Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote / control over my network


  • Please log in to reply
15 replies to this topic

#1 dfred2300

dfred2300

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 06 September 2017 - 08:22 PM

I was told to post in this forum instead due to being able to be helped more. And if you look at my forum content I have a ton of screen shots in the previous forum that the administrator told me he to try things but to come here for more networking help. Please see my previous posts. Everything is redirected to a248.akamaozed.net my computer is setup as a dcomm and sql server my ssl certificates are removed and I've formatted and reset my network 30000 times each. Brand new computers Apple Macs win 10. Home and pro. I have zero admin and privledges on any computer and there is a host proxy ip controlling it's a 169.254 address. I have the address in its entirety. But a brand new touch bar Mac with fingerprint doesn't get the 5 packages osfirmware osfirmwareupdate osessentials osinstaller and cpl others I get chunks and the rest fail in the Mac OS install log I don't even have 5 apps that come with sierra that I should and am automatically part of an active directory windows work group fresh out of an install. There is a virtual interface/ connection automatically connected every time I format that I have to manually remove.

This is my original post if you look it up you can find all the screen shots and other scan information / tools run.



am copy and pasting this ending part which I put in the introductory stage. I live 20 feet from my parents perfectly in range for their router so thats why I know that happened, and I know that because a cable guy told me, along with the fact I can not take it out of bridge mode even when I get a message stating it is in bridge mode, if I click router mode the router will not reset. But we all have windows 10, and 1 Macbook pro running Sierra along with iPhone and android phones. This has been going on for over 6-8 months at least. And there has been fraudulent activities with credit cards and other things. But I have done some due diligence, for instance lets say I have 3 devices on my own network, not counting my parents, sometimes it will show 6 or 7. Even if it was counting my parents, if their not home and only my devices are plugged in it'll show 5 or more sometimes. I have traced ip's to other states connected to my computer, and their is a host proxy 169.254 address that bypasses everything that we never set up. I have network tools that state their is a man in the middle attack, and ARP spoofing/attack. I know Mac addresses are spoofed because they will show as ff:ff:ff:ff:ff, or as 01:0f:oo:01:ff things like that. I have zero admin rights over anything of mine connected to the internet, as stated if I give my own MacBook ownership to myself next time I log in it freezes and forces me to format. I have read only on my MacBook Pro and I am actually categorized under "everyone" because if I were to take everyones privileges before I add myself I could not add myself to the permissions list. My windows computers like I said I would have to race the remote shutdown once I turned on bit locker, Nvidia drivers or any drivers would install themselves, all of my SSD's besides my main one running windows were added as removable drives and not fixed data drives. When I took my computer to a friend of mine who is an IT guy for a huge company it actually installed drivers for like the mouse and other things on its own, the razer keyboard drivers which record key clicks almost like a key logger is constantly asked to install if I format in the middle of windows updating that program pops up and is asked to install, my AV trend micro once I switched found it as a virus and removed it, and trend micro also always blocks windows powershell which I have never nor even know how to use from running, in windows 10 settings in update and security where it has developer mode, windows store apps mode, or side load mode, about 10 options get added and one is allow to run as a different user, allow Remote Desktop connections, allow windows powershell script, do not allow computer to sleep, and about 5 more, which have to do with files, Remote Desktop, or powershell. and they have boxes next to them with blue checks, and I can't do anything about it. Now these are added settings in settings on the right side. But this bridge mode thing boggles my mind too. Anytime you change any router setting it resets the router, but I can not get the router to do anything when I click router mode, their is 4 options bridge, router, ap, and 1 other. I don't even know what the other two are but I want router mode in my house, and in my parents, not to have the two connected together.


Fing is showing something called Magic Control Technology right now with an ip 192.168.1.8 and a MAC address of 00:05:1B:60:15:C4. These are what most of the addresses look like lots of 0's and f's

This next portion I already put inside of the intro section but it doesn't hurt to add here.

Hi guys my name is Dan I am from MA, I need some help to fix an issue with my computer / network. It's way over my head, but that is what I came here for, and I can explain a little bit in this forum section.

Hi as stated previously, I have had an absurd amount of networking issues, I have had to format my computer 5000 times, purchased vpn's encrypted everything bit locker, file vault, you name it. I live next door to my parents and our routers are stuck in bridge mode, thus creating an even larger network, and it never goes away. I have zero admin rights or permissions on my Mac, pc, or any phones or computers for anyone in our network. I've gone through at least 30-40 emails because constantly they get changed or the dual authentication phone number is changed, and I can't access it. I bought a brand new ASUS computer and I was told access denied to the c drive, I logged into the hidden admin account still denied, and then somehow then admin account I was using was no longer an admin account it got every single privilege taken away. I am CLUELESS. I have network monitors and it says I have an ARP and Man in the middle attack, thus why I have 10 devices showing when I only have 3 lol. Anyways any help from an expert trust me cuz everyone else I bring this to either geek squad or staples laughs and says "I took networking, that is impossible" Really? well you race who ever is remotely shutting off my pc while I type my bit locker password in, until after the 10th remote shut down I type it in quick enough and tell me that isn't a hacker.

BC AdBot (Login to Remove)

 


#2 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 06 September 2017 - 08:24 PM

My router isn't setup as a router is in ap mode and I can't do anything about it my ip even tho the settNights say dynamic from townisp every single device has the exact same static ip address on every computer phone etc. my router showed teredo with an ip as 192.168.1.5 and skype as 192.168.1.6 and 192.168.1.7. I don't have Skype installed.

#3 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 06 September 2017 - 11:19 PM

I see a lot of words being used in a way that its clear their definitions are unclear to you.

 

You mention a248.akamaozed.net  Perhaps this can give you some info about it

https://community.akamai.com/thread/4998-akamaihdnet-vs-akamaizednet

 

Could you tell us in a few sentences what you would like help with?



#4 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 06 September 2017 - 11:53 PM

Correct lol, hence why I am here. I am sorry though, I was typing in a rant / quick mode I can clarify it better if needed but I definitley have an issue. My system file is in fat32 mode, while the rest of my windows 10 files are ntfs file systems, and from what I read that can cause the read only issue I am having with my mac computer.  Because I lack privledge ownership or any admin rights. And its all on the same home network.  Even if i use the hidden admin account on win 10, I do not have privledges, if I block the ports that are wanted to be used by whomever the entire computer crashes from access denied for every single app, or program/service.  forcing me to restart.  All I am doing is blocking a few ports on the firewall but it always happens when it has to do with dcomm or sql ports.  What is dcomm / sql server? 


How do I block that akamaized thing? 



#5 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 September 2017 - 12:06 AM

Here is the results from the minitoolbox scan another member told me to do. 

Attached Files

  • Attached File  MTB.txt   52.68KB   2 downloads


#6 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 September 2017 - 02:29 AM

Attached File  trendmicroTOOLcmd.PNG   307.75KB   0 downloadsAttached File  trendmicroTOOLcmd.PNG   307.75KB   0 downloadsAttached File  trendmicroTOOLcmd.PNG   307.75KB   0 downloadsAttached File  trendmicroTOOLcmd.PNG   307.75KB   0 downloadsAttached File  trendmicroTOOLcmd.PNG   307.75KB   0 downloads

 

 

Hahha see i am being remoted, they blue screened the part out



#7 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 September 2017 - 02:32 AM

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
# localhost name resolution is handled within DNS itself.
#      127.0.0.1       localhost
#      ::1             localhost
 
 
 
Trend micro tools posted this and


#8 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 September 2017 - 02:37 AM

All of a sudden it wont let me post any add ons, i am telling you my network is remotely hijacked. 

