Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Auto-Changes & Link Redirects. Now Router Password Changed on Home Network


  • This topic is locked This topic is locked
15 replies to this topic

#1 LyConsigliere

LyConsigliere

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Libya
  • Local time:04:46 PM

Posted 11 April 2016 - 08:17 AM

Hello,

I'm Using a Tp-Link 150 Mps Router to connect to ADSL ineternet through Wi-Fi and Ethernet.

First I started getting link redirects to ad-sites like oneclicks and what not. I found two or maybe more unidentirfied devices on my home LAN log, upon matching their MAC Adresses they're an Apple device, a Nokia and some other Android devices.

The DNS while I sat it to use automatically detected DNS servers (ISP DNS) it keeps changing to using a certain DNS.

And Now, I tried to log into the Router's 192.168.1.1 page and find out that the password has been changed. And it's not even the default one that come with the router. So I had to Reset to Factory Default. Moreoever Frameware upgraded one time.

I've Reset the router several times, and last time I used a strong password (presumply takes 7 Months to crack) but in like two weeks now i'm still having the same problems.

My home devices are (used by my family members): - a refurbished iPhone 3. - a DELL laptop running Windows 7 Home Edition (upgraded then downgraded from win10) - a tower PC running Ubuntu. - An iPhone 5 iOS 9 - An unauthentic (seems refurbished or rooter or something) iPhone 4 or 4S

I found someone speaking of a very similiar problem here: http://www.bleepingcomputer.com/forums/t/610317/redirect-virus-that-keeps-changing-my-dns

And i've run some of the methods of fighting Malware mentioned. So far DELL laptop (only computer running Win seems Malware free). But the main problem is I don't know which computer is infected .. If the problem is an infected computer in the first place.

 

Waiting on your instructions if you need me to post further info or logs ..

 

PS: Just completed (on Dell) Malwarebytes scan: Non-Malware Detected.

 

 

Here's The Farber Report of one of the Network Devices (DELL Laptop; only device running Win)

=======

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
 Ran by Dr.Fathia (administrator) on DRFATHIA-PC (11-04-2016 12:44:03)
 Running from C:\Users\Dr.Fathia\Desktop
 Loaded Profiles: Dr.Fathia (Available Profiles: Dr.Fathia)
 Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
 Internet Explorer Version 11 (Default browser: IE)
 Boot Mode: Normal
 Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
 (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
 (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
 (Microsoft Corporation) C:\Windows\System32\wlanext.exe
 () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
 (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
 (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
 (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
 (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
 () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
 (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
 (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
 (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
 (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
 (Intel Corporation) C:\Windows\System32\igfxtray.exe
 (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 (Intel Corporation) C:\Windows\System32\hkcmd.exe
 (Intel Corporation) C:\Windows\System32\igfxpers.exe
 (Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
 (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
 (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
 (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
 (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
 (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
 () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
 (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
 (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
 (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
 (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
 (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_213_ActiveX.exe
 (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.)
 HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
 HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
 HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-03] (Dell Inc.)
 HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
 HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
 HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2009-12-10] (Sun Microsystems, Inc.)
 HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-19] ()
 HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
 HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-07-21] (Dell)
 HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [122176 2010-07-21] ()
 Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 HKU\S-1-5-21-2527196062-1724574585-3093669161-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1475344 2016-03-22] (Lavasoft)
 HKU\S-1-5-21-2527196062-1724574585-3093669161-1001\...\MountPoints2: {7850edae-dd5b-11e5-9d62-0025647ef082} - F:\StartSetup.exe
 HKU\S-1-5-21-2527196062-1724574585-3093669161-1001\...\MountPoints2: {9e1cb9fb-dca7-11e5-96d9-0025647ef082} - F:\StartSetup.exe
 HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-02-17] (Microsoft Corporation)
 ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)
 ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)
 ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-03-01] (Lavasoft Limited)
 Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-03-01] (Lavasoft Limited)
 Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-03-01] (Lavasoft Limited)
 Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-03-01] (Lavasoft Limited)
 Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-03-01] (Lavasoft Limited)
 Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-03-01] (Lavasoft Limited)
 Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-03-01] (Lavasoft Limited)
 Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-03-01] (Lavasoft Limited)
 Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-03-01] (Lavasoft Limited)
 Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-03-01] (Lavasoft Limited)
 Tcpip\Parameters: [DhcpNameServer] 188.138.97.57 8.8.8.8
 Tcpip\..\Interfaces\{325EDF14-9B63-4B11-9D83-D2D4051E96F8}: [DhcpNameServer] 188.138.97.57 8.8.8.8
 Tcpip\..\Interfaces\{BCA64918-9702-40FE-A08A-057951697B82}: [DhcpNameServer] 54.201.182.50 8.8.8.8

Internet Explorer:
 ==================
 HKU\S-1-5-21-2527196062-1724574585-3093669161-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
 SearchScopes: HKLM -> DefaultScope {77301A75-39C7-4D91-A068-6F823D01E725} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
 SearchScopes: HKLM -> {77301A75-39C7-4D91-A068-6F823D01E725} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 SearchScopes: HKLM-x32 -> DefaultScope {95EDF1FF-985E-4B8E-90C9-53F8F8E6824E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
 SearchScopes: HKLM-x32 -> {95EDF1FF-985E-4B8E-90C9-53F8F8E6824E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 SearchScopes: HKU\S-1-5-21-2527196062-1724574585-3093669161-1001 -> DefaultScope {0FC9FAE1-4330-42BF-845E-8772598C17F6} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
 SearchScopes: HKU\S-1-5-21-2527196062-1724574585-3093669161-1001 -> {0FC9FAE1-4330-42BF-845E-8772598C17F6} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
 SearchScopes: HKU\S-1-5-21-2527196062-1724574585-3093669161-1001 -> {77301A75-39C7-4D91-A068-6F823D01E725} URL =
 SearchScopes: HKU\S-1-5-21-2527196062-1724574585-3093669161-1001 -> {95EDF1FF-985E-4B8E-90C9-53F8F8E6824E} URL =
 BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-17] (Microsoft Corporation)
 BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-17] (Microsoft Corporation)
 BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)
 BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-10] (Sun Microsystems, Inc.)
 BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-17] (Microsoft Corporation)
 BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
 BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
 BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-17] (Microsoft Corporation)
 BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-17] (Microsoft Corporation)
 BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-12-10] (Sun Microsystems, Inc.)
 Toolbar: HKU\S-1-5-21-2527196062-1724574585-3093669161-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
 Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
 Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-27] (Microsoft Corporation)
 Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-02-17] (Microsoft Corporation)

FireFox:
 ========
 FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-02-17] (Microsoft Corporation)
 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
 FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-02-17] (Microsoft Corporation)
 FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-17] (Microsoft Corporation)
 FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
 FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-17] (Microsoft Corporation)
 FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
 FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
 R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
 R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-03-22] (Lavasoft Limited)
 R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
 R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
 R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
 R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-03-22] ()
 S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
 S3 HuaweiWiMAXUSB; C:\Windows\System32\DRIVERS\HuaweiWiMAXUSB.sys [57344 2008-12-17] (HUAWEI Communication)
 R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
 R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
 R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 12:44 - 2016-04-11 12:44 - 00015521 _____ C:\Users\Dr.Fathia\Desktop\FRST.txt
 2016-04-11 12:43 - 2016-04-11 12:44 - 00000000 ____D C:\FRST
 2016-04-11 12:31 - 2016-04-11 12:44 - 45162670 _____ C:\Users\Dr.Fathia\Desktop\KVRT.exe.e389j5b.partial
 2016-04-11 11:35 - 2016-04-11 11:36 - 02375168 _____ (Farbar) C:\Users\Dr.Fathia\Desktop\FRST64.exe
 2016-04-11 10:25 - 2016-04-11 10:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
 2016-04-11 10:24 - 2016-04-11 10:24 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 2016-04-11 10:24 - 2016-04-11 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
 2016-04-11 10:24 - 2016-04-11 10:24 - 00000000 ____D C:\ProgramData\Malwarebytes
 2016-04-11 10:24 - 2016-04-11 10:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
 2016-04-11 10:24 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
 2016-04-11 10:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
 2016-04-11 10:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
 2016-04-11 10:07 - 2016-04-11 10:11 - 00002040 _____ C:\Users\Dr.Fathia\Desktop\Rkill.txt
 2016-04-06 22:05 - 2016-04-06 22:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 2016-03-25 17:54 - 2016-03-25 17:54 - 00000000 ____D C:\Users\Dr.Fathia\AppData\Local\Viber
 2016-03-22 18:33 - 2016-03-22 18:34 - 00000000 ____D C:\searchplugins
 2016-03-21 22:26 - 2016-03-22 18:39 - 00497173 _____ C:\Users\Dr.Fathia\Documents\Hypoxic   ischemic    encephlopathy.pptx
 2016-03-19 18:48 - 2016-03-19 18:48 - 00560854 _____ C:\Users\Dr.Fathia\Downloads\septuplets last.partial
 2016-03-19 18:20 - 2016-03-19 18:20 - 00000000 ____D C:\Users\Dr.Fathia\AppData\Local\TempTaskUpdateDetection0179348D-0D68-4461-BAA2-153FA0494E8A
 2016-03-17 22:56 - 2016-03-17 22:56 - 00000000 ____D C:\Users\Dr.Fathia\My Backup Files
 2016-03-17 22:55 - 2016-03-17 22:56 - 00000000 ____D C:\Users\Dr.Fathia\AppData\Local\SoftThinks
 2016-03-17 22:55 - 2016-03-17 22:55 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
 2016-03-17 22:55 - 2016-03-17 22:55 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 12:13 - 2016-02-18 18:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
 2016-04-11 10:05 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
 2016-04-11 10:05 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
 2016-04-11 10:01 - 2009-07-14 07:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
 2016-04-11 10:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
 2016-04-11 09:57 - 2009-12-10 15:40 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
 2016-04-11 09:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
 2016-04-10 22:38 - 2016-02-17 20:32 - 00000000 ____D C:\Users\Dr.Fathia\Documents\ViberDownloads
 2016-04-10 22:36 - 2016-02-17 20:29 - 00000000 ____D C:\Users\Dr.Fathia\AppData\Roaming\ViberPC
 2016-04-08 23:15 - 2016-02-18 18:00 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
 2016-04-08 23:15 - 2016-02-18 18:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 2016-04-08 23:15 - 2016-02-18 18:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
 2016-04-08 23:14 - 2016-03-11 17:25 - 05338816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 2016-04-01 16:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
 2016-03-17 22:56 - 2016-02-16 22:36 - 00000000 ____D C:\Users\Dr.Fathia
 2016-03-17 22:37 - 2016-02-17 15:11 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
 2016-03-17 22:35 - 2016-02-17 14:40 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2016-02-16 22:40 - 2016-02-16 22:40 - 0002154 _____ () C:\Users\Dr.Fathia\AppData\Roaming\install.dat
 2016-02-16 23:37 - 2016-02-16 23:37 - 0000017 _____ () C:\Users\Dr.Fathia\AppData\Local\resmon.resmoncfg

