C:\Windows\System32\swprv.dll
07:07:26.0529 0x0990 Suspicious file ( Forged ): C:\Windows\System32\swprv.dll. Real md5: 6A66D33C6A7B55416D843AEE2FF2BF93, sha256: FC27B333BC91BE61ECF84E41D8AE086AF9F8977C719D4A5EF47BEFC7E9DA7C19, fake md5: F21FD248040681CCA1FB6C9A03AAA93D, fake sha256: 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3
07:07:26.0530 0x0990 swprv - detected ForgedFile.Multi.Generic ( 1 )
07:07:29.0293 0x0990 Detect skipped due to KSN trusted
07:07:29.0294 0x0990 swprv - ok
07:07:29.0376 0x0990 [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
07:07:29.0380 0x0990 Symc8xx - ok
07:07:29.0433 0x0990 [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
07:07:29.0436 0x0990 Sym_hi - ok
07:07:29.0460 0x0990 [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
07:07:29.0463 0x0990 Sym_u3 - ok
07:07:29.0510 0x0990 [ CB022E0ED7812ECF0DE64ACE19629CC5, CFF385B12A8B62426EDCB644C05BA1AEE13CD41165D6A0598CF0221CB7D88BAC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
07:07:29.0537 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\SynTP.sys. Real md5: CB022E0ED7812ECF0DE64ACE19629CC5, sha256: CFF385B12A8B62426EDCB644C05BA1AEE13CD41165D6A0598CF0221CB7D88BAC, fake md5: 6DD49E1A5FA0F01824652F1A0A8866FB, fake sha256: E8839AF50AAA06A51A24004D26562694286DF638C7F86AB8408E496A7FEE52A4
07:07:29.0539 0x0990 SynTP - detected ForgedFile.Multi.Generic ( 1 )
07:07:32.0139 0x0990 Detect skipped due to KSN trusted
07:07:32.0139 0x0990 SynTP - ok
07:07:32.0240 0x0990 [ E3477C4F58312892158CE5963AE18CBA, 776DEEAA84D3ACDA3C534DEFEB796C65BDDD0B047302ACA45C49FE3E7D5E5AD5 ] SysMain C:\Windows\system32\sysmain.dll
07:07:32.0289 0x0990 Suspicious file ( Forged ): C:\Windows\system32\sysmain.dll. Real md5: E3477C4F58312892158CE5963AE18CBA, sha256: 776DEEAA84D3ACDA3C534DEFEB796C65BDDD0B047302ACA45C49FE3E7D5E5AD5, fake md5: 9A51B04E9886AA4EE90093586B0BA88D, fake sha256: 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962
07:07:32.0292 0x0990 SysMain - detected ForgedFile.Multi.Generic ( 1 )
07:07:34.0733 0x0990 Detect skipped due to KSN trusted
07:07:34.0733 0x0990 SysMain - ok
07:07:34.0782 0x0990 [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:07:34.0791 0x0990 TabletInputService - ok
07:07:34.0824 0x0990 [ 689CB8A9930F9D6F3838F751619FA22F, 7B67C5FDF747A7A7A64A2B203C9E251C063CE6FEDC4FD3D23DA417B56CFDDE40 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:07:34.0854 0x0990 Suspicious file ( Forged ): C:\Windows\System32\tapisrv.dll. Real md5: 689CB8A9930F9D6F3838F751619FA22F, sha256: 7B67C5FDF747A7A7A64A2B203C9E251C063CE6FEDC4FD3D23DA417B56CFDDE40, fake md5: D7673E4B38CE21EE54C59EEEB65E2483, fake sha256: 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0
07:07:34.0855 0x0990 TapiSrv - detected ForgedFile.Multi.Generic ( 1 )
07:07:34.0855 0x0990 Detect skipped due to KSN trusted
07:07:34.0855 0x0990 TapiSrv - ok
07:07:34.0905 0x0990 [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS C:\Windows\System32\tbssvc.dll
07:07:34.0914 0x0990 TBS - ok
07:07:34.0962 0x0990 [ FF95AAE865D794217BB19009617A03FC, AD49A4AC5C58D862BB76034720416AEDABA60C326BB063199EFB6CF39372ADE1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:07:35.0031 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\tcpip.sys. Real md5: FF95AAE865D794217BB19009617A03FC, sha256: AD49A4AC5C58D862BB76034720416AEDABA60C326BB063199EFB6CF39372ADE1, fake md5: D18D53974FD715D50FC76F9FFE1C830D, fake sha256: 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3
07:07:35.0035 0x0990 Tcpip - detected ForgedFile.Multi.Generic ( 1 )
07:07:37.0620 0x0990 Object is SCO, delete is not allowed
07:07:37.0620 0x0990 Tcpip ( ForgedFile.Multi.Generic ) - warning
07:07:37.0620 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\drivers\tcpip.sys
07:07:43.0653 0x0990 Object send P2P result: true
07:07:46.0196 0x0990 [ FF95AAE865D794217BB19009617A03FC, AD49A4AC5C58D862BB76034720416AEDABA60C326BB063199EFB6CF39372ADE1 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
07:07:46.0302 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\tcpip.sys. Real md5: FF95AAE865D794217BB19009617A03FC, sha256: AD49A4AC5C58D862BB76034720416AEDABA60C326BB063199EFB6CF39372ADE1, fake md5: D18D53974FD715D50FC76F9FFE1C830D, fake sha256: 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3
07:07:46.0306 0x0990 Tcpip6 - detected ForgedFile.Multi.Generic ( 1 )
07:07:46.0306 0x0990 Object is SCO, delete is not allowed
07:07:46.0306 0x0990 Tcpip6 ( ForgedFile.Multi.Generic ) - warning
07:07:48.0903 0x0990 [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:07:48.0906 0x0990 tcpipreg - ok
07:07:48.0943 0x0990 [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:07:48.0945 0x0990 TDPIPE - ok
07:07:48.0978 0x0990 [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:07:48.0980 0x0990 TDTCP - ok
07:07:49.0028 0x0990 [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:07:49.0033 0x0990 tdx - ok
07:07:49.0046 0x0990 [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:07:49.0050 0x0990 TermDD - ok