 

I downloaded trend micro's hijack rootkit tool and now I have to manually type this out,

 

HijackThisBeta said this

 

For some reason your system denied write accesss to the Hosts file.  If any hijacked domains are in this file, HijackThis may not be able to fix this.  

 

If this happens you need to edit the file yourself.  To do this, click start, run and type notepad c:windows\system32\drivers\etc\hosts and pres enter. Find the lines. Hijack this reports and delete them. Save the file as 'hosts.' (with quotes), and reboot. For vista and above simply exit hijackthis, right click on hijackthis icon, choose 'run as administrator."

 

 

And it posted that previous post along with a large file consisting of

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:35:54 AM, on 9/7/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Danny\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Danny\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Danny\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
O23 - Service: Intel® Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem14.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Unknown owner - C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 6395 bytes
 

Attached File  hijackthis.log   6.25KB   0 downloads here is the log



#9 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 September 2017 - 02:40 AM

it is asking me to select which ones to fix 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:40:11 AM, on 9/7/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Danny\Downloads\HijackThis.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
F2 - REG:system.ini: UserInit=
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
O23 - Service: Intel® Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem14.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Unknown owner - C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 7258 bytes
 


#10 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 September 2017 - 02:51 AM

what is npf.sys (NT5/6 AMD64) Kernel Driver Riverbed Technologies inc.  Windows blocked the installation of a digitially unsigned driver. Uninstall the program or device that uses the driver and check the publishers website for a digitally signed version of the driver.

 

 

How do i go about this??



#11 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 September 2017 - 03:34 AM

here is kaspersky tdsrootkit scan which has found numerous items throughout the scans idk how to read this stuff though.

 

 