Some files in TEMP:
 ====================
 C:\Users\Dr.Fathia\AppData\Local\Temp\DefaultPack.EXE

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
 C:\Windows\system32\wininit.exe => File is digitally signed
 C:\Windows\SysWOW64\wininit.exe => File is digitally signed
 C:\Windows\explorer.exe => File is digitally signed
 C:\Windows\SysWOW64\explorer.exe => File is digitally signed
 C:\Windows\system32\svchost.exe => File is digitally signed
 C:\Windows\SysWOW64\svchost.exe => File is digitally signed
 C:\Windows\system32\services.exe => File is digitally signed
 C:\Windows\system32\User32.dll => File is digitally signed
 C:\Windows\SysWOW64\User32.dll => File is digitally signed
 C:\Windows\system32\userinit.exe => File is digitally signed
 C:\Windows\SysWOW64\userinit.exe => File is digitally signed
 C:\Windows\system32\rpcss.dll => File is digitally signed
 C:\Windows\system32\dnsapi.dll => File is digitally signed
 C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
 C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-16 23:22

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 AM

Posted 11 April 2016 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-2527196062-1724574585-3093669161-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {F0E0D5A4-FBAF-4483-8AE7-0F9D4D36678A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {F80F31A6-3FFB-445F-93CC-4C22F29FE3A2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
----

Please check with your Internet Provider and check if the IP address in bold is required in you settings.

Tcpip\Parameters: [DhcpNameServer] 188.138.97.57 8.8.8.8
Tcpip\..\Interfaces\{325EDF14-9B63-4B11-9D83-D2D4051E96F8}: [DhcpNameServer] 188.138.97.57 8.8.8.8

If not the run this tool and remove any references to it.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

When all is well update Java.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
===


Please let me know what problem persists with this computer.

#3 LyConsigliere

LyConsigliere
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Libya
  • Local time:04:46 PM

Posted 11 April 2016 - 10:44 AM

# (Fixlog.txt) :

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by Dr.Fathia (2016-04-11 16:36:44) Run:1
Running from C:\Users\Dr.Fathia\Desktop
Loaded Profiles: Dr.Fathia (Available Profiles: Dr.Fathia)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-2527196062-1724574585-3093669161-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {F0E0D5A4-FBAF-4483-8AE7-0F9D4D36678A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {F80F31A6-3FFB-445F-93CC-4C22F29FE3A2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKU\S-1-5-21-2527196062-1724574585-3093669161-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0E0D5A4-FBAF-4483-8AE7-0F9D4D36678A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0E0D5A4-FBAF-4483-8AE7-0F9D4D36678A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F80F31A6-3FFB-445F-93CC-4C22F29FE3A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F80F31A6-3FFB-445F-93CC-4C22F29FE3A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
EmptyTemp: => 813.4 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:37:48 ====

 

 

 

 

## No These are not the DNS settings required by my ISP. They Appear to be part of the problem, and what's causing the redirects.

 

 

 

### Rogue Report :

 

RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dr.Fathia [Administrator]
Started from : C:\Users\Dr.Fathia\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/11/2016 17:21:28

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BCA64918-9702-40FE-A08A-057951697B82} | DhcpNameServer : 54.201.182.50 8.8.8.8 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BCA64918-9702-40FE-A08A-057951697B82} | DhcpNameServer : 54.201.182.50 8.8.8.8 ([X][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BCA64918-9702-40FE-A08A-057951697B82} | DhcpNameServer : 54.201.182.50 8.8.8.8 ([X][-])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] a1d20c8c2bc859bc5b08027fc6752bb1
[BSP] 850751c8bf3aab1df338e82140e3f84c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30801920 | Size: 203434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 447436800 | Size: 19999 MB
User = LL1 ... OK
User = LL2 ... OK

 

 

 

 

#### I don't seem to be needing Java, I did however Update it; if you advise I'll Uninstall it altogether.

 

 

##### In between I did remove Adware web companion by lavasoft.

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 AM

Posted 12 April 2016 - 06:49 AM

Execute the RogueKiller and fix these entries.

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BCA64918-9702-40FE-A08A-057951697B82} | DhcpNameServer : 54.201.182.50 8.8.8.8 ([X][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BCA64918-9702-40FE-A08A-057951697B82} | DhcpNameServer : 54.201.182.50 8.8.8.8 ([X][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BCA64918-9702-40FE-A08A-057951697B82} | DhcpNameServer : 54.201.182.50 8.8.8.8 ([X][-]) -> Found


====

Reset the proxys on the Browser(s) you use.

I Internet Explorer check this out.
http://windows.microsoft.com/en-ca/windows/change-internet-explorer-proxy-server-settings#1TC=windows-7

In Firefox.
http://www.linksys.com/us/support-article?articleNum=132304

In Chrome
https://support.google.com/chrome/answer/96815?hl=en

====

Restart the computer normally.

How is it now?

===

p.s.
Do not install the Java if you do not need it.

Edited by nasdaq, 12 April 2016 - 06:50 AM.


#5 LyConsigliere

LyConsigliere
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Libya
  • Local time:04:46 PM

Posted 12 April 2016 - 07:23 AM

First, Thank you for your time. And thanks for your speedy first response. I was preparing for a 5day delay.
Second,
How do I fix them? just run the Rkiller and fix the objects it detects?

Edited by LyConsigliere, 12 April 2016 - 07:26 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 AM

Posted 12 April 2016 - 07:37 AM

Yes.

And to be safe reset the proxy on the browser(s) that have been compromised.

#7 LyConsigliere

LyConsigliere
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Libya
  • Local time:04:46 PM

Posted 16 April 2016 - 08:30 AM

The Rogue Killer didn't Show any new entries; as I've already fixed them aftrer the first scan as you instructed in your first reply.

 

I've reset the proxy, reset the router, re-entered all devices into the network and gave it a few days. at first everything went back to normal like it always does, but then the problem reappeared. right now "something" changed the router's password to something i don't know and i'm unable to log back in .. with random redirects to ads sites while surfing.

 

Thank you however for your help.


Edited by LyConsigliere, 16 April 2016 - 08:32 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 AM

Posted 17 April 2016 - 06:40 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 AM

Posted 23 April 2016 - 07:09 AM

Are you still with me?

#10 LyConsigliere

LyConsigliere
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Libya
  • Local time:04:46 PM

Posted 23 April 2016 - 12:37 PM

Yes. Although there seems to be a detour in our problem. I left the computer we're trying to clean-up out of the network for a few days after a router reset; and the problem showed up again! Äuto DNS changes and redirects. But the odd thing the router's password hasn't been changed yet.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 AM

Posted 24 April 2016 - 07:07 AM

Please run the tools I suggested in post no 8.

Post the logs for my review.

p.s.
If you execute the RogueKiller tool are the bad I.P. addresses still being reported.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 AM

Posted 30 April 2016 - 06:40 AM

Are you still with me?

