?
Solved

Cisco Botnet traffic filter finding malware threats that are not detected on the host

Posted on 2011-10-11
8
Medium Priority
?
1,046 Views
Last Modified: 2012-05-12
I have recently added the botnet filter to my Cisco ASA firewall and it is reporting that my system is infected with malware. I have scanned my system with the most recent version of Malwarebytes, ms security essentials and glary utilities and the system comes up clean.
these are the connections BotNet is reporting...
 
mktoresp.com (205.186.138.227) 80 9/9 Very High Malware 12:47:27 CDT Oct 5 2011
564-whv-323.mktoresp.com (204.232.250.102) 443 694/694 Very High Malware 07:30:23 CDT Oct 10 2011
ad.360yield.com (107.20.232.185) 80 9/9 Very High Malware 12:48:13 CDT Sep 1 2011
metrics.ctvdigital.net (208.44.23.131) 80 1/1 Very High Malware 07:48:07 CDT Sep 9 2011
metrics.ctvdigital.net (208.44.23.27) 80 3/3 Very High Malware 08:04:40 CDT Sep 9 2011

Open in new window


Do I have something hiding deeper then these malware programs can detect? BotNet filter says it is blocking these connections, but i would like to get whatever is causing this off of my system.
0
Comment
Question by:PDGPA
  • 5
  • 3
8 Comments
 
LVL 38

Assisted Solution

by:younghv
younghv earned 2000 total points
ID: 36948665
I don't know enough about Cisco to know if these are 'false postives' or not.

Both Malwarebytes and MSE are solid programs, but you should look with additional tools.

ComboFix, TDSSKiller, and FixTDSS - be sure to post the logs that are generated so that we can review them.

start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

You can also try FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe
Please download ComboFix by sUBs:(and attach the resulting log)
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and
Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your 
next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix.. 

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall. 
CF disconnects your machine from the internet. The connection is automatically 
restored before CF completes its run. If CF runs into difficulty and terminates 
prematurely, the connection can be manually restored by restarting your machine. 
  
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*** NOTE
Please post the logs generated for both Malwarebytes and ComboFix so that we can 
review the results.

Open in new window

0
 

Author Comment

by:PDGPA
ID: 36948744
Thanks for your prompt reply.
I ran TDSSKiller and it came up with one hidden service mpksl4d00117d. i didn't know what it was so I Quarantined it.
here is the log.
 
