tenuglymen
Honorary Members-
Posts
57 -
Joined
-
Last visited
Reputation
0 Neutral-
OTL Extras logfile created on: 7/30/2012 3:35:31 PM - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Michael\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 81.65% Memory free 3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.56% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 127.99 Gb Total Space | 103.52 Gb Free Space | 80.88% Space Free | Partition Type: NTFS Computer Name: HARTMAN4FAMILY | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Steam\steamapps\common\specops_theline\Binaries\Win32\SpecOpsTheLine.exe" = C:\Program Files\Steam\steamapps\common\specops_theline\Binaries\Win32\SpecOpsTheLine.exe:*:Enabled:Spec Ops: The Line -- (Take-Two Interactive Software, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0807E67B-DACB-1739-A87E-3046FF40BA23}" = CCC Help Chinese Traditional "{0DF310E3-6C01-99DC-296F-1D021BA36C2D}" = CCC Help English "{1E8E87B5-4531-CEE3-4791-6AD9E72076EC}" = CCC Help Danish "{27596347-C945-B113-EF47-169D471CEB05}" = CCC Help Turkish "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3666DE18-A4CC-4E1E-8165-0D78758C2209}" = CCC Help Russian "{479826D5-FE36-711F-8BE3-AB7B44440F66}" = ccc-utility "{532669C6-3139-E755-B3B8-95F184EB27EB}" = CCC Help German "{577F4DD2-ED68-690F-6328-8A8CAC8FCA75}" = CCC Help Polish "{637A3EC2-4299-67B2-E0D2-C25572F4D37A}" = CCC Help Thai "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager "{702F39B4-05FB-22F4-8426-E5FFFA330FF3}" = CCC Help Chinese Standard "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{73FB391E-E800-CC82-D9BA-EF9CB8A939F3}" = CCC Help French "{747E2E56-A68B-15C6-BB77-31BFE0C031EF}" = CCC Help Spanish "{7A37A44B-968E-6CA3-278C-878D4D08B226}" = CCC Help Czech "{7C0FB04E-5A40-C63D-CC1B-B6C1B60FDDA3}" = CCC Help Japanese "{7D94796D-007E-45DE-CEAD-8E616D78E95B}" = CCC Help Dutch "{7E7C98D1-4F44-21D4-C351-25E2367027F3}" = Catalyst Control Center "{87A91A66-1566-714D-E1BE-1F3B040E65D5}" = CCC Help Swedish "{92F63D17-2A32-7184-B8D7-905E0E1BC2A9}" = CCC Help Hungarian "{95CEF602-B837-0C37-F5E6-49C8F3196998}" = CCC Help Greek "{97E1A4DE-82AB-0448-0AEA-77DC1DD9A492}" = Catalyst Control Center Localization All "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{9DFD861E-2692-873F-BA2C-E4788648D966}" = CCC Help Italian "{B50676DC-AAE9-20DF-01A5-DABCDECD6DFC}" = Catalyst Control Center Graphics Previews Common "{D6346B4B-FDD6-C406-06FE-0CF77F561E78}" = AMD Catalyst Install Manager "{D9C7FB0D-B233-1B2E-E9DC-543911F6D94A}" = Catalyst Control Center InstallProxy "{DD9F821E-7B8D-210F-A4AE-47C60870DEBE}" = CCC Help Norwegian "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E6F42010-AA5A-B862-9620-8CBD23ACDED4}" = CCC Help Portuguese "{EAAE7669-947C-26DD-563D-863B63FFC1EA}" = CCC Help Finnish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F296A4CD-54A2-1EEE-CE14-8F88A1D97083}" = CCC Help Korean "Avira AntiVir Desktop" = Avira Free Antivirus "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Origin" = Origin "Steam App 102600" = Orcs Must Die! "Steam App 50300" = Spec Ops: The Line "Windows XP Service Pack" = Windows XP Service Pack 3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/30/2012 10:31:08 AM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 10:33:20 AM | Computer Name = HARTMAN4FAMILY | Source = Application Error | ID = 1000 Description = Faulting application mbam.exe, version 1.62.0.87, faulting module mbamcore.dll, version 1.62.0.0, fault address 0x00093604. Error - 7/30/2012 11:53:58 AM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 1:24:23 PM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 1:30:11 PM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 1:58:07 PM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 3:11:25 PM | Computer Name = HARTMAN4FAMILY | Source = Application Error | ID = 1000 Description = Faulting application chrome.exe, version 20.0.1132.57, faulting module chrome.dll, version 20.0.1132.57, fault address 0x00048974. Error - 7/30/2012 3:23:00 PM | Computer Name = HARTMAN4FAMILY | Source = Avira Antivirus | ID = 4106 Description = The virus definition file has been modified or destroyed! Returned error code: 0x5 Error - 7/30/2012 3:30:56 PM | Computer Name = HARTMAN4FAMILY | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module comctl32.dll, version 6.0.2900.6028, fault address 0x0007d8bb. Error - 7/30/2012 3:31:09 PM | Computer Name = HARTMAN4FAMILY | Source = Application Error | ID = 1000 Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. [ System Events ] Error - 7/30/2012 9:35:16 AM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 9:39:17 AM | Computer Name = HARTMAN4FAMILY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 7/30/2012 9:40:23 AM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Fips intelppm ssmdrv Error - 7/30/2012 10:29:28 AM | Computer Name = HARTMAN4FAMILY | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 7/30/2012 10:31:08 AM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 11:53:59 AM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 1:24:23 PM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 1:30:11 PM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 1:58:07 PM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). Error - 7/30/2012 3:23:00 PM | Computer Name = HARTMAN4FAMILY | Source = Service Control Manager | ID = 7024 Description = The Avira Realtime Protection service terminated with service-specific error 306 (0x132). < End of report >
-
are you asking me to copy just these lines to OTL ? /md5start themeui.dll beep.sys userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %USERPROFILE%\..|smtmp;true;true;true /FP
-
OK - I will stay off the computer - no more surfing. 10:59:00.0312 0512 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 10:59:00.0546 0512 ============================================================ 10:59:00.0546 0512 Current date / time: 2012/07/30 10:59:00.0546 10:59:00.0546 0512 SystemInfo: 10:59:00.0546 0512 10:59:00.0546 0512 OS Version: 5.1.2600 ServicePack: 3.0 10:59:00.0546 0512 Product type: Workstation 10:59:00.0546 0512 ComputerName: HARTMAN4FAMILY 10:59:00.0546 0512 Windows directory: C:\WINDOWS 10:59:00.0546 0512 System windows directory: C:\WINDOWS 10:59:00.0546 0512 Processor architecture: Intel x86 10:59:00.0546 0512 Number of processors: 2 10:59:00.0546 0512 Page size: 0x1000 10:59:00.0546 0512 Boot type: Normal boot 10:59:00.0546 0512 ============================================================ 10:59:01.0687 0512 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054 10:59:01.0687 0512 ============================================================ 10:59:01.0687 0512 \Device\Harddisk0\DR0: 10:59:01.0687 0512 MBR partitions: 10:59:01.0687 0512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFF9D41 10:59:01.0687 0512 ============================================================ 10:59:01.0703 0512 C: <-> \Device\Harddisk0\DR0\Partition0 10:59:01.0703 0512 ============================================================ 10:59:01.0703 0512 Initialize success 10:59:01.0703 0512 ============================================================ 10:59:03.0953 1304 ============================================================ 10:59:03.0953 1304 Scan started 10:59:03.0953 1304 Mode: Manual; 10:59:03.0953 1304 ============================================================ 10:59:04.0625 1304 Abiosdsk - ok 10:59:04.0625 1304 abp480n5 - ok 10:59:04.0656 1304 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:59:04.0671 1304 ACPI - ok 10:59:04.0687 1304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:59:04.0687 1304 ACPIEC - ok 10:59:04.0687 1304 adpu160m - ok 10:59:04.0718 1304 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:59:04.0718 1304 aec - ok 10:59:04.0765 1304 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:59:04.0765 1304 AFD - ok 10:59:04.0765 1304 Aha154x - ok 10:59:04.0765 1304 aic78u2 - ok 10:59:04.0765 1304 aic78xx - ok 10:59:04.0781 1304 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 10:59:04.0781 1304 Alerter - ok 10:59:04.0812 1304 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 10:59:04.0812 