#13 LyConsigliere

LyConsigliere
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Libya
  • Local time:04:46 PM

Posted 02 May 2016 - 12:21 PM

Attached File  MBR.zip   581bytes   0 downloadsTDSS REPORT:

 

20:10:15.0377 0x0914 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12

20:10:19.0976 0x0914 ============================================================

20:10:19.0977 0x0914 Current date / time: 2016/05/02 20:10:19.0976

20:10:19.0977 0x0914 SystemInfo:

20:10:19.0977 0x0914

20:10:19.0977 0x0914 OS Version: 6.1.7601 ServicePack: 1.0

20:10:19.0977 0x0914 Product type: Workstation

20:10:19.0977 0x0914 ComputerName: DRFATHIA-PC

20:10:19.0977 0x0914 UserName: Dr.Fathia

20:10:19.0977 0x0914 Windows directory: C:\Windows

20:10:19.0977 0x0914 System windows directory: C:\Windows

20:10:19.0977 0x0914 Running under WOW64

20:10:19.0977 0x0914 Processor architecture: Intel x64

20:10:19.0977 0x0914 Number of processors: 2

20:10:19.0977 0x0914 Page size: 0x1000

20:10:19.0977 0x0914 Boot type: Normal boot

20:10:19.0977 0x0914 ============================================================

20:10:20.0175 0x0914 KLMD registered as C:\Windows\system32\drivers\18276653.sys

20:10:22.0466 0x0914 System UUID: {D7F9197C-D747-9549-4855-0380FD12C7B0}

20:10:24.0285 0x0914 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:10:24.0289 0x0914 ============================================================

20:10:24.0289 0x0914 \Device\Harddisk0\DR0:

20:10:24.0289 0x0914 MBR partitions:

20:10:24.0290 0x0914 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

20:10:24.0290 0x0914 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x18D55170

20:10:24.0311 0x0914 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1AAB6000, BlocksNum 0x270F000

20:10:24.0311 0x0914 ============================================================

20:10:24.0348 0x0914 C: <-> \Device\Harddisk0\DR0\Partition2

20:10:24.0410 0x0914 E: <-> \Device\Harddisk0\DR0\Partition3

20:10:24.0410 0x0914 ============================================================

20:10:24.0411 0x0914 Initialize success

20:10:24.0411 0x0914 ============================================================

20:10:58.0810 0x1258 ============================================================

20:10:58.0810 0x1258 Scan started

20:10:58.0810 0x1258 Mode: Manual;

20:10:58.0810 0x1258 ============================================================

20:10:58.0810 0x1258 KSN ping started

20:11:01.0508 0x1258 KSN ping finished: true

20:11:02.0123 0x1258 ================ Scan system memory ========================

20:11:02.0123 0x1258 System memory - ok

20:11:02.0126 0x1258 ================ Scan services =============================

20:11:02.0257 0x1258 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

20:11:02.0264 0x1258 1394ohci - ok

20:11:02.0310 0x1258 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys

20:11:02.0318 0x1258 ACPI - ok

20:11:02.0350 0x1258 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

20:11:02.0351 0x1258 AcpiPmi - ok

20:11:02.0488 0x1258 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:11:02.0490 0x1258 AdobeARMservice - ok

20:11:02.0579 0x1258 [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:11:02.0586 0x1258 AdobeFlashPlayerUpdateSvc - ok

20:11:02.0638 0x1258 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

20:11:02.0650 0x1258 adp94xx - ok

20:11:02.0676 0x1258 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

20:11:02.0686 0x1258 adpahci - ok

20:11:02.0696 0x1258 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

20:11:02.0702 0x1258 adpu320 - ok

20:11:02.0739 0x1258 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

20:11:02.0741 0x1258 AeLookupSvc - ok

20:11:02.0797 0x1258 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys

20:11:02.0809 0x1258 AFD - ok

20:11:02.0843 0x1258 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys

20:11:02.0845 0x1258 agp440 - ok

20:11:02.0884 0x1258 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

20:11:02.0886 0x1258 ALG - ok

20:11:02.0909 0x1258 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys

20:11:02.0910 0x1258 aliide - ok

20:11:02.0930 0x1258 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys

20:11:02.0931 0x1258 amdide - ok

20:11:02.0971 0x1258 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

20:11:02.0974 0x1258 AmdK8 - ok

20:11:02.0999 0x1258 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

20:11:03.0004 0x1258 AmdPPM - ok

20:11:03.0050 0x1258 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys

20:11:03.0053 0x1258 amdsata - ok

20:11:03.0095 0x1258 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

20:11:03.0101 0x1258 amdsbs - ok

20:11:03.0135 0x1258 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys

20:11:03.0136 0x1258 amdxata - ok

20:11:03.0188 0x1258 [ 1412E9A88FE1F7E35CE6058A2EF03664, 5670F8189C91E6F449EFB2A91F689F785D8757DF70534DCE3C9D3A556722EACA ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

20:11:03.0244 0x1258 ApfiltrService - ok

20:11:03.0289 0x1258 [ A9FB80B0BBA6F765F4E691B7AD4963A7, 06BC740AF47ACECEE3707C433357F872EA0D9F2CA1B9FC2489FA3B421A262EF0 ] AppID C:\Windows\system32\drivers\appid.sys

20:11:03.0328 0x1258 AppID - ok

20:11:03.0348 0x1258 [ C47B6624AF9AEE4146743DCB133A159D, 10D1E6C9F972C3A8CC304F38B0A52818A78D70B4AF71F6E22CE1773397FC2AB4 ] AppIDSvc C:\Windows\System32\appidsvc.dll

20:11:03.0382 0x1258 AppIDSvc - ok

20:11:03.0453 0x1258 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll

20:11:03.0456 0x1258 Appinfo - ok

20:11:03.0486 0x1258 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys

20:11:03.0489 0x1258 arc - ok

20:11:03.0497 0x1258 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

20:11:03.0503 0x1258 arcsas - ok

20:11:03.0536 0x1258 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

20:11:03.0537 0x1258 AsyncMac - ok

20:11:03.0585 0x1258 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys

20:11:03.0587 0x1258 atapi - ok

20:11:03.0646 0x1258 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:11:03.0664 0x1258 AudioEndpointBuilder - ok

20:11:03.0688 0x1258 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll

20:11:03.0704 0x1258 AudioSrv - ok

20:11:03.0751 0x1258 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll

20:11:03.0755 0x1258 AxInstSV - ok

20:11:03.0809 0x1258 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

20:11:03.0821 0x1258 b06bdrv - ok

20:11:03.0846 0x1258 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

20:11:03.0853 0x1258 b57nd60a - ok

20:11:03.0879 0x1258 [ E001DD475A7C27EBE5A0DB45C11BAD71, BA6A13E49F30BBBAB9FB0C7686FA6FD0376D506A51CEDB2829E3EF3C728394BA ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys

20:11:03.0880 0x1258 BCM42RLY - ok

20:11:04.0030 0x1258 [ 37394D3553E220FB732C21E217E1BD8B, 1B4ACDDDD2A2D9771240778A47BA067F0F6C7C40C84BC8BFD5852E5772EAB298 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

20:11:04.0142 0x1258 BCM43XX - ok

20:11:04.0186 0x1258 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

20:11:04.0189 0x1258 BDESVC - ok

20:11:04.0205 0x1258 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

20:11:04.0206 0x1258 Beep - ok

20:11:04.0277 0x1258 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll

20:11:04.0296 0x1258 BFE - ok

20:11:04.0362 0x1258 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll

20:11:04.0384 0x1258 BITS - ok

20:11:04.0424 0x1258 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

20:11:04.0426 0x1258 blbdrive - ok

20:11:04.0468 0x1258 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

20:11:04.0471 0x1258 bowser - ok

20:11:04.0488 0x1258 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:11:04.0499 0x1258 BrFiltLo - ok

20:11:04.0518 0x1258 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:11:04.0520 0x1258 BrFiltUp - ok

20:11:04.0557 0x1258 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll

20:11:04.0561 0x1258 Browser - ok

20:11:04.0590 0x1258 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

20:11:04.0616 0x1258 Brserid - ok

20:11:04.0639 0x1258 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

20:11:04.0641 0x1258 BrSerWdm - ok

20:11:04.0651 0x1258 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

20:11:04.0654 0x1258 BrUsbMdm - ok

20:11:04.0672 0x1258 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

20:11:04.0687 0x1258 BrUsbSer - ok

20:11:04.0714 0x1258 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

20:11:04.0718 0x1258 BTHMODEM - ok

20:11:04.0748 0x1258 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

20:11:04.0752 0x1258 bthserv - ok

20:11:04.0769 0x1258 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

20:11:04.0772 0x1258 cdfs - ok

20:11:04.0820 0x1258 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

20:11:04.0824 0x1258 cdrom - ok

20:11:04.0862 0x1258 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll

20:11:04.0865 0x1258 CertPropSvc - ok

20:11:04.0904 0x1258 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

20:11:04.0908 0x1258 circlass - ok

20:11:05.0013 0x1258 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys

20:11:05.0022 0x1258 CLFS - ok

20:11:05.0246 0x1258 [ 43102F2322F0CB42A7D2C685278BC460, 5586485A472BD5D99D27A36CEEEBB2C849C9D0D9EDB8312203B78279D69C6CA2 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

20:11:05.0305 0x1258 ClickToRunSvc - ok

20:11:05.0384 0x1258 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:11:05.0387 0x1258 clr_optimization_v2.0.50727_32 - ok

20:11:05.0444 0x1258 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:11:05.0447 0x1258 clr_optimization_v2.0.50727_64 - ok

20:11:05.0491 0x1258 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

20:11:05.0492 0x1258 CmBatt - ok

20:11:05.0512 0x1258 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys

20:11:05.0513 0x1258 cmdide - ok

20:11:05.0565 0x1258 [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG C:\Windows\system32\Drivers\cng.sys