04:31:29.0108 0x1cd8  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
04:31:29.0108 0x1cd8  UEFI system
04:31:31.0156 0x1cd8  ============================================================
04:31:31.0156 0x1cd8  Current date / time: 2017/09/07 04:31:31.0156
04:31:31.0171 0x1cd8  SystemInfo:
04:31:31.0171 0x1cd8  
04:31:31.0171 0x1cd8  OS Version: 10.0.15063 ServicePack: 0.0
04:31:31.0171 0x1cd8  Product type: Workstation
04:31:31.0171 0x1cd8  ComputerName: DANNY-ASUS
04:31:31.0171 0x1cd8  UserName: Danny
04:31:31.0171 0x1cd8  Windows directory: C:\WINDOWS
04:31:31.0171 0x1cd8  System windows directory: C:\WINDOWS
04:31:31.0171 0x1cd8  Running under WOW64
04:31:31.0171 0x1cd8  Processor architecture: Intel x64
04:31:31.0171 0x1cd8  Number of processors: 4
04:31:31.0171 0x1cd8  Page size: 0x1000
04:31:31.0171 0x1cd8  Boot type: Normal boot
04:31:31.0171 0x1cd8  CodeIntegrityOptions = 0x0000C001
04:31:31.0171 0x1cd8  ============================================================
04:31:31.0171 0x1cd8  KLMD ARK init status: drvProperties = 0xFFFF00, osBuild = 15063.0, osProperties = 0x19
04:31:31.0171 0x1cd8  KLMD BG init status: drvProperties = 0xFFFF00, osBuild = 15063.0, osProperties = 0x19
04:31:31.0171 0x1cd8  BG loaded
04:31:33.0307 0x1cd8  System UUID: {070FA378-7E68-F352-E57A-E35A0C41F5A6}
04:31:35.0680 0x1cd8  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:31:35.0696 0x1cd8  ============================================================
04:31:35.0696 0x1cd8  \Device\Harddisk0\DR0:
04:31:35.0716 0x1cd8  GPT partitions:
04:31:35.0716 0x1cd8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4EADAD03-2ACC-4E28-9B7A-1228DE6C9465}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
04:31:35.0716 0x1cd8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D865D2D1-B345-4879-953A-5BC52C68FF3E}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x32000
04:31:35.0716 0x1cd8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {447D2C9E-E574-4526-979C-99F52259F9C2}, Name: Microsoft reserved partition, StartLBA 0x113800, BlocksNum 0x8000
04:31:35.0716 0x1cd8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {724C2A35-2479-46A6-B006-408906DA727B}, Name: Basic data partition, StartLBA 0x11B800, BlocksNum 0xE8B449F2
04:31:35.0716 0x1cd8  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {EAB5A201-82FA-4ED5-911A-81BA00D4A395}, Name: , StartLBA 0xE8C60800, BlocksNum 0x1A7800
04:31:35.0716 0x1cd8  MBR partitions:
04:31:35.0716 0x1cd8  ============================================================
04:31:35.0824 0x1cd8  C: <-> \Device\Harddisk0\DR0\Partition4
04:31:35.0824 0x1cd8  ============================================================
04:31:35.0824 0x1cd8  Initialize success
04:31:35.0824 0x1cd8  ============================================================
04:31:41.0867 0x1b44  ============================================================
04:31:41.0867 0x1b44  Scan started
04:31:41.0867 0x1b44  Mode: Manual; SigCheck; TDLFS; 
04:31:41.0867 0x1b44  ============================================================
04:31:41.0867 0x1b44  KSN ping started
04:31:42.0101 0x1b44  KSN ping finished: true
04:31:57.0258 0x1b44  ================ Scan system memory ========================
04:31:57.0258 0x1b44  System memory - ok
04:31:57.0258 0x1b44  ================ Scan services =============================
04:31:57.0930 0x1b44  1394ohci - ok
04:31:57.0945 0x1b44  3ware - ok
04:31:57.0961 0x1b44  ACPI - ok
04:31:57.0976 0x1b44  AcpiDev - ok
04:31:57.0992 0x1b44  acpiex - ok
04:31:58.0023 0x1b44  acpipagr - ok
04:31:58.0055 0x1b44  AcpiPmi - ok
04:31:58.0055 0x1b44  acpitime - ok
04:31:58.0070 0x1b44  ADP80XX - ok
04:31:58.0070 0x1b44  AFD - ok
04:31:58.0102 0x1b44  ahcache - ok
04:31:58.0117 0x1b44  AJRouter - ok
04:31:58.0148 0x1b44  ALG - ok
04:31:58.0165 0x1b44  AmdK8 - ok
04:31:58.0165 0x1b44  AmdPPM - ok
04:31:58.0180 0x1b44  amdsata - ok
04:31:58.0180 0x1b44  amdsbs - ok
04:31:58.0195 0x1b44  amdxata - ok
04:31:58.0195 0x1b44  AppID - ok
04:31:58.0211 0x1b44  AppIDSvc - ok
04:31:58.0211 0x1b44  Appinfo - ok
04:31:58.0211 0x1b44  applockerfltr - ok
04:31:58.0242 0x1b44  AppReadiness - ok
04:31:58.0289 0x1b44  AppXSvc - ok
04:31:58.0305 0x1b44  arcsas - ok
04:31:58.0336 0x1b44  [ F11C18C6D909F084127E8917095AA86E, 24001D71853DE9B948D877748EA6F27ABF7C97B7A4C1BB515677F1CCF858586D ] AsusPTPDrv      C:\WINDOWS\System32\drivers\AsusPTPFilter.sys
04:31:58.0836 0x1b44  AsusPTPDrv - ok
04:31:58.0852 0x1b44  AsyncMac - ok
04:31:58.0867 0x1b44  atapi - ok
04:31:58.0899 0x1b44  AudioEndpointBuilder - ok
04:31:58.0899 0x1b44  Audiosrv - ok
04:31:58.0914 0x1b44  AxInstSV - ok
04:31:58.0930 0x1b44  b06bdrv - ok
04:31:58.0977 0x1b44  BasicDisplay - ok
04:31:58.0992 0x1b44  BasicRender - ok
04:31:59.0008 0x1b44  bcmfn2 - ok
04:31:59.0023 0x1b44  BDESVC - ok
04:31:59.0055 0x1b44  Beep - ok
04:31:59.0087 0x1b44  BFE - ok
04:31:59.0148 0x1b44  BITS - ok
04:31:59.0148 0x1b44  bowser - ok
04:31:59.0195 0x1b44  BrokerInfrastructure - ok
04:31:59.0273 0x1b44  BthAvrcpTg - ok
04:31:59.0336 0x1b44  BthHFEnum - ok
04:31:59.0383 0x1b44  bthhfhid - ok
04:31:59.0481 0x1b44  BthHFSrv - ok
04:31:59.0481 0x1b44  BTHMODEM - ok
04:31:59.0559 0x1b44  BTHPORT - ok
04:31:59.0612 0x1b44  bthserv - ok
04:31:59.0697 0x1b44  BTHUSB - ok
04:31:59.0697 0x1b44  buttonconverter - ok
04:31:59.0712 0x1b44  CAD - ok
04:31:59.0768 0x1b44  CapImg - ok
04:31:59.0768 0x1b44  cdfs - ok
04:31:59.0831 0x1b44  CDPSvc - ok
04:31:59.0846 0x1b44  CDPUserSvc - ok
04:32:00.0172 0x1b44  cdrom - ok
04:32:00.0188 0x1b44  CertPropSvc - ok
04:32:00.0250 0x1b44  cht4iscsi - ok