1304 ALG - ok 10:59:04.0812 1304 AliIde - ok 10:59:04.0890 1304 Ambfilt (4e4eb7fe9fdb8adba5fb46f35ee77f40) C:\WINDOWS\system32\drivers\Ambfilt.sys 10:59:04.0906 1304 Suspicious file (Forged): C:\WINDOWS\system32\drivers\Ambfilt.sys. Real md5: 4e4eb7fe9fdb8adba5fb46f35ee77f40, Fake md5: 7a8e406056dcbe5558766d6d6ac9bc73 10:59:04.0906 1304 Ambfilt ( ForgedFile.Multi.Generic ) - warning 10:59:04.0906 1304 Ambfilt - detected ForgedFile.Multi.Generic (1) 10:59:04.0953 1304 amsint - ok 10:59:05.0093 1304 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe 10:59:05.0093 1304 AntiVirSchedulerService - ok 10:59:05.0125 1304 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 10:59:05.0125 1304 AntiVirService - ok 10:59:05.0140 1304 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 10:59:05.0140 1304 AppMgmt - ok 10:59:05.0156 1304 asc - ok 10:59:05.0156 1304 asc3350p - ok 10:59:05.0156 1304 asc3550 - ok 10:59:05.0375 1304 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:59:05.0375 1304 aspnet_state - ok 10:59:05.0390 1304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:59:05.0390 1304 AsyncMac - ok 10:59:05.0421 1304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:59:05.0421 1304 atapi - ok 10:59:05.0437 1304 Atdisk - ok 10:59:05.0484 1304 Ati HotKey Poller (8fdb05aff463cb36be0fd3bc779121cd) C:\WINDOWS\system32\Ati2evxx.exe 10:59:05.0500 1304 Ati HotKey Poller - ok 10:59:05.0906 1304 ati2mtag (175ddf9ae328cb0d8696094fa1346361) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 10:59:05.0953 1304 ati2mtag - ok 10:59:06.0062 1304 AtiHDAudioService (924971a182e07463765ef9fa8876f24f) C:\WINDOWS\system32\drivers\AtihdXP3.sys 10:59:06.0062 1304 AtiHDAudioService - ok 10:59:06.0093 1304 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:59:06.0093 1304 Atmarpc - ok 10:59:06.0125 1304 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 10:59:06.0125 1304 AudioSrv - ok 10:59:06.0156 1304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:59:06.0156 1304 audstub - ok 10:59:06.0187 1304 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 10:59:06.0187 1304 avgntflt - ok 10:59:06.0218 1304 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys 10:59:06.0218 1304 avipbb - ok 10:59:06.0218 1304 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 10:59:06.0218 1304 avkmgr - ok 10:59:06.0250 1304 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:59:06.0250 1304 Beep - ok 10:59:06.0578 1304 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 10:59:06.0578 1304 BITS - ok 10:59:06.0609 1304 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 10:59:06.0609 1304 Browser - ok 10:59:06.0625 1304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:59:06.0625 1304 cbidf2k - ok 10:59:06.0625 1304 cd20xrnt - ok 10:59:06.0640 1304 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:59:06.0640 1304 Cdaudio - ok 10:59:06.0671 1304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:59:06.0671 1304 Cdfs - ok 10:59:06.0687 1304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:59:06.0687 1304 Cdrom - ok 10:59:06.0687 1304 Changer - ok 10:59:06.0687 1304 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe 10:59:06.0687 1304 cisvc - ok 10:59:06.0703 1304 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 10:59:06.0703 1304 ClipSrv - ok 10:59:06.0921 1304 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:59:06.0921 1304 clr_optimization_v2.0.50727_32 - ok 10:59:06.0921 1304 CmdIde - ok 10:59:06.0921 1304 COMSysApp - ok 10:59:06.0921 1304 Cpqarray - ok 10:59:06.0953 1304 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 10:59:06.0953 1304 CryptSvc - ok 10:59:06.0953 1304 dac2w2k - ok 10:59:06.0968 1304 dac960nt - ok 10:59:07.0000 1304 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 10:59:07.0015 1304 DcomLaunch - ok 10:59:07.0046 1304 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 10:59:07.0046 1304 Dhcp - ok 10:59:07.0062 1304 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:59:07.0062 1304 Disk - ok 10:59:07.0062 1304 dmadmin - ok 10:59:07.0125 1304 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 