20:11:05.0577 0x1258 CNG - ok

20:11:05.0598 0x1258 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

20:11:05.0600 0x1258 Compbatt - ok

20:11:05.0628 0x1258 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

20:11:05.0629 0x1258 CompositeBus - ok

20:11:05.0636 0x1258 COMSysApp - ok

20:11:05.0669 0x1258 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

20:11:05.0670 0x1258 crcdisk - ok

20:11:05.0712 0x1258 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll

20:11:05.0717 0x1258 CryptSvc - ok

20:11:05.0744 0x1258 [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys

20:11:05.0748 0x1258 CtClsFlt - ok

20:11:05.0810 0x1258 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll

20:11:05.0825 0x1258 DcomLaunch - ok

20:11:05.0864 0x1258 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

20:11:05.0885 0x1258 defragsvc - ok

20:11:05.0927 0x1258 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys

20:11:05.0930 0x1258 DfsC - ok

20:11:05.0985 0x1258 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll

20:11:05.0995 0x1258 Dhcp - ok

20:11:06.0020 0x1258 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

20:11:06.0021 0x1258 discache - ok

20:11:06.0042 0x1258 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys

20:11:06.0046 0x1258 Disk - ok

20:11:06.0081 0x1258 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll

20:11:06.0087 0x1258 Dnscache - ok

20:11:06.0139 0x1258 [ 0840ABBBDF438691EE65A20040635CBE, F83597ECECFADBA45242B683A19A01ADF84203B016301B64530C7BE8234175E8 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

20:11:06.0143 0x1258 DockLoginService - ok

20:11:06.0187 0x1258 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll

20:11:06.0196 0x1258 dot3svc - ok

20:11:06.0229 0x1258 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll

20:11:06.0234 0x1258 DPS - ok

20:11:06.0288 0x1258 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

20:11:06.0289 0x1258 drmkaud - ok

20:11:06.0361 0x1258 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

20:11:06.0385 0x1258 DXGKrnl - ok

20:11:06.0425 0x1258 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

20:11:06.0429 0x1258 EapHost - ok

20:11:06.0574 0x1258 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

20:11:06.0700 0x1258 ebdrv - ok

20:11:06.0744 0x1258 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] EFS C:\Windows\System32\lsass.exe

20:11:06.0783 0x1258 EFS - ok

20:11:06.0862 0x1258 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

20:11:06.0880 0x1258 ehRecvr - ok

20:11:06.0917 0x1258 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

20:11:06.0921 0x1258 ehSched - ok

20:11:06.0975 0x1258 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

20:11:06.0992 0x1258 elxstor - ok

20:11:07.0015 0x1258 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys

20:11:07.0016 0x1258 ErrDev - ok

20:11:07.0072 0x1258 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

20:11:07.0083 0x1258 EventSystem - ok

20:11:07.0112 0x1258 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

20:11:07.0117 0x1258 exfat - ok

20:11:07.0144 0x1258 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

20:11:07.0150 0x1258 fastfat - ok

20:11:07.0214 0x1258 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe

20:11:07.0231 0x1258 Fax - ok

20:11:07.0248 0x1258 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys

20:11:07.0249 0x1258 fdc - ok

20:11:07.0287 0x1258 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

20:11:07.0288 0x1258 fdPHost - ok

20:11:07.0331 0x1258 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

20:11:07.0334 0x1258 FDResPub - ok

20:11:07.0362 0x1258 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

20:11:07.0365 0x1258 FileInfo - ok

20:11:07.0396 0x1258 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

20:11:07.0397 0x1258 Filetrace - ok

20:11:07.0431 0x1258 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

20:11:07.0433 0x1258 flpydisk - ok

20:11:07.0483 0x1258 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

20:11:07.0491 0x1258 FltMgr - ok

20:11:07.0597 0x1258 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll

20:11:07.0628 0x1258 FontCache - ok

20:11:07.0694 0x1258 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:11:07.0696 0x1258 FontCache3.0.0.0 - ok

20:11:07.0731 0x1258 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

20:11:07.0733 0x1258 FsDepends - ok

20:11:07.0771 0x1258 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

20:11:07.0772 0x1258 Fs_Rec - ok

20:11:07.0822 0x1258 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

20:11:07.0828 0x1258 fvevol - ok

20:11:07.0855 0x1258 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

20:11:07.0858 0x1258 gagp30kx - ok

20:11:07.0933 0x1258 [ C1BBCE4B30B45410178EE674C818D10C, 3FD449C20493057592A21CA812CA39803BC32136B84A060B2BF9621776D94E54 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe

20:11:07.0940 0x1258 GameConsoleService - ok

20:11:08.0013 0x1258 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll

20:11:08.0034 0x1258 gpsvc - ok

20:11:08.0063 0x1258 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

20:11:08.0065 0x1258 hcw85cir - ok

20:11:08.0114 0x1258 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

20:11:08.0117 0x1258 HDAudBus - ok

20:11:08.0125 0x1258 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

20:11:08.0127 0x1258 HidBatt - ok

20:11:08.0135 0x1258 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

20:11:08.0138 0x1258 HidBth - ok

20:11:08.0149 0x1258 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

20:11:08.0151 0x1258 HidIr - ok

20:11:08.0186 0x1258 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll

20:11:08.0188 0x1258 hidserv - ok

20:11:08.0229 0x1258 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

20:11:08.0268 0x1258 HidUsb - ok

20:11:08.0306 0x1258 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll

20:11:08.0310 0x1258 hkmsvc - ok

20:11:08.0340 0x0f38 Object required for P2P: [ 43102F2322F0CB42A7D2C685278BC460 ] ClickToRunSvc

20:11:08.0360 0x1258 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

20:11:08.0367 0x1258 HomeGroupListener - ok

20:11:08.0406 0x1258 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

20:11:08.0412 0x1258 HomeGroupProvider - ok

20:11:08.0440 0x1258 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

20:11:08.0443 0x1258 HpSAMD - ok

20:11:08.0511 0x1258 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys

20:11:08.0531 0x1258 HTTP - ok

20:11:08.0570 0x1258 [ 4DCC2C17CC72D6807139BED90CF0CEC8, 2D692EED683887278E02DCB071BAE7604C8992C8E317D3A6B1C69EC9671DA204 ] HuaweiWiMAXUSB C:\Windows\system32\DRIVERS\HuaweiWiMAXUSB.sys

20:11:08.0572 0x1258 HuaweiWiMAXUSB - ok

20:11:08.0631 0x1258 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

20:11:08.0632 0x1258 hwpolicy - ok

20:11:08.0683 0x1258 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

20:11:08.0686 0x1258 i8042prt - ok

20:11:08.0750 0x1258 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

20:11:08.0760 0x1258 IAANTMON - ok

20:11:08.0806 0x1258 [ 4F6FB2CDBDEEFC47E7D2066E78254580, F2B722FBF9C8216CCA42A6910D72FE5532B2B99BAA1815C24D852873F778072A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

20:11:08.0817 0x1258 iaStor - ok

20:11:08.0854 0x1258 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

20:11:08.0865 0x1258 iaStorV - ok

20:11:08.0947 0x1258 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:11:08.0969 0x1258 idsvc - ok

20:11:08.0990 0x1258 IEEtwCollectorService - ok

20:11:09.0275 0x1258 [ BABD5F9B2BCC82CE556A0BAF1AE208A7, FC58521140B7DA6B847C524CBA79183CEEC044C0A5DFE13165DBD46D34438CD0 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

20:11:09.0567 0x1258 igfx - ok

20:11:09.0628 0x1258 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

20:11:09.0630 0x1258 iirsp - ok

20:11:09.0691 0x1258 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll

20:11:09.0713 0x1258 IKEEXT - ok

20:11:09.0756 0x1258 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys

20:11:09.0758 0x1258 intelide - ok

20:11:09.0788 0x1258 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

20:11:09.0790 0x1258 intelppm - ok

20:11:09.0822 0x1258 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

20:11:09.0826 0x1258 IPBusEnum - ok

20:11:09.0860 0x1258 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:11:09.0891 0x1258 IpFilterDriver - ok

20:11:09.0953 0x1258 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

20:11:09.0969 0x1258 iphlpsvc - ok

20:11:10.0013 0x1258 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

20:11:10.0016 0x1258 IPMIDRV - ok

20:11:10.0049 0x1258 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

20:11:10.0052 0x1258 IPNAT - ok

20:11:10.0078 0x1258 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

20:11:10.0079 0x1258 IRENUM - ok

20:11:10.0121 0x1258 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

20:11:10.0122 0x1258 isapnp - ok

20:11:10.0149 0x1258 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

20:11:10.0157 0x1258 iScsiPrt - ok

20:11:10.0183 0x1258 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

20:11:10.0185 0x1258 kbdclass - ok

20:11:10.0226 0x1258 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

20:11:10.0228 0x1258 kbdhid - ok

20:11:10.0255 0x1258 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] KeyIso C:\Windows\system32\lsass.exe

20:11:10.0257 0x1258 KeyIso - ok

20:11:10.0295 0x1258 [ B6C2FA7F5E5BC1A488A57C6344D29D64, 857245D664CF9ED8121E2087D73F85DA3FED721484DDC6B51AF6A344EC29A27F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