04:32:00.0250 0x1b44  cht4vbd - ok
04:32:00.0272 0x1b44  circlass - ok
04:32:00.0272 0x1b44  CldFlt - ok
04:32:00.0304 0x1b44  CLFS - ok
04:32:00.0319 0x1b44  ClipSVC - ok
04:32:00.0351 0x1b44  clreg - ok
04:32:00.0419 0x1b44  CmBatt - ok
04:32:00.0450 0x1b44  CNG - ok
04:32:00.0450 0x1b44  cnghwassist - ok
04:32:00.0651 0x1b44  CompositeBus - ok
04:32:00.0671 0x1b44  COMSysApp - ok
04:32:00.0673 0x1b44  condrv - ok
04:32:00.0704 0x1b44  CoreMessagingRegistrar - ok
04:32:00.0921 0x1b44  [ 903F7F0109670544B92C26BFB461A10E, F38763474696EBFEE614D2695D754057F9C3E13EE4A21851A617930E44BED0D6 ] cphs            C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
04:32:00.0974 0x1b44  cphs - ok
04:32:01.0090 0x1b44  [ 6F259733CCCABCFBB3F5A9034277AB8D, 48A786BE36BD42154C49CE8046D926F6443909173CA8A989A920588FD58D074A ] cplspcon        C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
04:32:01.0121 0x1b44  cplspcon - ok
04:32:01.0153 0x1b44  CryptSvc - ok
04:32:01.0153 0x1b44  dam - ok
04:32:01.0190 0x1b44  DcomLaunch - ok
04:32:01.0222 0x1b44  defragsvc - ok
04:32:01.0290 0x1b44  DeviceAssociationService - ok
04:32:01.0337 0x1b44  DeviceInstall - ok
04:32:01.0352 0x1b44  DevicesFlowUserSvc - ok
04:32:01.0374 0x1b44  DevQueryBroker - ok
04:32:01.0472 0x1b44  Dfsc - ok
04:32:01.0521 0x1b44  Dhcp - ok
04:32:01.0653 0x1b44  diagnosticshub.standardcollector.service - ok
04:32:01.0690 0x1b44  DiagTrack - ok
04:32:01.0890 0x1b44  [ C8E014FDC8A746BA496DF64D1D58987B, 0B77AB3760213A09158C5D5A0D4A2E1EE1361C6BCE3C46938F032E19AC31DB39 ] Disconnect Desktop Updater C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe
04:32:02.0253 0x1b44  Disconnect Desktop Updater - ok
04:32:02.0353 0x1b44  [ D879DD6E49A0399B201C0368F00427DC, 8F898118363F49F8BF3B2E753BEA41A7DC3847C34BB6C46B356A3487E251957B ] disconnect-openvpn C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe
04:32:03.0392 0x1b44  disconnect-openvpn - ok
04:32:03.0392 0x1b44  Disk - ok
04:32:03.0423 0x1b44  DmEnrollmentSvc - ok
04:32:03.0439 0x1b44  dmvsc - ok
04:32:03.0439 0x1b44  dmwappushservice - ok
04:32:03.0472 0x1b44  Dnscache - ok
04:32:03.0476 0x1b44  dot3svc - ok
04:32:03.0492 0x1b44  DPS - ok
04:32:03.0538 0x1b44  [ CF1232E0F6AECAE0241BFF06EE8F065E, DE6D706C5D2CBE4B4B174DEB72851717BD4E47827026C89AE1635CC3E460DFD5 ] dptf_cpu        C:\WINDOWS\System32\drivers\dptf_cpu.sys
04:32:04.0101 0x1b44  dptf_cpu - ok
04:32:04.0186 0x1b44  drmkaud - ok
04:32:04.0217 0x1b44  DsmSvc - ok
04:32:04.0233 0x1b44  DsSvc - ok
04:32:04.0248 0x1b44  DusmSvc - ok
04:32:04.0286 0x1b44  DXGKrnl - ok
04:32:04.0302 0x1b44  EapHost - ok
04:32:04.0318 0x1b44  ebdrv - ok
04:32:04.0337 0x1b44  EFS - ok
04:32:04.0353 0x1b44  EhStorClass - ok
04:32:04.0377 0x1b44  EhStorTcgDrv - ok
04:32:04.0448 0x1b44  embeddedmode - ok
04:32:04.0475 0x1b44  EntAppSvc - ok
04:32:04.0479 0x1b44  ErrDev - ok
04:32:04.0709 0x1b44  [ 54CD5C621BD88E707B56EC8493A87D93, 499094A508FE871F5978692AD152AA3522EB203E6BC5F751906FFEBB07F05D22 ] esifsvc         C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe
04:32:05.0256 0x1b44  esifsvc - ok
04:32:05.0322 0x1b44  [ EE106C2FE507A9D0A8F581ED757059AF, D82FA75BFFBA2624B993F4CE815833D45DDABE01BFFB48D7AF1E25AA70566348 ] esif_lf         C:\WINDOWS\system32\DRIVERS\esif_lf.sys
04:32:05.0374 0x1b44  esif_lf - ok
04:32:05.0429 0x1b44  [ 11B9D886D7AE2F2F5C6BC03D7C52FD31, CA3EB6AB127A01311DA1C7CE3A2F4C2C3E3641F45718CFCA0F8AED7235BE910D ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
04:32:05.0448 0x1b44  ESProtectionDriver - ok
04:32:05.0464 0x1b44  EventSystem - ok
04:32:05.0468 0x1b44  exfat - ok
04:32:05.0471 0x1b44  fastfat - ok
04:32:05.0475 0x1b44  fdc - ok
04:32:05.0478 0x1b44  fdPHost - ok
04:32:05.0482 0x1b44  FDResPub - ok
04:32:05.0484 0x1b44  fhsvc - ok
04:32:05.0501 0x1b44  FileCrypt - ok
04:32:05.0504 0x1b44  FileInfo - ok
04:32:05.0506 0x1b44  Filetrace - ok
04:32:05.0515 0x1b44  flpydisk - ok
04:32:05.0517 0x1b44  FltMgr - ok
04:32:05.0528 0x1b44  FontCache - ok
04:32:05.0543 0x1b44  FrameServer - ok
04:32:05.0545 0x1b44  FsDepends - ok
04:32:05.0548 0x1b44  Fs_Rec - ok
04:32:05.0557 0x1b44  fvevol - ok
04:32:05.0595 0x1b44  gencounter - ok
04:32:05.0598 0x1b44  genericusbfn - ok
04:32:05.0601 0x1b44  GPIOClx0101 - ok
04:32:05.0604 0x1b44  gpsvc - ok
04:32:05.0617 0x1b44  GpuEnergyDrv - ok
04:32:05.0704 0x1b44  [ 0545A3EB959CFA4790D267BFB8C1ACA4, 69061E33ACB7587D773D05000390F9101F71DFD6EED7973B551594EAF3F04193 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:32:05.0715 0x1b44  gupdate - ok
04:32:05.0806 0x1b44  [ 0545A3EB959CFA4790D267BFB8C1ACA4, 69061E33ACB7587D773D05000390F9101F71DFD6EED7973B551594EAF3F04193 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:32:05.0821 0x1b44  gupdatem - ok
04:32:05.0922 0x1b44  HDAudBus - ok
04:32:05.0922 0x1b44  HidBatt - ok
04:32:05.0922 0x1b44  HidBth - ok
04:32:05.0937 0x1b44  hidi2c - ok
04:32:05.0937 0x1b44  hidinterrupt - ok
04:32:05.0937 0x1b44  HidIr - ok
04:32:05.0953 0x1b44  hidserv - ok
04:32:06.0090 0x1b44  [ 784130DA41C7D90E2D976F74DC5A654D, 79E5DF143FD5B2887D8B85ECBF9643FA55856AB514C3BA1B2D424E1AD2FFC29A ] HIDSwitch       C:\WINDOWS\System32\drivers\AsRadioControl.sys
04:32:06.0090 0x1b44  HIDSwitch - ok
04:32:06.0152 0x1b44  HidUsb - ok
04:32:06.0237 0x1b44  [ 8866F1FADD399AB027511F2CDAC7CE81, FDA22CAC68C21B7992DF1299745AF959651C26800E7F47245A1E2310EEEF080A ] HID_PCI         C:\WINDOWS\System32\drivers\HID_PCI.sys
04:32:06.0237 0x1b44  HID_PCI - ok
04:32:06.0337 0x1b44  HomeGroupListener - ok
04:32:06.0406 0x1b44  HomeGroupProvider - ok