10:59:07.0125 1304 dmboot - ok 10:59:07.0140 1304 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 10:59:07.0140 1304 dmio - ok 10:59:07.0140 1304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:59:07.0140 1304 dmload - ok 10:59:07.0171 1304 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 10:59:07.0171 1304 dmserver - ok 10:59:07.0203 1304 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:59:07.0203 1304 DMusic - ok 10:59:07.0234 1304 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 10:59:07.0234 1304 Dnscache - ok 10:59:07.0281 1304 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 10:59:07.0281 1304 Dot3svc - ok 10:59:07.0281 1304 dpti2o - ok 10:59:07.0312 1304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:59:07.0312 1304 drmkaud - ok 10:59:07.0359 1304 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 10:59:07.0359 1304 EapHost - ok 10:59:07.0359 1304 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 10:59:07.0359 1304 ERSvc - ok 10:59:07.0390 1304 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:59:07.0390 1304 Eventlog - ok 10:59:07.0421 1304 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll 10:59:07.0421 1304 EventSystem - ok 10:59:07.0468 1304 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:59:07.0468 1304 Fastfat - ok 10:59:07.0515 1304 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:59:07.0515 1304 FastUserSwitchingCompatibility - ok 10:59:07.0531 1304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:59:07.0531 1304 Fdc - ok 10:59:07.0531 1304 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 10:59:07.0531 1304 Fips - ok 10:59:07.0562 1304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 10:59:07.0562 1304 Flpydisk - ok 10:59:07.0578 1304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:59:07.0578 1304 FltMgr - ok 10:59:07.0593 1304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:59:07.0593 1304 Fs_Rec - ok 10:59:07.0593 1304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:59:07.0593 1304 Ftdisk - ok 10:59:07.0609 1304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:59:07.0609 1304 Gpc - ok 10:59:07.0625 1304 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:59:07.0625 1304 HDAudBus - ok 10:59:07.0703 1304 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:59:07.0703 1304 helpsvc - ok 10:59:07.0703 1304 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 10:59:07.0703 1304 HidServ - ok 10:59:07.0718 1304 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:59:07.0718 1304 hidusb - ok 10:59:07.0718 1304 hitmanpro36 - ok 10:59:07.0828 1304 HitmanPro36Crusader - ok 10:59:07.0859 1304 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 10:59:07.0859 1304 hkmsvc - ok 10:59:07.0859 1304 hpn - ok 10:59:07.0859 1304 hpt3xx - ok 10:59:07.0906 1304 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:59:07.0906 1304 HTTP - ok 10:59:07.0921 1304 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 10:59:07.0921 1304 HTTPFilter - ok 10:59:07.0921 1304 i2omgmt - ok 10:59:07.0921 1304 i2omp - ok 10:59:07.0937 1304 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 10:59:07.0937 1304 i8042prt - ok 10:59:07.0937 1304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys 10:59:07.0937 1304 Imapi - ok 10:59:07.0968 1304 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe 10:59:07.0968 1304 ImapiService - ok 10:59:07.0968 1304 ini910u - ok 10:59:08.0234 1304 IntcAzAudAddService (b85975d052527418d843aaa0eb49624f) C:\WINDOWS\system32\drivers\RtkHDAud.sys 10:59:08.0265 1304 Suspicious file (Forged): C:\WINDOWS\system32\drivers\RtkHDAud.sys. Real md5: b85975d052527418d843aaa0eb49624f, Fake md5: 063dd51cbdc37b8668e09148e0a118bc 10:59:08.0281 1304 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning 10:59:08.0281 1304 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1) 10:59:08.0359 1304 IntelIde - ok 10:59:08.0375 1304 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:59:08.0375 1304 intelppm - ok 10:59:08.0390 1304 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:59:08.0406 1304 ip6fw - ok 10:59:08.0421 