Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit or not? addendum to 612015 in 'am i infected'


  • This topic is locked This topic is locked
17 replies to this topic

#1 van_alles

van_alles

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 24 April 2016 - 12:32 PM

Hi all,

 

I posted a problem concerning a rootkit, see here . Through ranchand's remark I found the preparation-guide for postings concerning infection.

 

I complied to the reqs, except: I already ran a lot of tools I could find, among them also combofix (sorry).

 

Then I did a FRST scan with the results below and the attachment.

 

Wont touch the laptop for now.

 

Realy hope someone can help.

 

Nacho.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by admin (administrator) on LT_MARIELLE (24-04-2016 18:53:50)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & Marielle)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1895424 2012-05-01] (Dominik Reichl)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 0
HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-13] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{0E1916C9-7C15-4F62-AE25-431AB46D58A5}: [DhcpNameServer] 192.168.0.10
Tcpip\..\Interfaces\{A39F9271-4775-4892-B89F-E2C3205174DE}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{CDB1EA87-247E-41D4-949E-4A04F75B9B86}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {1BFBDE40-0D75-41BD-BDA3-2556F84801ED} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {1BFBDE40-0D75-41BD-BDA3-2556F84801ED} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> {1BFBDE40-0D75-41BD-BDA3-2556F84801ED} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
Handler: AutorunsDisabled - No CLSID Value
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] ()

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default
FF Session Restore: -> is enabled.
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Extension: BrowserProtect - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\browserprotect@browserprotect.com.xpi [2015-07-10]
FF Extension: NoScript - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-13]
FF Extension: Cookie Controller - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2016-04-13]
FF Extension: WOT - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-21]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-12]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-13] (AVAST Software)
S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-13] (AVAST Software)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-09-03] (Brother Industries Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 stus2x64; C:\Windows\System32\DRIVERS\stusb2ir.sys [47872 2008-01-03] ()
S4 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 18:53 - 2016-04-24 18:54 - 00013068 _____ C:\Users\admin\Desktop\FRST.txt
2016-04-24 18:53 - 2016-04-24 18:53 - 00000000 ____D C:\FRST
2016-04-24 18:52 - 2016-04-24 18:52 - 02375680 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2016-04-24 16:06 - 2016-04-24 16:06 - 00000000 ____D C:\Program Files\Application Verifier
2016-04-24 16:06 - 2016-04-24 16:06 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2016-04-24 16:05 - 2016-04-24 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-04-24 16:05 - 2016-04-24 16:05 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-24 16:05 - 2016-04-24 16:05 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-04-24 15:06 - 2016-04-24 15:06 - 00000000 ____D C:\Users\admin\Downloads\Windows Kits
2016-04-24 14:03 - 2016-04-24 14:10 - 24002120 _____ C:\Users\Marielle\Desktop\RogueKillerX64.exe
2016-04-24 14:01 - 2016-04-24 14:01 - 485534705 _____ C:\Windows\MEMORY.DMP
2016-04-24 14:01 - 2016-04-24 14:01 - 00266288 _____ C:\Windows\Minidump\042416-15943-01.dmp
2016-04-24 12:57 - 2016-04-24 14:04 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-24 12:56 - 2016-04-24 15:01 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-24 11:35 - 2016-04-24 12:41 - 00001483 _____ C:\Users\admin\Desktop\Win32kDiag.txt
2016-04-21 15:37 - 2016-04-21 15:40 - 00000000 ____D C:\cce_linux
2016-04-19 14:19 - 2016-04-19 14:19 - 00020969 _____ C:\ComboFix.txt
2016-04-19 14:04 - 2016-04-19 14:19 - 00000000 ____D C:\Qoobox
2016-04-18 19:40 - 2016-04-18 19:40 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-04-18 19:39 - 2016-04-13 14:25 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-18 11:20 - 2016-04-18 11:20 - 83886080 _____ C:\Windows\system32\config\software.bdkup
2016-04-18 11:20 - 2016-04-18 11:20 - 17563648 _____ C:\Windows\system32\config\system.bdkup
2016-04-18 11:20 - 2016-04-18 11:20 - 00524288 _____ C:\Windows\system32\config\default.bdkup
2016-04-18 11:05 - 2016-04-18 13:05 - 00083228 _____ C:\Users\Marielle\Downloads\factura_16-065.odt
2016-04-17 21:15 - 2016-04-17 21:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-17 20:59 - 2016-04-19 05:36 - 00000000 ____D C:\Program Files\McAfee
2016-04-17 20:58 - 2016-04-17 21:09 - 00000000 ____D C:\Program Files\stinger
2016-04-17 20:57 - 2016-04-17 21:09 - 00000000 ____D C:\Users\admin\Downloads\sting
2016-04-17 20:54 - 2016-04-17 20:55 - 15671264 _____ C:\Users\admin\Downloads\stinger64-epo.zip
2016-04-17 20:54 - 2016-04-17 20:54 - 16563352 _____ (Malwarebytes Corp.) C:\Users\admin\Downloads\mbar-1.09.3.1001.exe
2016-04-16 20:09 - 2016-04-16 20:09 - 00001209 _____ C:\Users\admin\Desktop\cmd.exe - Acceso directo.lnk
2016-04-16 18:55 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-16 18:55 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-16 18:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-16 18:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-16 18:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-16 18:55 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-16 18:55 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-16 18:55 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-16 18:50 - 2016-04-19 05:36 - 00000000 ____D C:\Windows\erdnt
2016-04-16 18:39 - 2016-04-16 18:39 - 00003502 _____ C:\Windows\System32\Tasks\Start PB
2016-04-14 14:22 - 2016-04-14 14:22 - 00000767 _____ C:\Users\Marielle\.recently-used.xbel
2016-04-13 20:51 - 2016-03-11 14:53 - 00380928 _____ C:\Users\admin\Downloads\gmer.exe
2016-04-13 19:24 - 2016-04-13 19:24 - 05660069 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2016-04-13 19:24 - 2016-04-13 19:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\admin\Downloads\rkill.exe
2016-04-13 19:23 - 2016-04-13 19:23 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\admin\Downloads\tdsskiller.exe
2016-04-13 19:09 - 2016-04-13 19:09 - 01907824 _____ (Kaspersky Lab) C:\Users\admin\Downloads\kis16.0.0.614en_8204.exe
2016-04-13 18:27 - 2016-04-13 18:28 - 05200384 _____ (AVAST Software) C:\Users\admin\Downloads\aswmbr.exe
2016-04-13 16:19 - 2016-04-13 18:23 - 00000000 ____D C:\Users\admin\AppData\Local\NPE
2016-04-13 16:11 - 2016-04-13 16:11 - 03088296 _____ (Symantec Corporation) C:\Users\admin\Downloads\NPE.exe
2016-04-13 15:28 - 2016-04-13 15:28 - 00001736 _____ C:\Users\admin\Desktop\PeerBlock.lnk
2016-04-13 14:28 - 2016-04-18 19:40 - 00003062 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1460550506
2016-04-13 14:28 - 2016-04-13 14:28 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-13 14:28 - 2016-04-13 14:28 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-13 14:25 - 2016-04-13 14:25 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-13 14:25 - 2016-04-13 14:24 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-13 12:12 - 2016-04-04 20:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 12:12 - 2016-04-04 20:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 12:12 - 2016-04-02 15:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 12:12 - 2016-03-23 16:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 12:12 - 2016-03-17 20:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 12:12 - 2016-03-17 20:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 12:12 - 2016-03-17 20:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 12:12 - 2016-03-17 20:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 12:12 - 2016-03-16 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 12:12 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 12:12 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 12:12 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 12:12 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 12:12 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 12:12 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 12:12 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 12:12 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 12:12 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-13 12:12 - 2016-02-02 20:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 12:12 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-13 12:11 - 2016-03-18 01:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 12:11 - 2016-03-18 01:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 12:11 - 2016-03-18 01:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 12:11 - 2016-03-18 01:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 12:11 - 2016-03-18 01:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 12:11 - 2016-03-18 01:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 12:11 - 2016-03-18 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 12:11 - 2016-03-18 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 12:11 - 2016-03-18 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 12:11 - 2016-03-18 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 12:11 - 2016-03-18 00:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 12:11 - 2016-03-18 00:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 12:11 - 2016-03-18 00:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 12:11 - 2016-03-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 12:11 - 2016-03-18 00:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 12:11 - 2016-03-18 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 12:11 - 2016-03-18 00:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 12:11 - 2016-03-18 00:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 12:11 - 2016-03-18 00:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 12:11 - 2016-03-18 00:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 12:11 - 2016-03-18 00:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 12:11 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 12:11 - 2016-03-18 00:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 12:11 - 2016-03-18 00:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 12:11 - 2016-03-18 00:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 12:11 - 2016-03-18 00:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 12:11 - 2016-03-18 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 12:11 - 2016-03-18 00:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 12:11 - 2016-03-18 00:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 12:11 - 2016-03-18 00:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 12:11 - 2016-03-18 00:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 12:11 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 12:11 - 2016-03-18 00:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 12:11 - 2016-03-18 00:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 12:11 - 2016-03-18 00:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 12:11 - 2016-03-18 00:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 12:11 - 2016-03-18 00:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 12:11 - 2016-03-18 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 12:11 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 12:11 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 12:11 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 12:11 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 12:11 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 12:11 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 12:11 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 12:11 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 12:11 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 12:11 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 12:11 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 12:11 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 12:11 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00690688 _____ C:\Windows\SysWOW64\adtschema.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00342528 _____ C:\Windows\SysWOW64\certcli.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 12:11 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 12:11 - 2016-03-17 23:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 12:11 - 2016-03-17 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 12:11 - 2016-03-17 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 12:11 - 2016-03-17 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 12:11 - 2016-03-17 23:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 12:11 - 2016-03-17 23:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 12:11 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 12:11 - 2016-03-17 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 12:11 - 2016-03-17 23:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 12:11 - 2016-03-17 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 12:11 - 2016-03-17 23:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 12:11 - 2016-03-17 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 12:11 - 2016-03-17 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 12:11 - 2016-03-17 23:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 12:11 - 2016-03-17 23:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 12:11 - 2016-03-17 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 12:11 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 12:11 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 12:11 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 12:11 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 12:11 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 12:06 - 2016-03-29 19:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 12:06 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 12:04 - 2016-04-13 12:04 - 00067577 _____ C:\Users\Marielle\Downloads\factura_29650_23849091_2010316-00112195_010416.pdf
2016-04-13 12:04 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 12:04 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 12:04 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 12:04 - 2016-03-11 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 12:04 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 12:03 - 2016-03-31 21:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 12:03 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 12:03 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 12:03 - 2016-03-31 02:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 12:03 - 2016-03-31 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 12:03 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 12:03 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 12:03 - 2016-03-31 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 12:03 - 2016-03-31 02:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 12:03 - 2016-03-31 02:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 12:03 - 2016-03-31 02:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 12:03 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 12:03 - 2016-03-31 02:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 12:03 - 2016-03-31 02:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 12:03 - 2016-03-31 02:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 12:03 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 12:03 - 2016-03-31 02:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 12:03 - 2016-03-31 02:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 12:03 - 2016-03-31 02:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 12:03 - 2016-03-31 02:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 12:03 - 2016-03-31 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 12:03 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 12:03 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 12:03 - 2016-03-31 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 12:03 - 2016-03-31 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 12:03 - 2016-03-31 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 12:03 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 12:03 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 12:03 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 12:03 - 2016-03-31 01:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 12:03 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 12:03 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 12:03 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 12:03 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 12:03 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 12:03 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 12:03 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 12:03 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 12:03 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 12:03 - 2016-03-31 01:45 - 00620032 _____ C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 12:03 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 12:03 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 12:03 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 12:03 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 12:03 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 12:03 - 2016-03-31 01:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 12:03 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 12:03 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 12:03 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 12:03 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 12:03 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 12:03 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 12:03 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 12:03 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 12:03 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 12:03 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 12:03 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 12:03 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 12:03 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 12:03 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 12:03 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 12:03 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 12:03 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 12:03 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 12:03 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 12:03 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-12 11:19 - 2016-04-13 10:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-08 12:46 - 2016-04-08 12:46 - 00141519 _____ C:\Users\Marielle\Downloads\certificado(2).pdf
2016-04-05 19:50 - 2016-04-05 19:51 - 00050404 _____ C:\Users\Marielle\Downloads\file(2).pdf
2016-04-05 17:34 - 2016-04-05 17:34 - 00486151 _____ C:\Users\Marielle\Downloads\VerklaringToestemmingReisdocument.pdf
2016-04-05 17:34 - 2016-04-05 17:34 - 00256373 _____ C:\Users\Marielle\Downloads\paspoortaanvraagformulier-180314.pdf
2016-04-04 11:04 - 2016-04-04 11:04 - 00000000 ____D C:\Users\Marielle\AppData\Local\Locktime
2016-04-04 10:56 - 2016-04-12 18:02 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-03-31 21:46 - 2016-03-31 21:46 - 00039585 _____ C:\Users\Marielle\Downloads\ListaMovimientos_453582984_31_3_2016_00AC1GGZ.xls
2016-03-31 16:46 - 2016-03-31 16:46 - 00026493 _____ C:\Users\Marielle\Downloads\ListaMovimientos_435566850_31_3_2016_00AC1GGZ.xls
2016-03-27 22:56 - 2016-03-27 22:56 - 00098284 _____ C:\Users\Marielle\Desktop\Aanmelding lidmaatschap Sietske de Haan.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 16:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-04-24 15:37 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-24 15:37 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-24 15:04 - 2012-07-14 18:00 - 00000000 ____D C:\Program Files\PeerBlock
2016-04-24 14:58 - 2012-07-14 16:42 - 00004002 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1F68158B-8954-42E5-AE3A-578A53F35054}
2016-04-24 14:06 - 2014-08-20 19:38 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-24 14:01 - 2014-10-31 11:56 - 00000000 ____D C:\Windows\Minidump
2016-04-24 14:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-23 17:23 - 2013-03-14 19:14 - 00010829 _____ C:\Users\admin\_viminfo
2016-04-23 17:23 - 2012-07-14 15:13 - 00000000 ____D C:\Users\admin
2016-04-23 16:51 - 2014-08-03 13:38 - 00000000 ____D C:\temp
2016-04-23 11:08 - 2011-07-19 09:45 - 00747986 _____ C:\Windows\system32\perfh00A.dat
2016-04-23 11:08 - 2011-07-19 09:45 - 00159426 _____ C:\Windows\system32\perfc00A.dat
2016-04-23 11:08 - 2009-07-14 07:13 - 01678290 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-23 11:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-23 11:07 - 2012-07-14 15:18 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{700B3432-0F4E-4AB7-90C7-C9E176037E6A}
2016-04-23 11:07 - 2012-07-14 15:15 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2016-04-22 10:52 - 2015-11-13 17:39 - 00000000 ____D C:\Users\Marielle\Desktop\huiskoop
2016-04-21 17:25 - 2013-07-28 18:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\PhotoScape
2016-04-21 17:25 - 2013-01-12 17:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Media Player Classic
2016-04-21 17:24 - 2013-01-13 01:30 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2016-04-19 14:15 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-04-19 14:00 - 2012-10-14 14:41 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-19 13:16 - 2014-08-28 12:38 - 00003076 _____ C:\Windows\System32\Tasks\{0866F128-9407-49D9-8A73-1AB74EDDA6F6}
2016-04-19 13:16 - 2013-10-01 17:46 - 00003082 _____ C:\Windows\System32\Tasks\{4476E90B-A59F-49A2-A386-14043136F311}
2016-04-19 13:15 - 2012-10-14 14:41 - 00003778 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-19 05:36 - 2015-12-21 18:44 - 00000000 ____D C:\ProgramData\SystemExplorer
2016-04-19 05:36 - 2015-12-03 17:35 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-19 05:36 - 2012-07-14 16:41 - 00000000 ____D C:\Users\Marielle
2016-04-19 05:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-18 20:10 - 2015-10-16 11:28 - 00000000 ____D C:\tmp
2016-04-17 21:15 - 2015-12-21 17:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-17 21:14 - 2015-12-21 17:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-17 20:38 - 2012-07-23 10:29 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-17 15:25 - 2013-03-14 17:07 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2016-04-16 10:33 - 2016-01-19 16:31 - 00000000 ____D C:\Users\Marielle\AppData\Roaming\Blink
2016-04-15 16:18 - 2015-09-30 16:00 - 00000000 ____D C:\Users\Marielle\Desktop\koop-verkoop
2016-04-14 13:33 - 2013-07-28 17:12 - 00237056 ___SH C:\Users\Marielle\Thumbs.db
2016-04-14 13:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-04-13 22:27 - 2009-07-14 06:45 - 00332168 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 22:22 - 2014-12-12 10:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 22:00 - 2013-08-17 11:35 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 22:00 - 2012-07-15 18:39 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-13 16:19 - 2011-11-13 17:26 - 00000000 ____D C:\ProgramData\Norton
2016-04-13 15:33 - 2012-11-23 13:09 - 00000000 ____D C:\Users\Marielle\AppData\Local\CrashDumps
2016-04-13 15:28 - 2012-07-14 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2016-04-13 14:26 - 2014-08-20 19:38 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-13 14:25 - 2014-08-20 19:38 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-13 14:25 - 2014-08-20 19:38 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-13 14:25 - 2014-08-20 19:38 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-13 14:25 - 2014-08-20 19:38 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-13 14:25 - 2014-08-20 19:38 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-13 14:25 - 2014-08-20 19:38 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-13 14:25 - 2014-08-20 19:13 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-13 14:24 - 2014-08-20 19:38 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-13 14:24 - 2014-08-20 19:33 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-13 10:26 - 2012-07-14 16:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 10:26 - 2009-07-14 07:08 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-12 18:15 - 2015-12-21 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-12 18:15 - 2015-12-21 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-12 18:05 - 2012-07-14 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2016-04-12 18:05 - 2012-07-14 18:13 - 00000000 ____D C:\Program Files\Process Hacker 2
2016-04-10 14:53 - 2015-08-07 10:04 - 00000000 ____D C:\Users\Marielle\Desktop\baby
2016-04-08 18:04 - 2014-08-17 18:02 - 00000000 ____D C:\Program Files (x86)\Mendeley Desktop
2016-04-08 12:47 - 2013-10-27 12:26 - 00000000 ____D C:\Users\Marielle\AppData\Local\CutePDF Writer
2016-04-08 11:23 - 2012-07-23 10:29 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 11:23 - 2011-07-19 00:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 17:28 - 2016-03-18 11:18 - 00000000 ____D C:\Users\Marielle\Desktop\papeleo
2016-04-06 10:18 - 2010-11-21 05:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-03-28 20:35 - 2012-07-14 18:19 - 00000000 ____D C:\Users\Marielle\AppData\Roaming\KeePass
2016-03-25 17:35 - 2012-10-21 17:49 - 00000000 ____D C:\Users\Marielle\AppData\Roaming\Foxit Software
2016-03-25 12:52 - 2012-07-14 17:08 - 00000000 ____D C:\Users\Marielle\AppData\Roaming\Skype
2016-03-25 10:59 - 2015-04-05 12:58 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-25 10:59 - 2015-04-05 12:58 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2016-02-09 00:29 - 2016-02-09 00:33 - 0000600 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2013-03-15 20:16 - 2013-03-15 20:16 - 0000218 _____ () C:\Users\admin\AppData\Local\recently-used.xbel
2014-10-30 16:32 - 2014-10-30 16:32 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg
2012-10-12 16:40 - 2014-08-20 19:05 - 0005354 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\admin\AppData\Local\Temp\geek_x64.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-12 11:28