07:07:49.0082 0x0990 [ 147C8282353639F295A50038CC8033C2, 952699B6B9C72E9EB6907C3728056333360DDEC3BB66F7D4AE89320E155E999E ] TermService C:\Windows\System32\termsrv.dll
07:07:49.0141 0x0990 Suspicious file ( Forged ): C:\Windows\System32\termsrv.dll. Real md5: 147C8282353639F295A50038CC8033C2, sha256: 952699B6B9C72E9EB6907C3728056333360DDEC3BB66F7D4AE89320E155E999E, fake md5: BB95DA09BEF6E7A131BFF3BA5032090D, fake sha256: BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC
07:07:49.0143 0x0990 TermService - detected ForgedFile.Multi.Generic ( 1 )
07:07:51.0776 0x0990 Detect skipped due to KSN trusted
07:07:51.0776 0x0990 TermService - ok
07:07:51.0849 0x0990 [ F2F577D6BBA24BD4F1882E289203F358, 4FF0B04EFF4309987304E390BB94E37CA328320D2DC28B18EF172D99EC51EF80 ] Themes C:\Windows\system32\shsvcs.dll
07:07:51.0885 0x0990 Suspicious file ( Forged ): C:\Windows\system32\shsvcs.dll. Real md5: F2F577D6BBA24BD4F1882E289203F358, sha256: 4FF0B04EFF4309987304E390BB94E37CA328320D2DC28B18EF172D99EC51EF80, fake md5: C7230FBEE14437716701C15BE02C27B8, fake sha256: 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774
07:07:51.0886 0x0990 Themes - detected ForgedFile.Multi.Generic ( 1 )
07:07:51.0886 0x0990 Detect skipped due to KSN trusted
07:07:51.0886 0x0990 Themes - ok
07:07:51.0909 0x0990 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER C:\Windows\system32\mmcss.dll
07:07:51.0915 0x0990 THREADORDER - ok
07:07:51.0965 0x0990 [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks C:\Windows\System32\trkwks.dll
07:07:51.0974 0x0990 TrkWks - ok
07:07:52.0052 0x0990 [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:07:52.0055 0x0990 TrustedInstaller - ok
07:07:52.0106 0x0990 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:07:52.0109 0x0990 tssecsrv - ok
07:07:52.0164 0x0990 [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
07:07:52.0166 0x0990 tunmp - ok
07:07:52.0211 0x0990 [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:07:52.0213 0x0990 tunnel - ok
07:07:52.0267 0x0990 [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:07:52.0271 0x0990 uagp35 - ok
07:07:52.0303 0x0990 [ 5542930F3F6E98007EE9B6DF0ADA3300, 8AFF4EB42D633B22FF2B80E75ECCFA96DFFE2EE9D0F1881B1FC2A356332280EC ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:07:52.0332 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\udfs.sys. Real md5: 5542930F3F6E98007EE9B6DF0ADA3300, sha256: 8AFF4EB42D633B22FF2B80E75ECCFA96DFFE2EE9D0F1881B1FC2A356332280EC, fake md5: D9728AF68C4C7693CB100B8441CBDEC6, fake sha256: A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE
07:07:52.0333 0x0990 udfs - detected ForgedFile.Multi.Generic ( 1 )
07:07:54.0770 0x0990 Detect skipped due to KSN trusted
07:07:54.0770 0x0990 udfs - ok
07:07:54.0866 0x0990 [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:07:54.0874 0x0990 UI0Detect - ok
07:07:54.0901 0x0990 [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:07:54.0905 0x0990 uliagpkx - ok
07:07:54.0936 0x0990 [ 68871CA1E5BE5A6D5A2C2252D1FD2E52, 986BF4BF6BC09BB3E8C543A51E9C888BC2B74058B877E03A0F7920F15DA28541 ] uliahci C:\Windows\system32\drivers\uliahci.sys
07:07:54.0958 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\uliahci.sys. Real md5: 68871CA1E5BE5A6D5A2C2252D1FD2E52, sha256: 986BF4BF6BC09BB3E8C543A51E9C888BC2B74058B877E03A0F7920F15DA28541, fake md5: 3CD4EA35A6221B85DCC25DAA46313F8D, fake sha256: 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5
07:07:54.0959 0x0990 uliahci - detected ForgedFile.Multi.Generic ( 1 )
07:07:57.0563 0x0990 Detect skipped due to KSN trusted
07:07:57.0563 0x0990 uliahci - ok
07:07:57.0631 0x0990 [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata C:\Windows\system32\drivers\ulsata.sys
07:07:57.0637 0x0990 UlSata - ok
07:07:57.0663 0x0990 [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
07:07:57.0669 0x0990 ulsata2 - ok
07:07:57.0713 0x0990 [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:07:57.0716 0x0990 umbus - ok
07:07:57.0748 0x0990 [ FB00CD74A5F35E89A7FBDD3C1D05375A, DADCFC1609BA98838E842E1CBF1C0608C12A70DC144427DC9FFDAEB67490510B ] upnphost C:\Windows\System32\upnphost.dll
07:07:57.0786 0x0990 Suspicious file ( Forged ): C:\Windows\System32\upnphost.dll. Real md5: FB00CD74A5F35E89A7FBDD3C1D05375A, sha256: DADCFC1609BA98838E842E1CBF1C0608C12A70DC144427DC9FFDAEB67490510B, fake md5: 68308183F4AE0BE7BF8ECD07CB297999, fake sha256: 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D
07:07:57.0787 0x0990 upnphost - detected ForgedFile.Multi.Generic ( 1 )
07:08:00.0229 0x0990 Detect skipped due to KSN trusted
07:08:00.0229 0x0990 upnphost - ok
07:08:00.0328 0x0990 [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
07:08:00.0332 0x0990 USBAAPL - ok
07:08:00.0380 0x0990 [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:08:00.0385 0x0990 usbccgp - ok
07:08:00.0427 0x0990 [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:08:00.0432 0x0990 usbcir - ok
07:08:00.0477 0x0990 [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:08:00.0481 0x0990 usbehci - ok