08:11:37.0465 6748	TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
08:11:37.0905 6748	============================================================
08:11:37.0905 6748	Current date / time: 2011/10/11 08:11:37.0905
08:11:37.0905 6748	SystemInfo:
08:11:37.0905 6748	
08:11:37.0906 6748	OS Version: 6.1.7601 ServicePack: 1.0
08:11:37.0906 6748	Product type: Workstation
08:11:37.0906 6748	ComputerName: PDG02-LT2CKZ3R1
08:11:37.0906 6748	UserName: mgruetzman
08:11:37.0906 6748	Windows directory: C:\Windows
08:11:37.0906 6748	System windows directory: C:\Windows
08:11:37.0906 6748	Processor architecture: Intel x86
08:11:37.0906 6748	Number of processors: 4
08:11:37.0906 6748	Page size: 0x1000
08:11:37.0906 6748	Boot type: Normal boot
08:11:37.0906 6748	============================================================
08:11:39.0184 6748	Initialize success
08:11:42.0977 3788	============================================================
08:11:42.0977 3788	Scan started
08:11:42.0977 3788	Mode: Manual; 
08:11:42.0977 3788	============================================================
08:11:43.0181 3788	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:11:43.0185 3788	1394ohci - ok
08:11:43.0220 3788	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:11:43.0229 3788	ACPI - ok
08:11:43.0267 3788	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:11:43.0270 3788	AcpiPmi - ok
08:11:43.0305 3788	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
08:11:43.0317 3788	adp94xx - ok
08:11:43.0364 3788	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
08:11:43.0374 3788	adpahci - ok
08:11:43.0413 3788	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
08:11:43.0416 3788	adpu320 - ok
08:11:43.0486 3788	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:11:43.0502 3788	AFD - ok
08:11:43.0539 3788	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:11:43.0543 3788	agp440 - ok
08:11:43.0585 3788	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
08:11:43.0588 3788	aic78xx - ok
08:11:43.0636 3788	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:11:43.0638 3788	aliide - ok
08:11:43.0650 3788	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:11:43.0653 3788	amdagp - ok
08:11:43.0689 3788	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:11:43.0692 3788	amdide - ok
08:11:43.0715 3788	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
08:11:43.0718 3788	AmdK8 - ok
08:11:43.0730 3788	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
08:11:43.0733 3788	AmdPPM - ok
08:11:43.0771 3788	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:11:43.0774 3788	amdsata - ok
08:11:43.0792 3788	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
08:11:43.0797 3788	amdsbs - ok
08:11:43.0816 3788	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:11:43.0819 3788	amdxata - ok
08:11:43.0860 3788	ApfiltrService  (9910a9c7d307a9e156d951248601c33e) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:11:43.0867 3788	ApfiltrService - ok
08:11:43.0885 3788	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:11:43.0888 3788	AppID - ok
08:11:43.0922 3788	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
08:11:43.0924 3788	arc - ok
08:11:43.0941 3788	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
08:11:43.0943 3788	arcsas - ok
08:11:43.0963 3788	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:11:43.0966 3788	AsyncMac - ok
08:11:43.0986 3788	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:11:43.0986 3788	atapi - ok
08:11:44.0025 3788	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
08:11:44.0031 3788	b06bdrv - ok
08:11:44.0046 3788	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:11:44.0050 3788	b57nd60x - ok
08:11:44.0085 3788	BCM42RLY        (63e991fcb420a3b06e86c58bcfb994bb) C:\Windows\system32\drivers\BCM42RLY.sys
08:11:44.0087 3788	BCM42RLY - ok
08:11:44.0212 3788	BCM43XX         (684320e13cff66cbac085654e26ed712) C:\Windows\system32\DRIVERS\bcmwl6.sys
08:11:44.0280 3788	BCM43XX - ok
08:11:44.0298 3788	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:11:44.0300 3788	Beep - ok
08:11:44.0332 3788	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:11:44.0335 3788	blbdrive - ok
08:11:44.0367 3788	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:11:44.0370 3788	bowser - ok
08:11:44.0381 3788	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
08:11:44.0383 3788	BrFiltLo - ok
08:11:44.0392 3788	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
08:11:44.0393 3788	BrFiltUp - ok
08:11:44.0418 3788	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:11:44.0423 3788	Brserid - ok
08:11:44.0435 3788	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:11:44.0437 3788	BrSerWdm - ok
08:11:44.0446 3788	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:11:44.0447 3788	BrUsbMdm - ok
08:11:44.0456 3788	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:11:44.0457 3788	BrUsbSer - ok
08:11:44.0492 3788	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
08:11:44.0494 3788	BthEnum - ok
08:11:44.0503 3788	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
08:11:44.0505 3788	BTHMODEM - ok