1304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:59:08.0421 1304 IpFilterDriver - ok 10:59:08.0437 1304 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:59:08.0437 1304 IpInIp - ok 10:59:08.0453 1304 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:59:08.0453 1304 IpNat - ok 10:59:08.0468 1304 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:59:08.0468 1304 IPSec - ok 10:59:08.0484 1304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:59:08.0484 1304 IRENUM - ok 10:59:08.0500 1304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:59:08.0500 1304 isapnp - ok 10:59:08.0500 1304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:59:08.0500 1304 Kbdclass - ok 10:59:08.0500 1304 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:59:08.0500 1304 kbdhid - ok 10:59:08.0546 1304 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:59:08.0546 1304 kmixer - ok 10:59:08.0562 1304 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:59:08.0562 1304 KSecDD - ok 10:59:08.0609 1304 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 10:59:08.0609 1304 lanmanserver - ok 10:59:08.0640 1304 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 10:59:08.0640 1304 lanmanworkstation - ok 10:59:08.0640 1304 lbrtfdc - ok 10:59:08.0671 1304 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 10:59:08.0671 1304 LmHosts - ok 10:59:08.0703 1304 mbamchameleon (6c1b3c47915a8bf6bd752c9d476b1ca5) C:\WINDOWS\system32\drivers\mbamchameleon.sys 10:59:08.0703 1304 mbamchameleon - ok 10:59:08.0718 1304 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 10:59:08.0718 1304 Messenger - ok 10:59:08.0734 1304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:59:08.0734 1304 mnmdd - ok 10:59:08.0750 1304 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe 10:59:08.0765 1304 mnmsrvc - ok 10:59:08.0781 1304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 10:59:08.0781 1304 Modem - ok 10:59:08.0859 1304 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 10:59:08.0859 1304 Monfilt - ok 10:59:08.0875 1304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:59:08.0875 1304 Mouclass - ok 10:59:08.0875 1304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:59:08.0875 1304 mouhid - ok 10:59:08.0875 1304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:59:08.0890 1304 MountMgr - ok 10:59:08.0890 1304 mraid35x - ok 10:59:08.0890 1304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:59:08.0890 1304 MRxDAV - ok 10:59:08.0937 1304 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:59:08.0937 1304 MRxSmb - ok 10:59:08.0937 1304 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe 10:59:08.0937 1304 MSDTC - ok 10:59:08.0937 1304 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:59:08.0937 1304 Msfs - ok 10:59:08.0953 1304 MSIServer - ok 10:59:08.0968 1304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:59:08.0968 1304 MSKSSRV - ok 10:59:09.0000 1304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:59:09.0000 1304 MSPCLOCK - ok 10:59:09.0000 1304 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:59:09.0000 1304 MSPQM - ok 10:59:09.0015 1304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:59:09.0015 1304 mssmbios - ok 10:59:09.0046 1304 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:59:09.0046 1304 Mup - ok 10:59:09.0093 1304 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 10:59:09.0093 1304 napagent - ok 10:59:09.0109 1304 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:59:09.0109 1304 NDIS - ok 10:59:09.0125 1304 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:59:09.0125 1304 NdisTapi - ok 10:59:09.0125 1304 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:59:09.0125 1304 Ndisuio - ok 10:59:09.0125 1304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:59:09.0125 1304 NdisWan - ok 10:59:09.0156 1304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:59:09.0156 1304 NDProxy - ok 10:59:09.0156 1304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:59:09.0156 1304 NetBIOS - ok 10:59:09.0171 1304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:59:09.0171 1304 