04:32:06.0453 0x1b44  HpSAMD - ok
04:32:06.0453 0x1b44  HTTP - ok
04:32:06.0537 0x1b44  HvHost - ok
04:32:06.0553 0x1b44  hvservice - ok
04:32:06.0590 0x1b44  hwpolicy - ok
04:32:06.0590 0x1b44  hyperkbd - ok
04:32:06.0590 0x1b44  i8042prt - ok
04:32:06.0621 0x1b44  iagpio - ok
04:32:06.0621 0x1b44  iai2c - ok
04:32:06.0638 0x1b44  iaLPSS2i_GPIO2 - ok
04:32:06.0653 0x1b44  iaLPSS2i_GPIO2_BXT_P - ok
04:32:06.0723 0x1b44  iaLPSS2i_I2C - ok
04:32:06.0723 0x1b44  iaLPSS2i_I2C_BXT_P - ok
04:32:06.0738 0x1b44  iaLPSSi_GPIO - ok
04:32:06.0754 0x1b44  iaLPSSi_I2C - ok
04:32:06.0776 0x1b44  iaStorAV - ok
04:32:06.0776 0x1b44  iaStorV - ok
04:32:06.0776 0x1b44  ibbus - ok
04:32:06.0970 0x1b44  [ 9736055CFFDBA39E72C11A8C91FEE3D0, C9CBBF2E75F5922F31918162F87C8D04BB09BEEE13B9808F5766981C2D492FE6 ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
04:32:06.0975 0x1b44  ibtusb - ok
04:32:06.0991 0x1b44  icssvc - ok
04:32:08.0154 0x1b44  [ 0BE62DDF66932D1BC1FCB5DF74173680, E3B6828449AF313EBB3ACE376D1D415E1A9B8C9D7C5D55A943FF1E6AE3E57351 ] igfx            C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys
04:32:08.0326 0x1b44  igfx - ok
04:32:08.0373 0x1b44  [ 2972D9B9B157025F988203DF6545401A, E3104016B34CE01F88846850940DD225FEF98AE66FE7489D6D7C7A7215F15A8D ] igfxCUIService2.0.0.0 C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
04:32:08.0373 0x1b44  igfxCUIService2.0.0.0 - ok
04:32:08.0404 0x1b44  IKEEXT - ok
04:32:08.0444 0x1b44  IndirectKmd - ok
04:32:08.0993 0x1b44  [ AD27A17C07FA3ABEB9C57E67886264D3, FCA2631706D785ACCF8E6317A9DFEE4CA290C889A01B1957B3CE97CCAD2CB002 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
04:32:09.0293 0x1b44  IntcAzAudAddService - ok
04:32:09.0531 0x1b44  [ A6087A824507CAB1ED568895F8081950, 53ADFCC6E795D47A7197AC372DB53E4F95B10409E5AFA7A40CC252ADBE84E8F4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
04:32:09.0549 0x1b44  IntcDAud - ok
04:32:09.0596 0x1b44  intelide - ok
04:32:09.0596 0x1b44  intelpep - ok
04:32:09.0612 0x1b44  intelppm - ok
04:32:09.0612 0x1b44  iorate - ok
04:32:09.0634 0x1b44  IpFilterDriver - ok
04:32:09.0682 0x1b44  iphlpsvc - ok
04:32:09.0682 0x1b44  IPMIDRV - ok
04:32:09.0682 0x1b44  IPNAT - ok
04:32:09.0697 0x1b44  IpxlatCfgSvc - ok
04:32:09.0697 0x1b44  irda - ok
04:32:09.0712 0x1b44  IRENUM - ok
04:32:09.0781 0x1b44  irmon - ok
04:32:09.0796 0x1b44  isapnp - ok
04:32:09.0812 0x1b44  iScsiPrt - ok
04:32:09.0881 0x1b44  [ 7C25D0057993B4B9FB44FB99D6D1BBEB, 8AB6FA5660DFFEF52AA70C45C224160DD19874ECD419E8D34416B401094D9A28 ] ISH             C:\WINDOWS\System32\drivers\ISH.sys
04:32:09.0934 0x1b44  ISH - ok
04:32:09.0966 0x1b44  [ A8E302C07FF80F351EA9D7A9D22BB536, 82A42B5CC1687CDB1AFFACDEB1AAAC80FF82C94BF1AA83D9F90DBB53CF4FD157 ] ISH_BusDriver   C:\WINDOWS\System32\drivers\ISH_BusDriver.sys
04:32:09.0997 0x1b44  ISH_BusDriver - ok
04:32:10.0012 0x1b44  kbdclass - ok
04:32:10.0012 0x1b44  kbdhid - ok
04:32:10.0034 0x1b44  kdnic - ok
04:32:10.0034 0x1b44  KeyIso - ok
04:32:10.0034 0x1b44  KSecDD - ok
04:32:10.0050 0x1b44  KSecPkg - ok
04:32:10.0050 0x1b44  ksthunk - ok
04:32:10.0065 0x1b44  KtmRm - ok
04:32:10.0097 0x1b44  LanmanServer - ok
04:32:10.0134 0x1b44  LanmanWorkstation - ok
04:32:10.0182 0x1b44  lfsvc - ok
04:32:10.0197 0x1b44  LicenseManager - ok
04:32:10.0213 0x1b44  lltdio - ok
04:32:10.0235 0x1b44  lltdsvc - ok
04:32:10.0251 0x1b44  lmhosts - ok
04:32:10.0266 0x1b44  LSI_SAS - ok
04:32:10.0298 0x1b44  LSI_SAS2i - ok
04:32:10.0313 0x1b44  LSI_SAS3i - ok
04:32:10.0351 0x1b44  LSI_SSS - ok
04:32:10.0351 0x1b44  LSM - ok
04:32:10.0366 0x1b44  luafv - ok
04:32:10.0398 0x1b44  MapsBroker - ok
04:32:10.0450 0x1b44  mausbhost - ok
04:32:10.0466 0x1b44  mausbip - ok
04:32:10.0531 0x1b44  [ 25FAEF6CCFF6D9912A65641AE60711EB, AD83C6DE72D7C416EC7765DBA2EF41B32084980EE071A17CA2C360CDF91212AE ] MBAMChameleon   C:\WINDOWS\system32\drivers\MBAMChameleon.sys
04:32:10.0582 0x1b44  MBAMChameleon - ok
04:32:10.0666 0x1b44  [ 4988F9AEE3B9E4545975CAA9381DB0EF, DC6030468783BF02DAA6922A5469D73D56642963F7212398A959AD7915D9E76B ] MBAMFarflt      C:\WINDOWS\system32\DRIVERS\farflt.sys
04:32:10.0697 0x1b44  MBAMFarflt - ok
04:32:10.0837 0x1b44  [ 149E252142950594695178971748D056, 6F3EBAD6CB87A21B457AA09CA56EF01B48D4478CB94BD09834E72BE9A41265A4 ] MBAMProtection  C:\WINDOWS\system32\drivers\mbam.sys
04:32:11.0138 0x1b44  MBAMProtection - ok
04:32:11.0978 0x1b44  [ FEAF4E98C93BC3512B8108D2F534A3BA, 6D93EF21DB9BFFACC1241E823F9BB7719B9395D64BBF952874CFF015B7930D92 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
04:32:12.0116 0x1b44  MBAMService - ok
04:32:12.0201 0x1b44  [ 94FCA94EE7937EA3ED75F39DE4C8E292, CD41ACBC70412B61C844ADC26413728A09D60983A464327A285C80E08D37F8B6 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
04:32:12.0326 0x1b44  MBAMSwissArmy - ok
04:32:12.0393 0x1b44  [ CC6522BC2BD971FEBADC5A794A908E4D, 388E612B4BC4E5A6E547D94D4C81D3301D664CDA77798FC0EFC0EF1F811E734C ] MBAMWebProtection C:\WINDOWS\system32\drivers\mwac.sys
04:32:12.0610 0x1b44  MBAMWebProtection - ok
04:32:12.0627 0x1b44  megasas - ok
04:32:12.0684 0x1b44  megasas2i - ok
04:32:12.0708 0x1b44  megasr - ok
04:32:12.0808 0x1b44  [ 552BCE17DF7FC306196F2325489CFFBE, C50720BFFAF5B78C9D0219023B7D18A2D94E70EA38526DE364FF5FBC5C98E208 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
04:32:12.0870 0x1b44  MEIx64 - ok
04:32:12.0892 0x1b44  MessagingService - ok
04:32:12.0908 0x1b44  mlx4_bus - ok
04:32:12.0939 0x1b44  MMCSS - ok
04:32:12.0939 0x1b44  Modem - ok
04:32:13.0055 0x1b44  monitor - ok
04:32:13.0055 0x1b44  mouclass - ok
04:32:13.0070 0x1b44  mouhid - ok