20:11:10.0298 0x1258 KSecDD - ok

20:11:10.0325 0x1258 [ FB4397DDCC732DB6A7B33B747C7EB708, AD8B9500AAE12C1507B982B74B86731BE75AFAC7F64538332A380AC43EDEC271 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

20:11:10.0329 0x1258 KSecPkg - ok

20:11:10.0356 0x1258 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

20:11:10.0357 0x1258 ksthunk - ok

20:11:10.0408 0x1258 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

20:11:10.0419 0x1258 KtmRm - ok

20:11:10.0479 0x1258 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll

20:11:10.0487 0x1258 LanmanServer - ok

20:11:10.0522 0x1258 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:11:10.0528 0x1258 LanmanWorkstation - ok

20:11:10.0556 0x1258 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

20:11:10.0558 0x1258 lltdio - ok

20:11:10.0602 0x1258 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

20:11:10.0611 0x1258 lltdsvc - ok

20:11:10.0632 0x1258 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

20:11:10.0634 0x1258 lmhosts - ok

20:11:10.0662 0x1258 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

20:11:10.0665 0x1258 LSI_FC - ok

20:11:10.0701 0x1258 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

20:11:10.0705 0x1258 LSI_SAS - ok

20:11:10.0712 0x1258 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:11:10.0714 0x1258 LSI_SAS2 - ok

20:11:10.0727 0x1258 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:11:10.0731 0x1258 LSI_SCSI - ok

20:11:10.0762 0x1258 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

20:11:10.0765 0x1258 luafv - ok

20:11:10.0807 0x1258 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

20:11:10.0810 0x1258 Mcx2Svc - ok

20:11:10.0851 0x1258 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

20:11:10.0853 0x1258 megasas - ok

20:11:10.0870 0x1258 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

20:11:10.0879 0x1258 MegaSR - ok

20:11:10.0910 0x1258 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

20:11:10.0912 0x1258 MMCSS - ok

20:11:10.0923 0x1258 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

20:11:10.0925 0x1258 Modem - ok

20:11:10.0962 0x1258 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

20:11:10.0963 0x1258 monitor - ok

20:11:10.0999 0x1258 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

20:11:11.0001 0x1258 mouclass - ok

20:11:11.0021 0x1258 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

20:11:11.0038 0x1258 mouhid - ok

20:11:11.0079 0x1258 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

20:11:11.0082 0x1258 mountmgr - ok

20:11:11.0167 0x1258 [ DA0FAEE45D6F03D7647851A20977A7D0, AFB1EA053CD4BCA903868896D020205D4C207C85314E6C56C4663922A3F9BD6A ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

20:11:11.0175 0x1258 MpFilter - ok

20:11:11.0210 0x1258 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

20:11:11.0215 0x1258 mpio - ok

20:11:11.0224 0x0f38 Object send P2P result: true

20:11:11.0249 0x1258 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

20:11:11.0252 0x1258 mpsdrv - ok

20:11:11.0327 0x1258 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

20:11:11.0349 0x1258 MpsSvc - ok

20:11:11.0385 0x1258 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

20:11:11.0391 0x1258 MRxDAV - ok

20:11:11.0440 0x1258 [ ACEC16415275E1AD6F7983EF472810E3, E5017E157954F6C21AA66233FF2C1A6B1FF3E4685F26648A8A21F2B9718DD97C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

20:11:11.0458 0x1258 mrxsmb - ok

20:11:11.0490 0x1258 [ 0F276F2F2018296FABC7BD2BCCAAB40B, 378A36F7282EE9FFEC8A1D5783ECD0A428E0215B1774AAA166C5AA09B3C636F7 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:11:11.0514 0x1258 mrxsmb10 - ok

20:11:11.0547 0x1258 [ 1D4B7972375052F5B7877A6FD9BE33A0, B3FD235F6FE975F1869436ED1215913F0E8EB1123BB252FD221C35AB1121C3F5 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:11:11.0565 0x1258 mrxsmb20 - ok

20:11:11.0591 0x1258 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

20:11:11.0592 0x1258 msahci - ok

20:11:11.0608 0x1258 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

20:11:11.0612 0x1258 msdsm - ok

20:11:11.0640 0x1258 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

20:11:11.0645 0x1258 MSDTC - ok

20:11:11.0679 0x1258 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

20:11:11.0681 0x1258 Msfs - ok

20:11:11.0698 0x1258 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

20:11:11.0699 0x1258 mshidkmdf - ok

20:11:11.0730 0x1258 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

20:11:11.0731 0x1258 msisadrv - ok

20:11:11.0771 0x1258 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

20:11:11.0777 0x1258 MSiSCSI - ok

20:11:11.0782 0x1258 msiserver - ok

20:11:11.0808 0x1258 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

20:11:11.0809 0x1258 MSKSSRV - ok

20:11:11.0890 0x1258 [ C66FE30BBA4604A06EE9E4180ABE4BD9, 43E60C15C05FF19082142BB9D1F29D1B3269AD4A7FB32AF109AE63FE5A6AA0A9 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

20:11:11.0890 0x1258 MsMpSvc - ok

20:11:11.0908 0x1258 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

20:11:11.0909 0x1258 MSPCLOCK - ok

20:11:11.0934 0x1258 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

20:11:11.0935 0x1258 MSPQM - ok

20:11:11.0995 0x1258 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

20:11:12.0007 0x1258 MsRPC - ok

20:11:12.0062 0x1258 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

20:11:12.0063 0x1258 mssmbios - ok

20:11:12.0098 0x1258 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

20:11:12.0099 0x1258 MSTEE - ok

20:11:12.0106 0x1258 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

20:11:12.0109 0x1258 MTConfig - ok

20:11:12.0128 0x1258 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

20:11:12.0130 0x1258 Mup - ok

20:11:12.0189 0x1258 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

20:11:12.0202 0x1258 napagent - ok

20:11:12.0252 0x1258 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

20:11:12.0260 0x1258 NativeWifiP - ok

20:11:12.0338 0x1258 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys

20:11:12.0361 0x1258 NDIS - ok

20:11:12.0396 0x1258 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

20:11:12.0398 0x1258 NdisCap - ok

20:11:12.0413 0x1258 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

20:11:12.0415 0x1258 NdisTapi - ok

20:11:12.0454 0x1258 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

20:11:12.0456 0x1258 Ndisuio - ok

20:11:12.0497 0x1258 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

20:11:12.0502 0x1258 NdisWan - ok

20:11:12.0546 0x1258 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

20:11:12.0548 0x1258 NDProxy - ok

20:11:12.0585 0x1258 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

20:11:12.0588 0x1258 NetBIOS - ok

20:11:12.0633 0x1258 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

20:11:12.0640 0x1258 NetBT - ok

20:11:12.0666 0x1258 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] Netlogon C:\Windows\system32\lsass.exe

20:11:12.0668 0x1258 Netlogon - ok

20:11:12.0723 0x1258 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

20:11:12.0733 0x1258 Netman - ok

20:11:12.0762 0x1258 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

20:11:12.0774 0x1258 netprofm - ok

20:11:12.0818 0x1258 [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:11:12.0826 0x1258 NetTcpPortSharing - ok

20:11:12.0858 0x1258 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

20:11:12.0860 0x1258 nfrd960 - ok

20:11:12.0915 0x1258 [ 6D79C8CB73187FBEAAD1F680FADF98D3, 0075B2CCC4FFF929023F95686D7BBE32C0FCE05DEB2159C0784AF85D64E1B66E ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

20:11:12.0919 0x1258 NisDrv - ok

20:11:12.0959 0x1258 [ B8F4F580638373FBF72F2B572446D294, A5CD9ABCA5CDC335D2C6FDCB81327B600150E45BB867B88859A00AF974B42F85 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

20:11:12.0968 0x1258 NisSrv - ok

20:11:13.0027 0x1258 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll

20:11:13.0037 0x1258 NlaSvc - ok

20:11:13.0056 0x1258 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

20:11:13.0058 0x1258 Npfs - ok

20:11:13.0092 0x1258 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

20:11:13.0095 0x1258 nsi - ok

20:11:13.0119 0x1258 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

20:11:13.0121 0x1258 nsiproxy - ok

20:11:13.0220 0x1258 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

20:11:13.0263 0x1258 Ntfs - ok

20:11:13.0303 0x1258 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

20:11:13.0305 0x1258 Null - ok

20:11:13.0342 0x1258 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys

20:11:13.0346 0x1258 nvraid - ok

20:11:13.0374 0x1258 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys

20:11:13.0379 0x1258 nvstor - ok

20:11:13.0396 0x1258 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

20:11:13.0400 0x1258 nv_agp - ok

20:11:13.0443 0x1258 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

20:11:13.0446 0x1258 ohci1394 - ok

20:11:13.0525 0x1258 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:11:13.0529 0x1258 ose - ok

20:11:13.0766 0x1258 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:11:13.0958 0x1258 osppsvc - ok