NetBT - ok 10:59:09.0203 1304 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:59:09.0203 1304 NetDDE - ok 10:59:09.0203 1304 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:59:09.0203 1304 NetDDEdsdm - ok 10:59:09.0218 1304 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 10:59:09.0218 1304 Netlogon - ok 10:59:09.0265 1304 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 10:59:09.0265 1304 Netman - ok 10:59:09.0281 1304 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 10:59:09.0281 1304 Nla - ok 10:59:09.0281 1304 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:59:09.0281 1304 Npfs - ok 10:59:09.0312 1304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:59:09.0328 1304 Ntfs - ok 10:59:09.0328 1304 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 10:59:09.0328 1304 NtLmSsp - ok 10:59:09.0390 1304 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 10:59:09.0390 1304 NtmsSvc - ok 10:59:09.0437 1304 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:59:09.0437 1304 Null - ok 10:59:09.0468 1304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:59:09.0468 1304 NwlnkFlt - ok 10:59:09.0468 1304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:59:09.0468 1304 NwlnkFwd - ok 10:59:09.0484 1304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 10:59:09.0484 1304 Parport - ok 10:59:09.0500 1304 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:59:09.0500 1304 PartMgr - ok 10:59:09.0531 1304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 10:59:09.0531 1304 ParVdm - ok 10:59:09.0531 1304 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 10:59:09.0531 1304 PCI - ok 10:59:09.0531 1304 PCIDump - ok 10:59:09.0546 1304 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:59:09.0546 1304 PCIIde - ok 10:59:09.0562 1304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:59:09.0562 1304 Pcmcia - ok 10:59:09.0562 1304 PDCOMP - ok 10:59:09.0562 1304 PDFRAME - ok 10:59:09.0578 1304 PDRELI - ok 10:59:09.0578 1304 PDRFRAME - ok 10:59:09.0578 1304 perc2 - ok 10:59:09.0578 1304 perc2hib - ok 10:59:09.0609 1304 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:59:09.0609 1304 PlugPlay - ok 10:59:09.0609 1304 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 10:59:09.0609 1304 PolicyAgent - ok 10:59:09.0625 1304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:59:09.0625 1304 PptpMiniport - ok 10:59:09.0625 1304 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 10:59:09.0625 1304 Processor - ok 10:59:09.0625 1304 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:59:09.0625 1304 ProtectedStorage - ok 10:59:09.0625 1304 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:59:09.0625 1304 PSched - ok 10:59:09.0625 1304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:59:09.0625 1304 Ptilink - ok 10:59:09.0640 1304 ql1080 - ok 10:59:09.0640 1304 Ql10wnt - ok 10:59:09.0640 1304 ql12160 - ok 10:59:09.0640 1304 ql1240 - ok 10:59:09.0640 1304 ql1280 - ok 10:59:09.0640 1304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:59:09.0640 1304 RasAcd - ok 10:59:09.0671 1304 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 10:59:09.0671 1304 RasAuto - ok 10:59:09.0687 1304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:59:09.0687 1304 Rasl2tp - ok 10:59:09.0734 1304 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 10:59:09.0734 1304 RasMan - ok 10:59:09.0734 1304 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:59:09.0734 1304 RasPppoe - ok 10:59:09.0734 1304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:59:09.0734 1304 Raspti - ok 10:59:09.0750 1304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:59:09.0765 1304 Rdbss - ok 10:59:09.0765 1304 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:59:09.0765 1304 RDPCDD - ok 10:59:09.0765 1304 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:59:09.0765 1304 rdpdr - ok 10:59:09.0796 1304 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 10:59:09.0796 1304 RDPWD - ok 10:59:09.0828 1304 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 10:59:09.0828 1304 RDSessMgr - ok 10:59:09.0843 1304 