08:11:44.0532 3788	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
08:11:44.0535 3788	BthPan - ok
08:11:44.0575 3788	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
08:11:44.0581 3788	BTHPORT - ok
08:11:44.0618 3788	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
08:11:44.0620 3788	BTHUSB - ok
08:11:44.0654 3788	BTWAMPFL        (e4f2ff5b6befe0872b5a4098eb5caca9) C:\Windows\system32\DRIVERS\btwampfl.sys
08:11:44.0660 3788	BTWAMPFL - ok
08:11:44.0694 3788	btwaudio        (c30935c27eb451586143b79b7dad590f) C:\Windows\system32\drivers\btwaudio.sys
08:11:44.0698 3788	btwaudio - ok
08:11:44.0738 3788	btwavdt         (9abea4dc976e3f47da2d4b169719cbaa) C:\Windows\system32\DRIVERS\btwavdt.sys
08:11:44.0742 3788	btwavdt - ok
08:11:44.0772 3788	btwl2cap        (de53089f0678cb5f0afeb867acb0fb05) C:\Windows\system32\DRIVERS\btwl2cap.sys
08:11:44.0775 3788	btwl2cap - ok
08:11:44.0794 3788	btwrchid        (1e5468447e4d18fbea5f01267d6495a5) C:\Windows\system32\DRIVERS\btwrchid.sys
08:11:44.0797 3788	btwrchid - ok
08:11:44.0819 3788	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:11:44.0822 3788	cdfs - ok
08:11:44.0846 3788	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:11:44.0868 3788	cdrom - ok
08:11:44.0894 3788	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
08:11:44.0897 3788	circlass - ok
08:11:44.0931 3788	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:11:44.0937 3788	CLFS - ok
08:11:44.0963 3788	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:11:44.0966 3788	CmBatt - ok
08:11:44.0981 3788	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:11:44.0983 3788	cmdide - ok
08:11:45.0008 3788	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
08:11:45.0014 3788	CNG - ok
08:11:45.0034 3788	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:11:45.0036 3788	Compbatt - ok
08:11:45.0053 3788	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:11:45.0055 3788	CompositeBus - ok
08:11:45.0077 3788	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
08:11:45.0079 3788	crcdisk - ok
08:11:45.0114 3788	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:11:45.0121 3788	CSC - ok
08:11:45.0144 3788	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:11:45.0147 3788	DfsC - ok
08:11:45.0162 3788	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:11:45.0165 3788	discache - ok
08:11:45.0184 3788	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
08:11:45.0186 3788	Disk - ok
08:11:45.0214 3788	dmvsc           (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
08:11:45.0216 3788	dmvsc - ok
08:11:45.0266 3788	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:11:45.0269 3788	drmkaud - ok
08:11:45.0309 3788	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:11:45.0335 3788	DXGKrnl - ok
08:11:45.0366 3788	e1cexpress      (94ad8bae670e55bf646796b56bac53a4) C:\Windows\system32\DRIVERS\e1c6232.sys
08:11:45.0372 3788	e1cexpress - ok
08:11:45.0451 3788	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
08:11:45.0537 3788	ebdrv - ok
08:11:45.0586 3788	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
08:11:45.0598 3788	elxstor - ok
08:11:45.0628 3788	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:11:45.0630 3788	ErrDev - ok
08:11:45.0663 3788	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:11:45.0667 3788	exfat - ok
08:11:45.0690 3788	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:11:45.0695 3788	fastfat - ok
08:11:45.0708 3788	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
08:11:45.0710 3788	fdc - ok
08:11:45.0731 3788	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:11:45.0733 3788	FileInfo - ok
08:11:45.0748 3788	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:11:45.0750 3788	Filetrace - ok
08:11:45.0760 3788	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
08:11:45.0762 3788	flpydisk - ok
08:11:45.0787 3788	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:11:45.0792 3788	FltMgr - ok
08:11:45.0814 3788	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:11:45.0816 3788	FsDepends - ok
08:11:45.0832 3788	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:11:45.0834 3788	Fs_Rec - ok
08:11:45.0857 3788	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:11:45.0862 3788	fvevol - ok
08:11:45.0884 3788	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
08:11:45.0886 3788	gagp30kx - ok
08:11:45.0906 3788	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:11:45.0908 3788	hcw85cir - ok
08:11:45.0942 3788	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
08:11:45.0949 3788	HdAudAddService - ok
08:11:45.0973 3788	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:11:45.0976 3788	HDAudBus - ok
08:11:45.0999 3788	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
08:11:46.0001 3788	HidBatt - ok
08:11:46.0017 3788	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
08:11:46.0020 3788	HidBth - ok
08:11:46.0036 3788	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
08:11:46.0039 3788	HidIr - ok
08:11:46.0072 3788	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:11:46.0087 3788	HidUsb - ok