07:08:00.0493 0x0990 [ BB7023E809A6CDFBC95F2EFE4D8203DC, 41AA1B0F869DF16158A08DA89255D765AC1452DA55691C63DCFD10747EE4102D ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:08:00.0526 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\usbhub.sys. Real md5: BB7023E809A6CDFBC95F2EFE4D8203DC, sha256: 41AA1B0F869DF16158A08DA89255D765AC1452DA55691C63DCFD10747EE4102D, fake md5: 2AE6BCEBD85D31317E433733DAF25888, fake sha256: 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4
07:08:00.0526 0x0990 usbhub - detected ForgedFile.Multi.Generic ( 1 )
07:08:03.0186 0x0990 Detect skipped due to KSN trusted
07:08:03.0186 0x0990 usbhub - ok
07:08:03.0254 0x0990 [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
07:08:03.0257 0x0990 usbohci - ok
07:08:03.0297 0x0990 [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:08:03.0300 0x0990 usbprint - ok
07:08:03.0353 0x0990 [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:08:03.0356 0x0990 usbscan - ok
07:08:03.0407 0x0990 [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:08:03.0411 0x0990 USBSTOR - ok
07:08:03.0448 0x0990 [ 325DBBACB8A36AF9988CCF40EAC228CC, 22FE5658A12296634FBE9D8565485BEE8CB200C47182F70DC9D2B0442E10C4AA ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
07:08:03.0452 0x0990 usbuhci - ok
07:08:03.0489 0x0990 [ 2E197130628FAC1660CF12E32578F5A4, A381189A15AC98563EEE19B7DE2F385C21755EFB0EC0829E6B878C5D906502F8 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
07:08:03.0515 0x0990 Suspicious file ( Forged ): C:\Windows\system32\Drivers\usbvideo.sys. Real md5: 2E197130628FAC1660CF12E32578F5A4, sha256: A381189A15AC98563EEE19B7DE2F385C21755EFB0EC0829E6B878C5D906502F8, fake md5: 73FF24E21B690625A58109637DDA0DF7, fake sha256: 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB
07:08:03.0516 0x0990 usbvideo - detected ForgedFile.Multi.Generic ( 1 )
07:08:05.0955 0x0990 Detect skipped due to KSN trusted
07:08:05.0955 0x0990 usbvideo - ok
07:08:06.0036 0x0990 [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms C:\Windows\System32\uxsms.dll
07:08:06.0048 0x0990 UxSms - ok
07:08:06.0077 0x0990 [ 4E418BB00EC74CA23F2CD4285DA2B270, 6FF3EEFAE16BF5903E8F8BB81EAE42732B638DC8598A559ABDB5D7D9206DECC9 ] vds C:\Windows\System32\vds.exe
07:08:06.0116 0x0990 Suspicious file ( Forged ): C:\Windows\System32\vds.exe. Real md5: 4E418BB00EC74CA23F2CD4285DA2B270, sha256: 6FF3EEFAE16BF5903E8F8BB81EAE42732B638DC8598A559ABDB5D7D9206DECC9, fake md5: CD88D1B7776DC17A119049742EC07EB4, fake sha256: 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528
07:08:06.0118 0x0990 vds - detected ForgedFile.Multi.Generic ( 1 )
07:08:08.0803 0x0990 Detect skipped due to KSN trusted
07:08:08.0803 0x0990 vds - ok
07:08:08.0906 0x0990 [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:08:08.0909 0x0990 vga - ok
07:08:08.0952 0x0990 [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:08:08.0955 0x0990 VgaSave - ok
07:08:08.0982 0x0990 [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp C:\Windows\system32\drivers\viaagp.sys
07:08:08.0986 0x0990 viaagp - ok
07:08:09.0022 0x0990 [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7 C:\Windows\system32\drivers\viac7.sys
07:08:09.0025 0x0990 ViaC7 - ok
07:08:09.0062 0x0990 [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide C:\Windows\system32\drivers\viaide.sys
07:08:09.0065 0x0990 viaide - ok
07:08:09.0117 0x0990 [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:08:09.0121 0x0990 volmgr - ok
07:08:09.0172 0x0990 [ 211CB019691759FD10FE37E808E9B0A4, DC59C43539E67F3B4BD3D9695F967DE5AB9D2D52181BEB5BCEEDF558D2918604 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:08:09.0207 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\volmgrx.sys. Real md5: 211CB019691759FD10FE37E808E9B0A4, sha256: DC59C43539E67F3B4BD3D9695F967DE5AB9D2D52181BEB5BCEEDF558D2918604, fake md5: 23E41B834759917BFD6B9A0D625D0C28, fake sha256: 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5
07:08:09.0208 0x0990 volmgrx - detected ForgedFile.Multi.Generic ( 1 )
07:08:11.0813 0x0990 Detect skipped due to KSN trusted
07:08:11.0813 0x0990 volmgrx - ok
07:08:11.0880 0x0990 [ 7D825B6B001A6BB172AB034144480A99, 3E020BAB761693A65390027F0B3FCC73AB892D9A8AF26BF2717E1602208A56C3 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:08:11.0890 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\volsnap.sys. Real md5: 7D825B6B001A6BB172AB034144480A99, sha256: 3E020BAB761693A65390027F0B3FCC73AB892D9A8AF26BF2717E1602208A56C3, fake md5: 786DB5771F05EF300390399F626BF30A, fake sha256: 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7
07:08:11.0891 0x0990 volsnap - detected ForgedFile.Multi.Generic ( 1 )
07:08:14.0488 0x0990 Object is SCO, delete is not allowed
07:08:14.0488 0x0990 volsnap ( ForgedFile.Multi.Generic ) - warning
07:08:14.0488 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\drivers\volsnap.sys
07:08:29.0827 0x0990 Object send P2P result: true
07:08:32.0479 0x0990 [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:08:32.0500 0x0990 vsmraid - ok