==================== End of FRST.txt ============================
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 25 April 2016 - 07:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
Handler: AutorunsDisabled - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: BrowserProtect - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\browserprotect@browserprotect.com.xpi [2015-07-10]
S4 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\browserprotect@browserprotect.com.xpi
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

If the problem persists continue.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#3 van_alles

van_alles
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 25 April 2016 - 10:33 AM

Hi nasdaq,

 

First and foremost: thanks for the reply & support.

 

I followed your instructions as far as possible, but see these remarks:

- after running FRST, windows update still wasn't working and even worse: the adlice site was not accessible anymore.

- to get roguekiller running I downloaded it to another pc and via usb put it directly on the desktop.

- running roguekiller it suggested to run the x64 bit version, which I didn't.

- I did not see the faild login on the router but I will notice you if this happens

- unless you instruct me differently, I prefer to not connect the laptop to the internet anymore and transfer data through usb-stick

 

 

The logs:

 

######## > FSRT < ######

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by admin (2016-04-25 16:40:50) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & Marielle)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-4259917134-2898913634-3455572795-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
Handler: AutorunsDisabled - No CLSID Value
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: BrowserProtect - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\browserprotect@browserprotect.com.xpi [2015-07-10]
S4 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys
[X]
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\browserprotect@browserprotect.com.xpi
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms} => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-4259917134-2898913634-3455572795-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKCR\PROTOCOLS\Handler\AutorunsDisabled" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\browserprotect@browserprotect.com.xpi => path removed successfully
clwvd => service removed successfully
NLNdisMP => service removed successfully
[X] => Error: No automatic fix found for this entry.
"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4rt5x1cj.default\extensions\browserprotect@browserprotect.com.xpi" => not found.

=========  ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach de resoluci¢n de DNS.

========= End of CMD: =========


=========  IPCONFIG /release =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
estn desconectados.

Adaptador de Ethernet Conexi¢n de  rea local:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:

   Sufijo DNS espec¡fico para la conexi¢n. . :
   V¡nculo: direcci¢n IPv6 local. . . : fe80::ceb:a494:9d59:305c%11
   Puerta de enlace predeterminada . . . . . :

Adaptador de t£nel Reusable ISATAP Interface {AEE3FF1C-E0DD-43F9-8426-DF3FD27C3831}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

Adaptador de t£nel Reusable ISATAP Interface {90B531ED-9E41-4259-9E27-7E6DB6C6A793}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

Adaptador de t£nel Conexi¢n de  rea local* 31:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

Adaptador de t£nel Conexi¢n de  rea local* 30:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

========= End of CMD: =========


=========  IPCONFIG /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local mientras los medios
estn desconectados.

Adaptador de Ethernet Conexi¢n de  rea local:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:

   Sufijo DNS espec¡fico para la conexi¢n. . :
   V¡nculo: direcci¢n IPv6 local. . . : fe80::ceb:a494:9d59:305c%11
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.100.7
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.100.1

Adaptador de t£nel Reusable ISATAP Interface {AEE3FF1C-E0DD-43F9-8426-DF3FD27C3831}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

Adaptador de t£nel Reusable ISATAP Interface {90B531ED-9E41-4259-9E27-7E6DB6C6A793}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

Adaptador de t£nel Reusable ISATAP Interface {4257A925-6D68-423B-A9F6-47DB04027A18}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

Adaptador de t£nel Conexi¢n de  rea local* 30:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . :

========= End of CMD: =========

EmptyTemp: => 185.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:41:13 ====
 

 

 

 

######## > RogueKiller.txt < ######

 

RogueKiller V12.1.4.0 [Apr 25 2016] (Free) by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciado en : Modo Normal
Usuario : admin [Administrador]
Started from : C:\Users\admin\Desktop\RogueKiller.exe
Modo : Escanear -- Fecha : 04/25/2016 17:12:25

¤¤¤ Procesos : 0 ¤¤¤

¤¤¤ Registro : 0 ¤¤¤

¤¤¤ Tareas : 0 ¤¤¤

¤¤¤ Archivos : 0 ¤¤¤

¤¤¤ Archivo de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: No cargado [0xc000036b]) ¤¤¤

¤¤¤ Navegadores Web : 0 ¤¤¤

¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543232A7A384 +++++
--- User ---
[MBR] 6e03cebc02b001faddf681c63c948cab
[BSP] f61252db8ac64bb73bfc3a6b4f1896ca : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 190426 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 584960000 | Size: 15556 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 MB
User = LL1 ... OK
User = LL2 ... OK
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 25 April 2016 - 01:21 PM


There could be something wrong with your LAN settings.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#5 van_alles

van_alles
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 25 April 2016 - 04:37 PM

Hi nasdaq,

 

The minitoolbox log.

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01

Ran by admin (administrator) on 25-04-2016 at 23:32:02

Running from "C:\Users\admin\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Model: HP Pavilion CQ57 Notebook PC Manufacturer: Hewlett-Packard

Boot Mode: Normal

***************************************************************************



========================= Flush DNS: ===================================



Configuraci¢n IP de Windows



Se vaci¢ correctamente la cach de resoluci¢n de DNS.



========================= IE Proxy Settings: ==============================



Proxy is not enabled.

No Proxy Server is set.



"Reset IE Proxy Settings": IE Proxy Settings were reset.



========================= FF Proxy Settings: ==============================





"Reset FF Proxy Settings": Firefox Proxy settings were reset.



========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================



Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Conexión de red inalámbrica (Connected)

Realtek PCIe FE Family Controller = Conexión de área local (Media disconnected)

La siguiente DLL de ayuda no se puede cargar: NAPMONTR.DLL.