08:11:46.0114 3788	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:11:46.0116 3788	HpSAMD - ok
08:11:46.0136 3788	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:11:46.0143 3788	HTTP - ok
08:11:46.0162 3788	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:11:46.0164 3788	hwpolicy - ok
08:11:46.0183 3788	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
08:11:46.0185 3788	i8042prt - ok
08:11:46.0230 3788	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:11:46.0240 3788	iaStorV - ok
08:11:46.0469 3788	igfx            (721a8d48b2dc8c1c58c61cb948491ea8) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:11:46.0678 3788	igfx - ok
08:11:46.0701 3788	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
08:11:46.0703 3788	iirsp - ok
08:11:46.0741 3788	IntcDAud        (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:11:46.0747 3788	IntcDAud - ok
08:11:46.0762 3788	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:11:46.0764 3788	intelide - ok
08:11:46.0776 3788	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:11:46.0778 3788	intelppm - ok
08:11:46.0802 3788	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:11:46.0805 3788	IpFilterDriver - ok
08:11:46.0821 3788	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:11:46.0823 3788	IPMIDRV - ok
08:11:46.0834 3788	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:11:46.0836 3788	IPNAT - ok
08:11:46.0861 3788	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:11:46.0863 3788	IRENUM - ok
08:11:46.0878 3788	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:11:46.0880 3788	isapnp - ok
08:11:46.0918 3788	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:11:46.0922 3788	iScsiPrt - ok
08:11:46.0941 3788	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:11:46.0943 3788	kbdclass - ok
08:11:46.0960 3788	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
08:11:46.0974 3788	kbdhid - ok
08:11:46.0996 3788	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
08:11:46.0998 3788	KSecDD - ok
08:11:47.0020 3788	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
08:11:47.0024 3788	KSecPkg - ok
08:11:47.0050 3788	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:11:47.0053 3788	lltdio - ok
08:11:47.0081 3788	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
08:11:47.0084 3788	LSI_FC - ok
08:11:47.0105 3788	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
08:11:47.0108 3788	LSI_SAS - ok
08:11:47.0123 3788	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
08:11:47.0125 3788	LSI_SAS2 - ok
08:11:47.0146 3788	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
08:11:47.0149 3788	LSI_SCSI - ok
08:11:47.0165 3788	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:11:47.0168 3788	luafv - ok
08:11:47.0190 3788	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
08:11:47.0193 3788	megasas - ok
08:11:47.0211 3788	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
08:11:47.0215 3788	MegaSR - ok
08:11:47.0243 3788	MEI             (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
08:11:47.0246 3788	MEI - ok
08:11:47.0267 3788	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:11:47.0268 3788	Modem - ok
08:11:47.0284 3788	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:11:47.0294 3788	monitor - ok
08:11:47.0333 3788	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:11:47.0337 3788	mouclass - ok
08:11:47.0353 3788	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:11:47.0373 3788	mouhid - ok
08:11:47.0399 3788	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:11:47.0402 3788	mountmgr - ok
08:11:47.0435 3788	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
08:11:47.0439 3788	MpFilter - ok
08:11:47.0462 3788	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:11:47.0465 3788	mpio - ok
08:11:47.0466 3788	Suspicious service (Hidden): MpKsl4d00117d
08:11:47.0521 3788	MpKsl4d00117d ( HiddenService.Multi.Generic ) - warning
08:11:47.0521 3788	MpKsl4d00117d - detected HiddenService.Multi.Generic (1)
08:11:47.0670 3788	MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
08:11:47.0673 3788	MpNWMon - ok
08:11:47.0818 3788	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:11:47.0822 3788	mpsdrv - ok
08:11:47.0861 3788	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:11:47.0866 3788	MRxDAV - ok
08:11:47.0921 3788	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:11:47.0928 3788	mrxsmb - ok
08:11:47.0955 3788	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:11:47.0963 3788	mrxsmb10 - ok
08:11:47.0995 3788	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:11:47.0998 3788	mrxsmb20 - ok
08:11:48.0017 3788	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:11:48.0020 3788	msahci - ok
08:11:48.0040 3788	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:11:48.0044 3788	msdsm - ok
08:11:48.0066 3788	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:11:48.0068 3788	Msfs - ok
08:11:48.0084 3788	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:11:48.0086 3788	mshidkmdf - ok
08:11:48.0106 3788	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:11:48.0108 3788	msisadrv - ok
