20:39:27.0367 0x1294  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:39:28.0366 0x1294  ============================================================
20:39:28.0366 0x1294  Current date / time: 2015/01/23 20:39:28.0366
20:39:28.0366 0x1294  SystemInfo:
20:39:28.0366 0x1294  
20:39:28.0366 0x1294  OS Version: 6.1.7601 ServicePack: 1.0
20:39:28.0366 0x1294  Product type: Workstation
20:39:28.0366 0x1294  ComputerName: PC
20:39:28.0366 0x1294  UserName: admin
20:39:28.0366 0x1294  Windows directory: C:\windows
20:39:28.0366 0x1294  System windows directory: C:\windows
20:39:28.0366 0x1294  Running under WOW64
20:39:28.0366 0x1294  Processor architecture: Intel x64
20:39:28.0366 0x1294  Number of processors: 4
20:39:28.0366 0x1294  Page size: 0x1000
20:39:28.0366 0x1294  Boot type: Normal boot
20:39:28.0366 0x1294  ============================================================
20:39:28.0366 0x1294  BG loaded
20:39:29.0349 0x1294  System UUID: {1D60D8B5-103D-647B-396C-B8050CBA052A}
20:39:31.0361 0x1294  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:39:31.0361 0x1294  ============================================================
20:39:31.0361 0x1294  \Device\Harddisk0\DR0:
20:39:31.0361 0x1294  MBR partitions:
20:39:31.0361 0x1294  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2349D800
20:39:31.0361 0x1294  ============================================================
20:39:31.0408 0x1294  C: <-> \Device\Harddisk0\DR0\Partition1
20:39:31.0408 0x1294  ============================================================
20:39:31.0408 0x1294  Initialize success
20:39:31.0408 0x1294  ============================================================
20:40:49.0086 0x1d00  ============================================================
20:40:49.0086 0x1d00  Scan started
20:40:49.0086 0x1d00  Mode: Manual; 
20:40:49.0086 0x1d00  ============================================================
20:40:49.0086 0x1d00  KSN ping started
20:40:51.0801 0x1d00  KSN ping finished: true
20:40:53.0985 0x1d00  ================ Scan system memory ========================
20:40:53.0985 0x1d00  System memory - ok
20:40:53.0985 0x1d00  ================ Scan services =============================
20:40:54.0250 0x1d00  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
20:40:54.0266 0x1d00  1394ohci - ok
20:40:54.0312 0x1d00  Suspicious service (NoAccess): 1c2a86b7768b5cf3
20:40:54.0359 0x1d00  [ 60BF76580C457F0F42108C8BB45A531A, 4BEB9382EF094389CD326E331517A49A5A86AE49C85685AF5C7632C012349DFE ] 1c2a86b7768b5cf3 C:\windows\System32\Drivers\1c2a86b7768b5cf3.sys
20:40:54.0359 0x1d00  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\1c2a86b7768b5cf3.sys. md5: 60BF76580C457F0F42108C8BB45A531A, sha256: 4BEB9382EF094389CD326E331517A49A5A86AE49C85685AF5C7632C012349DFE
20:40:54.0468 0x1d00  1c2a86b7768b5cf3 - detected Rootkit.Win32.Necurs.gen ( 0 )
20:40:57.0152 0x1d00  1c2a86b7768b5cf3 ( Rootkit.Win32.Necurs.gen ) - infected
20:40:57.0152 0x1d00  Force sending object to P2P due to detect: 1c2a86b7768b5cf3
20:40:59.0882 0x1d00  Object send P2P result: true
20:41:12.0923 0x1d00  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
20:41:12.0954 0x1d00  ACPI - ok
20:41:12.0986 0x1d00  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
20:41:13.0001 0x1d00  AcpiPmi - ok
20:41:13.0220 0x1d00  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:41:13.0220 0x1d00  AdobeARMservice - ok
20:41:13.0298 0x1d00  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
20:41:13.0329 0x1d00  adp94xx - ok
20:41:13.0407 0x1d00  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
20:41:13.0454 0x1d00  adpahci - ok
20:41:13.0500 0x1d00  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
20:41:13.0532 0x1d00  adpu320 - ok
20:41:13.0594 0x1d00  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
20:41:13.0610 0x1d00  AeLookupSvc - ok
20:41:13.0688 0x1d00  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
20:41:13.0719 0x1d00  AFD - ok
20:41:13.0766 0x1d00  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
20:41:13.0781 0x1d00  agp440 - ok
20:41:13.0828 0x1d00  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
20:41:13.0844 0x1d00  ALG - ok
20:41:13.0875 0x1d00  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
20:41:13.0890 0x1d00  aliide - ok