04:32:13.0070 0x1b44  mountmgr - ok
04:32:13.0070 0x1b44  mpsdrv - ok
04:32:13.0139 0x1b44  MpsSvc - ok
04:32:13.0188 0x1b44  MRxDAV - ok
04:32:13.0224 0x1b44  mrxsmb - ok
04:32:13.0240 0x1b44  mrxsmb20 - ok
04:32:13.0456 0x1b44  MsBridge - ok
04:32:13.0488 0x1b44  MSDTC - ok
04:32:13.0492 0x1b44  Msfs - ok
04:32:13.0694 0x1b44  msgpiowin32 - ok
04:32:13.0694 0x1b44  mshidkmdf - ok
04:32:13.0694 0x1b44  mshidumdf - ok
04:32:13.0709 0x1b44  msisadrv - ok
04:32:13.0794 0x1b44  MSiSCSI - ok
04:32:13.0794 0x1b44  msiserver - ok
04:32:13.0925 0x1b44  MSKSSRV - ok
04:32:14.0010 0x1b44  MsLldp - ok
04:32:14.0010 0x1b44  MSPCLOCK - ok
04:32:14.0025 0x1b44  MSPQM - ok
04:32:14.0041 0x1b44  MsRPC - ok
04:32:14.0110 0x1b44  mssmbios - ok
04:32:14.0126 0x1b44  MSTEE - ok
04:32:14.0141 0x1b44  MTConfig - ok
04:32:14.0229 0x1b44  Mup - ok
04:32:14.0229 0x1b44  mvumis - ok
04:32:14.0374 0x1b44  NativeWifiP - ok
04:32:14.0427 0x1b44  NaturalAuthentication - ok
04:32:14.0495 0x1b44  NcaSvc - ok
04:32:14.0527 0x1b44  NcbService - ok
04:32:14.0542 0x1b44  NcdAutoSetup - ok
04:32:14.0558 0x1b44  ndfltr - ok
04:32:14.0573 0x1b44  NDIS - ok
04:32:14.0596 0x1b44  NdisCap - ok
04:32:14.0596 0x1b44  NdisImPlatform - ok
04:32:14.0611 0x1b44  NdisTapi - ok
04:32:14.0658 0x1b44  Ndisuio - ok
04:32:14.0727 0x1b44  NdisVirtualBus - ok
04:32:14.0793 0x1b44  NdisWan - ok
04:32:14.0795 0x1b44  ndiswanlegacy - ok
04:32:14.0811 0x1b44  ndproxy - ok
04:32:14.0858 0x1b44  Ndu - ok
04:32:14.0874 0x1b44  NetAdapterCx - ok
04:32:14.0874 0x1b44  NetBIOS - ok
04:32:14.0896 0x1b44  NetBT - ok
04:32:14.0896 0x1b44  Netlogon - ok
04:32:14.0974 0x1b44  Netman - ok
04:32:14.0991 0x1b44  netprofm - ok
04:32:15.0011 0x1b44  NetSetupSvc - ok
04:32:15.0096 0x1b44  netvsc - ok
04:32:15.0159 0x1b44  Netwtw04 - ok
04:32:15.0196 0x1b44  NgcCtnrSvc - ok
04:32:15.0243 0x1b44  NgcSvc - ok
04:32:15.0296 0x1b44  NlaSvc - ok
04:32:15.0296 0x1b44  Npfs - ok
04:32:15.0395 0x1b44  npsvctrig - ok
04:32:15.0458 0x1b44  nsi - ok
04:32:15.0543 0x1b44  nsiproxy - ok
04:32:15.0543 0x1b44  NTFS - ok
04:32:15.0558 0x1b44  Null - ok
04:32:15.0558 0x1b44  nvdimmn - ok
04:32:17.0444 0x1b44  [ 943B180F4EA12EC1B5587FC2C01E3B67, E7BBED65F52408C3DC926C9024EA4CCF7341B06C3D6AAF187063FBA881FB660C ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_25860470428ef4ad\nvlddmkm.sys
04:32:17.0697 0x1b44  nvlddmkm - ok
04:32:17.0760 0x1b44  nvraid - ok
04:32:17.0775 0x1b44  nvstor - ok
04:32:17.0895 0x1b44  [ F135B244F420482C3B14329B0226B2D8, 58FC5A3F0A7F522DC8666319095F6828CCEEBB54B2B62D5869CA9834FCDC6A3E ] NvStUSB         C:\WINDOWS\System32\drivers\nvstusb.sys
04:32:17.0944 0x1b44  NvStUSB - ok
04:32:18.0213 0x1b44  [ FEEB0837040AEEC47900DAAD7DD49794, 3E00BB800B5FF8EF9CCC3E1ECD5FBCE4D0A75C4316860672754570699D2A093E ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
04:32:20.0141 0x1b44  nvsvc - ok
04:32:20.0224 0x1b44  OneSyncSvc - ok
04:32:21.0606 0x1b44  [ 72521648ED17522CEEE88C16A885A4EF, 4C534A9E096A7F5CCDA128D56409E76D3F79B74429DF9778CFC1EA1D67911451 ] OpenVPNServiceInteractive C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\openvpn\bin\openvpnserv.exe
04:32:22.0058 0x1b44  OpenVPNServiceInteractive - ok
04:32:22.0314 0x1b44  [ 72521648ED17522CEEE88C16A885A4EF, 4C534A9E096A7F5CCDA128D56409E76D3F79B74429DF9778CFC1EA1D67911451 ] OpenVPNServiceLegacy C:\Users\Danny\AppData\Roaming\Disconnect\Disconnect Desktop\openvpn\bin\openvpnserv.exe
04:32:22.0428 0x1b44  OpenVPNServiceLegacy - ok
04:32:22.0629 0x1b44  p2pimsvc - ok
04:32:22.0697 0x1b44  p2psvc - ok
04:32:22.0697 0x1b44  Parport - ok
04:32:22.0944 0x1b44  partmgr - ok
04:32:23.0060 0x1b44  PcaSvc - ok
04:32:23.0060 0x1b44  pci - ok
04:32:23.0060 0x1b44  pciide - ok
04:32:23.0144 0x1b44  pcmcia - ok
04:32:23.0160 0x1b44  pcw - ok
04:32:23.0160 0x1b44  pdc - ok
04:32:23.0314 0x1b44  PEAUTH - ok
04:32:23.0361 0x1b44  percsas2i - ok
04:32:23.0461 0x1b44  percsas3i - ok
04:32:30.0916 0x1b44  PerfHost - ok
04:32:30.0944 0x1b44  PhoneSvc - ok
04:32:30.0956 0x1b44  PimIndexMaintenanceSvc - ok
04:32:30.0968 0x1b44  pla - ok
04:32:30.0988 0x1b44  PlugPlay - ok
04:32:30.0992 0x1b44  pmem - ok
04:32:31.0000 0x1b44  PNRPAutoReg - ok
04:32:31.0004 0x1b44  PNRPsvc - ok
04:32:31.0016 0x1b44  PolicyAgent - ok
04:32:31.0020 0x1b44  Power - ok
04:32:31.0096 0x1b44  PptpMiniport - ok
04:32:31.0985 0x1b44  [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
04:32:32.0730 0x1b44  PrintNotify - ok
04:32:32.0775 0x1b44  Processor - ok
04:32:32.0846 0x1b44  ProfSvc - ok
04:32:32.0886 0x1b44  Psched - ok
04:32:32.0926 0x1b44  QWAVE - ok
04:32:32.0958 0x1b44  QWAVEdrv - ok
04:32:32.0990 0x1b44  RasAcd - ok
04:32:33.0028 0x1b44  RasAgileVpn - ok
04:32:33.0044 0x1b44  RasAuto - ok
04:32:33.0048 0x1b44  Rasl2tp - ok
04:32:33.0056 0x1b44  RasMan - ok
04:32:33.0060 0x1b44  RasPppoe - ok
04:32:33.0116 0x1b44  RasSstp - ok
04:32:33.0184 0x1b44  rdbss - ok
04:32:33.0236 0x1b44  rdpbus - ok
04:32:33.0264 0x1b44  RDPDR - ok
04:32:33.0300 0x1b44  RdpVideoMiniport - ok
04:32:33.0308 0x1b44  rdyboost - ok
04:32:33.0316 0x1b44  ReFS - ok
04:32:33.0324 0x1b44  ReFSv1 - ok
04:32:33.0352 0x1b44  RemoteAccess - ok
04:32:33.0364 0x1b44  RemoteRegistry - ok
04:32:33.0444 0x1b44  RetailDemo - ok
04:32:33.0472 0x1b44  RmSvc - ok
04:32:33.0512 0x1b44  RpcEptMapper - ok
04:32:33.0552 0x1b44  RpcLocator - ok
04:32:33.0576 0x1b44  RpcSs - ok
04:32:33.0656 0x1b44  rspndr - ok
04:32:34.0544 0x1b44  [ 3DB5025944975EF3687C2515E076B0A6, 5F84B3FBD8866E0C4AA647C69FF5919EFC0B807D001DC91208EAD205AAA52476 ] rtsuvc          C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