08:11:48.0134 3788	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:11:48.0136 3788	MSKSSRV - ok
08:11:48.0157 3788	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:11:48.0159 3788	MSPCLOCK - ok
08:11:48.0174 3788	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:11:48.0176 3788	MSPQM - ok
08:11:48.0199 3788	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:11:48.0203 3788	MsRPC - ok
08:11:48.0229 3788	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
08:11:48.0232 3788	mssmbios - ok
08:11:48.0249 3788	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:11:48.0251 3788	MSTEE - ok
08:11:48.0266 3788	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
08:11:48.0268 3788	MTConfig - ok
08:11:48.0284 3788	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:11:48.0287 3788	Mup - ok
08:11:48.0320 3788	NAL             (f0e577d6f55806fffd64c74a48f4b42d) C:\Windows\system32\Drivers\iqvw32.sys
08:11:48.0323 3788	NAL - ok
08:11:48.0369 3788	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:11:48.0377 3788	NativeWifiP - ok
08:11:48.0422 3788	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:11:48.0454 3788	NDIS - ok
08:11:48.0477 3788	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:11:48.0480 3788	NdisCap - ok
08:11:48.0490 3788	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:11:48.0491 3788	NdisTapi - ok
08:11:48.0511 3788	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:11:48.0513 3788	Ndisuio - ok
08:11:48.0535 3788	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:11:48.0537 3788	NdisWan - ok
08:11:48.0559 3788	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:11:48.0561 3788	NDProxy - ok
08:11:48.0579 3788	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:11:48.0581 3788	NetBIOS - ok
08:11:48.0601 3788	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:11:48.0604 3788	NetBT - ok
08:11:48.0645 3788	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
08:11:48.0647 3788	nfrd960 - ok
08:11:48.0686 3788	NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:11:48.0690 3788	NisDrv - ok
08:11:48.0717 3788	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:11:48.0719 3788	Npfs - ok
08:11:48.0738 3788	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:11:48.0741 3788	nsiproxy - ok
08:11:48.0800 3788	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:11:48.0826 3788	Ntfs - ok
08:11:48.0842 3788	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:11:48.0844 3788	Null - ok
08:11:48.0890 3788	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:11:48.0893 3788	nvraid - ok
08:11:48.0911 3788	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:11:48.0915 3788	nvstor - ok
08:11:48.0933 3788	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:11:48.0936 3788	nv_agp - ok
08:11:48.0973 3788	O2MDFRDR        (5f63917fcc257ed11e828230be594194) C:\Windows\system32\DRIVERS\O2MDFw7.sys
08:11:48.0976 3788	O2MDFRDR - ok
08:11:49.0017 3788	O2SDJRDR        (e9d663f929862c1ce266f74ac7259c6d) C:\Windows\system32\DRIVERS\o2sdjw7.sys
08:11:49.0020 3788	O2SDJRDR - ok
08:11:49.0044 3788	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:11:49.0046 3788	ohci1394 - ok
08:11:49.0080 3788	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:11:49.0083 3788	Parport - ok
08:11:49.0103 3788	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:11:49.0106 3788	partmgr - ok
08:11:49.0124 3788	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:11:49.0125 3788	Parvdm - ok
08:11:49.0149 3788	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:11:49.0153 3788	pci - ok
08:11:49.0167 3788	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:11:49.0169 3788	pciide - ok
08:11:49.0196 3788	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
08:11:49.0201 3788	pcmcia - ok
08:11:49.0221 3788	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:11:49.0225 3788	pcw - ok
08:11:49.0257 3788	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:11:49.0275 3788	PEAUTH - ok
08:11:49.0324 3788	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:11:49.0327 3788	PptpMiniport - ok
08:11:49.0343 3788	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
08:11:49.0345 3788	Processor - ok
08:11:49.0368 3788	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:11:49.0371 3788	Psched - ok
08:11:49.0403 3788	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
08:11:49.0428 3788	ql2300 - ok
08:11:49.0455 3788	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
08:11:49.0458 3788	ql40xx - ok
08:11:49.0482 3788	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:11:49.0484 3788	QWAVEdrv - ok
08:11:49.0501 3788	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:11:49.0502 3788	RasAcd - ok
08:11:49.0527 3788	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:11:49.0530 3788	RasAgileVpn - ok
08:11:49.0544 3788	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:11:49.0546 3788	Rasl2tp - ok
08:11:49.0585 3788	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:11:49.0590 3788	RasPppoe - ok
08:11:49.0616 3788	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:11:49.0619 3788	RasSstp - ok