# ----------------------------------

# Configuraci¢n de IPv4

# ----------------------------------

pushd interface ipv4



reset

set global icmpredirects=enabled





popd

# Fin de la configuraci¢n de IPv4







Configuraci¢n IP de Windows



   Nombre de host. . . . . . . . . : LT_Marielle

   Sufijo DNS principal  . . . . . :

   Tipo de nodo. . . . . . . . . . : h¡brido

   Enrutamiento IP habilitado. . . : no

   Proxy WINS habilitado . . . . . : no



Adaptador de Ethernet Conexi¢n de  rea local:



   Estado de los medios. . . . . . . . . . . : medios desconectados

   Sufijo DNS espec¡fico para la conexi¢n. . :

   Descripci¢n . . . . . . . . . . . . . . . : Realtek PCIe FE Family Controller

   Direcci¢n f¡sica. . . . . . . . . . . . . : 2C-76-8A-E5-16-C7

   DHCP habilitado . . . . . . . . . . . . . : s¡

   Configuraci¢n autom tica habilitada . . . : s¡



Adaptador de LAN inal mbrica Conexi¢n de red inal mbrica:



   Sufijo DNS espec¡fico para la conexi¢n. . :

   Descripci¢n . . . . . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter

   Direcci¢n f¡sica. . . . . . . . . . . . . : 74-DE-2B-04-85-5A

   DHCP habilitado . . . . . . . . . . . . . : s¡

   Configuraci¢n autom tica habilitada . . . : s¡

   V¡nculo: direcci¢n IPv6 local. . . : fe80::ceb:a494:9d59:305c%11(Preferido)

   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.100.7(Preferido)

   M scara de subred . . . . . . . . . . . . : 255.255.255.0

   Concesi¢n obtenida. . . . . . . . . . . . : lunes, 25 de abril de 2016 16:42:38

   La concesi¢n expira . . . . . . . . . . . : jueves, 28 de abril de 2016 23:31:38

   Puerta de enlace predeterminada . . . . . : 192.168.100.1

   Servidor DHCP . . . . . . . . . . . . . . : 192.168.100.1

   IAID DHCPv6 . . . . . . . . . . . . . . . : 242540075

   DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-16-51-97-73-74-DE-2B-04-85-5A

   Servidores DNS. . . . . . . . . . . . . . : 2111:3c:123:0:c:135:9a:a15

                                       2111:3c:123:0:3bc6:a:9cc:518

                                       192.168.100.1

   NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado



Adaptador de t£nel Reusable ISATAP Interface {AEE3FF1C-E0DD-43F9-8426-DF3FD27C3831}:



   Estado de los medios. . . . . . . . . . . : medios desconectados

   Sufijo DNS espec¡fico para la conexi¢n. . :

   Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #2

   Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP habilitado . . . . . . . . . . . . . : no

   Configuraci¢n autom tica habilitada . . . : s¡



Adaptador de t£nel Reusable ISATAP Interface {90B531ED-9E41-4259-9E27-7E6DB6C6A793}:



   Estado de los medios. . . . . . . . . . . : medios desconectados

   Sufijo DNS espec¡fico para la conexi¢n. . :

   Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft

   Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP habilitado . . . . . . . . . . . . . : no

   Configuraci¢n autom tica habilitada . . . : s¡



Adaptador de t£nel Reusable ISATAP Interface {35ABBD8E-ED8A-4CE2-B1E3-E178844DF0EB}:



   Estado de los medios. . . . . . . . . . . : medios desconectados

   Sufijo DNS espec¡fico para la conexi¢n. . :

   Descripci¢n . . . . . . . . . . . . . . . : Adaptador ISATAP de Microsoft #5

   Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP habilitado . . . . . . . . . . . . . : no

   Configuraci¢n autom tica habilitada . . . : s¡



Adaptador de t£nel Conexi¢n de  rea local* 30:



   Estado de los medios. . . . . . . . . . . : medios desconectados

   Sufijo DNS espec¡fico para la conexi¢n. . :

   Descripci¢n . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Direcci¢n f¡sica. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP habilitado . . . . . . . . . . . . . : no

   Configuraci¢n autom tica habilitada . . . : s¡

Servidor:  UnKnown

Address:  2111:3c:123:0:c:135:9a:a15





Haciendo ping a google.com [216.58.210.174] con 32 bytes de datos:

Respuesta desde 216.58.210.174: bytes=32 tiempo=58ms TTL=56

Respuesta desde 216.58.210.174: bytes=32 tiempo=28ms TTL=56



Estad¡sticas de ping para 216.58.210.174:

    Paquetes: enviados = 2, recibidos = 2, perdidos = 0

    (0% perdidos),

Tiempos aproximados de ida y vuelta en milisegundos:

    M¡nimo = 28ms, M ximo = 58ms, Media = 43ms

Servidor:  UnKnown

Address:  2111:3c:123:0:c:135:9a:a15





Haciendo ping a yahoo.com [98.138.253.109] con 32 bytes de datos:

Respuesta desde 98.138.253.109: bytes=32 tiempo=174ms TTL=44

Respuesta desde 98.138.253.109: bytes=32 tiempo=171ms TTL=44



Estad¡sticas de ping para 98.138.253.109:

    Paquetes: enviados = 2, recibidos = 2, perdidos = 0

    (0% perdidos),

Tiempos aproximados de ida y vuelta en milisegundos:

    M¡nimo = 171ms, M ximo = 174ms, Media = 172ms



Haciendo ping a 127.0.0.1 con 32 bytes de datos:

Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128

Respuesta desde 127.0.0.1: bytes=32 tiempo<1m TTL=128



Estad¡sticas de ping para 127.0.0.1:

    Paquetes: enviados = 2, recibidos = 2, perdidos = 0

    (0% perdidos),

Tiempos aproximados de ida y vuelta en milisegundos:

    M¡nimo = 0ms, M ximo = 0ms, Media = 0ms

===========================================================================

ILista de interfaces

 12...2c 76 8a e5 16 c7 ......Realtek PCIe FE Family Controller

 11...74 de 2b 04 85 5a ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter

  1...........................Software Loopback Interface 1

 22...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft #2

 34...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft

 41...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft #5

 39...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================



IPv4 Tabla de enrutamiento

===========================================================================

Rutas activas:

Destino de red        M scara de red   Puerta de enlace   Interfaz  Mâtrica

          0.0.0.0          0.0.0.0    192.168.100.1    192.168.100.7     25

        127.0.0.0        255.0.0.0      En v¡nculo         127.0.0.1    306

        127.0.0.1  255.255.255.255      En v¡nculo         127.0.0.1    306

  127.255.255.255  255.255.255.255      En v¡nculo         127.0.0.1    306

    192.168.100.0    255.255.255.0      En v¡nculo     192.168.100.7    281

    192.168.100.7  255.255.255.255      En v¡nculo     192.168.100.7    281

  192.168.100.255  255.255.255.255      En v¡nculo     192.168.100.7    281

        224.0.0.0        240.0.0.0      En v¡nculo         127.0.0.1    306

        224.0.0.0        240.0.0.0      En v¡nculo     192.168.100.7    281

  255.255.255.255  255.255.255.255      En v¡nculo         127.0.0.1    306

  255.255.255.255  255.255.255.255      En v¡nculo     192.168.100.7    281

===========================================================================

Rutas persistentes:

  Ninguno



IPv6 Tabla de enrutamiento

===========================================================================

Rutas activas:

 Cuando destino de red mâtrica      Puerta de enlace

  1    306 ::1/128                  En v¡nculo

 11    281 fe80::/64                En v¡nculo

 11    281 fe80::ceb:a494:9d59:305c/128

                                    En v¡nculo

  1    306 ff00::/8                 En v¡nculo

 11    281 ff00::/8                 En v¡nculo

===========================================================================

Rutas persistentes:

  Ninguno

========================= Winsock entries =====================================



Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)



========================= Event log errors: ===============================



Application errors:

==================

Error: (04/25/2016 04:43:06 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/25/2016 04:40:54 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().



Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
El parámetro no es correcto.

.



Error: (04/25/2016 04:40:53 PM) (Source: VSS) (User: )

Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.

.

A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.



Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {24204295-9eed-45b5-9deb-b08254f1b348}



Error: (04/25/2016 03:37:24 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/25/2016 10:35:31 AM) (Source: Application Error) (User: )

Description: Nombre de la aplicación con errores: CompatTelRunner.exe, versión: 10.0.14275.1000, marca de tiempo: 0x56e8dec4

Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7601.23392, marca de tiempo: 0x56eb3604

Código de excepción: 0xc06d007e

Desplazamiento de errores: 0x000000000001a06d

Id. del proceso con errores: 0x2f4

Hora de inicio de la aplicación con errores: 0xCompatTelRunner.exe0

Ruta de acceso de la aplicación con errores: CompatTelRunner.exe1

Ruta de acceso del módulo con errores: CompatTelRunner.exe2

Id. del informe: CompatTelRunner.exe3



Error: (04/25/2016 10:29:19 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/24/2016 04:05:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().



Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
El parámetro no es correcto.

.



Error: (04/24/2016 02:01:46 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/23/2016 04:31:27 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/23/2016 11:07:40 AM) (Source: Application Error) (User: )

Description: Nombre de la aplicación con errores: CompatTelRunner.exe, versión: 10.0.14275.1000, marca de tiempo: 0x56e8dec4

Nombre del módulo con errores: KERNELBASE.dll, versión: 6.1.7601.23392, marca de tiempo: 0x56eb3604

Código de excepción: 0xc06d007e

Desplazamiento de errores: 0x000000000001a06d

Id. del proceso con errores: 0x668

Hora de inicio de la aplicación con errores: 0xCompatTelRunner.exe0

Ruta de acceso de la aplicación con errores: CompatTelRunner.exe1

Ruta de acceso del módulo con errores: CompatTelRunner.exe2

Id. del informe: CompatTelRunner.exe3





System errors:

=============

Error: (04/25/2016 11:32:07 PM) (Source: Service Control Manager) (User: )

Description: El servicio Instalador de módulos de Windows se cerró con el siguiente error:

%%1017



Error: (04/25/2016 11:31:42 PM) (Source: Service Control Manager) (User: )

Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:

%%1058



Error: (04/25/2016 11:31:42 PM) (Source: Service Control Manager) (User: )

Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:

%%1058



Error: (04/25/2016 11:31:42 PM) (Source: Service Control Manager) (User: )

Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error:

%%1058



Error: (04/25/2016 11:31:37 PM) (Source: Service Control Manager) (User: )

Description: El servicio Instalador de módulos de Windows se cerró con el siguiente error:

%%1017



Error: (04/25/2016 11:31:07 PM) (Source: Service Control Manager) (User: )

Description: El servicio Instalador de módulos de Windows se cerró con el siguiente error:

%%1017



Error: (04/25/2016 11:30:37 PM) (Source: Service Control Manager) (User: )

Description: El servicio Instalador de módulos de Windows se cerró con el siguiente error:

%%1017



Error: (04/25/2016 11:30:07 PM) (Source: Service Control Manager) (User: )

Description: El servicio Instalador de módulos de Windows se cerró con el siguiente error:

%%1017



Error: (04/25/2016 11:29:37 PM) (Source: Service Control Manager) (User: )

Description: El servicio Instalador de módulos de Windows se cerró con el siguiente error:

%%1017



Error: (04/25/2016 11:29:07 PM) (Source: Service Control Manager) (User: )

Description: El servicio Instalador de módulos de Windows se cerró con el siguiente error:

%%1017





Microsoft Office Sessions:

=========================

Error: (04/25/2016 04:43:06 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/25/2016 04:40:54 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description:

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
El parámetro no es correcto.



Error: (04/25/2016 04:40:53 PM) (Source: VSS)(User: )

Description: 0x80070005, Acceso denegado.



Operación:
   Recopilando datos del escritor

Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {24204295-9eed-45b5-9deb-b08254f1b348}



Error: (04/25/2016 03:37:24 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/25/2016 10:35:31 AM) (Source: Application Error)(User: )

Description: CompatTelRunner.exe10.0.14275.100056e8dec4KERNELBASE.dll6.1.7601.2339256eb3604c06d007e000000000001a06d2f401d19eccfcab4b87C:\Windows\system32\CompatTelRunner.exeC:\Windows\system32\KERNELBASE.dllab5e5a9b-0ac0-11e6-ae4a-2c768ae516c7



Error: (04/25/2016 10:29:19 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/24/2016 04:05:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description:

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
El parámetro no es correcto.



Error: (04/24/2016 02:01:46 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/23/2016 04:31:27 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (04/23/2016 11:07:40 AM) (Source: Application Error)(User: )

Description: CompatTelRunner.exe10.0.14275.100056e8dec4KERNELBASE.dll6.1.7601.2339256eb3604c06d007e000000000001a06d66801d19d3f92f4d92aC:\Windows\system32\CompatTelRunner.exeC:\Windows\system32\KERNELBASE.dlld3f85f95-0932-11e6-b089-2c768ae516c7





CodeIntegrity Errors:

===================================

  Date: 2016-04-16 19:09:32.955

  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.



  Date: 2016-04-16 19:09:32.752

  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.





**** End of log ****
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 26 April 2016 - 09:13 AM

A number of settings were reset.

If the problem persists I suggest you start a new topic in the Networking forum.
An expert will be able to help you better than I can. This is not my forte.

http://www.bleepingcomputer.com/forums/f/21/networking/

Create a new topic in the forum and post the MiniTool box results.
It's should expedite the matter.

I will leave this topic open for 6 days. If you need to return please

#7 van_alles

van_alles
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 26 April 2016 - 01:36 PM

Hi nasdaq, I'm sorry you can't help me any further. One thing though. I don't really understand why I should post in the network forum. The network is working fine except for the adlice site. The real problem is the daily attempts to login to the router from this laptop. I suspect a rootkit but can't find it. This is normally not something a network expert will be able to solve?

 

Maybe I feel to see something here but isn't his a topic for this forum?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 27 April 2016 - 05:58 AM

The real problem is the daily attempts to login to the router from this laptop

What indicates to you that tis is happening?

Do you have other computers connected to the router?