20:11:14.0006 0x1258 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

20:11:14.0016 0x1258 p2pimsvc - ok

20:11:14.0066 0x1258 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

20:11:14.0078 0x1258 p2psvc - ok

20:11:14.0243 0x1258 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys

20:11:14.0246 0x1258 Parport - ok

20:11:14.0284 0x1258 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

20:11:14.0287 0x1258 partmgr - ok

20:11:14.0337 0x1258 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll

20:11:14.0347 0x1258 PcaSvc - ok

20:11:14.0381 0x1258 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

20:11:14.0386 0x1258 pci - ok

20:11:14.0420 0x1258 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

20:11:14.0422 0x1258 pciide - ok

20:11:14.0465 0x1258 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

20:11:14.0471 0x1258 pcmcia - ok

20:11:14.0493 0x1258 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

20:11:14.0495 0x1258 pcw - ok

20:11:14.0553 0x1258 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys

20:11:14.0570 0x1258 PEAUTH - ok

20:11:14.0645 0x1258 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

20:11:14.0647 0x1258 PerfHost - ok

20:11:14.0737 0x1258 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

20:11:14.0777 0x1258 pla - ok

20:11:14.0844 0x1258 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

20:11:14.0856 0x1258 PlugPlay - ok

20:11:14.0905 0x1258 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

20:11:14.0907 0x1258 PNRPAutoReg - ok

20:11:14.0928 0x1258 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

20:11:14.0936 0x1258 PNRPsvc - ok

20:11:15.0001 0x1258 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

20:11:15.0014 0x1258 PolicyAgent - ok

20:11:15.0057 0x1258 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

20:11:15.0064 0x1258 Power - ok

20:11:15.0084 0x1258 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

20:11:15.0087 0x1258 PptpMiniport - ok

20:11:15.0119 0x1258 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys

20:11:15.0121 0x1258 Processor - ok

20:11:15.0166 0x1258 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll

20:11:15.0174 0x1258 ProfSvc - ok

20:11:15.0199 0x1258 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] ProtectedStorage C:\Windows\system32\lsass.exe

20:11:15.0201 0x1258 ProtectedStorage - ok

20:11:15.0244 0x1258 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

20:11:15.0249 0x1258 Psched - ok

20:11:15.0291 0x1258 [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

20:11:15.0293 0x1258 PxHlpa64 - ok

20:11:15.0382 0x1258 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

20:11:15.0422 0x1258 ql2300 - ok

20:11:15.0478 0x1258 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

20:11:15.0482 0x1258 ql40xx - ok

20:11:15.0514 0x1258 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

20:11:15.0524 0x1258 QWAVE - ok

20:11:15.0589 0x1258 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

20:11:15.0591 0x1258 QWAVEdrv - ok

20:11:15.0607 0x1258 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

20:11:15.0608 0x1258 RasAcd - ok

20:11:15.0643 0x1258 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

20:11:15.0645 0x1258 RasAgileVpn - ok

20:11:15.0665 0x1258 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

20:11:15.0670 0x1258 RasAuto - ok

20:11:15.0710 0x1258 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

20:11:15.0714 0x1258 Rasl2tp - ok

20:11:15.0766 0x1258 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

20:11:15.0777 0x1258 RasMan - ok

20:11:15.0801 0x1258 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

20:11:15.0804 0x1258 RasPppoe - ok

20:11:15.0826 0x1258 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

20:11:15.0828 0x1258 RasSstp - ok

20:11:15.0871 0x1258 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

20:11:15.0879 0x1258 rdbss - ok

20:11:15.0917 0x1258 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

20:11:15.0918 0x1258 rdpbus - ok

20:11:15.0934 0x1258 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

20:11:15.0935 0x1258 RDPCDD - ok

20:11:15.0956 0x1258 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

20:11:15.0957 0x1258 RDPENCDD - ok

20:11:15.0970 0x1258 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

20:11:15.0971 0x1258 RDPREFMP - ok

20:11:16.0018 0x1258 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

20:11:16.0024 0x1258 RDPWD - ok

20:11:16.0060 0x1258 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

20:11:16.0065 0x1258 rdyboost - ok

20:11:16.0094 0x1258 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

20:11:16.0098 0x1258 RemoteAccess - ok

20:11:16.0142 0x1258 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

20:11:16.0148 0x1258 RemoteRegistry - ok

20:11:16.0171 0x1258 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

20:11:16.0174 0x1258 RpcEptMapper - ok

20:11:16.0198 0x1258 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

20:11:16.0200 0x1258 RpcLocator - ok

20:11:16.0256 0x1258 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

20:11:16.0268 0x1258 RpcSs - ok

20:11:16.0298 0x1258 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

20:11:16.0300 0x1258 rspndr - ok

20:11:16.0334 0x1258 [ 4A25DC970C58104602ED274DACAFD784, 38377570346385E9035568694638719475607B62968C5E3D0D9CBCDD04A5BD52 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

20:11:16.0340 0x1258 RSUSBSTOR - ok

20:11:16.0366 0x1258 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] SamSs C:\Windows\system32\lsass.exe

20:11:16.0368 0x1258 SamSs - ok

20:11:16.0426 0x1258 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

20:11:16.0429 0x1258 sbp2port - ok

20:11:16.0485 0x1258 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

20:11:16.0492 0x1258 SCardSvr - ok

20:11:16.0531 0x1258 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

20:11:16.0532 0x1258 scfilter - ok

20:11:16.0604 0x1258 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll

20:11:16.0637 0x1258 Schedule - ok

20:11:16.0683 0x1258 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

20:11:16.0685 0x1258 SCPolicySvc - ok

20:11:16.0706 0x1258 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

20:11:16.0713 0x1258 SDRSVC - ok

20:11:16.0747 0x1258 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

20:11:16.0749 0x1258 secdrv - ok

20:11:16.0783 0x1258 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll

20:11:16.0786 0x1258 seclogon - ok

20:11:16.0811 0x1258 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll

20:11:16.0816 0x1258 SENS - ok

20:11:16.0839 0x1258 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

20:11:16.0842 0x1258 SensrSvc - ok

20:11:16.0856 0x1258 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

20:11:16.0858 0x1258 Serenum - ok

20:11:16.0892 0x1258 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys

20:11:16.0895 0x1258 Serial - ok

20:11:16.0928 0x1258 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

20:11:16.0930 0x1258 sermouse - ok

20:11:16.0981 0x1258 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

20:11:16.0986 0x1258 SessionEnv - ok

20:11:17.0018 0x1258 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

20:11:17.0019 0x1258 sffdisk - ok

20:11:17.0040 0x1258 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

20:11:17.0041 0x1258 sffp_mmc - ok

20:11:17.0057 0x1258 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

20:11:17.0058 0x1258 sffp_sd - ok

20:11:17.0094 0x1258 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

20:11:17.0095 0x1258 sfloppy - ok

20:11:17.0164 0x1258 [ E1974A92AC0914A3859359A0A8C82C68, 4908917F72D6E531B44488F06A05915F0DA9767758E44C886F5F93F46BA79654 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

20:11:17.0182 0x1258 SftService - ok

20:11:17.0233 0x1258 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

20:11:17.0248 0x1258 SharedAccess - ok

20:11:17.0313 0x1258 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:11:17.0324 0x1258 ShellHWDetection - ok

20:11:17.0376 0x1258 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:11:17.0378 0x1258 SiSRaid2 - ok

20:11:17.0385 0x1258 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

20:11:17.0388 0x1258 SiSRaid4 - ok

20:11:17.0396 0x1258 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

20:11:17.0399 0x1258 Smb - ok

20:11:17.0440 0x1258 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

20:11:17.0443 0x1258 SNMPTRAP - ok

20:11:17.0487 0x1258 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

20:11:17.0488 0x1258 spldr - ok

20:11:17.0539 0x1258 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe

20:11:17.0554 0x1258 Spooler - ok

20:11:17.0712 0x1258 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

20:11:17.0847 0x1258 sppsvc - ok

20:11:17.0900 0x1258 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

20:11:17.0904 0x1258 sppuinotify - ok

20:11:17.0968 0x1258 [ D630B6F2E8379B6F10DC16E82A426552, 9F7949B11BCEF55B38119ED45BD92117A8551BEC8A2BCD88EA89707C48120F1B ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

20:11:17.0974 0x1258 sprtsvc_DellSupportCenter - ok

20:11:18.0038 0x1258 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

20:11:18.0049 0x1258 srv - ok

20:11:18.0085 0x1258 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

20:11:18.0098 0x1258 srv2 - ok

20:11:18.0126 0x1258 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

20:11:18.0130 0x1258 srvnet - ok

20:11:18.0165 0x1258 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

20:11:18.0173 0x1258 SSDPSRV - ok

20:11:18.0197 0x1258 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

20:11:18.0201 0x1258 SstpSvc - ok

20:11:18.0294 0x1258 [ 444109453A2B87E6C16BCDA5953E81A9, 96BAC1470A6D60EB6E5F11058A8C137245246730A171961026AF5B08A059E373 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

20:11:18.0349 0x1258 STacSV - ok

20:11:18.0386 0x1258 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

20:11:18.0387 0x1258 stexstor - ok

20:11:18.0441 0x1258 [ 02E784FA49032F84964DB90A3ED81890, 93519BE6706F33E35755A357DEBF489B2985553C33188EFD1F3B516702D6695B ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

20:11:18.0453 0x1258 STHDA - ok

20:11:18.0508 0x1258 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

20:11:18.0525 0x1258 stisvc - ok

20:11:18.0561 0x1258 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys

20:11:18.0562 0x1258 swenum - ok

20:11:18.0607 0x1258 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

20:11:18.0622 0x1258 swprv - ok

20:11:18.0726 0x1258 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll

20:11:18.0772 0x1258 SysMain - ok

20:11:18.0814 0x1258 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:11:18.0819 0x1258 TabletInputService - ok