08:11:49.0639 3788	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:11:49.0646 3788	rdbss - ok
08:11:49.0674 3788	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:11:49.0677 3788	rdpbus - ok
08:11:49.0693 3788	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:11:49.0697 3788	RDPCDD - ok
08:11:49.0734 3788	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:11:49.0738 3788	RDPDR - ok
08:11:49.0753 3788	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:11:49.0755 3788	RDPENCDD - ok
08:11:49.0782 3788	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:11:49.0785 3788	RDPREFMP - ok
08:11:49.0803 3788	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
08:11:49.0808 3788	RDPWD - ok
08:11:49.0830 3788	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:11:49.0835 3788	rdyboost - ok
08:11:49.0878 3788	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
08:11:49.0881 3788	RFCOMM - ok
08:11:49.0902 3788	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:11:49.0905 3788	rspndr - ok
08:11:49.0928 3788	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:11:49.0930 3788	s3cap - ok
08:11:49.0952 3788	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:11:49.0955 3788	sbp2port - ok
08:11:49.0977 3788	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:11:49.0979 3788	scfilter - ok
08:11:50.0016 3788	sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\DRIVERS\sdbus.sys
08:11:50.0019 3788	sdbus - ok
08:11:50.0045 3788	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:11:50.0047 3788	secdrv - ok
08:11:50.0076 3788	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:11:50.0078 3788	Serenum - ok
08:11:50.0095 3788	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:11:50.0098 3788	Serial - ok
08:11:50.0119 3788	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
08:11:50.0121 3788	sermouse - ok
08:11:50.0141 3788	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:11:50.0142 3788	sffdisk - ok
08:11:50.0153 3788	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:11:50.0155 3788	sffp_mmc - ok
08:11:50.0166 3788	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:11:50.0167 3788	sffp_sd - ok
08:11:50.0178 3788	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
08:11:50.0180 3788	sfloppy - ok
08:11:50.0203 3788	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:11:50.0207 3788	sisagp - ok
08:11:50.0218 3788	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
08:11:50.0220 3788	SiSRaid2 - ok
08:11:50.0249 3788	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
08:11:50.0252 3788	SiSRaid4 - ok
08:11:50.0273 3788	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:11:50.0276 3788	Smb - ok
08:11:50.0305 3788	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:11:50.0308 3788	spldr - ok
08:11:50.0350 3788	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:11:50.0356 3788	srv - ok
08:11:50.0381 3788	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:11:50.0388 3788	srv2 - ok
08:11:50.0422 3788	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:11:50.0427 3788	srvnet - ok
08:11:50.0463 3788	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
08:11:50.0466 3788	stexstor - ok
08:11:50.0517 3788	STHDA           (21f813319985592b484932fac7167956) C:\Windows\system32\DRIVERS\stwrt.sys
08:11:50.0523 3788	STHDA - ok
08:11:50.0553 3788	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:11:50.0556 3788	storflt - ok
08:11:50.0588 3788	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:11:50.0590 3788	storvsc - ok
08:11:50.0604 3788	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
08:11:50.0606 3788	swenum - ok
08:11:50.0675 3788	Tcpip           (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
08:11:50.0728 3788	Tcpip - ok
08:11:50.0792 3788	TCPIP6          (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
08:11:50.0808 3788	TCPIP6 - ok
08:11:50.0831 3788	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:11:50.0834 3788	tcpipreg - ok
08:11:50.0859 3788	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:11:50.0861 3788	TDPIPE - ok
08:11:50.0877 3788	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
08:11:50.0879 3788	TDTCP - ok
08:11:50.0897 3788	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:11:50.0900 3788	tdx - ok
08:11:50.0919 3788	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
08:11:50.0921 3788	TermDD - ok
08:11:50.0945 3788	TPM             (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
08:11:50.0947 3788	TPM - ok
08:11:50.0967 3788	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:11:50.0969 3788	tssecsrv - ok
08:11:50.0988 3788	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:11:50.0992 3788	TsUsbFlt - ok
08:11:51.0011 3788	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
08:11:51.0014 3788	TsUsbGD - ok
08:11:51.0032 3788	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:11:51.0035 3788	tunnel - ok
08:11:51.0056 3788	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
08:11:51.0059 3788	uagp35 - ok
08:11:51.0077 3788	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:11:51.0081 3788	udfs - ok