20:41:13.0984 0x1d00  [ 99E91E6E6E97AFC2348ECBF161FAA0D2, 29AE6742F51D7F6D6C5924ECA78010536E542C92345DFF6561860E6FC33FD320 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
20:41:14.0000 0x1d00  AMD External Events Utility - ok
20:41:14.0031 0x1d00  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
20:41:14.0046 0x1d00  amdide - ok
20:41:14.0109 0x1d00  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
20:41:14.0124 0x1d00  AmdK8 - ok
20:41:14.0858 0x1d00  [ 50DBD80E1DAA40E6088EB3D2FF4395AC, 1610460E0FDE114D579016C8A8EE0AC8A026A8A7B10DAEB341A091DD2F46D7B0 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
20:41:15.0029 0x1d00  amdkmdag - ok
20:41:15.0154 0x1d00  [ 1114ADFA7AA8F804C04E7D4735B22EED, 2B2AC5906FA48162CDEB44ECF96C04B9D563E1D1D4F8ACBD19AA6212D97DC851 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
20:41:15.0170 0x1d00  amdkmdap - ok
20:41:15.0185 0x1d00  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
20:41:15.0201 0x1d00  AmdPPM - ok
20:41:15.0248 0x1d00  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
20:41:15.0263 0x1d00  amdsata - ok
20:41:15.0310 0x1d00  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
20:41:15.0326 0x1d00  amdsbs - ok
20:41:15.0357 0x1d00  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
20:41:15.0372 0x1d00  amdxata - ok
20:41:15.0482 0x1d00  [ 8397FA2ABA73E696F574655A24B49D91, 8F00D4D1B229401D798EA438F5D5D5A1CEE4BC88D9275609E21C8AA1D91CAD87 ] ApfiltrService  C:\windows\system32\DRIVERS\Apfiltr.sys
20:41:15.0497 0x1d00  ApfiltrService - ok
20:41:15.0575 0x1d00  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\windows\system32\drivers\appid.sys
20:41:15.0575 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\appid.sys. md5: 80B9412C4DE09147581FC935FB4C97AB, sha256: 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3
20:41:15.0575 0x1d00  AppID - detected LockedFile.Multi.Generic ( 1 )
20:41:18.0321 0x1d00  Detect skipped due to KSN trusted
20:41:18.0321 0x1d00  AppID - ok
20:41:18.0368 0x1d00  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\windows\System32\appidsvc.dll
20:41:18.0368 0x1d00  AppIDSvc - ok
20:41:18.0430 0x1d00  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
20:41:18.0430 0x1d00  Appinfo - ok
20:41:18.0492 0x1d00  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\windows\System32\appmgmts.dll
20:41:18.0524 0x1d00  AppMgmt - ok
20:41:18.0570 0x1d00  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
20:41:18.0586 0x1d00  arc - ok
20:41:18.0633 0x1d00  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
20:41:18.0633 0x1d00  arcsas - ok
20:41:18.0836 0x1d00  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:41:18.0960 0x1d00  aspnet_state - ok
20:41:19.0007 0x1d00  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
20:41:19.0038 0x1d00  AsyncMac - ok
20:41:19.0101 0x1d00  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
20:41:19.0101 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C, sha256: 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273
20:41:19.0101 0x1d00  atapi - detected LockedFile.Multi.Generic ( 1 )
20:41:21.0831 0x1d00  Detect skipped due to KSN trusted
20:41:21.0831 0x1d00  atapi - ok
20:41:22.0018 0x1d00  [ B2931C83CFB12A3223A47B180473AE1A, D9089E0D4AB82F4F5FCD6A82F446504E7968EA6A09B55190F68EB8A09F6CFE78 ] athr            C:\windows\system32\DRIVERS\athrx.sys
20:41:22.0018 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\athrx.sys. md5: B2931C83CFB12A3223A47B180473AE1A, sha256: D9089E0D4AB82F4F5FCD6A82F446504E7968EA6A09B55190F68EB8A09F6CFE78
20:41:22.0018 0x1d00  athr - detected LockedFile.Multi.Generic ( 1 )
20:41:24.0701 0x1d00  Detect skipped due to KSN trusted
20:41:24.0701 0x1d00  athr - ok
20:41:24.0810 0x1d00  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:41:24.0842 0x1d00  AudioEndpointBuilder - ok
20:41:24.0857 0x1d00  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\windows\System32\Audiosrv.dll
20:41:24.0873 0x1d00  AudioSrv - ok
20:41:24.0951 0x1d00  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
20:41:24.0966 0x1d00  AxInstSV - ok
20:41:25.0060 0x1d00  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
20:41:25.0060 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\bxvbda.sys. md5: 3E5B191307609F7514148C6832BB0842, sha256: DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580