===

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#9 van_alles

van_alles
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 27 April 2016 - 07:28 AM

Hi nasdaq,

 

In the router log i can see 'faild login from ip <IP>'. This happens daily and only if the laptop is connected to the LAN. If I change the ip of the laptop the router log shows that new ip address. Yes, I have other computers on the lan but to me the above strongly suggests the laptop is infected.

 

Kind regards,

Nacho

 

The logs:

 

13:55:24.0949 0x0c10  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
13:55:49.0644 0x0c10  ============================================================
13:55:49.0644 0x0c10  Current date / time: 2016/04/27 13:55:49.0644
13:55:49.0644 0x0c10  SystemInfo:
13:55:49.0644 0x0c10  
13:55:49.0644 0x0c10  OS Version: 6.1.7601 ServicePack: 1.0
13:55:49.0644 0x0c10  Product type: Workstation
13:55:49.0644 0x0c10  ComputerName: LT_MARIELLE
13:55:49.0644 0x0c10  UserName: admin
13:55:49.0644 0x0c10  Windows directory: C:\Windows
13:55:49.0644 0x0c10  System windows directory: C:\Windows
13:55:49.0644 0x0c10  Running under WOW64
13:55:49.0644 0x0c10  Processor architecture: Intel x64
13:55:49.0644 0x0c10  Number of processors: 2
13:55:49.0644 0x0c10  Page size: 0x1000
13:55:49.0644 0x0c10  Boot type: Normal boot
13:55:49.0644 0x0c10  ============================================================
13:55:50.0034 0x0c10  KLMD registered as C:\Windows\system32\drivers\31075465.sys
13:55:50.0752 0x0c10  System UUID: {ED92B7D8-3DA7-69A3-319C-D4C9DE24FCE5}
13:55:51.0532 0x0c10  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:55:51.0547 0x0c10  ============================================================
13:55:51.0547 0x0c10  \Device\Harddisk0\DR0:
13:55:51.0547 0x0c10  MBR partitions:
13:55:51.0547 0x0c10  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:55:51.0547 0x0c10  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x173ED5C9
13:55:51.0547 0x0c10  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22DDC800, BlocksNum 0x1E62000
13:55:51.0547 0x0c10  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x24C3E800, BlocksNum 0x7EFAB0
13:55:51.0547 0x0c10  ============================================================
13:55:51.0563 0x0c10  C: <-> \Device\Harddisk0\DR0\Partition2
13:55:51.0625 0x0c10  D: <-> \Device\Harddisk0\DR0\Partition3
13:55:51.0641 0x0c10  E: <-> \Device\Harddisk0\DR0\Partition4
13:55:51.0641 0x0c10  ============================================================
13:55:51.0641 0x0c10  Initialize success
13:55:51.0641 0x0c10  ============================================================
13:56:09.0269 0x0ffc  ============================================================
13:56:09.0269 0x0ffc  Scan started
13:56:09.0269 0x0ffc  Mode: Manual;
13:56:09.0269 0x0ffc  ============================================================
13:56:09.0269 0x0ffc  KSN ping started
13:56:12.0202 0x0ffc  KSN ping finished: true
13:56:13.0387 0x0ffc  ================ Scan system memory ========================
13:56:13.0387 0x0ffc  System memory - ok
13:56:13.0387 0x0ffc  ================ Scan services =============================
13:56:13.0559 0x0ffc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:56:13.0575 0x0ffc  1394ohci - ok
13:56:13.0637 0x0ffc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:56:13.0653 0x0ffc  ACPI - ok
13:56:13.0684 0x0ffc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:56:13.0684 0x0ffc  AcpiPmi - ok
13:56:13.0824 0x0ffc  [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:56:13.0855 0x0ffc  AdobeFlashPlayerUpdateSvc - ok
13:56:13.0918 0x0ffc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:56:13.0933 0x0ffc  adp94xx - ok
13:56:14.0011 0x0ffc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:56:14.0027 0x0ffc  adpahci - ok
13:56:14.0043 0x0ffc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:56:14.0058 0x0ffc  adpu320 - ok
13:56:14.0105 0x0ffc  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:56:14.0105 0x0ffc  AeLookupSvc - ok
13:56:14.0183 0x0ffc  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
13:56:14.0183 0x0ffc  AERTFilters - ok
13:56:14.0277 0x0ffc  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
13:56:14.0308 0x0ffc  AFD - ok
13:56:14.0339 0x0ffc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:56:14.0339 0x0ffc  agp440 - ok
13:56:14.0370 0x0ffc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:56:14.0386 0x0ffc  ALG - ok
13:56:14.0433 0x0ffc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:56:14.0433 0x0ffc  aliide - ok
13:56:14.0433 0x0ffc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:56:14.0448 0x0ffc  amdide - ok
13:56:14.0479 0x0ffc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:56:14.0479 0x0ffc  AmdK8 - ok
13:56:14.0511 0x0ffc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:56:14.0511 0x0ffc  AmdPPM - ok
13:56:14.0542 0x0ffc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:56:14.0542 0x0ffc  amdsata - ok
13:56:14.0573 0x0ffc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:56:14.0589 0x0ffc  amdsbs - ok
13:56:14.0620 0x0ffc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:56:14.0620 0x0ffc  amdxata - ok
13:56:14.0682 0x0ffc  [ A9FB80B0BBA6F765F4E691B7AD4963A7, 06BC740AF47ACECEE3707C433357F872EA0D9F2CA1B9FC2489FA3B421A262EF0 ] AppID           C:\Windows\system32\drivers\appid.sys
13:56:14.0682 0x0ffc  AppID - ok
13:56:14.0698 0x0ffc  [ C47B6624AF9AEE4146743DCB133A159D, 10D1E6C9F972C3A8CC304F38B0A52818A78D70B4AF71F6E22CE1773397FC2AB4 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:56:14.0713 0x0ffc  AppIDSvc - ok
13:56:14.0745 0x0ffc  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
13:56:14.0745 0x0ffc  Appinfo - ok
13:56:14.0791 0x0ffc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
13:56:14.0807 0x0ffc  arc - ok
13:56:14.0823 0x0ffc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:56:14.0838 0x0ffc  arcsas - ok
13:56:14.0947 0x0ffc  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:56:14.0963 0x0ffc  aspnet_state - ok
13:56:14.0994 0x0ffc  [ E5328558BE05B811182D59F4089B714B, 4BE87689ED5BFA574BAD227E336E351C27A9BF592EE84DC9B95C8BA57D1D2353 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:56:15.0010 0x0ffc  aswHwid - ok
13:56:15.0072 0x0ffc  [ EEB944CD13080499C1EF5D767528CA5A, 7C10FE6021FF7A2F9DFEE03C194FEE6059887D3B0B5DA9776B0465215A322FDC ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
13:56:15.0072 0x0ffc  aswKbd - ok
13:56:15.0103 0x0ffc  [ A273F835D2AE124272C3BFE466AB2429, 2D2CE3C55D58609BF5BAA1CE7F4511CB71D6C9060CECAD447AB18867516F8356 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:56:15.0119 0x0ffc  aswMonFlt - ok
13:56:15.0135 0x0ffc  [ FF306A66730CA45FEF817941AC9F1084, D9D1BBF8EEA3B7C845447DE74BA27B6748DD670272C27520E58580FBE6F35105 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:56:15.0150 0x0ffc  aswRdr - ok
13:56:15.0181 0x0ffc  [ 0E83A1C5E193D91A0FE921A744EA2DFC, FD189EAB85485B80440DEEB7F31C880B03A802CCCCC7F9A4DAFC84F4EA1DA036 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:56:15.0181 0x0ffc  aswRvrt - ok
13:56:15.0259 0x0ffc  [ 7160A228193B2EC718D369C281294AAD, 5397BD2180F0BD1F6CF857C43B4E04BF478DE5846B9627B91231D1D52A43FA23 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:56:15.0291 0x0ffc  aswSnx - ok
13:56:15.0322 0x0ffc  [ 856ACBBDAEA6D9713C549E719BB6CFCB, 9B2F874AD10CBB9890B2C64ABD584D687D818F79591894C776325950A483426D ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:56:15.0337 0x0ffc  aswSP - ok
13:56:15.0384 0x0ffc  [ 5C2B44C00B9550710B8418A5CF4AB18B, 1888A27F9F705855EF355246C7A4E0C0DB9AFEC9715EE6FB4FDE002C63EA5D3F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:56:15.0400 0x0ffc  aswStm - ok
13:56:15.0431 0x0ffc  [ E460CE13920CF1D88E4967543FB4592C, 284498B2A0C6032A686F41151CABCBB01903EDE4E6D808EB28E3DF284EDE114F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:56:15.0431 0x0ffc  aswVmm - ok
13:56:15.0462 0x0ffc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:56:15.0462 0x0ffc  AsyncMac - ok
13:56:15.0525 0x0ffc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:56:15.0525 0x0ffc  atapi - ok
13:56:15.0681 0x0ffc  [ 36322190763845975E0D001E90687BF2, EA3DB2D112015CA5C744C5A84CDEFF6D02CE7D0E7E6E141AE3E527C2FAB5600E ] athur           C:\Windows\system32\DRIVERS\athurx.sys
13:56:15.0743 0x0ffc  athur - ok
13:56:15.0837 0x0ffc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:56:15.0868 0x0ffc  AudioEndpointBuilder - ok
13:56:15.0883 0x0ffc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:56:15.0915 0x0ffc  AudioSrv - ok
13:56:16.0008 0x0ffc  [ A6F08BF95CC9A5D581532E320EBC95B5, 5A07ABC8857446344E7BC8C7F2246512758A1E7176CFE1516BE68431C9D7DAD3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:56:16.0024 0x0ffc  avast! Antivirus - ok
13:56:16.0071 0x0ffc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:56:16.0086 0x0ffc  AxInstSV - ok
13:56:16.0149 0x0ffc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:56:16.0164 0x0ffc  b06bdrv - ok
13:56:16.0195 0x0ffc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:56:16.0211 0x0ffc  b57nd60a - ok
13:56:16.0305 0x0ffc  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
13:56:16.0351 0x0ffc  BCM43XX - ok
13:56:16.0398 0x0ffc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:56:16.0398 0x0ffc  BDESVC - ok
13:56:16.0429 0x0ffc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:56:16.0445 0x0ffc  Beep - ok
13:56:16.0507 0x0ffc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:56:16.0539 0x0ffc  BFE - ok
13:56:16.0601 0x0ffc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
13:56:16.0632 0x0ffc  BITS - ok
13:56:16.0663 0x0ffc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:56:16.0663 0x0ffc  blbdrive - ok
13:56:16.0695 0x0ffc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:56:16.0710 0x0ffc  bowser - ok
13:56:16.0726 0x0ffc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:56:16.0726 0x0ffc  BrFiltLo - ok
13:56:16.0757 0x0ffc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:56:16.0757 0x0ffc  BrFiltUp - ok
13:56:16.0773 0x0ffc  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:56:16.0773 0x0ffc  BridgeMP - ok
13:56:16.0835 0x0ffc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:56:16.0851 0x0ffc  Browser - ok
13:56:16.0897 0x0ffc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:56:16.0929 0x0ffc  Brserid - ok
13:56:16.0960 0x0ffc  [ 80E52EF092F3DAD03E0EE15E64F97245, D3BAFEBA95C9FC96945F47134F617695B48F5C67E26526D99D8D85DC39737F8A ] BrSerIf         C:\Windows\system32\DRIVERS\BrSerIf.sys
13:56:16.0960 0x0ffc  BrSerIf - ok
13:56:17.0007 0x0ffc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:56:17.0007 0x0ffc  BrSerWdm - ok
13:56:17.0022 0x0ffc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:56:17.0022 0x0ffc  BrUsbMdm - ok
13:56:17.0053 0x0ffc  [ 601CB966FFFEBC6806626DC8E7AA0EF2, 34208A23F48C60C52144C02D4E157D3057E9DE7D46ECB4246A521BEBB261F446 ] BrUsbSer        C:\Windows\system32\DRIVERS\BrUsbSer.sys
13:56:17.0053 0x0ffc  BrUsbSer - ok
13:56:17.0085 0x0ffc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:56:17.0100 0x0ffc  BTHMODEM - ok
13:56:17.0147 0x0ffc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:56:17.0147 0x0ffc  bthserv - ok
13:56:17.0194 0x0ffc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:56:17.0194 0x0ffc  cdfs - ok
13:56:17.0256 0x0ffc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:56:17.0256 0x0ffc  cdrom - ok
13:56:17.0303 0x0ffc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:56:17.0303 0x0ffc  CertPropSvc - ok
13:56:17.0334 0x0ffc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:56:17.0350 0x0ffc  circlass - ok
13:56:17.0428 0x0ffc  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
13:56:17.0428 0x0ffc  CLFS - ok
13:56:17.0521 0x0ffc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:56:17.0537 0x0ffc  clr_optimization_v2.0.50727_32 - ok
13:56:17.0584 0x0ffc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:56:17.0599 0x0ffc  clr_optimization_v2.0.50727_64 - ok
13:56:17.0693 0x0ffc  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:56:17.0693 0x0ffc  clr_optimization_v4.0.30319_32 - ok
13:56:17.0724 0x0ffc  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:56:17.0724 0x0ffc  clr_optimization_v4.0.30319_64 - ok
13:56:17.0771 0x0ffc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:56:17.0771 0x0ffc  CmBatt - ok
13:56:17.0802 0x0ffc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:56:17.0802 0x0ffc  cmdide - ok
13:56:17.0943 0x0ffc  [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG             C:\Windows\system32\Drivers\cng.sys
13:56:17.0974 0x0ffc  CNG - ok
13:56:17.0989 0x0ffc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:56:17.0989 0x0ffc  Compbatt - ok
13:56:18.0036 0x0ffc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:56:18.0036 0x0ffc  CompositeBus - ok
13:56:18.0036 0x0ffc  COMSysApp - ok
13:56:18.0067 0x0ffc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:56:18.0067 0x0ffc  crcdisk - ok
13:56:18.0083 0x0f5c  Object required for P2P: [ E5328558BE05B811182D59F4089B714B ] aswHwid
13:56:18.0145 0x0ffc  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:56:18.0161 0x0ffc  CryptSvc - ok
13:56:18.0255 0x0ffc  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:56:18.0270 0x0ffc  DcomLaunch - ok
13:56:18.0317 0x0ffc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:56:18.0317 0x0ffc  defragsvc - ok
13:56:18.0364 0x0ffc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:56:18.0364 0x0ffc  DfsC - ok
13:56:18.0395 0x0ffc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:56:18.0411 0x0ffc  Dhcp - ok
13:56:18.0551 0x0ffc  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
13:56:18.0613 0x0ffc  DiagTrack - ok
13:56:18.0629 0x0ffc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:56:18.0629 0x0ffc  discache - ok
13:56:18.0676 0x0ffc  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
13:56:18.0691 0x0ffc  Disk - ok
13:56:18.0723 0x0ffc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:56:18.0723 0x0ffc  Dnscache - ok
13:56:18.0754 0x0ffc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:56:18.0769 0x0ffc  dot3svc - ok
13:56:18.0847 0x0ffc  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:56:18.0863 0x0ffc  Dot4 - ok
13:56:18.0894 0x0ffc  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:56:18.0894 0x0ffc  Dot4Print - ok
13:56:18.0941 0x0ffc  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
13:56:18.0941 0x0ffc  dot4usb - ok
13:56:18.0972 0x0ffc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:56:18.0988 0x0ffc  DPS - ok
13:56:19.0035 0x0ffc  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:56:19.0035 0x0ffc  drmkaud - ok
13:56:19.0128 0x0ffc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:56:19.0175 0x0ffc  DXGKrnl - ok
13:56:19.0222 0x0ffc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:56:19.0237 0x0ffc  EapHost - ok
13:56:19.0409 0x0ffc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:56:19.0534 0x0ffc  ebdrv - ok
13:56:19.0596 0x0ffc  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] EFS             C:\Windows\System32\lsass.exe
13:56:19.0596 0x0ffc  EFS - ok
13:56:19.0643 0x0ffc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:56:19.0674 0x0ffc  elxstor - ok
13:56:19.0674 0x0ffc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:56:19.0690 0x0ffc  ErrDev - ok
13:56:19.0752 0x0ffc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:56:19.0768 0x0e70  Object required for P2P: [ 7160A228193B2EC718D369C281294AAD ] aswSnx
13:56:19.0768 0x0ffc  EventSystem - ok
13:56:19.0799 0x0ffc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:56:19.0799 0x0ffc  exfat - ok
13:56:19.0830 0x0ffc  ezSharedSvc - ok
13:56:19.0861 0x0ffc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:56:19.0877 0x0ffc  fastfat - ok
13:56:19.0924 0x0ffc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:56:19.0955 0x0ffc  Fax - ok
13:56:19.0971 0x0ffc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
13:56:19.0971 0x0ffc  fdc - ok
13:56:20.0017 0x0ffc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:56:20.0033 0x0ffc  fdPHost - ok
13:56:20.0033 0x0ffc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:56:20.0033 0x0ffc  FDResPub - ok
13:56:20.0080 0x0ffc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:56:20.0080 0x0ffc  FileInfo - ok
13:56:20.0095 0x0ffc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:56:20.0095 0x0ffc  Filetrace - ok
13:56:20.0111 0x0ffc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:56:20.0111 0x0ffc  flpydisk - ok
13:56:20.0158 0x0ffc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:56:20.0158 0x0ffc  FltMgr - ok
13:56:20.0267 0x0ffc  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
13:56:20.0314 0x0ffc  FontCache - ok
13:56:20.0361 0x0ffc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:56:20.0361 0x0ffc  FontCache3.0.0.0 - ok
13:56:20.0392 0x0ffc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:56:20.0392 0x0ffc  FsDepends - ok
13:56:20.0423 0x0ffc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:56:20.0423 0x0ffc  Fs_Rec - ok
13:56:20.0485 0x0ffc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:56:20.0501 0x0ffc  fvevol - ok
13:56:20.0517 0x0ffc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:56:20.0532 0x0ffc  gagp30kx - ok
13:56:20.0595 0x0ffc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:56:20.0626 0x0ffc  gpsvc - ok
13:56:20.0657 0x0ffc  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
13:56:20.0657 0x0ffc  grmnusb - ok
13:56:20.0673 0x0ffc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:56:20.0688 0x0ffc  hcw85cir - ok
13:56:20.0735 0x0ffc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:56:20.0751 0x0ffc  HdAudAddService - ok
13:56:20.0782 0x0ffc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:56:20.0782 0x0ffc  HDAudBus - ok
13:56:20.0813 0x0ffc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:56:20.0829 0x0ffc  HidBatt - ok
13:56:20.0844 0x0ffc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:56:20.0860 0x0ffc  HidBth - ok
13:56:20.0891 0x0ffc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:56:20.0891 0x0ffc  HidIr - ok
13:56:20.0922 0x0ffc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
13:56:20.0922 0x0ffc  hidserv - ok
13:56:20.0985 0x0ffc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:56:21.0000 0x0ffc  HidUsb - ok
13:56:21.0031 0x0ffc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:56:21.0047 0x0ffc  hkmsvc - ok
13:56:21.0063 0x0ffc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:56:21.0078 0x0ffc  HomeGroupListener - ok
13:56:21.0109 0x0ffc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:56:21.0125 0x0ffc  HomeGroupProvider - ok
13:56:21.0250 0x0ffc  [ 170233B8D743EFE35F462A5D516B93E3, 469CD3A5DE0CB6E7068F3670DA95FCF46544546AB72B1A508B3A3CA3B8598802 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:56:21.0250 0x0ffc  HP Support Assistant Service - ok
13:56:21.0343 0x0ffc  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:56:21.0359 0x0f5c  Object send P2P result: true