08:11:51.0110 3788	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:11:51.0112 3788	uliagpkx - ok
08:11:51.0133 3788	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
08:11:51.0135 3788	umbus - ok
08:11:51.0144 3788	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
08:11:51.0146 3788	UmPass - ok
08:11:51.0186 3788	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:11:51.0198 3788	usbccgp - ok
08:11:51.0223 3788	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:11:51.0225 3788	usbcir - ok
08:11:51.0246 3788	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
08:11:51.0255 3788	usbehci - ok
08:11:51.0277 3788	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:11:51.0296 3788	usbhub - ok
08:11:51.0342 3788	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
08:11:51.0358 3788	usbohci - ok
08:11:51.0384 3788	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
08:11:51.0387 3788	usbprint - ok
08:11:51.0410 3788	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:11:51.0434 3788	USBSTOR - ok
08:11:51.0447 3788	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
08:11:51.0455 3788	usbuhci - ok
08:11:51.0479 3788	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
08:11:51.0483 3788	usbvideo - ok
08:11:51.0529 3788	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:11:51.0531 3788	vdrvroot - ok
08:11:51.0553 3788	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:11:51.0555 3788	vga - ok
08:11:51.0577 3788	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:11:51.0579 3788	VgaSave - ok
08:11:51.0597 3788	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:11:51.0601 3788	vhdmp - ok
08:11:51.0611 3788	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:11:51.0612 3788	viaagp - ok
08:11:51.0623 3788	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
08:11:51.0624 3788	ViaC7 - ok
08:11:51.0642 3788	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:11:51.0644 3788	viaide - ok
08:11:51.0677 3788	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:11:51.0681 3788	vmbus - ok
08:11:51.0705 3788	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:11:51.0707 3788	VMBusHID - ok
08:11:51.0740 3788	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:11:51.0742 3788	volmgr - ok
08:11:51.0764 3788	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:11:51.0769 3788	volmgrx - ok
08:11:51.0789 3788	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:11:51.0793 3788	volsnap - ok
08:11:51.0824 3788	vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
08:11:51.0826 3788	vpnva - ok
08:11:51.0851 3788	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
08:11:51.0854 3788	vsmraid - ok
08:11:51.0874 3788	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
08:11:51.0875 3788	vwifibus - ok
08:11:51.0894 3788	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
08:11:51.0896 3788	vwififlt - ok
08:11:51.0921 3788	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
08:11:51.0923 3788	WacomPen - ok
08:11:51.0940 3788	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:11:51.0942 3788	WANARP - ok
08:11:51.0945 3788	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:11:51.0946 3788	Wanarpv6 - ok
08:11:51.0967 3788	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
08:11:51.0969 3788	Wd - ok
08:11:51.0989 3788	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:11:51.0996 3788	Wdf01000 - ok
08:11:52.0030 3788	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:11:52.0032 3788	WfpLwf - ok
08:11:52.0052 3788	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:11:52.0053 3788	WIMMount - ok
08:11:52.0084 3788	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
08:11:52.0087 3788	WinUsb - ok
08:11:52.0108 3788	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:11:52.0110 3788	WmiAcpi - ok
08:11:52.0131 3788	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:11:52.0132 3788	ws2ifsl - ok
08:11:52.0163 3788	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:11:52.0165 3788	WSDPrintDevice - ok
08:11:52.0179 3788	WSDScan         (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
08:11:52.0181 3788	WSDScan - ok
08:11:52.0219 3788	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:11:52.0221 3788	WudfPf - ok
08:11:52.0242 3788	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:11:52.0246 3788	WUDFRd - ok
08:11:52.0275 3788	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:11:52.0285 3788	\Device\Harddisk0\DR0 - ok
08:11:52.0293 3788	Boot (0x1200)   (79186173c03ec6c2c478b0cbacf4d5f4) \Device\Harddisk0\DR0\Partition0
08:11:52.0295 3788	\Device\Harddisk0\DR0\Partition0 - ok
08:11:52.0304 3788	Boot (0x1200)   (a6308da153b6076f17a6f9a3bc734a1e) \Device\Harddisk0\DR0\Partition1
08:11:52.0306 3788	\Device\Harddisk0\DR0\Partition1 - ok
08:11:52.0306 3788	============================================================
08:11:52.0306 3788	Scan finished
08:11:52.0306 3788	============================================================
08:11:52.0313 7816	Detected object count: 1
08:11:52.0313 7816	Actual detected object count: 1
08:12:44.0547 7816	MpKsl4d00117d ( HiddenService.Multi.Generic ) - User select action: Quarantine