20:41:25.0060 0x1d00  b06bdrv - detected LockedFile.Multi.Generic ( 1 )
20:41:27.0634 0x1d00  Detect skipped due to KSN trusted
20:41:27.0634 0x1d00  b06bdrv - ok
20:41:27.0728 0x1d00  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
20:41:27.0728 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\b57nd60a.sys. md5: B5ACE6968304A3900EEB1EBFD9622DF2, sha256: 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA
20:41:27.0728 0x1d00  b57nd60a - detected LockedFile.Multi.Generic ( 1 )
20:41:30.0286 0x1d00  Detect skipped due to KSN trusted
20:41:30.0286 0x1d00  b57nd60a - ok
20:41:30.0317 0x1d00  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
20:41:30.0333 0x1d00  BDESVC - ok
20:41:30.0364 0x1d00  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
20:41:30.0364 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Beep.sys. md5: 16A47CE2DECC9B099349A5F840654746, sha256: 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024
20:41:30.0364 0x1d00  Beep - detected LockedFile.Multi.Generic ( 1 )
20:41:32.0954 0x1d00  Detect skipped due to KSN trusted
20:41:32.0954 0x1d00  Beep - ok
20:41:33.0110 0x1d00  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
20:41:33.0141 0x1d00  BFE - ok
20:41:33.0281 0x1d00  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
20:41:33.0578 0x1d00  BITS - ok
20:41:33.0936 0x1d00  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
20:41:33.0936 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3, sha256: 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811
20:41:33.0936 0x1d00  blbdrive - detected LockedFile.Multi.Generic ( 1 )
20:41:36.0635 0x1d00  Detect skipped due to KSN trusted
20:41:36.0635 0x1d00  blbdrive - ok
20:41:36.0729 0x1d00  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:41:36.0744 0x1d00  Bonjour Service - ok
20:41:36.0760 0x1d00  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
20:41:36.0760 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5, sha256: AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28
20:41:36.0760 0x1d00  bowser - detected LockedFile.Multi.Generic ( 1 )
20:41:39.0443 0x1d00  Detect skipped due to KSN trusted
20:41:39.0443 0x1d00  bowser - ok
20:41:39.0490 0x1d00  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
20:41:39.0490 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8, sha256: 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3
20:41:39.0490 0x1d00  BrFiltLo - detected LockedFile.Multi.Generic ( 1 )
20:41:42.0080 0x1d00  Detect skipped due to KSN trusted
20:41:42.0080 0x1d00  BrFiltLo - ok
20:41:42.0126 0x1d00  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
20:41:42.0126 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6, sha256: 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C
20:41:42.0142 0x1d00  BrFiltUp - detected LockedFile.Multi.Generic ( 1 )
20:41:44.0732 0x1d00  Detect skipped due to KSN trusted
20:41:44.0732 0x1d00  BrFiltUp - ok
20:41:44.0763 0x1d00  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
20:41:44.0778 0x1d00  Browser - ok
20:41:44.0825 0x1d00  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
20:41:44.0825 0x1d00  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD, sha256: 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272
20:41:44.0825 0x1d00  Brserid - detected LockedFile.Multi.Generic ( 1 )
20:41:47.0415 0x1d00  Detect skipped due to KSN trusted
20:41:47.0415 0x1d00  Brserid - ok
20:41:47.0446 0x1d00  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
20:41:47.0446 0x1d00  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42, sha256: E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C
20:41:47.0446 0x1d00  BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
20:41:50.0254 0x1d00  Detect skipped due to KSN trusted
20:41:50.0254 0x1d00  BrSerWdm - ok
20:41:50.0301 0x1d00  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
20:41:50.0301 0x1d00  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524, sha256: 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983
20:41:50.0301 0x1d00  BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
20:41:53.0015 0x1d00  Detect skipped due to KSN trusted
20:41:53.0015 0x1d00  BrUsbMdm - ok
20:41:53.0062 0x1d00  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
20:41:53.0062 0x1d00  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF, sha256: 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9