20:11:18.0844 0x1258 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

20:11:18.0854 0x1258 TapiSrv - ok

20:11:18.0886 0x1258 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

20:11:18.0891 0x1258 TBS - ok

20:11:19.0007 0x1258 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

20:11:19.0053 0x1258 Tcpip - ok

20:11:19.0118 0x1258 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

20:11:19.0161 0x1258 TCPIP6 - ok

20:11:19.0215 0x1258 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

20:11:19.0217 0x1258 tcpipreg - ok

20:11:19.0258 0x1258 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

20:11:19.0259 0x1258 TDPIPE - ok

20:11:19.0285 0x1258 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

20:11:19.0287 0x1258 TDTCP - ok

20:11:19.0343 0x1258 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

20:11:19.0346 0x1258 tdx - ok

20:11:19.0381 0x1258 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys

20:11:19.0384 0x1258 TermDD - ok

20:11:19.0460 0x1258 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll

20:11:19.0479 0x1258 TermService - ok

20:11:19.0508 0x1258 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

20:11:19.0511 0x1258 Themes - ok

20:11:19.0542 0x1258 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

20:11:19.0545 0x1258 THREADORDER - ok

20:11:19.0567 0x1258 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

20:11:19.0573 0x1258 TrkWks - ok

20:11:19.0646 0x1258 [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight C:\Windows\System32\drivers\TrueSight.sys

20:11:19.0723 0x1258 TrueSight - ok

20:11:19.0793 0x1258 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:11:19.0798 0x1258 TrustedInstaller - ok

20:11:19.0850 0x1258 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

20:11:19.0852 0x1258 tssecsrv - ok

20:11:19.0892 0x1258 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

20:11:19.0895 0x1258 TsUsbFlt - ok

20:11:19.0935 0x1258 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

20:11:19.0939 0x1258 tunnel - ok

20:11:19.0970 0x1258 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

20:11:19.0973 0x1258 uagp35 - ok

20:11:20.0019 0x1258 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

20:11:20.0029 0x1258 udfs - ok

20:11:20.0061 0x1258 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

20:11:20.0064 0x1258 UI0Detect - ok

20:11:20.0095 0x1258 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

20:11:20.0097 0x1258 uliagpkx - ok

20:11:20.0120 0x1258 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

20:11:20.0122 0x1258 umbus - ok

20:11:20.0148 0x1258 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

20:11:20.0150 0x1258 UmPass - ok

20:11:20.0194 0x1258 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

20:11:20.0204 0x1258 upnphost - ok

20:11:20.0243 0x1258 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

20:11:20.0246 0x1258 usbccgp - ok

20:11:20.0277 0x1258 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

20:11:20.0280 0x1258 usbcir - ok

20:11:20.0304 0x1258 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

20:11:20.0306 0x1258 usbehci - ok

20:11:20.0357 0x1258 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

20:11:20.0366 0x1258 usbhub - ok

20:11:20.0395 0x1258 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys

20:11:20.0397 0x1258 usbohci - ok

20:11:20.0444 0x1258 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

20:11:20.0445 0x1258 usbprint - ok

20:11:20.0478 0x1258 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:11:20.0530 0x1258 USBSTOR - ok

20:11:20.0568 0x1258 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

20:11:20.0569 0x1258 usbuhci - ok

20:11:20.0594 0x1258 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

20:11:20.0599 0x1258 usbvideo - ok

20:11:20.0640 0x1258 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

20:11:20.0644 0x1258 UxSms - ok

20:11:20.0665 0x1258 [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] VaultSvc C:\Windows\system32\lsass.exe

20:11:20.0667 0x1258 VaultSvc - ok

20:11:20.0697 0x1258 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

20:11:20.0698 0x1258 vdrvroot - ok

20:11:20.0758 0x1258 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

20:11:20.0774 0x1258 vds - ok

20:11:20.0812 0x1258 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

20:11:20.0813 0x1258 vga - ok

20:11:20.0836 0x1258 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

20:11:20.0837 0x1258 VgaSave - ok

20:11:20.0881 0x1258 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

20:11:20.0887 0x1258 vhdmp - ok

20:11:20.0911 0x1258 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

20:11:20.0913 0x1258 viaide - ok

20:11:20.0937 0x1258 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

20:11:20.0940 0x1258 volmgr - ok

20:11:20.0989 0x1258 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

20:11:20.0999 0x1258 volmgrx - ok

20:11:21.0025 0x1258 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys

20:11:21.0033 0x1258 volsnap - ok

20:11:21.0082 0x1258 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

20:11:21.0087 0x1258 vsmraid - ok

20:11:21.0181 0x1258 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

20:11:21.0230 0x1258 VSS - ok

20:11:21.0247 0x1258 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

20:11:21.0248 0x1258 vwifibus - ok

20:11:21.0270 0x1258 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

20:11:21.0272 0x1258 vwififlt - ok

20:11:21.0333 0x1258 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

20:11:21.0345 0x1258 W32Time - ok

20:11:21.0372 0x1258 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

20:11:21.0374 0x1258 WacomPen - ok

20:11:21.0409 0x1258 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

20:11:21.0415 0x1258 WANARP - ok

20:11:21.0421 0x1258 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

20:11:21.0425 0x1258 Wanarpv6 - ok

20:11:21.0499 0x1258 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

20:11:21.0533 0x1258 WatAdminSvc - ok

20:11:21.0632 0x1258 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

20:11:21.0675 0x1258 wbengine - ok

20:11:21.0712 0x1258 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

20:11:21.0719 0x1258 WbioSrvc - ok

20:11:21.0767 0x1258 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

20:11:21.0778 0x1258 wcncsvc - ok

20:11:21.0802 0x1258 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

20:11:21.0806 0x1258 WcsPlugInService - ok

20:11:21.0843 0x1258 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys

20:11:21.0844 0x1258 Wd - ok

20:11:21.0905 0x1258 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

20:11:21.0925 0x1258 Wdf01000 - ok

20:11:21.0951 0x1258 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

20:11:21.0956 0x1258 WdiServiceHost - ok

20:11:21.0963 0x1258 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

20:11:21.0967 0x1258 WdiSystemHost - ok

20:11:22.0013 0x1258 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll

20:11:22.0022 0x1258 WebClient - ok

20:11:22.0063 0x1258 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

20:11:22.0083 0x1258 Wecsvc - ok

20:11:22.0106 0x1258 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

20:11:22.0111 0x1258 wercplsupport - ok

20:11:22.0126 0x1258 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

20:11:22.0130 0x1258 WerSvc - ok

20:11:22.0161 0x1258 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

20:11:22.0164 0x1258 WfpLwf - ok

20:11:22.0200 0x1258 [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

20:11:22.0205 0x1258 WimFltr - ok

20:11:22.0227 0x1258 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

20:11:22.0228 0x1258 WIMMount - ok

20:11:22.0264 0x1258 WinDefend - ok

20:11:22.0282 0x1258 WinHttpAutoProxySvc - ok

20:11:22.0345 0x1258 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

20:11:22.0352 0x1258 Winmgmt - ok

20:11:22.0453 0x1258 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll

20:11:22.0506 0x1258 WinRM - ok

20:11:22.0566 0x1258 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

20:11:22.0593 0x1258 WinUsb - ok

20:11:22.0657 0x1258 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

20:11:22.0681 0x1258 Wlansvc - ok

20:11:22.0736 0x1258 [ 13B0A570E1AE451C92DA550085D72CF3, 4C67F000EE65B3B1DF17D228C93E9F2D3E13EAB2FD125806A16F70FF365097AC ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

20:11:22.0758 0x1258 wltrysvc - ok

20:11:22.0797 0x1258 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

20:11:22.0798 0x1258 WmiAcpi - ok

20:11:22.0829 0x1258 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

20:11:22.0834 0x1258 wmiApSrv - ok

20:11:22.0859 0x1258 WMPNetworkSvc - ok

20:11:22.0891 0x1258 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

20:11:22.0894 0x1258 WPCSvc - ok

20:11:22.0927 0x1258 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

20:11:22.0932 0x1258 WPDBusEnum - ok

20:11:22.0957 0x1258 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

20:11:22.0958 0x1258 ws2ifsl - ok

20:11:22.0972 0x1258 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll

20:11:22.0978 0x1258 wscsvc - ok

20:11:22.0983 0x1258 WSearch - ok

20:11:23.0193 0x1258 [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv C:\Windows\system32\wuaueng.dll

20:11:23.0261 0x1258 wuauserv - ok

20:11:23.0298 0x1258 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

20:11:23.0302 0x1258 WudfPf - ok

20:11:23.0364 0x1258 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

20:11:23.0368 0x1258 WUDFRd - ok

20:11:23.0408 0x1258 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

20:11:23.0412 0x1258 wudfsvc - ok

20:11:23.0454 0x1258 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll

20:11:23.0462 0x1258 WwanSvc - ok

20:11:23.0515 0x1258 [ 64F88AF327AA74E03658AE32B48CCB8B, 52C8941D96F2EF89BBC4A4268DC59E5BC89AE2DAB199C13BBFF11C2606BE7FFA ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

20:11:23.0525 0x1258 yukonw7 - ok

20:11:23.0535 0x1258 ================ Scan global ===============================