Open in new window

0
 
LVL 38

Expert Comment

by:younghv
ID: 36948936
PDGPA,
I'm reviewing that log and the site that you first posted - nothing found yet.
Have you run ComboFix yet?
Please post that log when you're done.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:PDGPA
ID: 36948967
combofix
 log.txt
0
 
LVL 38

Expert Comment

by:younghv
ID: 36949080
I'm just not seeing anything that looks suspicious to me - but will email another EE Expert and ask her to take a look.
0
 

Author Comment

by:PDGPA
ID: 36949126
Thanks younghv, I appreciate it.
 The only thing that has been detected was hidden service mpksl4d00117d.
I'll clear the log on the firewall as well and see if i get any more reports.
0
 

Accepted Solution

by:
PDGPA earned 0 total points
ID: 36956481
I think I have identified whats is going on. I was doing some Google searching today and when i clicked on a link it appeared to just hang. I went to my firewall to make sure it was still up and passing traffic, I noticed a bunch or grey list entries in the syslog. I then went in to the botnet filter and the same ip addresses showed up.
 My conclusion is that i don't have to have malware on my pc for the botnet to trigger. Attempting to access a "grey-listed" site will also trigger the same error. I'm happy to know that the traffic is being blocked. However I was hoping to use botnet to get out to the infected systems and get them cleaned up. As it is I won't truly know if they client is infected or not.
0
 

Author Closing Comment

by:PDGPA
ID: 36978199
I think I have identified whats is going on. I was doing some Google searching today and when i clicked on a link it appeared to just hang. I went to my firewall to make sure it was still up and passing traffic, I noticed a bunch or grey list entries in the syslog. I then went in to the botnet filter and the same ip addresses showed up.
 My conclusion is that i don't have to have malware on my pc for the botnet to trigger. Attempting to access a "grey-listed" site will also trigger the same error. I'm happy to know that the traffic is being blocked. However I was hoping to use botnet to get out to the infected systems and get them cleaned up. As it is I won't truly know if they client is infected or not.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question