20:41:53.0062 0x1d00  BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
20:41:55.0745 0x1d00  Detect skipped due to KSN trusted
20:41:55.0745 0x1d00  BrUsbSer - ok
20:41:55.0792 0x1d00  [ 2347ABBD13BADA65826FDAB4CAAFE357, EA11668ECC7F92287C5B570DBF5629A80269E79AC256F5AF0984D8B270010BAE ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
20:41:55.0792 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\btfilter.sys. md5: 2347ABBD13BADA65826FDAB4CAAFE357, sha256: EA11668ECC7F92287C5B570DBF5629A80269E79AC256F5AF0984D8B270010BAE
20:41:55.0792 0x1d00  BtFilter - detected LockedFile.Multi.Generic ( 1 )
20:41:58.0475 0x1d00  Detect skipped due to KSN trusted
20:41:58.0475 0x1d00  BtFilter - ok
20:41:58.0522 0x1d00  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
20:41:58.0522 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8, sha256: B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4
20:41:58.0522 0x1d00  BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
20:42:01.0112 0x1d00  Detect skipped due to KSN trusted
20:42:01.0112 0x1d00  BTHMODEM - ok
20:42:01.0174 0x1d00  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
20:42:01.0174 0x1d00  bthserv - ok
20:42:01.0205 0x1d00  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
20:42:01.0205 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65
20:42:01.0205 0x1d00  cdfs - detected LockedFile.Multi.Generic ( 1 )
20:42:03.0795 0x1d00  Detect skipped due to KSN trusted
20:42:03.0795 0x1d00  cdfs - ok
20:42:03.0842 0x1d00  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
20:42:03.0842 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416, sha256: BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B
20:42:03.0842 0x1d00  cdrom - detected LockedFile.Multi.Generic ( 1 )
20:42:06.0416 0x1d00  Detect skipped due to KSN trusted
20:42:06.0416 0x1d00  cdrom - ok
20:42:06.0462 0x1d00  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
20:42:06.0462 0x1d00  CertPropSvc - ok
20:42:06.0556 0x1d00  [ 41E7C4FA6491747402CFCA77CC1C7AAB, 676CD982A0D33B60A646AC7C0158F7421E395C8B4B12E544C55AF5C09E470CC5 ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
20:42:06.0572 0x1d00  cfWiMAXService - ok
20:42:06.0603 0x1d00  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
20:42:06.0603 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
20:42:06.0603 0x1d00  circlass - detected LockedFile.Multi.Generic ( 1 )
20:42:09.0395 0x1d00  Detect skipped due to KSN trusted
20:42:09.0395 0x1d00  circlass - ok
20:42:09.0473 0x1d00  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
20:42:09.0473 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
20:42:09.0473 0x1d00  CLFS - detected LockedFile.Multi.Generic ( 1 )
20:42:12.0125 0x1d00  Detect skipped due to KSN trusted
20:42:12.0125 0x1d00  CLFS - ok
20:42:12.0203 0x1d00  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:12.0203 0x1d00  clr_optimization_v2.0.50727_32 - ok
20:42:12.0250 0x1d00  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:42:12.0266 0x1d00  clr_optimization_v2.0.50727_64 - ok
20:42:12.0328 0x1d00  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:42:12.0422 0x1d00  clr_optimization_v4.0.30319_32 - ok
20:42:12.0453 0x1d00  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:42:12.0468 0x1d00  clr_optimization_v4.0.30319_64 - ok
20:42:12.0500 0x1d00  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
20:42:12.0500 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A
20:42:12.0500 0x1d00  CmBatt - detected LockedFile.Multi.Generic ( 1 )
20:42:15.0198 0x1d00  Detect skipped due to KSN trusted
20:42:15.0198 0x1d00  CmBatt - ok
20:42:15.0245 0x1d00  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
20:42:15.0245 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
20:42:15.0245 0x1d00  cmdide - detected LockedFile.Multi.Generic ( 1 )
20:42:17.0819 0x1d00  Detect skipped due to KSN trusted
20:42:17.0819 0x1d00  cmdide - ok
20:42:17.0913 0x1d00  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
20:42:17.0913 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\cng.sys. md5: EBF28856F69CF094A902F884CF989706, sha256: AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F
20:42:17.0913 0x1d00  CNG - detected LockedFile.Multi.Generic ( 1 )