20:11:23.0598 0x1258 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll

20:11:23.0645 0x1258 [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll

20:11:23.0700 0x1258 [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll

20:11:23.0742 0x1258 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

20:11:23.0785 0x1258 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe

20:11:23.0795 0x1258 [ Global ] - ok

20:11:23.0798 0x1258 ================ Scan MBR ==================================

20:11:23.0816 0x1258 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

20:11:24.0049 0x1258 \Device\Harddisk0\DR0 - ok

20:11:24.0052 0x1258 ================ Scan VBR ==================================

20:11:24.0067 0x1258 [ 4B4ACD58C9C7FB28844B28F24CD871DC ] \Device\Harddisk0\DR0\Partition1

20:11:24.0084 0x1258 \Device\Harddisk0\DR0\Partition1 - ok

20:11:24.0092 0x1258 [ 51D992DACF30C7629A7DD61C2A3D08D7 ] \Device\Harddisk0\DR0\Partition2

20:11:24.0094 0x1258 \Device\Harddisk0\DR0\Partition2 - ok

20:11:24.0124 0x1258 [ C578789983D062F709A23FB9DFE47A26 ] \Device\Harddisk0\DR0\Partition3

20:11:24.0126 0x1258 \Device\Harddisk0\DR0\Partition3 - ok

20:11:24.0127 0x1258 ================ Scan generic autorun ======================

20:11:24.0198 0x1258 [ 5FA0584E20C0E983F83FAABBF42DFFFA, 1D153641161EDF341DAB00274F9CB7C642A3679701D18439F44F4AA1119DDD18 ] C:\Program Files\DellTPad\Apoint.exe

20:11:24.0204 0x1258 Apoint - ok

20:11:24.0246 0x1258 [ 5F3D8F0243E653BEDEB9AC6F04B7CF79, 3DD42B81AAACAEA3B1524A3FA0BC4ACE376BFA39C47DA3D546FE72CE557BD096 ] C:\Program Files\IDT\WDM\sttray64.exe

20:11:24.0257 0x1258 SysTrayApp - ok

20:11:24.0287 0x1258 [ 0C575800C1E262CCD193A33AB8A899BA, AC5B7A1ADBB908E27A05A332BD5B1AD98B2F6B01648F9010164DBA2147C95207 ] C:\Windows\system32\igfxtray.exe

20:11:24.0292 0x1258 IgfxTray - ok

20:11:24.0333 0x1258 [ 8128233611A1FF81110CE6C52E8D2F87, 12E1E0BF8247807BBCC0BD8C927B9953162431ABCFEA5AE38BA2B8258AA08839 ] C:\Windows\system32\hkcmd.exe

20:11:24.0344 0x1258 HotKeysCmds - ok

20:11:24.0374 0x1258 [ 1754D88D7558384DECC1395EE2C604EA, 536FB16EB3C5C7E1FC43E78C0C6CF3E26564583ECB9F09630B0AB20979B94B33 ] C:\Windows\system32\igfxpers.exe

20:11:24.0384 0x1258 Persistence - ok

20:11:24.0577 0x1258 [ 1F83CB91A9830038DBE7CD1BA1921205, 8F03FE85B864DF531768B877E90250420B4687B76CEB955E641FD39BE39DF820 ] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe

20:11:24.0754 0x1258 Broadcom Wireless Manager UI - ok

20:11:24.0930 0x1258 [ B60457F40BBF5EAE380FC110B21C4978, CF6EDE7FB081222AC5E980FE37F8C4882D9D70339F02775F661DB405146582AD ] C:\Program Files\Dell\QuickSet\QuickSet.exe

20:11:25.0040 0x1258 QuickSet - ok

20:11:25.0101 0x1258 [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

20:11:25.0105 0x1258 IAAnotif - ok

20:11:25.0224 0x1258 [ DD7B4F9E6B71A599FEF4BD9DA0AE57C2, 6B22356F74F7ED069A3FC39C62326AA98A70D0E860A2EB29A6C46F4077FB567A ] c:\Program Files\Microsoft Security Client\msseces.exe

20:11:25.0258 0x1258 MSC - ok

20:11:25.0277 0x068c Object required for P2P: [ DA0FAEE45D6F03D7647851A20977A7D0 ] MpFilter

20:11:25.0370 0x1258 [ 263DF54E9C61C401FD7FF29A3DA1FDFB, 6F3E594EB3468B1825F510512F5BF7BC2C63CD44887AADB8F4C16600B0633641 ] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

20:11:25.0383 0x1258 Desktop Disc Tool - ok

20:11:25.0426 0x1258 [ 00D1FB0073B4A8BD2989EA8FF4CC792B, 001A26FF51BF6BABF6325983F512CF8D84CADEE1CA36F166A41702D94C1B0841 ] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

20:11:25.0431 0x1258 DellSupportCenter - ok

20:11:25.0494 0x1258 [ C9B67BCB8E384064A8C2263740B0C437, F2609406A84F3A8E256DD250F84A774EF43F92C9F8B373E297A99ACF95B3CCE4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

20:11:25.0508 0x1258 SunJavaUpdateSched - ok

20:11:25.0576 0x1258 [ B99C05C2C0AA671642962CBCCE138660, 3F17B69E226E15E216CCA07A5602529643B315C02C5CAB4C597DA948F105465E ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe

20:11:25.0577 0x1258 DSUpdateLauncher - ok

20:11:25.0602 0x1258 [ 77CBF148C5A7E6B86269E728F425D743, A14B8093D07E3DD51FC1D3217BED834414869A70432387B744F21770D91F126A ] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe

20:11:25.0605 0x1258 STToasterLauncher - ok

20:11:25.0698 0x1258 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

20:11:25.0728 0x1258 Sidebar - ok

20:11:25.0764 0x1258 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

20:11:25.0767 0x1258 mctadmin - ok

20:11:25.0828 0x1258 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

20:11:25.0850 0x1258 Sidebar - ok

20:11:25.0859 0x1258 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

20:11:25.0862 0x1258 mctadmin - ok

20:11:25.0863 0x1258 Waiting for KSN requests completion. In queue: 242

20:11:26.0863 0x1258 Waiting for KSN requests completion. In queue: 242

20:11:27.0863 0x1258 Waiting for KSN requests completion. In queue: 242

20:11:28.0145 0x068c Object send P2P result: true

20:11:28.0147 0x068c Object required for P2P: [ 6D79C8CB73187FBEAAD1F680FADF98D3 ] NisDrv

20:11:28.0865 0x1258 Waiting for KSN requests completion. In queue: 158

20:11:29.0865 0x1258 Waiting for KSN requests completion. In queue: 158

20:11:30.0865 0x1258 Waiting for KSN requests completion. In queue: 158

20:11:30.0997 0x068c Object send P2P result: true

20:11:31.0877 0x1258 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.9.218.0 ), 0x61000 ( enabled : updated )

20:11:31.0937 0x1258 Win FW state via NFP2: enabled ( trusted )

20:11:34.0661 0x1258 ============================================================

20:11:34.0661 0x1258 Scan finished

20:11:34.0661 0x1258 ============================================================

20:11:34.0675 0x0870 Detected object count: 0

20:11:34.0675 0x0870 Actual detected object count: 0

 

 

 

 

 

 

----------------------------

 

AVAST REPORT :

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-05-02 20:20:18
-----------------------------
20:20:18.403    OS Version: Windows x64 6.1.7601 Service Pack 1
20:20:18.403    Number of processors: 2 586 0x170A
20:20:18.404    ComputerName: DRFATHIA-PC  UserName: Dr.Fathia
20:20:19.380    Initialize success
20:20:19.608    VM: initialized successfully
20:20:19.609    VM: Intel CPU virtualization not supported
20:20:34.768    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:20:34.773    Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
20:20:34.920    Disk 0 MBR read successfully
20:20:34.923    Disk 0 MBR scan
20:20:34.925    Disk 0 Windows 7 default MBR code
20:20:34.929    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
20:20:34.936    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
20:20:34.941    Disk 0 Boot: NTFS     code=1
20:20:34.962    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       203434 MB offset 30801920
20:20:34.966    Disk 0 Partition - 00     0F Extended LBA             19999 MB offset 447436800
20:20:35.004    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        19998 MB offset 447438848
20:20:35.126    Disk 0 scanning C:\Windows\system32\drivers
20:20:43.067    Service scanning
20:21:12.033    Modules scanning
20:21:12.046    Disk 0 trace - called modules:
20:21:12.083    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:21:12.089    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031cc460]
20:21:12.096    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e61050]
20:21:12.102    Disk 0 statistics 93704/0/0 @ 5.92 MB/s
20:21:12.110    Scan finished successfully
20:21:23.582    Disk 0 MBR has been saved successfully to "C:\Users\Dr.Fathia\Desktop\MBR.dat"
20:21:23.637    The log file has been saved successfully to "C:\Users\Dr.Fathia\Desktop\aswMBR.txt"

 

 



#14 LyConsigliere

LyConsigliere
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Libya
  • Local time:04:46 PM

Posted 02 May 2016 - 12:25 PM

In response to #11, I've Reset the router so many times, therefore changed the password as much times. So right now it has been a few days without bad IP's. Thought I think the proxy, cookies, website files and history reset you advised did it.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:46 AM

Posted 03 May 2016 - 06:08 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users