13:56:21.0359 0x0ffc  HPClientSvc - ok
13:56:21.0421 0x0ffc  [ 6F4A95D54243572DEB7E7439C917F875, D7B3BCCDCE7D78A40E4B9414DE0A0102133527FEA57B48305B1D19F2D78AB744 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:56:21.0437 0x0ffc  HPDrvMntSvc.exe - ok
13:56:21.0687 0x0ffc  [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:56:21.0702 0x0ffc  hpqcxs08 - ok
13:56:21.0733 0x0ffc  [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:56:21.0733 0x0ffc  hpqddsvc - ok
13:56:21.0796 0x0ffc  [ 5EC22CEC65AA3C2C38327472FD5A27D2, 1AB5E2F2B0F0F5658A793A6179B1C513AE6BDE5753A468FF646143C4C3F3AFC2 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:56:21.0827 0x0ffc  hpqwmiex - ok
13:56:21.0858 0x0ffc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:56:21.0858 0x0ffc  HpSAMD - ok
13:56:21.0967 0x0ffc  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:56:21.0999 0x0ffc  HTTP - ok
13:56:22.0030 0x0ffc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:56:22.0030 0x0ffc  hwpolicy - ok
13:56:22.0061 0x0ffc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:56:22.0061 0x0ffc  i8042prt - ok
13:56:22.0123 0x0ffc  [ F7CE9BE72EDAC499B713ECA6DAE5D26F, AF158C8ADF0815C406435AB051C8D8DD0ECBDBA8644CB75D7611980D70662193 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:56:22.0139 0x0ffc  iaStor - ok
13:56:22.0248 0x0ffc  [ B25F192EA1F84A316EB7C19EFCCCF33D, 00BACE87CCA40722FF3AD7243439201CDCC23D0BA01E25F928BF63DA12816F8F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:56:22.0264 0x0ffc  IAStorDataMgrSvc - ok
13:56:22.0295 0x0ffc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:56:22.0311 0x0ffc  iaStorV - ok
13:56:22.0482 0x0ffc  [ E4693409D06785477A49FB34AFAE1B92, 3855CE03672D73084BBAC219F2B350CF22608A82828F82A9E842034F6A975F14 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
13:56:22.0669 0x0ffc  IconMan_R - ok
13:56:22.0701 0x0e70  Object send P2P result: true
13:56:22.0716 0x0e70  Object required for P2P: [ 856ACBBDAEA6D9713C549E719BB6CFCB ] aswSP
13:56:22.0794 0x0ffc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:56:22.0825 0x0ffc  idsvc - ok
13:56:22.0841 0x0ffc  IEEtwCollectorService - ok
13:56:23.0465 0x0ffc  [ 370C2A8629B30F910F740387795DDC6F, 7D2D69F0BC12E86236014003EEA7479BD0FDE9A469459B6550DC3AED07A02030 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:56:23.0964 0x0ffc  igfx - ok
13:56:24.0011 0x0ffc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:56:24.0011 0x0ffc  iirsp - ok
13:56:24.0120 0x0ffc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:56:24.0151 0x0ffc  IKEEXT - ok
13:56:24.0307 0x0ffc  [ 336C3A6BF14D5A9AF35AF07C6B6B29CD, 44344C077F4855193277CA9A4058826252853BA241A296D6A7DB1AD32215D266 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:56:24.0417 0x0ffc  IntcAzAudAddService - ok
13:56:24.0432 0x0ffc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:56:24.0432 0x0ffc  intelide - ok
13:56:24.0463 0x0ffc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:56:24.0463 0x0ffc  intelppm - ok
13:56:24.0495 0x0ffc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:56:24.0495 0x0ffc  IPBusEnum - ok
13:56:24.0526 0x0ffc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:56:24.0541 0x0ffc  IpFilterDriver - ok
13:56:24.0604 0x0ffc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:56:24.0619 0x0ffc  iphlpsvc - ok
13:56:24.0651 0x0ffc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:56:24.0666 0x0ffc  IPMIDRV - ok
13:56:24.0682 0x0ffc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:56:24.0697 0x0ffc  IPNAT - ok
13:56:24.0729 0x0ffc  [ 05360B1EA5A2ABF620D1D96EBD8BD8F1, 226185C9ED1F6367BE4937734FF528D1EAAC1F0F85E4735EE66B244C15FC8EAF ] irda            C:\Windows\system32\DRIVERS\irda.sys
13:56:24.0729 0x0ffc  irda - ok
13:56:24.0760 0x0ffc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:56:24.0775 0x0ffc  IRENUM - ok
13:56:24.0822 0x0ffc  [ 3848384AB383F0A8F506C4370635C1F9, A18BAAAD42CFC5B33D8108875D1FC1A424351B6901798E7B2A5EB82C4C0F89AC ] Irmon           C:\Windows\System32\irmon.dll
13:56:24.0838 0x0ffc  Irmon - ok
13:56:24.0869 0x0ffc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:56:24.0869 0x0ffc  isapnp - ok
13:56:24.0931 0x0ffc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:56:24.0947 0x0ffc  iScsiPrt - ok
13:56:24.0978 0x0ffc  [ BD5BF20EC242E003A2F570B8754A56D1, B4B3492222E98BF8E6EC453E727187FF4AA50A508D1E88A0CBBD5C46355AE492 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
13:56:24.0978 0x0ffc  ivusb - ok
13:56:25.0009 0x0ffc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:56:25.0009 0x0ffc  kbdclass - ok
13:56:25.0041 0x0ffc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:56:25.0056 0x0ffc  kbdhid - ok
13:56:25.0072 0x0ffc  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] KeyIso          C:\Windows\system32\lsass.exe
13:56:25.0087 0x0ffc  KeyIso - ok
13:56:25.0134 0x0ffc  [ B6C2FA7F5E5BC1A488A57C6344D29D64, 857245D664CF9ED8121E2087D73F85DA3FED721484DDC6B51AF6A344EC29A27F ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:56:25.0150 0x0ffc  KSecDD - ok
13:56:25.0181 0x0ffc  [ FB4397DDCC732DB6A7B33B747C7EB708, AD8B9500AAE12C1507B982B74B86731BE75AFAC7F64538332A380AC43EDEC271 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:56:25.0181 0x0ffc  KSecPkg - ok
13:56:25.0212 0x0ffc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:56:25.0212 0x0ffc  ksthunk - ok
13:56:25.0259 0x0ffc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:56:25.0275 0x0ffc  KtmRm - ok
13:56:25.0337 0x0ffc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:56:25.0353 0x0ffc  LanmanServer - ok
13:56:25.0384 0x0ffc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:56:25.0384 0x0ffc  LanmanWorkstation - ok
13:56:25.0431 0x0ffc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:56:25.0431 0x0ffc  lltdio - ok
13:56:25.0477 0x0ffc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:56:25.0493 0x0ffc  lltdsvc - ok
13:56:25.0493 0x0ffc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:56:25.0509 0x0ffc  lmhosts - ok
13:56:25.0587 0x0ffc  [ D7E0BED3EA21D7BDDD410ADE51708D90, 417A9A765E50ACCAE030B37F317217C9DB366BB1503A328D064A41ACDD00AFD8 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:56:25.0602 0x0ffc  LMS - ok
13:56:25.0680 0x0ffc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:56:25.0696 0x0ffc  LSI_FC - ok
13:56:25.0743 0x0ffc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:56:25.0743 0x0ffc  LSI_SAS - ok
13:56:25.0758 0x0e70  Object send P2P result: true
13:56:25.0758 0x0e70  Object required for P2P: [ A6F08BF95CC9A5D581532E320EBC95B5 ] avast! Antivirus
13:56:25.0758 0x0ffc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:56:25.0758 0x0ffc  LSI_SAS2 - ok
13:56:25.0789 0x0ffc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:56:25.0805 0x0ffc  LSI_SCSI - ok
13:56:25.0867 0x0ffc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:56:25.0867 0x0ffc  luafv - ok
13:56:25.0914 0x0ffc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:56:25.0930 0x0ffc  megasas - ok
13:56:25.0977 0x0ffc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:56:25.0992 0x0ffc  MegaSR - ok
13:56:26.0117 0x0ffc  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:56:26.0117 0x0ffc  MEIx64 - ok
13:56:26.0148 0x0ffc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:56:26.0148 0x0ffc  MMCSS - ok
13:56:26.0164 0x0ffc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:56:26.0179 0x0ffc  Modem - ok
13:56:26.0211 0x0ffc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:56:26.0226 0x0ffc  monitor - ok
13:56:26.0257 0x0ffc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:56:26.0257 0x0ffc  mouclass - ok
13:56:26.0304 0x0ffc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:56:26.0304 0x0ffc  mouhid - ok
13:56:26.0351 0x0ffc  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:56:26.0351 0x0ffc  mountmgr - ok
13:56:26.0429 0x0ffc  [ 63282F5EB7E5BFB58FD1EC93C6ADB457, 25096C4AE319E854153C75DCEC0A67A63F6B05FDD0B49D4D373724B3BF55D665 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:56:26.0445 0x0ffc  MozillaMaintenance - ok
13:56:26.0476 0x0ffc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:56:26.0491 0x0ffc  mpio - ok
13:56:26.0507 0x0ffc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:56:26.0507 0x0ffc  mpsdrv - ok
13:56:26.0554 0x0ffc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:56:26.0601 0x0ffc  MpsSvc - ok
13:56:26.0647 0x0ffc  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:56:26.0663 0x0ffc  MRxDAV - ok
13:56:26.0694 0x0ffc  [ ACEC16415275E1AD6F7983EF472810E3, E5017E157954F6C21AA66233FF2C1A6B1FF3E4685F26648A8A21F2B9718DD97C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:56:26.0710 0x0ffc  mrxsmb - ok
13:56:26.0741 0x0ffc  [ 0F276F2F2018296FABC7BD2BCCAAB40B, 378A36F7282EE9FFEC8A1D5783ECD0A428E0215B1774AAA166C5AA09B3C636F7 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:56:26.0757 0x0ffc  mrxsmb10 - ok
13:56:26.0772 0x0ffc  [ 1D4B7972375052F5B7877A6FD9BE33A0, B3FD235F6FE975F1869436ED1215913F0E8EB1123BB252FD221C35AB1121C3F5 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:56:26.0772 0x0ffc  mrxsmb20 - ok
13:56:26.0788 0x0ffc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:56:26.0788 0x0ffc  msahci - ok
13:56:26.0819 0x0ffc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:56:26.0819 0x0ffc  msdsm - ok
13:56:26.0866 0x0ffc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:56:26.0866 0x0ffc  MSDTC - ok
13:56:26.0881 0x0ffc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:56:26.0881 0x0ffc  Msfs - ok
13:56:26.0913 0x0ffc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:56:26.0913 0x0ffc  mshidkmdf - ok
13:56:26.0944 0x0ffc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:56:26.0944 0x0ffc  msisadrv - ok
13:56:26.0991 0x0ffc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:56:27.0006 0x0ffc  MSiSCSI - ok
13:56:27.0006 0x0ffc  msiserver - ok
13:56:27.0037 0x0ffc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:56:27.0037 0x0ffc  MSKSSRV - ok
13:56:27.0053 0x0ffc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:56:27.0053 0x0ffc  MSPCLOCK - ok
13:56:27.0053 0x0ffc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:56:27.0053 0x0ffc  MSPQM - ok
13:56:27.0084 0x0ffc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:56:27.0100 0x0ffc  MsRPC - ok
13:56:27.0131 0x0ffc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:56:27.0131 0x0ffc  mssmbios - ok
13:56:27.0178 0x0ffc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:56:27.0178 0x0ffc  MSTEE - ok
13:56:27.0193 0x0ffc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:56:27.0193 0x0ffc  MTConfig - ok
13:56:27.0225 0x0ffc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:56:27.0225 0x0ffc  Mup - ok
13:56:27.0287 0x0ffc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:56:27.0303 0x0ffc  napagent - ok
13:56:27.0365 0x0ffc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:56:27.0381 0x0ffc  NativeWifiP - ok
13:56:27.0490 0x0ffc  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:56:27.0521 0x0ffc  NDIS - ok
13:56:27.0552 0x0ffc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:56:27.0552 0x0ffc  NdisCap - ok
13:56:27.0599 0x0ffc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:56:27.0599 0x0ffc  NdisTapi - ok
13:56:27.0615 0x0ffc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:56:27.0615 0x0ffc  Ndisuio - ok
13:56:27.0646 0x0ffc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:56:27.0646 0x0ffc  NdisWan - ok
13:56:27.0661 0x0ffc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:56:27.0661 0x0ffc  NDProxy - ok
13:56:27.0724 0x0ffc  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:56:27.0739 0x0ffc  Net Driver HPZ12 - ok
13:56:27.0771 0x0ffc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:56:27.0771 0x0ffc  NetBIOS - ok
13:56:27.0817 0x0ffc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:56:27.0833 0x0ffc  NetBT - ok
13:56:27.0864 0x0ffc  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] Netlogon        C:\Windows\system32\lsass.exe
13:56:27.0864 0x0ffc  Netlogon - ok
13:56:27.0958 0x0ffc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:56:27.0989 0x0ffc  Netman - ok
13:56:28.0083 0x0ffc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:56:28.0098 0x0ffc  NetMsmqActivator - ok
13:56:28.0129 0x0ffc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:56:28.0145 0x0ffc  NetPipeActivator - ok
13:56:28.0192 0x0ffc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:56:28.0207 0x0ffc  netprofm - ok
13:56:28.0239 0x0ffc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:56:28.0239 0x0ffc  NetTcpActivator - ok
13:56:28.0254 0x0ffc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:56:28.0254 0x0ffc  NetTcpPortSharing - ok
13:56:28.0285 0x0ffc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:56:28.0285 0x0ffc  nfrd960 - ok
13:56:28.0317 0x0ffc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:56:28.0332 0x0ffc  NlaSvc - ok
13:56:28.0363 0x0ffc  NLNdisPT - ok
13:56:28.0395 0x0ffc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:56:28.0395 0x0ffc  Npfs - ok
13:56:28.0426 0x0ffc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:56:28.0426 0x0ffc  nsi - ok
13:56:28.0441 0x0ffc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:56:28.0441 0x0ffc  nsiproxy - ok
13:56:28.0566 0x0ffc  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:56:28.0629 0x0ffc  Ntfs - ok
13:56:28.0660 0x0ffc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:56:28.0660 0x0ffc  Null - ok
13:56:28.0707 0x0ffc  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
13:56:28.0722 0x0ffc  NVENETFD - ok
13:56:28.0722 0x0e70  Object send P2P result: true
13:56:28.0769 0x0ffc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:56:28.0769 0x0ffc  nvraid - ok
13:56:28.0785 0x0ffc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:56:28.0800 0x0ffc  nvstor - ok
13:56:28.0816 0x0ffc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:56:28.0831 0x0ffc  nv_agp - ok
13:56:28.0847 0x0ffc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:56:28.0847 0x0ffc  ohci1394 - ok
13:56:28.0894 0x0ffc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:56:28.0909 0x0ffc  p2pimsvc - ok
13:56:28.0941 0x0ffc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:56:28.0956 0x0ffc  p2psvc - ok
13:56:28.0987 0x0ffc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
13:56:28.0987 0x0ffc  Parport - ok
13:56:29.0019 0x0ffc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:56:29.0019 0x0ffc  partmgr - ok
13:56:29.0081 0x0ffc  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:56:29.0112 0x0ffc  PcaSvc - ok
13:56:29.0143 0x0ffc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:56:29.0159 0x0ffc  pci - ok
13:56:29.0190 0x0ffc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:56:29.0190 0x0ffc  pciide - ok
13:56:29.0221 0x0ffc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:56:29.0237 0x0ffc  pcmcia - ok
13:56:29.0237 0x0ffc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:56:29.0253 0x0ffc  pcw - ok
13:56:29.0331 0x0ffc  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:56:29.0346 0x0ffc  PEAUTH - ok
13:56:29.0424 0x0ffc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:56:29.0424 0x0ffc  PerfHost - ok
13:56:29.0518 0x0ffc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:56:29.0580 0x0ffc  pla - ok
13:56:29.0643 0x0ffc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:56:29.0658 0x0ffc  PlugPlay - ok
13:56:29.0689 0x0ffc  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:56:29.0705 0x0ffc  Pml Driver HPZ12 - ok
13:56:29.0736 0x0ffc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:56:29.0736 0x0ffc  PNRPAutoReg - ok
13:56:29.0783 0x0ffc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:56:29.0799 0x0ffc  PNRPsvc - ok
13:56:29.0845 0x0ffc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:56:29.0861 0x0ffc  PolicyAgent - ok
13:56:29.0908 0x0ffc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:56:29.0939 0x0ffc  Power - ok
13:56:29.0970 0x0ffc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:56:29.0986 0x0ffc  PptpMiniport - ok
13:56:29.0986 0x0ffc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
13:56:30.0001 0x0ffc  Processor - ok
13:56:30.0033 0x0ffc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:56:30.0048 0x0ffc  ProfSvc - ok
13:56:30.0064 0x0ffc  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:56:30.0064 0x0ffc  ProtectedStorage - ok
13:56:30.0095 0x0ffc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:56:30.0095 0x0ffc  Psched - ok
13:56:30.0220 0x0ffc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:56:30.0267 0x0ffc  ql2300 - ok
13:56:30.0298 0x0ffc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:56:30.0298 0x0ffc  ql40xx - ok
13:56:30.0345 0x0ffc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:56:30.0360 0x0ffc  QWAVE - ok
13:56:30.0360 0x0ffc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:56:30.0376 0x0ffc  QWAVEdrv - ok
13:56:30.0391 0x0ffc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:56:30.0391 0x0ffc  RasAcd - ok
13:56:30.0407 0x0ffc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:56:30.0423 0x0ffc  RasAgileVpn - ok
13:56:30.0454 0x0ffc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:56:30.0454 0x0ffc  RasAuto - ok
13:56:30.0485 0x0ffc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:56:30.0501 0x0ffc  Rasl2tp - ok
13:56:30.0532 0x0ffc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:56:30.0547 0x0ffc  RasMan - ok
13:56:30.0579 0x0ffc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:56:30.0579 0x0ffc  RasPppoe - ok
13:56:30.0610 0x0ffc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:56:30.0610 0x0ffc  RasSstp - ok
13:56:30.0641 0x0ffc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:56:30.0641 0x0ffc  rdbss - ok
13:56:30.0657 0x0ffc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
13:56:30.0657 0x0ffc  rdpbus - ok
13:56:30.0672 0x0ffc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:56:30.0688 0x0ffc  RDPCDD - ok
13:56:30.0703 0x0ffc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:56:30.0703 0x0ffc  RDPENCDD - ok
13:56:30.0719 0x0ffc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:56:30.0719 0x0ffc  RDPREFMP - ok
13:56:30.0766 0x0ffc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:56:30.0781 0x0ffc  RDPWD - ok
13:56:30.0828 0x0ffc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:56:30.0844 0x0ffc  rdyboost - ok
13:56:30.0891 0x0ffc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:56:30.0891 0x0ffc  RemoteAccess - ok
13:56:30.0922 0x0ffc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:56:30.0937 0x0ffc  RemoteRegistry - ok
13:56:30.0953 0x0ffc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:56:30.0969 0x0ffc  RpcEptMapper - ok
13:56:30.0984 0x0ffc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:56:31.0000 0x0ffc  RpcLocator - ok
13:56:31.0078 0x0ffc  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
13:56:31.0093 0x0ffc  RpcSs - ok
13:56:31.0156 0x0ffc  [ 546D7F426776090B90EF5F195B6AE662, E67598E1CA5F98184DD7380E7AFD65C18C99EDC3326909EBFF2A61F95C3A027D ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