20:42:20.0471 0x1d00  Detect skipped due to KSN trusted
20:42:20.0471 0x1d00  CNG - ok
20:42:20.0518 0x1d00  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
20:42:20.0518 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
20:42:20.0518 0x1d00  Compbatt - detected LockedFile.Multi.Generic ( 1 )
20:42:23.0123 0x1d00  Detect skipped due to KSN trusted
20:42:23.0123 0x1d00  Compbatt - ok
20:42:23.0186 0x1d00  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
20:42:23.0186 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8, sha256: 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959
20:42:23.0186 0x1d00  CompositeBus - detected LockedFile.Multi.Generic ( 1 )
20:42:25.0931 0x1d00  Detect skipped due to KSN trusted
20:42:25.0931 0x1d00  CompositeBus - ok
20:42:25.0947 0x1d00  COMSysApp - ok
20:42:25.0994 0x1d00  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:42:25.0994 0x1d00  ConfigFree Service - ok
20:42:26.0009 0x1d00  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
20:42:26.0009 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
20:42:26.0009 0x1d00  crcdisk - detected LockedFile.Multi.Generic ( 1 )
20:42:28.0677 0x1d00  Detect skipped due to KSN trusted
20:42:28.0677 0x1d00  crcdisk - ok
20:42:28.0724 0x1d00  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\windows\system32\cryptsvc.dll
20:42:28.0739 0x1d00  CryptSvc - ok
20:42:28.0802 0x1d00  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\windows\system32\drivers\csc.sys
20:42:28.0802 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\csc.sys. md5: 54DA3DFD29ED9F1619B6F53F3CE55E49, sha256: 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E
20:42:28.0817 0x1d00  CSC - detected LockedFile.Multi.Generic ( 1 )
20:42:31.0469 0x1d00  Detect skipped due to KSN trusted
20:42:31.0469 0x1d00  CSC - ok
20:42:31.0563 0x1d00  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\windows\System32\cscsvc.dll
20:42:31.0578 0x1d00  CscService - ok
20:42:31.0625 0x1d00  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
20:42:31.0656 0x1d00  DcomLaunch - ok
20:42:31.0688 0x1d00  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
20:42:31.0688 0x1d00  defragsvc - ok
20:42:31.0734 0x1d00  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
20:42:31.0734 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4, sha256: 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F
20:42:31.0734 0x1d00  DfsC - detected LockedFile.Multi.Generic ( 1 )
20:42:35.0712 0x1d00  Detect skipped due to KSN trusted
20:42:35.0712 0x1d00  DfsC - ok
20:42:35.0775 0x1d00  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
20:42:35.0790 0x1d00  Dhcp - ok
20:42:35.0822 0x1d00  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
20:42:35.0822 0x1d00  Suspicious file ( NoAccess ): C:\windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
20:42:35.0822 0x1d00  discache - detected LockedFile.Multi.Generic ( 1 )
20:42:38.0396 0x1d00  Detect skipped due to KSN trusted
20:42:38.0396 0x1d00  discache - ok
20:42:38.0396 0x1d00  Scan was interrupted by user!
20:42:38.0396 0x1d00  Waiting for KSN requests completion. In queue: 1
20:42:39.0410 0x1d00  Waiting for KSN requests completion. In queue: 1
20:42:40.0424 0x1d00  Waiting for KSN requests completion. In queue: 1
20:42:41.0469 0x1d00  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x60000 ( disabled : updated )
20:42:41.0485 0x1d00  Win FW state via NFP2: enabled
20:42:44.0043 0x1d00  ============================================================
20:42:44.0043 0x1d00  Scan finished
20:42:44.0043 0x1d00  ============================================================
20:42:44.0059 0x1cf8  Detected object count: 1
20:42:44.0059 0x1cf8  Actual detected object count: 1
20:42:58.0660 0x1cf8  C:\windows\System32\Drivers\1c2a86b7768b5cf3.sys - copied to quarantine
20:42:58.0660 0x1cf8  HKLM\SYSTEM\ControlSet001\services\1c2a86b7768b5cf3 - will be deleted on reboot
20:42:58.0754 0x1cf8  HKLM\SYSTEM\ControlSet002\services\1c2a86b7768b5cf3 - will be deleted on reboot
20:42:59.0175 0x1cf8  C:\windows\System32\Drivers\1c2a86b7768b5cf3.sys - will be deleted on reboot
20:42:59.0175 0x1cf8  1c2a86b7768b5cf3 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
20:42:59.0284 0x1cf8  KLMD registered as C:\windows\system32\drivers\10834366.sys
20:46:28.0871 0x1254  Deinitialize success