07:08:32.0598 0x0990 [ 0C9CD2B425AC2CBE1D403A8F136A926B, D320E6EEF269970D0E91FC8FF66D62F501F2AC70DEF1DF2BF5052003A7438679 ] VSS C:\Windows\system32\vssvc.exe
07:08:32.0658 0x0990 Suspicious file ( Forged ): C:\Windows\system32\vssvc.exe. Real md5: 0C9CD2B425AC2CBE1D403A8F136A926B, sha256: D320E6EEF269970D0E91FC8FF66D62F501F2AC70DEF1DF2BF5052003A7438679, fake md5: DB3D19F850C6EB32BDCB9BC0836ACDDB, fake sha256: D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704
07:08:32.0676 0x0990 VSS - detected ForgedFile.Multi.Generic ( 1 )
07:08:35.0137 0x0990 Detect skipped due to KSN trusted
07:08:35.0193 0x0990 VSS - ok
07:08:35.0263 0x0990 [ 4F61A26D5D0A96E6D46B0617192010E3, 8730BC460C7CEB9E2FA38BCCF0679166362B9278CD8BEBA06D78962E80C75CAE ] W32Time C:\Windows\system32\w32time.dll
07:08:35.0300 0x0990 Suspicious file ( Forged ): C:\Windows\system32\w32time.dll. Real md5: 4F61A26D5D0A96E6D46B0617192010E3, sha256: 8730BC460C7CEB9E2FA38BCCF0679166362B9278CD8BEBA06D78962E80C75CAE, fake md5: 96EA68B9EB310A69C25EBB0282B2B9DE, fake sha256: C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B
07:08:35.0301 0x0990 W32Time - detected ForgedFile.Multi.Generic ( 1 )
07:08:37.0899 0x0990 Detect skipped due to KSN trusted
07:08:37.0923 0x0990 W32Time - ok
07:08:38.0028 0x0990 [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:08:38.0030 0x0990 WacomPen - ok
07:08:38.0086 0x0990 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
07:08:38.0176 0x0990 Wanarp - ok
07:08:38.0200 0x0990 [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:08:38.0204 0x0990 Wanarpv6 - ok
07:08:38.0255 0x0990 [ 0183D84E9A99DB28B40E94117A3B7E6D, DF24DD9367633D1EAB41BF528E30070F220AA7D4DF5E8D4F48AFED40A3B877B2 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:08:38.0298 0x0990 Suspicious file ( Forged ): C:\Windows\System32\wcncsvc.dll. Real md5: 0183D84E9A99DB28B40E94117A3B7E6D, sha256: DF24DD9367633D1EAB41BF528E30070F220AA7D4DF5E8D4F48AFED40A3B877B2, fake md5: A3CD60FD826381B49F03832590E069AF, fake sha256: 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674
07:08:38.0300 0x0990 wcncsvc - detected ForgedFile.Multi.Generic ( 1 )
07:08:40.0978 0x0990 Detect skipped due to KSN trusted
07:08:40.0978 0x0990 wcncsvc - ok
07:08:41.0019 0x0990 [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:08:41.0028 0x0990 WcsPlugInService - ok
07:08:41.0081 0x0990 [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd C:\Windows\system32\drivers\wd.sys
07:08:41.0096 0x0990 Wd - ok
07:08:41.0144 0x0990 [ 7D6FAE0D46646E5C98552B3ECC4F28DF, 6D7B6E9CD28B9AA8C6E56034479C7954F23D788EFEADA2B8191FBF9784B88941 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:08:41.0232 0x0990 Suspicious file ( Forged ): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 7D6FAE0D46646E5C98552B3ECC4F28DF, sha256: 6D7B6E9CD28B9AA8C6E56034479C7954F23D788EFEADA2B8191FBF9784B88941, fake md5: 25944D2CC49E0A6C581D02A74B7D6645, fake sha256: AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE
07:08:41.0234 0x0990 Wdf01000 - detected ForgedFile.Multi.Generic ( 1 )
07:08:43.0826 0x0990 Object is SCO, delete is not allowed
07:08:43.0855 0x0990 Wdf01000 ( ForgedFile.Multi.Generic ) - warning
07:08:43.0855 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\drivers\Wdf01000.sys
07:08:54.0855 0x0990 Object send P2P result: true
07:08:57.0603 0x0990 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:08:57.0635 0x0990 WdiServiceHost - ok
07:08:57.0643 0x0990 [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:08:57.0652 0x0990 WdiSystemHost - ok
07:08:57.0738 0x0990 [ 53297B80FCB36799AFD2E7707CF15101, 2BAD360D73A25EF07FAEDB580DDC6FF4B6368C8B9B692E0FC7E49DCBCB75C5E6 ] WebClient C:\Windows\System32\webclnt.dll
07:08:57.0767 0x0990 Suspicious file ( Forged ): C:\Windows\System32\webclnt.dll. Real md5: 53297B80FCB36799AFD2E7707CF15101, sha256: 2BAD360D73A25EF07FAEDB580DDC6FF4B6368C8B9B692E0FC7E49DCBCB75C5E6, fake md5: 04C37D8107320312FBAE09926103D5E2, fake sha256: 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0
07:08:57.0768 0x0990 WebClient - detected ForgedFile.Multi.Generic ( 1 )
07:09:00.0207 0x0990 Detect skipped due to KSN trusted
February 25th, 2014, 09:02 AM
daveandrita1

part 6

07:09:00.0207 0x0990 WebClient - ok
07:09:00.0308 0x0990 [ 2EED3BF66F3B7A8D7A8F04E295502CBE, C84B66963A0B7832406DB9ACA12C395D1FBC6F347A6D8180A20E753011D1C5A0 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:09:00.0367 0x0990 Suspicious file ( Forged ): C:\Windows\system32\wecsvc.dll. Real md5: 2EED3BF66F3B7A8D7A8F04E295502CBE, sha256: C84B66963A0B7832406DB9ACA12C395D1FBC6F347A6D8180A20E753011D1C5A0, fake md5: AE3736E7E8892241C23E4EBBB7453B60, fake sha256: 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1
07:09:00.0368 0x0990 Wecsvc - detected ForgedFile.Multi.Generic ( 1 )
07:09:02.0962 0x0990 Detect skipped due to KSN trusted
07:09:02.0977 0x0990 Wecsvc - ok
07:09:03.0054 0x0990 [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:09:03.0067 0x0990 wercplsupport - ok
07:09:03.0122 0x0990 [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc C:\Windows\System32\WerSvc.dll