04:32:34.0660 0x1b44  rtsuvc - ok
04:32:34.0856 0x1b44  s3cap - ok
04:32:35.0028 0x1b44  SamSs - ok
04:32:35.0264 0x1b44  sbp2port - ok
04:32:35.0557 0x1b44  SCardSvr - ok
04:32:35.0687 0x1b44  ScDeviceEnum - ok
04:32:35.0715 0x1b44  scfilter - ok
04:32:35.0743 0x1b44  Schedule - ok
04:32:35.0759 0x1b44  scmbus - ok
04:32:35.0803 0x1b44  SCPolicySvc - ok
04:32:35.0835 0x1b44  sdbus - ok
04:32:35.0839 0x1b44  SDFRd - ok
04:32:35.0920 0x1b44  SDRSVC - ok
04:32:35.0976 0x1b44  sdstor - ok
04:32:35.0993 0x1b44  seclogon - ok
04:32:36.0172 0x1b44  SecurityHealthService - ok
04:32:36.0252 0x1b44  SEMgrSvc - ok
04:32:36.0264 0x1b44  SENS - ok
04:32:36.0276 0x1b44  SensorDataService - ok
04:32:36.0296 0x1b44  SensorService - ok
04:32:36.0352 0x1b44  SensorsHIDClassDriver - ok
04:32:36.0364 0x1b44  SensrSvc - ok
04:32:36.0364 0x1b44  SerCx - ok
04:32:36.0368 0x1b44  SerCx2 - ok
04:32:36.0376 0x1b44  Serenum - ok
04:32:36.0380 0x1b44  Serial - ok
04:32:36.0384 0x1b44  sermouse - ok
04:32:36.0396 0x1b44  SessionEnv - ok
04:32:36.0396 0x1b44  sfloppy - ok
04:32:36.0412 0x1b44  SharedAccess - ok
04:32:36.0440 0x1b44  ShellHWDetection - ok
04:32:36.0516 0x1b44  shpamsvc - ok
04:32:36.0524 0x1b44  SiSRaid2 - ok
04:32:36.0524 0x1b44  SiSRaid4 - ok
04:32:36.0552 0x1b44  smphost - ok
04:32:36.0580 0x1b44  SmsRouter - ok
04:32:36.0584 0x1b44  SNMPTRAP - ok
04:32:36.0596 0x1b44  spaceport - ok
04:32:36.0600 0x1b44  SpatialGraphFilter - ok
04:32:36.0604 0x1b44  SpbCx - ok
04:32:36.0608 0x1b44  spectrum - ok
04:32:36.0612 0x1b44  Spooler - ok
04:32:36.0616 0x1b44  sppsvc - ok
04:32:36.0636 0x1b44  srv2 - ok
04:32:36.0652 0x1b44  srvnet - ok
04:32:36.0680 0x1b44  SSDPSRV - ok
04:32:36.0771 0x1b44  SstpSvc - ok
04:32:36.0831 0x1b44  StateRepository - ok
04:32:36.0835 0x1b44  stexstor - ok
04:32:36.0843 0x1b44  stisvc - ok
04:32:36.0847 0x1b44  storahci - ok
04:32:36.0851 0x1b44  storflt - ok
04:32:36.0855 0x1b44  stornvme - ok
04:32:36.0859 0x1b44  storqosflt - ok
04:32:36.0883 0x1b44  StorSvc - ok
04:32:36.0887 0x1b44  storufs - ok
04:32:36.0891 0x1b44  storvsc - ok
04:32:36.0895 0x1b44  svsvc - ok
04:32:36.0899 0x1b44  swenum - ok
04:32:36.0903 0x1b44  swprv - ok
04:32:36.0919 0x1b44  Synth3dVsc - ok
04:32:36.0923 0x1b44  SysMain - ok
04:32:36.0939 0x1b44  SystemEventsBroker - ok
04:32:36.0959 0x1b44  TabletInputService - ok
04:32:36.0983 0x1b44  [ D765F43CBEA72D14C04AF3D2B9C8E54B, 89C5CA1440DF186497CE158EB71C0C6BF570A75B6BC1880EAC7C87A0250201C0 ] tap0901         C:\WINDOWS\System32\drivers\tap0901.sys
04:32:37.0047 0x1b44  tap0901 - ok
04:32:37.0059 0x1b44  TapiSrv - ok
04:32:37.0063 0x1b44  Tcpip - ok
04:32:37.0067 0x1b44  Tcpip6 - ok
04:32:37.0071 0x1b44  tcpipreg - ok
04:32:37.0079 0x1b44  tdx - ok
04:32:37.0079 0x1b44  terminpt - ok
04:32:37.0083 0x1b44  TermService - ok
04:32:37.0087 0x1b44  Themes - ok
04:32:37.0095 0x1b44  TieringEngineService - ok
04:32:37.0099 0x1b44  tiledatamodelsvc - ok
04:32:37.0103 0x1b44  TimeBrokerSvc - ok
04:32:37.0107 0x1b44  TokenBroker - ok
04:32:37.0111 0x1b44  TPM - ok
04:32:37.0135 0x1b44  TrkWks - ok
04:32:37.0171 0x1b44  TrustedInstaller - ok
04:32:37.0179 0x1b44  TsUsbFlt - ok
04:32:37.0183 0x1b44  TsUsbGD - ok
04:32:37.0187 0x1b44  tunnel - ok
04:32:37.0199 0x1b44  tzautoupdate - ok
04:32:37.0203 0x1b44  UASPStor - ok
04:32:37.0211 0x1b44  UcmCx0101 - ok
04:32:37.0215 0x1b44  UcmTcpciCx0101 - ok
04:32:37.0223 0x1b44  UcmUcsi - ok
04:32:37.0227 0x1b44  Ucx01000 - ok
04:32:37.0231 0x1b44  UdeCx - ok
04:32:37.0235 0x1b44  udfs - ok
04:32:37.0239 0x1b44  UEFI - ok
04:32:37.0243 0x1b44  Ufx01000 - ok
04:32:37.0247 0x1b44  UfxChipidea - ok
04:32:37.0251 0x1b44  ufxsynopsys - ok
04:32:37.0267 0x1b44  UI0Detect - ok
04:32:37.0275 0x1b44  umbus - ok
04:32:37.0299 0x1b44  UmPass - ok
04:32:37.0315 0x1b44  UmRdpService - ok
04:32:37.0331 0x1b44  UnistoreSvc - ok
04:32:37.0355 0x1b44  upnphost - ok
04:32:37.0363 0x1b44  UrsChipidea - ok
04:32:37.0367 0x1b44  UrsCx01000 - ok
04:32:37.0371 0x1b44  UrsSynopsys - ok
04:32:37.0379 0x1b44  usbccgp - ok
04:32:37.0383 0x1b44  usbcir - ok
04:32:37.0387 0x1b44  usbehci - ok
04:32:37.0391 0x1b44  usbhub - ok
04:32:37.0395 0x1b44  USBHUB3 - ok
04:32:37.0399 0x1b44  usbohci - ok
04:32:37.0403 0x1b44  usbprint - ok
04:32:37.0419 0x1b44  usbser - ok
04:32:37.0419 0x1b44  USBSTOR - ok
04:32:37.0423 0x1b44  usbuhci - ok
04:32:37.0427 0x1b44  USBXHCI - ok
04:32:37.0435 0x1b44  UserDataSvc - ok
04:32:37.0439 0x1b44  UserManager - ok
04:32:37.0443 0x1b44  UsoSvc - ok
04:32:37.0447 0x1b44  VaultSvc - ok
04:32:37.0451 0x1b44  vdrvroot - ok
04:32:37.0455 0x1b44  vds - ok
04:32:37.0463 0x1b44  VerifierExt - ok
04:32:37.0467 0x1b44  vhdmp - ok
04:32:37.0471 0x1b44  vhf - ok
04:32:37.0475 0x1b44  vmbus - ok
04:32:37.0479 0x1b44  VMBusHID - ok
04:32:37.0503 0x1b44  vmgid - ok
04:32:37.0519 0x1b44  vmicguestinterface - ok
04:32:37.0523 0x1b44  vmicheartbeat - ok
04:32:37.0527 0x1b44  vmickvpexchange - ok
04:32:37.0531 0x1b44  vmicrdv - ok
04:32:37.0535 0x1b44  vmicshutdown - ok
04:32:37.0539 0x1b44  vmictimesync - ok
04:32:37.0543 0x1b44  vmicvmsession - ok
04:32:37.0547 0x1b44  vmicvss - ok
04:32:37.0551 0x1b44  volmgr - ok
04:32:37.0555 0x1b44  volmgrx - ok
04:32:37.0559 0x1b44  volsnap - ok
04:32:37.0563 0x1b44  volume - ok
04:32:37.0571 0x1b44  vpci - ok
04:32:37.0571 0x1b44  vsmraid - ok
04:32:37.0579 0x1b44  VSS - ok
04:32:37.0583 0x1b44  VSTXRAID - ok
04:32:37.0587 0x1b44  vwifibus - ok
04:32:37.0591 0x1b44  vwififlt - ok
04:32:37.0595 0x1b44  vwifimp - ok
04:32:37.0599 0x1b44  W32Time - ok
04:32:37.0603 0x1b44  WacomPen - ok