13:56:31.0171 0x0ffc  RSPCIESTOR - ok
13:56:31.0203 0x0ffc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:56:31.0218 0x0ffc  rspndr - ok
13:56:31.0265 0x0ffc  [ 3372196F61AF48503656EF6AA3E92D1B, 47816E28E9DE9F9698A47D7C7782D2F9E62D51A7BC92F91F2B23F818C61F2020 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:56:31.0281 0x0ffc  RTL8167 - ok
13:56:31.0390 0x0ffc  [ 507B708A731DED6B992E3F664A93288B, C226FB652EDC7B36B2206A61C330AB9F790031B024BFE298F2851E05566BE6E4 ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
13:56:31.0421 0x0ffc  RTL8192Ce - ok
13:56:31.0452 0x0ffc  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] SamSs           C:\Windows\system32\lsass.exe
13:56:31.0452 0x0ffc  SamSs - ok
13:56:31.0468 0x0ffc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:56:31.0468 0x0ffc  sbp2port - ok
13:56:31.0499 0x0ffc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:56:31.0515 0x0ffc  SCardSvr - ok
13:56:31.0530 0x0ffc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:56:31.0546 0x0ffc  scfilter - ok
13:56:31.0639 0x0ffc  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
13:56:31.0686 0x0ffc  Schedule - ok
13:56:31.0717 0x0ffc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:56:31.0717 0x0ffc  SCPolicySvc - ok
13:56:31.0764 0x0ffc  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
13:56:31.0780 0x0ffc  sdbus - ok
13:56:31.0811 0x0ffc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:56:31.0827 0x0ffc  SDRSVC - ok
13:56:31.0889 0x0ffc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:56:31.0889 0x0ffc  secdrv - ok
13:56:31.0936 0x0ffc  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
13:56:31.0951 0x0ffc  seclogon - ok
13:56:31.0983 0x0ffc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
13:56:31.0983 0x0ffc  SENS - ok
13:56:32.0029 0x0ffc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:56:32.0045 0x0ffc  SensrSvc - ok
13:56:32.0061 0x0ffc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:56:32.0061 0x0ffc  Serenum - ok
13:56:32.0092 0x0ffc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
13:56:32.0107 0x0ffc  Serial - ok
13:56:32.0139 0x0ffc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:56:32.0139 0x0ffc  sermouse - ok
13:56:32.0185 0x0ffc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:56:32.0201 0x0ffc  SessionEnv - ok
13:56:32.0232 0x0ffc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:56:32.0232 0x0ffc  sffdisk - ok
13:56:32.0232 0x0ffc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:56:32.0248 0x0ffc  sffp_mmc - ok
13:56:32.0263 0x0ffc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:56:32.0263 0x0ffc  sffp_sd - ok
13:56:32.0295 0x0ffc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:56:32.0295 0x0ffc  sfloppy - ok
13:56:32.0341 0x0ffc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:56:32.0357 0x0ffc  SharedAccess - ok
13:56:32.0388 0x0ffc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:56:32.0404 0x0ffc  ShellHWDetection - ok
13:56:32.0435 0x0ffc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:56:32.0435 0x0ffc  SiSRaid2 - ok
13:56:32.0466 0x0ffc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:56:32.0466 0x0ffc  SiSRaid4 - ok
13:56:32.0544 0x0ffc  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:56:32.0560 0x0ffc  SkypeUpdate - ok
13:56:32.0607 0x0ffc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:56:32.0622 0x0ffc  Smb - ok
13:56:32.0669 0x0ffc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:56:32.0669 0x0ffc  SNMPTRAP - ok
13:56:32.0700 0x0ffc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:56:32.0700 0x0ffc  spldr - ok
13:56:32.0778 0x0ffc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:56:32.0809 0x0ffc  Spooler - ok
13:56:32.0997 0x0ffc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:56:33.0106 0x0ffc  sppsvc - ok
13:56:33.0199 0x0ffc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:56:33.0199 0x0ffc  sppuinotify - ok
13:56:33.0262 0x0ffc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:56:33.0293 0x0ffc  srv - ok
13:56:33.0324 0x0ffc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:56:33.0340 0x0ffc  srv2 - ok
13:56:33.0402 0x0ffc  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:56:33.0418 0x0ffc  SrvHsfHDA - ok
13:56:33.0480 0x0ffc  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:56:33.0543 0x0ffc  SrvHsfV92 - ok
13:56:33.0589 0x0ffc  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:56:33.0621 0x0ffc  SrvHsfWinac - ok
13:56:33.0636 0x0ffc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:56:33.0652 0x0ffc  srvnet - ok
13:56:33.0683 0x0ffc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:56:33.0699 0x0ffc  SSDPSRV - ok
13:56:33.0714 0x0ffc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:56:33.0714 0x0ffc  SstpSvc - ok
13:56:33.0730 0x0ffc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:56:33.0730 0x0ffc  stexstor - ok
13:56:33.0808 0x0ffc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:56:33.0823 0x0ffc  stisvc - ok
13:56:33.0886 0x0ffc  [ 2663DDE5852B05768C526B78FA99E6B6, 925BB1A696B3ABF5434EA4423D3F816D4B7282194CB5EFB4327E21D6271024E0 ] stus2x64        C:\Windows\system32\DRIVERS\stusb2ir.sys
13:56:33.0886 0x0ffc  stus2x64 - ok
13:56:33.0933 0x0ffc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:56:33.0933 0x0ffc  swenum - ok
13:56:33.0979 0x0ffc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:56:34.0011 0x0ffc  swprv - ok
13:56:34.0120 0x0ffc  [ C447977ED2A4AE9346FE3A0579A34D7C, 35A8F13AAB57549BBC1457AD86F44FEF2394E55841A1D6D6C5E029310E02F377 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:56:34.0182 0x0ffc  SynTP - ok
13:56:34.0323 0x0ffc  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
13:56:34.0385 0x0ffc  SysMain - ok
13:56:34.0463 0x0ffc  [ 00068CD7BD0A2BFA6ACC1F75671394FF, BE2235923006B300910404020D8FA3E4B6F4798778E03D1AFD3A04D995411C72 ] SystemExplorerHelpService C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
13:56:34.0494 0x0ffc  SystemExplorerHelpService - ok
13:56:34.0525 0x0ffc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:56:34.0541 0x0ffc  TabletInputService - ok
13:56:34.0557 0x0ffc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:56:34.0572 0x0ffc  TapiSrv - ok
13:56:34.0728 0x0ffc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:56:34.0791 0x0ffc  Tcpip - ok
13:56:34.0900 0x0ffc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:56:34.0947 0x0ffc  TCPIP6 - ok
13:56:35.0009 0x0ffc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:56:35.0009 0x0ffc  tcpipreg - ok
13:56:35.0056 0x0ffc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:56:35.0056 0x0ffc  TDPIPE - ok
13:56:35.0087 0x0ffc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:56:35.0087 0x0ffc  TDTCP - ok
13:56:35.0149 0x0ffc  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:56:35.0149 0x0ffc  tdx - ok
13:56:35.0181 0x0ffc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:56:35.0181 0x0ffc  TermDD - ok
13:56:35.0274 0x0ffc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
13:56:35.0290 0x0ffc  TermService - ok
13:56:35.0337 0x0ffc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:56:35.0337 0x0ffc  Themes - ok
13:56:35.0337 0x0ffc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:56:35.0352 0x0ffc  THREADORDER - ok
13:56:35.0383 0x0ffc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:56:35.0383 0x0ffc  TrkWks - ok
13:56:35.0446 0x0ffc  [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
13:56:35.0461 0x0ffc  truecrypt - ok
13:56:35.0524 0x0ffc  [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
13:56:35.0524 0x0ffc  TrueSight - ok
13:56:35.0586 0x0ffc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:56:35.0602 0x0ffc  TrustedInstaller - ok
13:56:35.0649 0x0ffc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:56:35.0649 0x0ffc  tssecsrv - ok
13:56:35.0680 0x0ffc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:56:35.0695 0x0ffc  TsUsbFlt - ok
13:56:35.0711 0x0ffc  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:56:35.0727 0x0ffc  TsUsbGD - ok
13:56:35.0758 0x0ffc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:56:35.0773 0x0ffc  tunnel - ok
13:56:35.0789 0x0ffc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:56:35.0805 0x0ffc  uagp35 - ok
13:56:35.0836 0x0ffc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:56:35.0851 0x0ffc  udfs - ok
13:56:35.0883 0x0ffc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:56:35.0883 0x0ffc  UI0Detect - ok
13:56:35.0914 0x0ffc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:56:35.0914 0x0ffc  uliagpkx - ok
13:56:35.0961 0x0ffc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:56:35.0976 0x0ffc  umbus - ok
13:56:36.0007 0x0ffc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:56:36.0007 0x0ffc  UmPass - ok
13:56:36.0226 0x0ffc  [ A678E5DDD974903DD71F503BDCACA218, E8ECF79B78CF777066FF31847959A70773665ED2DAAF942B8A1C54BA56F330BA ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:56:36.0335 0x0ffc  UNS - ok
13:56:36.0382 0x0ffc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:56:36.0397 0x0ffc  upnphost - ok
13:56:36.0444 0x0ffc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:56:36.0460 0x0ffc  usbccgp - ok
13:56:36.0507 0x0ffc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:56:36.0522 0x0ffc  usbcir - ok
13:56:36.0553 0x0ffc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:56:36.0569 0x0ffc  usbehci - ok
13:56:36.0616 0x0ffc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:56:36.0647 0x0ffc  usbhub - ok
13:56:36.0678 0x0ffc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:56:36.0694 0x0ffc  usbohci - ok
13:56:36.0709 0x0ffc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:56:36.0709 0x0ffc  usbprint - ok
13:56:36.0756 0x0ffc  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:56:36.0756 0x0ffc  usbscan - ok
13:56:36.0819 0x0ffc  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:56:36.0819 0x0ffc  USBSTOR - ok
13:56:36.0865 0x0ffc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:56:36.0865 0x0ffc  usbuhci - ok
13:56:36.0959 0x0ffc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:56:36.0975 0x0ffc  usbvideo - ok
13:56:37.0006 0x0ffc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:56:37.0006 0x0ffc  UxSms - ok
13:56:37.0021 0x0ffc  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] VaultSvc        C:\Windows\system32\lsass.exe
13:56:37.0021 0x0ffc  VaultSvc - ok
13:56:37.0053 0x0ffc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:56:37.0053 0x0ffc  vdrvroot - ok
13:56:37.0099 0x0ffc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:56:37.0115 0x0ffc  vds - ok
13:56:37.0146 0x0ffc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:56:37.0146 0x0ffc  vga - ok
13:56:37.0162 0x0ffc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:56:37.0162 0x0ffc  VgaSave - ok
13:56:37.0193 0x0ffc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:56:37.0193 0x0ffc  vhdmp - ok
13:56:37.0224 0x0ffc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:56:37.0224 0x0ffc  viaide - ok
13:56:37.0240 0x0ffc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:56:37.0255 0x0ffc  volmgr - ok
13:56:37.0287 0x0ffc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:56:37.0302 0x0ffc  volmgrx - ok
13:56:37.0349 0x0ffc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:56:37.0349 0x0ffc  volsnap - ok
13:56:37.0380 0x0ffc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:56:37.0396 0x0ffc  vsmraid - ok
13:56:37.0505 0x0ffc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:56:37.0552 0x0ffc  VSS - ok
13:56:37.0567 0x0ffc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:56:37.0567 0x0ffc  vwifibus - ok
13:56:37.0614 0x0ffc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:56:37.0614 0x0ffc  vwififlt - ok
13:56:37.0677 0x0ffc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:56:37.0708 0x0ffc  W32Time - ok
13:56:37.0739 0x0ffc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:56:37.0739 0x0ffc  WacomPen - ok
13:56:37.0786 0x0ffc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:56:37.0786 0x0ffc  WANARP - ok
13:56:37.0817 0x0ffc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:56:37.0817 0x0ffc  Wanarpv6 - ok
13:56:37.0926 0x0ffc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:56:37.0973 0x0ffc  WatAdminSvc - ok
13:56:38.0051 0x0ffc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:56:38.0113 0x0ffc  wbengine - ok
13:56:38.0160 0x0ffc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:56:38.0191 0x0ffc  WbioSrvc - ok
13:56:38.0207 0x0ffc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:56:38.0223 0x0ffc  wcncsvc - ok
13:56:38.0238 0x0ffc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:56:38.0254 0x0ffc  WcsPlugInService - ok
13:56:38.0269 0x0ffc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
13:56:38.0269 0x0ffc  Wd - ok
13:56:38.0363 0x0ffc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:56:38.0394 0x0ffc  Wdf01000 - ok
13:56:38.0441 0x0ffc  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:56:38.0441 0x0ffc  WdiServiceHost - ok
13:56:38.0457 0x0ffc  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:56:38.0457 0x0ffc  WdiSystemHost - ok
13:56:38.0519 0x0ffc  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
13:56:38.0550 0x0ffc  WebClient - ok
13:56:38.0581 0x0ffc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:56:38.0597 0x0ffc  Wecsvc - ok
13:56:38.0613 0x0ffc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:56:38.0628 0x0ffc  wercplsupport - ok
13:56:38.0659 0x0ffc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:56:38.0659 0x0ffc  WerSvc - ok
13:56:38.0706 0x0ffc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:56:38.0706 0x0ffc  WfpLwf - ok
13:56:38.0722 0x0ffc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:56:38.0722 0x0ffc  WIMMount - ok
13:56:38.0753 0x0ffc  WinDefend - ok
13:56:38.0769 0x0ffc  WinHttpAutoProxySvc - ok
13:56:38.0831 0x0ffc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:56:38.0847 0x0ffc  Winmgmt - ok
13:56:38.0940 0x0ffc  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
13:56:39.0018 0x0ffc  WinRM - ok
13:56:39.0096 0x0ffc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
13:56:39.0096 0x0ffc  WinUsb - ok
13:56:39.0174 0x0ffc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:56:39.0221 0x0ffc  Wlansvc - ok
13:56:39.0237 0x0ffc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:56:39.0252 0x0ffc  WmiAcpi - ok
13:56:39.0283 0x0ffc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:56:39.0283 0x0ffc  wmiApSrv - ok
13:56:39.0315 0x0ffc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:56:39.0330 0x0ffc  WPCSvc - ok
13:56:39.0346 0x0ffc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:56:39.0361 0x0ffc  WPDBusEnum - ok
13:56:39.0377 0x0ffc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:56:39.0377 0x0ffc  ws2ifsl - ok
13:56:39.0408 0x0ffc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
13:56:39.0424 0x0ffc  wscsvc - ok
13:56:39.0424 0x0ffc  WSearch - ok
13:56:39.0580 0x0ffc  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:56:39.0689 0x0ffc  wuauserv - ok
13:56:39.0736 0x0ffc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:56:39.0736 0x0ffc  WudfPf - ok
13:56:39.0829 0x0ffc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:56:39.0845 0x0ffc  WUDFRd - ok
13:56:39.0876 0x0ffc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:56:39.0876 0x0ffc  wudfsvc - ok
13:56:39.0939 0x0ffc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:56:39.0970 0x0ffc  WwanSvc - ok
13:56:39.0985 0x0ffc  ================ Scan global ===============================
13:56:40.0032 0x0ffc  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
13:56:40.0095 0x0ffc  [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
13:56:40.0126 0x0ffc  [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
13:56:40.0157 0x0ffc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:56:40.0235 0x0ffc  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
13:56:40.0251 0x0ffc  [ Global ] - ok
13:56:40.0251 0x0ffc  ================ Scan MBR ==================================
13:56:40.0266 0x0ffc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:56:40.0594 0x0ffc  \Device\Harddisk0\DR0 - ok
13:56:40.0594 0x0ffc  ================ Scan VBR ==================================
13:56:40.0594 0x0ffc  [ CB5243F48446A7F497823A50AE5FA68D ] \Device\Harddisk0\DR0\Partition1
13:56:40.0594 0x0ffc  \Device\Harddisk0\DR0\Partition1 - ok
13:56:40.0609 0x0ffc  [ 6B51189A6AFADF4B7CDF6AC764BB68D1 ] \Device\Harddisk0\DR0\Partition2
13:56:40.0609 0x0ffc  \Device\Harddisk0\DR0\Partition2 - ok
13:56:40.0641 0x0ffc  [ CEAF2A07EE8C5485F80DFB649431782E ] \Device\Harddisk0\DR0\Partition3
13:56:40.0641 0x0ffc  \Device\Harddisk0\DR0\Partition3 - ok
13:56:40.0672 0x0ffc  [ 54E541B604FBA75DCEEC3ED46B9B1DB8 ] \Device\Harddisk0\DR0\Partition4
13:56:40.0672 0x0ffc  \Device\Harddisk0\DR0\Partition4 - ok
13:56:40.0672 0x0ffc  ================ Scan generic autorun ======================
13:56:41.0031 0x0ffc  [ B3BCDF8DB13D529261745FD8DDCE8A5B, 5C8B550053DD64641B0FBF465FB4FB557CB34FFA8F43F0901E762B4A93FF8A05 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
13:56:41.0233 0x0ffc  RTHDVCPL - ok
13:56:41.0249 0x0ffc  SynTPEnh - ok
13:56:41.0389 0x0ffc  [ 4308DF0291BD229537711BE8B3C9BAE6, C068B0487D211FE6F9DBB3AD78B21B1B9F95B01AE23FBC742AB2B13DF9A447E4 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
13:56:41.0452 0x0ffc  KeePass 2 PreLoad - ok
13:56:41.0842 0x0ffc  [ 9C52D679C44539A7BB6694CA0166D84C, 685B79E1D7BD5DC2474FECBA7C431A57717403DEF957FC823888AE32F5060E6E ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:56:42.0060 0x0ffc  AvastUI.exe - ok
13:56:42.0076 0x0ffc  Waiting for KSN requests completion. In queue: 310
13:56:42.0871 0x057c  Object required for P2P: [ 63282F5EB7E5BFB58FD1EC93C6ADB457 ] MozillaMaintenance
13:56:43.0090 0x0ffc  Waiting for KSN requests completion. In queue: 233
13:56:44.0104 0x0ffc  Waiting for KSN requests completion. In queue: 233
13:56:45.0118 0x0ffc  Waiting for KSN requests completion. In queue: 233
13:56:45.0196 0x0ed8  Object required for P2P: [ 9C52D679C44539A7BB6694CA0166D84C ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:56:45.0804 0x057c  Object send P2P result: true
13:56:46.0132 0x0ffc  Waiting for KSN requests completion. In queue: 1
13:56:47.0146 0x0ffc  Waiting for KSN requests completion. In queue: 1
13:56:48.0160 0x0ffc  Waiting for KSN requests completion. In queue: 1
13:56:48.0253 0x0ed8  Object send P2P result: true
13:56:49.0236 0x0ffc  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.2.2732.0 ), 0x41000 ( enabled : updated )
13:56:49.0252 0x0ffc  Win FW state via NFP2: enabled ( trusted )
13:56:52.0232 0x0ffc  ============================================================
13:56:52.0232 0x0ffc  Scan finished
13:56:52.0232 0x0ffc  ============================================================
13:56:52.0247 0x0b80  Detected object count: 0
13:56:52.0247 0x0b80  Actual detected object count: 0
 