07:09:03.0139 0x0990 WerSvc - ok
07:09:03.0193 0x0990 [ 1AF98F50297600E02531CF56798E513F, E9F78F2DCA180DFC8FB2E368FFC88ED3714696DAAEFC2C34BDE8F2CAA8285835 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
07:09:03.0242 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\HSX_CNXT.sys. Real md5: 1AF98F50297600E02531CF56798E513F, sha256: E9F78F2DCA180DFC8FB2E368FFC88ED3714696DAAEFC2C34BDE8F2CAA8285835, fake md5: E096FFB754F1E45AE1BDDAC1275AE2C5, fake sha256: DB88308520805EB9EE1FC70C057C75A1928DBAB00F8DDE7908FE79B964259CB3
07:09:03.0245 0x0990 winachsf - detected ForgedFile.Multi.Generic ( 1 )
07:09:05.0938 0x0990 Detect skipped due to KSN trusted
07:09:05.0938 0x0990 winachsf - ok
07:09:06.0024 0x0990 [ 4CA8E488299BAF19CE350E16BA5ACC0D, 2CC9F7C499FEF2A8F3BE9D13A107375BE593E4F47D69AB55D6B613D965214745 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:09:06.0055 0x0990 Suspicious file ( Forged ): C:\Program Files\Windows Defender\mpsvc.dll. Real md5: 4CA8E488299BAF19CE350E16BA5ACC0D, sha256: 2CC9F7C499FEF2A8F3BE9D13A107375BE593E4F47D69AB55D6B613D965214745, fake md5: 4575AA12561C5648483403541D0D7F2B, fake sha256: 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A
07:09:06.0056 0x0990 WinDefend - detected ForgedFile.Multi.Generic ( 1 )
07:09:08.0961 0x0990 Object is SCO, delete is not allowed
07:09:08.0986 0x0990 WinDefend ( ForgedFile.Multi.Generic ) - warning
07:09:11.0605 0x0990 WinHttpAutoProxySvc - ok
07:09:11.0907 0x0990 [ 5A7FC383C3355595A83FCE4F23FA792C, 65741FE5337F04D539DF7B0CDE5FE7121F09616E450A8337F2EAC00F08010CA7 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:09:11.0937 0x0990 Suspicious file ( Forged ): C:\Windows\system32\wbem\WMIsvc.dll. Real md5: 5A7FC383C3355595A83FCE4F23FA792C, sha256: 65741FE5337F04D539DF7B0CDE5FE7121F09616E450A8337F2EAC00F08010CA7, fake md5: 6B2A1D0E80110E3D04E6863C6E62FD8A, fake sha256: EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2
07:09:11.0938 0x0990 Winmgmt - detected ForgedFile.Multi.Generic ( 1 )
07:09:14.0406 0x0990 Detect skipped due to KSN trusted
07:09:14.0407 0x0990 Winmgmt - ok
07:09:14.0471 0x0990 [ 449CBE07A71B499191C227506456C7C8, B40B8D23EE09C5C775ADF1B75D3481C607407C16C03DBBE936D1F2DD3CEF4AA7 ] WinRM C:\Windows\system32\WsmSvc.dll
07:09:14.0542 0x0990 Suspicious file ( Forged ): C:\Windows\system32\WsmSvc.dll. Real md5: 449CBE07A71B499191C227506456C7C8, sha256: B40B8D23EE09C5C775ADF1B75D3481C607407C16C03DBBE936D1F2DD3CEF4AA7, fake md5: 7CFE68BDC065E55AA5E8421607037511, fake sha256: C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533
07:09:14.0547 0x0990 WinRM - detected ForgedFile.Multi.Generic ( 1 )
07:09:17.0011 0x0990 Detect skipped due to KSN trusted
07:09:17.0048 0x0990 WinRM - ok
07:09:17.0157 0x0990 [ D20CE70213434432BED5CDC45AFA74A1, 67C6701C75FF071EACF63EC4881BFA42513E4A8323E3FA6A28308AAACEF2E7B4 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:09:17.0202 0x0990 Suspicious file ( Forged ): C:\Windows\System32\wlansvc.dll. Real md5: D20CE70213434432BED5CDC45AFA74A1, sha256: 67C6701C75FF071EACF63EC4881BFA42513E4A8323E3FA6A28308AAACEF2E7B4, fake md5: C008405E4FEEB069E30DA1D823910234, fake sha256: C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157
07:09:17.0205 0x0990 Wlansvc - detected ForgedFile.Multi.Generic ( 1 )
07:09:19.0828 0x0990 Detect skipped due to KSN trusted
07:09:19.0846 0x0990 Wlansvc - ok
07:09:19.0974 0x0990 [ 3421F9DF438C0372B8EFAC59DA106640, 2A47850A9A3CC19C8076DB3E340B93DD8B0A948E6C5EEF9FA334765583F03A0A ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:09:20.0076 0x0990 Suspicious file ( Forged ): C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE. Real md5: 3421F9DF438C0372B8EFAC59DA106640, sha256: 2A47850A9A3CC19C8076DB3E340B93DD8B0A948E6C5EEF9FA334765583F03A0A, fake md5: FB01D4AE207B9EFDBABFC55DC95C7E31, fake sha256: E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA
07:09:20.0084 0x0990 wlidsvc - detected ForgedFile.Multi.Generic ( 1 )
07:09:22.0554 0x0990 wlidsvc ( ForgedFile.Multi.Generic ) - warning
07:09:22.0577 0x0990 Force sending object to P2P due to detect: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:09:26.0121 0x0990 Object send P2P result: true
07:09:28.0797 0x0990 [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:09:28.0869 0x0990 WmiAcpi - ok
07:09:28.0934 0x0990 [ 8A976E019FB3D9F72D7C1EC0D4FB7579, 858E7AEADBDDA5D92F8CAC7847E59EFBC8F4F09B78DE5A70B46FE1DA950569CD ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:09:28.0979 0x0990 Suspicious file ( Forged ): C:\Windows\system32\wbem\WmiApSrv.exe. Real md5: 8A976E019FB3D9F72D7C1EC0D4FB7579, sha256: 858E7AEADBDDA5D92F8CAC7847E59EFBC8F4F09B78DE5A70B46FE1DA950569CD, fake md5: 43BE3875207DCB62A85C8C49970B66CC, fake sha256: 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703
07:09:28.0979 0x0990 wmiApSrv - detected ForgedFile.Multi.Generic ( 1 )
07:09:31.0566 0x0990 Detect skipped due to KSN trusted
07:09:31.0567 0x0990 wmiApSrv - ok