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:59:09.0843 1304 redbook - ok 10:59:09.0875 1304 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 10:59:09.0875 1304 RemoteAccess - ok 10:59:09.0890 1304 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 10:59:09.0890 1304 RemoteRegistry - ok 10:59:09.0906 1304 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe 10:59:09.0906 1304 RpcLocator - ok 10:59:09.0921 1304 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 10:59:09.0921 1304 RpcSs - ok 10:59:09.0937 1304 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe 10:59:09.0937 1304 RSVP - ok 10:59:09.0968 1304 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 10:59:09.0968 1304 rtl8139 - ok 10:59:09.0968 1304 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:59:09.0968 1304 SamSs - ok 10:59:09.0984 1304 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 10:59:09.0984 1304 SCardSvr - ok 10:59:10.0000 1304 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 10:59:10.0000 1304 Schedule - ok 10:59:10.0015 1304 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:59:10.0015 1304 Secdrv - ok 10:59:10.0015 1304 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 10:59:10.0015 1304 seclogon - ok 10:59:10.0031 1304 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 10:59:10.0031 1304 SENS - ok 10:59:10.0046 1304 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:59:10.0046 1304 serenum - ok 10:59:10.0046 1304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 10:59:10.0046 1304 Serial - ok 10:59:10.0046 1304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:59:10.0046 1304 Sfloppy - ok 10:59:10.0078 1304 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 10:59:10.0078 1304 SharedAccess - ok 10:59:10.0109 1304 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:59:10.0109 1304 ShellHWDetection - ok 10:59:10.0109 1304 Simbad - ok 10:59:10.0109 1304 Sparrow - ok 10:59:10.0140 1304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:59:10.0140 1304 splitter - ok 10:59:10.0171 1304 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:59:10.0171 1304 Spooler - ok 10:59:10.0187 1304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 10:59:10.0187 1304 sr - ok 10:59:10.0203 1304 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll 10:59:10.0203 1304 srservice - ok 10:59:10.0234 1304 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:59:10.0234 1304 Srv - ok 10:59:10.0265 1304 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 10:59:10.0265 1304 SSDPSRV - ok 10:59:10.0296 1304 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 10:59:10.0296 1304 ssmdrv - ok 10:59:10.0343 1304 Steam Client Service - ok 10:59:10.0390 1304 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 10:59:10.0390 1304 Suspicious file (Forged): C:\WINDOWS\system32\wiaservc.dll. Real md5: 8bad69cbac032d4bbacfce0306174c30, Fake md5: 6a680d3f5720574f3f9eeb88e19dab17 10:59:10.0390 1304 stisvc ( ForgedFile.Multi.Generic ) - warning 10:59:10.0390 1304 stisvc - detected ForgedFile.Multi.Generic (1) 10:59:10.0406 1304 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:59:10.0406 1304 swenum - ok 10:59:10.0421 1304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:59:10.0421 1304 swmidi - ok 10:59:10.0421 1304 SwPrv - ok 10:59:10.0421 1304 symc810 - ok 10:59:10.0421 1304 symc8xx - ok 10:59:10.0437 1304 sym_hi - ok 10:59:10.0437 1304 sym_u3 - ok 10:59:10.0437 1304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:59:10.0453 1304 sysaudio - ok 10:59:10.0468 1304 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 10:59:10.0468 1304 SysmonLog - ok 10:59:10.0531 1304 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 10:59:10.0531 1304 TapiSrv - ok 10:59:10.0562 1304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:59:10.0562 1304 Tcpip - ok 10:59:10.0578 1304 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:59:10.0578 1304 TDPIPE - ok 10:59:10.0593 1304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:59:10.0593 1304 TDTCP - ok 10:59:10.0609 1304 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:59:10.0609 