 

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-04-27 14:00:59
-----------------------------
14:00:59.761    OS Version: Windows x64 6.1.7601 Service Pack 1
14:00:59.761    Number of processors: 2 586 0x2A07
14:00:59.761    ComputerName: LT_MARIELLE  UserName: admin
14:01:00.978    Initialize success
14:01:00.993    VM: initialized successfully
14:01:00.993    VM: Intel CPU BiosDisabled
14:01:03.006    AVAST engine defs: 16042700
14:01:28.169    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:01:28.169    Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
14:01:28.309    Disk 0 MBR read successfully
14:01:28.309    Disk 0 MBR scan
14:01:28.309    Disk 0 Windows 7 default MBR code
14:01:28.325    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
14:01:28.325    Disk 0 default boot code
14:01:28.340    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       190426 MB offset 409600
15:01:28.387    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        15556 MB offset 584960000
14:01:28.403    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     4063 MB offset 616818688
14:01:28.512    Disk 0 scanning C:\Windows\system32\drivers
14:01:40.742    Service scanning
14:02:17.309    Modules scanning
14:02:17.309    Disk 0 trace - called modules:
14:02:17.340    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:02:17.356    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006827060]
14:02:17.356    3 CLASSPNP.SYS[fffff88001b0743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004dec050]
14:02:18.136    AVAST engine scan C:\Windows
14:02:20.834    AVAST engine scan C:\Windows\system32
14:05:17.692    AVAST engine scan C:\Windows\system32\drivers
14:05:33.292    AVAST engine scan C:\Users\admin
14:06:48.281    AVAST engine scan C:\ProgramData
14:09:37.276    Disk 0 statistics 3109870/0/0 @ 4,40 MB/s
14:09:37.276    Scan finished successfully
14:16:32.674    Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
14:16:32.674    The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   622bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 27 April 2016 - 01:03 PM