07:09:31.0697 0x0990 [ 2C245A6ED1E1FF435B600B5DFC7325F0, A3434B4B87BFCD3B122F4C6AF2E7644D7FC009B2D10E138EA4C55187EE0CDE90 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:09:31.0757 0x0990 Suspicious file ( Forged ): C:\Program Files\Windows Media Player\wmpnetwk.exe. Real md5: 2C245A6ED1E1FF435B600B5DFC7325F0, sha256: A3434B4B87BFCD3B122F4C6AF2E7644D7FC009B2D10E138EA4C55187EE0CDE90, fake md5: 3978704576A121A9204F8CC49A301A9B, fake sha256: 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F
07:09:31.0761 0x0990 WMPNetworkSvc - detected ForgedFile.Multi.Generic ( 1 )
07:09:34.0352 0x0990 Detect skipped due to KSN trusted
07:09:34.0352 0x0990 WMPNetworkSvc - ok
07:09:34.0432 0x0990 [ 5ABD1095CC6E1E212DF86050ACB64BDA, 7A0B7110216AFE3D821CFE05C83769567B011DB945B99AACD1201AF0BC0D20C8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:09:34.0463 0x0990 Suspicious file ( Forged ): C:\Windows\System32\wpcsvc.dll. Real md5: 5ABD1095CC6E1E212DF86050ACB64BDA, sha256: 7A0B7110216AFE3D821CFE05C83769567B011DB945B99AACD1201AF0BC0D20C8, fake md5: CFC5A04558F5070CEE3E3A7809F3FF52, fake sha256: 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B
07:09:34.0464 0x0990 WPCSvc - detected ForgedFile.Multi.Generic ( 1 )
07:09:36.0907 0x0990 Detect skipped due to KSN trusted
07:09:36.0907 0x0990 WPCSvc - ok
07:09:37.0005 0x0990 [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:09:37.0015 0x0990 WPDBusEnum - ok
07:09:37.0057 0x0990 [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
07:09:37.0060 0x0990 WpdUsb - ok
07:09:37.0155 0x0990 [ F3F2E935A1156EF0EC97CCF32FFCAB64, 8659EEBC6AC92B1AF389789B40248D5AE3A4B9ACBF7E9320D4990263C7E7B229 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:09:37.0262 0x0990 Suspicious file ( Forged ): C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe. Real md5: F3F2E935A1156EF0EC97CCF32FFCAB64, sha256: 8659EEBC6AC92B1AF389789B40248D5AE3A4B9ACBF7E9320D4990263C7E7B229, fake md5: F8D3544ACBCE9110362119F7C10D848E, fake sha256: 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9
07:09:37.0266 0x0990 WPFFontCache_v0400 - detected ForgedFile.Multi.Generic ( 1 )
07:09:39.0700 0x0990 WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - warning
07:09:39.0700 0x0990 Force sending object to P2P due to detect: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:09:58.0356 0x0990 Object send P2P result: true
07:10:00.0984 0x0990 [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:10:00.0987 0x0990 ws2ifsl - ok
07:10:01.0030 0x0990 [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc C:\Windows\system32\wscsvc.dll
07:10:01.0040 0x0990 wscsvc - ok
07:10:01.0049 0x0990 WSearch - ok
07:10:01.0156 0x0990 [ CE80FEC12F96CA35DEEFD2A4E7E3F798, 58F68B635899189AD1F6543F472601921609A3C062C12AA46D41941D3AB01DE0 ] wuauserv C:\Windows\system32\wuaueng.dll
07:10:01.0273 0x0990 Suspicious file ( Forged ): C:\Windows\system32\wuaueng.dll. Real md5: CE80FEC12F96CA35DEEFD2A4E7E3F798, sha256: 58F68B635899189AD1F6543F472601921609A3C062C12AA46D41941D3AB01DE0, fake md5: FC3EC24FCE372C89423E015A2AC1A31E, fake sha256: 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257
07:10:01.0281 0x0990 wuauserv - detected ForgedFile.Multi.Generic ( 1 )
07:10:03.0967 0x0990 Object is SCO, delete is not allowed
07:10:03.0967 0x0990 wuauserv ( ForgedFile.Multi.Generic ) - warning
07:10:03.0967 0x0990 Force sending object to P2P due to detect: C:\Windows\system32\wuaueng.dll
07:10:07.0201 0x0990 Object send P2P result: true
07:10:09.0815 0x0990 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:10:09.0838 0x0990 WudfPf - ok
07:10:09.0867 0x0990 [ 95078B3A120FB0488447F4BF9794D24E, 00C92E678DAA60988C0CBC4F4FDC35DEAE9741A9EF20A27C365E43C3477F2199 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:10:09.0896 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\WUDFRd.sys. Real md5: 95078B3A120FB0488447F4BF9794D24E, sha256: 00C92E678DAA60988C0CBC4F4FDC35DEAE9741A9EF20A27C365E43C3477F2199, fake md5: 867C301E8B790040AE9CF6486E8041DF, fake sha256: D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855
07:10:09.0897 0x0990 WUDFRd - detected ForgedFile.Multi.Generic ( 1 )
07:10:13.0123 0x0990 Detect skipped due to KSN trusted
07:10:13.0123 0x0990 WUDFRd - ok
07:10:13.0230 0x0990 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:10:13.0240 0x0990 wudfsvc - ok
07:10:13.0292 0x0990 [ 19E7C173B6242AD7521E537AE54768BF, AC2D2B3BD94B8EAADC54E18110F5291FFDF0F365880C2CAF80D497BE5609AC7F ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
07:10:13.0294 0x0990 XAudio - ok
07:10:13.0331 0x0990 [ 54664AB16813A31387F89CD60E9B0832, 228DE8BE01CEDE45D4A9EB4681EB4E0F584DFC1BDA083E843F41468819065962 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
07:10:13.0364 0x0990 Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\xaudio.exe. Real md5: 54664AB16813A31387F89CD60E9B0832, sha256: 228DE8BE01CEDE45D4A9EB4681EB4E0F584DFC1BDA083E843F41468819065962, fake md5: CDA0BC78672B50C43649FF34E1FD0FF8, fake sha256: 7FDAA363E17E0EC391C014166051C952722CEA01E0552E574EF7C146BFCC856F
07:10:13.0365 0x0990 XAudioService - detected ForgedFile.Multi.Generic ( 1 )
07:10:16.0057 0x0990 Detect skipped due to KSN trusted