1304 TermDD - ok 10:59:10.0656 1304 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 10:59:10.0656 1304 TermService - ok 10:59:10.0687 1304 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:59:10.0703 1304 Themes - ok 10:59:10.0718 1304 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe 10:59:10.0718 1304 TlntSvr - ok 10:59:10.0718 1304 TosIde - ok 10:59:10.0734 1304 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 10:59:10.0734 1304 TrkWks - ok 10:59:10.0765 1304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:59:10.0781 1304 Udfs - ok 10:59:10.0781 1304 ultra - ok 10:59:10.0812 1304 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:59:10.0812 1304 Update - ok 10:59:10.0828 1304 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 10:59:10.0828 1304 upnphost - ok 10:59:10.0828 1304 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 10:59:10.0828 1304 UPS - ok 10:59:10.0828 1304 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:59:10.0828 1304 usbccgp - ok 10:59:10.0828 1304 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:59:10.0843 1304 usbhub - ok 10:59:10.0843 1304 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 10:59:10.0843 1304 usbohci - ok 10:59:10.0859 1304 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:59:10.0859 1304 usbstor - ok 10:59:10.0859 1304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:59:10.0859 1304 VgaSave - ok 10:59:10.0859 1304 ViaIde - ok 10:59:10.0859 1304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 10:59:10.0859 1304 VolSnap - ok 10:59:10.0921 1304 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 10:59:10.0921 1304 VSS - ok 10:59:10.0937 1304 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll 10:59:10.0953 1304 W32Time - ok 10:59:10.0953 1304 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:59:10.0953 1304 Wanarp - ok 10:59:10.0953 1304 WDICA - ok 10:59:10.0984 1304 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:59:10.0984 1304 wdmaud - ok 10:59:11.0000 1304 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 10:59:11.0000 1304 WebClient - ok 10:59:11.0046 1304 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:59:11.0046 1304 winmgmt - ok 10:59:11.0078 1304 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll 10:59:11.0078 1304 WmdmPmSN - ok 10:59:11.0125 1304 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 10:59:11.0125 1304 Wmi - ok 10:59:11.0140 1304 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 10:59:11.0140 1304 WmiAcpi - ok 10:59:11.0140 1304 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe 10:59:11.0140 1304 WmiApSrv - ok 10:59:11.0171 1304 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 10:59:11.0171 1304 wscsvc - ok 10:59:11.0203 1304 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 10:59:11.0203 1304 wuauserv - ok 10:59:11.0234 1304 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 10:59:11.0234 1304 WZCSVC - ok 10:59:11.0265 1304 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 10:59:11.0265 1304 xmlprov - ok 10:59:11.0281 1304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 10:59:11.0546 1304 \Device\Harddisk0\DR0 - ok 10:59:11.0546 1304 Boot (0x1200) (8edc99c902a8ce7f3a063d1f8cffb38d) \Device\Harddisk0\DR0\Partition0 10:59:11.0562 1304 \Device\Harddisk0\DR0\Partition0 - ok 10:59:11.0562 1304 ============================================================ 10:59:11.0562 1304 Scan finished 10:59:11.0562 1304 ============================================================ 10:59:11.0562 3632 Detected object count: 3 10:59:11.0562 3632 Actual detected object count: 3 11:01:20.0703 3632 Ambfilt ( ForgedFile.Multi.Generic ) - skipped by user 11:01:20.0703 3632 Ambfilt ( ForgedFile.Multi.Generic ) - User select action: Skip 11:01:20.0703 3632 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user 11:01:20.0703 3632 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip 11:01:20.0703 3632 stisvc ( ForgedFile.Multi.Generic ) - skipped by user 11:01:20.0703 3632 stisvc ( ForgedFile.Multi.Generic ) - User select action: Skip 11:01:39.0406 3504 Deinitialize success