Nothing suspicious on your last logs.

Issue solved here by changing the router's password.
https://discussions.apple.com/thread/6608328?start=0&tstart=0

Make sure also the for security reason your router should use WPA2.

Read about it. Check the manufacturer's site of your router to find additional information.
http://www.howtogeek.com/204697/wi-fi-security-should-you-use-wpa2-aes-wpa2-tkip-or-both/

===

'faild login from ip <IP>' is the <IP> a real IP address?
Is there a time frame as to when this is executed?
If you do not want to post it here send me a Personal Message and will investigate.

#11 van_alles

van_alles
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 27 April 2016 - 03:13 PM

Hi nasdaq,

 

I already use a 125bits generated router password and wpa, tkip&aes. But I changed the router

password to be on the safe site.

 

Below is a relevant part of the router log. The last days there are no entries as

I don't keep the laptop online for long. Note: there seems to be no relation

between booting the laptop and the logins.

 

Kind regards,

Nacho

 

2016-03-11 19:51:56 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-11 19:51:56 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-11 19:51:56 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-13 20:00:58 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-13 20:00:58 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-13 20:00:58 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-16 10:30:12 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-16 10:30:12 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-16 10:30:12 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-17 10:34:00 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-17 10:34:00 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-17 10:34:00 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-20 10:51:43 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-20 10:51:43 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-20 10:51:43 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-21 10:56:50 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-21 10:56:50 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-21 10:56:51 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-22 11:05:17 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-22 11:05:17 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-23 11:13:02 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-23 11:13:02 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-24 15:02:03 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-24 15:02:04 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-24 15:02:04 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-25 16:02:44 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-25 16:02:44 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-27 16:41:31 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-27 16:41:31 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-27 16:41:32 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-28 16:46:36 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-28 16:46:36 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-28 16:46:37 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-29 16:49:48 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-29 16:49:48 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-29 16:49:50 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-30 20:48:31 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-30 20:48:31 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-31 20:57:59 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-31 20:57:59 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-03-31 20:58:00 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-02 06:29:27 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-02 06:29:27 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-02 06:29:29 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-03 11:34:04 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-03 11:34:05 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-04 12:40:24 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-04 12:40:24 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-04 12:40:25 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-05 13:21:41 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-05 13:21:41 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-05 13:21:42 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-06 21:51:05 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-06 21:51:05 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-06 21:51:06 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-08 10:13:26 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-08 10:13:26 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-08 10:13:26 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-09 13:15:33 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-09 13:15:33 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-09 13:15:34 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-10 13:46:26 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-10 13:46:26 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-10 13:46:28 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-11 14:55:17 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-11 14:55:17 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-11 14:55:18 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-12 15:00:24 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-12 15:00:24 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-12 15:00:24 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-13 13:55:36 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-13 13:55:36 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-13 13:55:36 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-13 20:39:04 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-13 20:39:14 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-14 14:18:38 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-14 14:18:38 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-14 14:18:39 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-15 14:43:35 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-15 14:43:35 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-15 14:43:35 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-16 14:56:36 [Error] (,**********) from ip:192.168.100.8 login faild!
2016-04-17 15:02:12 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-17 15:02:12 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-17 15:02:12 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-18 17:37:43 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-18 17:37:43 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-18 17:37:43 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-18 18:50:43 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-18 18:50:43 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-21 18:23:04 [Error] (,**********) from ip:192.168.100.6 login faild!
2016-04-21 18:23:05 [Error] (,**********) from ip:192.168.100.6 login faild!
2016-04-21 18:23:06 [Error] (,**********) from ip:192.168.100.6 login faild!
2016-04-22 13:06:59 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-22 13:06:59 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-22 13:06:59 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-24 17:32:54 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-24 17:32:54 [Error] (,**********) from ip:192.168.100.7 login faild!
2016-04-24 17:32:54 [Error] (,**********) from ip:192.168.100.7 login faild!



#12 van_alles

van_alles
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 27 April 2016 - 03:30 PM

to be precise: WPAWPA2-PSK (TKIP/AES)



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 28 April 2016 - 06:58 AM

I strongly suggest that you start a new topic in the Networking forum as previously suggested in post no.6.

You need to have an expert look at your setting and suggest what may be causing this.
The requests are coming from your LA the ip addesses 192.168.x.x are generated from your computer or computers connected to the LAN.

I will leave this topic open for 6 days. If you need to return please do.

#14 van_alles

van_alles
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:28 AM

Posted 02 May 2016 - 05:43 AM

Hey nasdaq. The router seems to be suspicious so your tip was worth full. Thanks! I can imagine that this also has impact on MS Update Nevertheless, dism and sfc are not working so I'm still wondering if the laptop might be infected. Do you have any of those useful suggestions ?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,594 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 02 May 2016 - 06:43 AM

Nevertheless, dism.ex and sfc.exe are not working so I'm still wondering if the laptop might be infected


Execute this in a Administrator account.
Open Windows explorer locate the .exe files.
Right click on them (one at a time) and run as an Administrator.

If the problem persists run the Farbar tool one more time.
Ensure that the box to create an Addition.txt file is checked.

Post both logs for my review.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users