07:10:16.0057 0x0990 XAudioService - ok
07:10:16.0127 0x0990 ================ Scan global ===============================
07:10:16.0190 0x0990 [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
07:10:16.0221 0x0990 [ 6C5CC47FF3D89E0E38AC5C5377ED63BA, A638606E6C25E9274999C523C69C7A6B5023B71E466AAD1BD672EB68B4A4475E ] C:\Windows\system32\winsrv.dll
07:10:16.0263 0x0990 Suspicious file ( Forged ): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, sha256: A638606E6C25E9274999C523C69C7A6B5023B71E466AAD1BD672EB68B4A4475E, fake md5: A508314231C49AEE86987CEA3EAECAD1, fake sha256: D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D
07:10:16.0278 0x0990 [ 6C5CC47FF3D89E0E38AC5C5377ED63BA, A638606E6C25E9274999C523C69C7A6B5023B71E466AAD1BD672EB68B4A4475E ] C:\Windows\system32\winsrv.dll
07:10:16.0295 0x0990 Suspicious file ( Forged ): C:\Windows\system32\winsrv.dll. Real md5: 6C5CC47FF3D89E0E38AC5C5377ED63BA, sha256: A638606E6C25E9274999C523C69C7A6B5023B71E466AAD1BD672EB68B4A4475E, fake md5: A508314231C49AEE86987CEA3EAECAD1, fake sha256: D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D
07:10:16.0318 0x0990 [ CF967F2AD6364DCB895114E5CBE0FD72, C96F19DF4E66ABF3F1AFE585EDC63F88C483AB518B455B87CC5FDFBEED9D8698 ] C:\Windows\system32\services.exe
07:10:16.0358 0x0990 Suspicious file ( Forged ): C:\Windows\system32\services.exe. Real md5: CF967F2AD6364DCB895114E5CBE0FD72, sha256: C96F19DF4E66ABF3F1AFE585EDC63F88C483AB518B455B87CC5FDFBEED9D8698, fake md5: D4E6D91C1349B7BFB3599A6ADA56851B, fake sha256: 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D
07:10:16.0358 0x0990 [ Global ] - ok
07:10:16.0359 0x0990 ================ Scan MBR ==================================
07:10:16.0373 0x0990 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
07:10:16.0873 0x0990 \Device\Harddisk0\DR0 - ok
07:10:17.0033 0x0990 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
07:10:17.0044 0x0990 \Device\Harddisk1\DR1 - ok
07:10:17.0044 0x0990 ================ Scan VBR ==================================
07:10:17.0050 0x0990 [ FEB70BE86C842E5ED0AE3C50A39379E5 ] \Device\Harddisk0\DR0\Partition1
07:10:17.0131 0x0990 \Device\Harddisk0\DR0\Partition1 - ok
07:10:17.0156 0x0990 [ 180713FC43D7D4E1F77F19991EC34CA5 ] \Device\Harddisk0\DR0\Partition2
07:10:17.0158 0x0990 \Device\Harddisk0\DR0\Partition2 - ok
07:10:17.0176 0x0990 [ 5E72A7270FC6BE147DFE1B499D02BECD ] \Device\Harddisk0\DR0\Partition3
07:10:17.0178 0x0990 \Device\Harddisk0\DR0\Partition3 - ok
07:10:17.0182 0x0990 [ 974DE6A350283BE45BF3870E50B2C5D0 ] \Device\Harddisk1\DR1\Partition1
07:10:17.0245 0x0990 \Device\Harddisk1\DR1\Partition1 - ok
07:10:17.0245 0x0990 Waiting for KSN requests completion. In queue: 2
07:10:18.0245 0x0990 Waiting for KSN requests completion. In queue: 2
07:10:20.0001 0x0990 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x41000 ( enabled : updated )
07:10:20.0041 0x0990 Win FW state via NFP2: enabled
07:10:22.0556 0x0990 ============================================================
07:10:22.0556 0x0990 Scan finished
07:10:22.0556 0x0990 ============================================================
07:10:22.0569 0x0b70 Detected object count: 33
07:10:22.0569 0x0b70 Actual detected object count: 33
07:12:03.0719 0x0b70 adp94xx ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0761 0x0b70 adp94xx ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0761 0x0b70 adpu320 ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0761 0x0b70 adpu320 ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0764 0x0b70 aswSnx ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0764 0x0b70 aswSnx ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0768 0x0b70 aswSP ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0768 0x0b70 aswSP ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0771 0x0b70 aswVmm ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0771 0x0b70 aswVmm ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0775 0x0b70 BCM43XV ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0775 0x0b70 BCM43XV ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0779 0x0b70 BCM43XX ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0779 0x0b70 BCM43XX ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0783 0x0b70 Bonjour Service ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0783 0x0b70 Bonjour Service ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0786 0x0b70 Com4QLBEx ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0786 0x0b70 Com4QLBEx ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0791 0x0b70 DXGKrnl ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0791 0x0b70 DXGKrnl ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0794 0x0b70 elxstor ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0794 0x0b70 elxstor ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0797 0x0b70 iPod Service ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0797 0x0b70 iPod Service ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0801 0x0b70 NetMsmqActivator ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0801 0x0b70 NetMsmqActivator ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0806 0x0b70 NetPipeActivator ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0806 0x0b70 NetPipeActivator ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0808 0x0b70 NetTcpActivator ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0808 0x0b70 NetTcpActivator ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0812 0x0b70 NetTcpPortSharing ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0812 0x0b70 NetTcpPortSharing ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0815 0x0b70 Ntfs ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0815 0x0b70 Ntfs ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0818 0x0b70 NVENETFD ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0818 0x0b70 NVENETFD ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0822 0x0b70 nvlddmkm ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0822 0x0b70 nvlddmkm ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0826 0x0b70 odserv ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0826 0x0b70 odserv ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0830 0x0b70 pcmcia ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0830 0x0b70 pcmcia ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0833 0x0b70 ql2300 ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0833 0x0b70 ql2300 ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0837 0x0b70 Secunia PSI Agent ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0837 0x0b70 Secunia PSI Agent ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0841 0x0b70 Secunia Update Agent ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0841 0x0b70 Secunia Update Agent ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0845 0x0b70 SlimService ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0845 0x0b70 SlimService ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0848 0x0b70 Tcpip ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0848 0x0b70 Tcpip ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0851 0x0b70 Tcpip6 ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0851 0x0b70 Tcpip6 ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0855 0x0b70 volsnap ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0855 0x0b70 volsnap ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0859 0x0b70 Wdf01000 ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0859 0x0b70 Wdf01000 ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0862 0x0b70 WinDefend ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0862 0x0b70 WinDefend ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0865 0x0b70 wlidsvc ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0865 0x0b70 wlidsvc ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0869 0x0b70 WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0869 0x0b70 WPFFontCache_v0400 ( ForgedFile.Multi.Generic ) - User select action: Skip
07:12:03.0873 0x0b70 wuauserv ( ForgedFile.Multi.Generic ) - skipped by user
07:12:03.0873 0x0b70 wuauserv ( ForgedFile.Multi.Generic ) - User select action: Skip
February 25th, 2014, 10:37 PM
Broni
http://dev.discussions.virtualdr.forums.relay.cool/ Download RogueKiller from one of the following links and save it to your Desktop:
- Link 1
- Link 2
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
http://dev.discussions.virtualdr.forums.relay.cool/ Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
February 26th, 2014, 08:28 AM
daveandrita1

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Dave [Admin rights]
Mode : Remove -- Date : 02/26/2014 07:04:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] Norton Product InstallerIdle.job : C:\Users\Dave\AppData\Local\Temp\SymInstallStub.exe - /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=4 [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Dave [Admin rights]
Mode : Scan -- Date : 02/26/2014 07:01:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] Norton Product InstallerIdle.job : C:\Users\Dave\AppData\Local\Temp\SymInstallStub.exe - /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=4 [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36A05766)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36A05766)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36A05766)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9120822AS ATA Device +++++
--- User ---
[MBR] a672e0755951134631ad72c9da33b871
[BSP] 65ddf819e7008fe827ad113297f1bbfe : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 105850 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 216781110 | Size: 7528 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 232200192 | Size: 1092 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST9120822AS ATA Device +++++
--- User ---
[MBR] bdb461661afad779ba4602c4f6d20ff4
[BSP] 2b81745290c401e3b4381133c0398d9a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02262014_070138.txt >>

Show 40 post(s) from this thread on one page