04:32:37.0611 0x1b44  WalletService - ok
04:32:37.0623 0x1b44  wanarp - ok
04:32:37.0627 0x1b44  wanarpv6 - ok
04:32:37.0635 0x1b44  wbengine - ok
04:32:37.0639 0x1b44  WbioSrvc - ok
04:32:37.0643 0x1b44  wcifs - ok
04:32:37.0647 0x1b44  Wcmsvc - ok
04:32:37.0651 0x1b44  wcncsvc - ok
04:32:37.0655 0x1b44  wcnfs - ok
04:32:37.0663 0x1b44  WdBoot - ok
04:32:37.0667 0x1b44  Wdf01000 - ok
04:32:37.0671 0x1b44  WdFilter - ok
04:32:37.0683 0x1b44  WdiServiceHost - ok
04:32:37.0687 0x1b44  WdiSystemHost - ok
04:32:37.0691 0x1b44  wdiwifi - ok
04:32:37.0695 0x1b44  WdNisDrv - ok
04:32:37.0727 0x1b44  WdNisSvc - ok
04:32:37.0731 0x1b44  WebClient - ok
04:32:37.0731 0x1b44  Wecsvc - ok
04:32:37.0739 0x1b44  WEPHOSTSVC - ok
04:32:37.0743 0x1b44  wercplsupport - ok
04:32:37.0747 0x1b44  WerSvc - ok
04:32:37.0751 0x1b44  WFDSConMgrSvc - ok
04:32:37.0755 0x1b44  WFPLWFS - ok
04:32:37.0759 0x1b44  WiaRpc - ok
04:32:37.0771 0x1b44  WIMMount - ok
04:32:37.0771 0x1b44  WinDefend - ok
04:32:37.0783 0x1b44  WindowsTrustedRT - ok
04:32:37.0795 0x1b44  WindowsTrustedRTProxy - ok
04:32:37.0851 0x1b44  WinHttpAutoProxySvc - ok
04:32:37.0863 0x1b44  WinMad - ok
04:32:37.0907 0x1b44  Winmgmt - ok
04:32:37.0911 0x1b44  WinNat - ok
04:32:37.0931 0x1b44  WinRM - ok
04:32:37.0935 0x1b44  WINUSB - ok
04:32:37.0939 0x1b44  WinVerbs - ok
04:32:37.0947 0x1b44  wisvc - ok
04:32:37.0959 0x1b44  WlanSvc - ok
04:32:37.0963 0x1b44  wlidsvc - ok
04:32:37.0967 0x1b44  wlpasvc - ok
04:32:37.0975 0x1b44  WmiAcpi - ok
04:32:37.0979 0x1b44  wmiApSrv - ok
04:32:38.0011 0x1b44  [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
04:32:38.0035 0x1b44  Wof - ok
04:32:38.0055 0x1b44  WPDBusEnum - ok
04:32:38.0067 0x1b44  WpdUpFltr - ok
04:32:38.0079 0x1b44  WpnService - ok
04:32:38.0095 0x1b44  WpnUserService - ok
04:32:38.0103 0x1b44  ws2ifsl - ok
04:32:38.0107 0x1b44  wscsvc - ok
04:32:38.0111 0x1b44  WSearch - ok
04:32:38.0127 0x1b44  wuauserv - ok
04:32:38.0127 0x1b44  WudfPf - ok
04:32:38.0132 0x1b44  WUDFRd - ok
04:32:38.0148 0x1b44  wudfsvc - ok
04:32:38.0164 0x1b44  WwanSvc - ok
04:32:38.0192 0x1b44  xbgm - ok
04:32:38.0204 0x1b44  XblAuthManager - ok
04:32:38.0212 0x1b44  XblGameSave - ok
04:32:38.0220 0x1b44  xboxgip - ok
04:32:38.0224 0x1b44  XboxGipSvc - ok
04:32:38.0232 0x1b44  XboxNetApiSvc - ok
04:32:38.0236 0x1b44  xinputhid - ok
04:32:38.0248 0x1b44  ================ Scan global ===============================
04:32:38.0309 0x1b44  [ Global ] - ok
04:32:38.0313 0x1b44  ================ Scan MBR ==================================
04:32:38.0341 0x1b44  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
04:32:39.0610 0x1b44  \Device\Harddisk0\DR0 - ok
04:32:39.0610 0x1b44  ================ Scan VBR ==================================
04:32:39.0625 0x1b44  [ 4F823DC9A47CAC7768612E5DBC502114 ] \Device\Harddisk0\DR0\Partition1
04:32:39.0641 0x1b44  \Device\Harddisk0\DR0\Partition1 - ok
04:32:39.0657 0x1b44  [ 56A6587512F57831D3ED56092361612B ] \Device\Harddisk0\DR0\Partition2
04:32:39.0673 0x1b44  \Device\Harddisk0\DR0\Partition2 - ok
04:32:39.0697 0x1b44  [ 14CEDC718329AB27000DA2A653F1F0FD ] \Device\Harddisk0\DR0\Partition3
04:32:39.0717 0x1b44  \Device\Harddisk0\DR0\Partition3 - ok
04:32:39.0725 0x1b44  [ CD47CCC3809D3E775B9B674FB83CC7A4 ] \Device\Harddisk0\DR0\Partition4
04:32:39.0745 0x1b44  \Device\Harddisk0\DR0\Partition4 - ok
04:32:39.0800 0x1b44  [ 32CD2B0BFF41BF792F6D70416A3A7FA4 ] \Device\Harddisk0\DR0\Partition5
04:32:39.0808 0x1b44  \Device\Harddisk0\DR0\Partition5 - ok
04:32:39.0812 0x1b44  ================ Scan generic autorun ======================
04:32:39.0883 0x1b44  SecurityHealth - ok
04:32:39.0911 0x1b44  Logitech Download Assistant - ok
04:32:40.0083 0x1b44  OneDriveSetup - ok
04:32:40.0091 0x1b44  OneDriveSetup - ok
04:32:40.0095 0x1b44  OneDriveSetup - ok
04:32:40.0123 0x1b44  WAB Migrate - ok
04:32:40.0220 0x1b44  HijackThis startup scan - ok
04:32:40.0442 0x1b44  [ 90029F7160037122DA12101C0C8850F7, DE4BFD8E60AC0222EACCA8BAC94562ED2B38CBEF569F8B927CCD197735655AC0 ] C:\Users\Danny\AppData\Local\Microsoft\OneDrive\OneDrive.exe
04:32:40.0478 0x1b44  OneDrive - ok
04:32:40.0750 0x1b44  [ 7F3D0BC2FE61C249302E0515989C59E2, 18613B1D861D7289EF050EE1C0384FCF70F40FDF7E3CB586D36B5D19A7591F8F ] C:\Users\Danny\AppData\Local\Akamai\netsession_win.exe
04:32:40.0838 0x1b44  Akamai NetSession Interface - ok
04:32:40.0842 0x1b44  Waiting for KSN requests completion. In queue: 4
04:32:42.0326 0x1b44  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.332 ), 0x61100 ( enabled : updated )
04:32:42.0334 0x1b44  Win FW state via NFP2: enabled ( trusted )
04:32:42.0722 0x1b44  ============================================================
04:32:42.0722 0x1b44  Scan finished
04:32:42.0722 0x1b44  ============================================================
04:32:42.0726 0x1b60  Detected object count: 0
04:32:42.0726 0x1b60  Actual detected object count: 0


#12 dfred2300

dfred2300
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 07 September 2017 - 03:39 AM

Attached File  debug.log   556bytes   3 downloadsAttached File  client.ini   2.05KB   2 downloadsAttached File  client.ini   2.05KB   2 downloadsAttached File  readme.txt   19.75KB   0 downloadsAttached File  installer.txt   10.3KB   0 downloadsAttached File  debug.log   556bytes   3 downloads

 

 

Somehow i disconnected and they disguised it as one of the rootkit busters i installed as an akamai net session interface 32 bit, i uninstalled it but i have all the logs. 



#13 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 07 September 2017 - 10:57 AM

Don't post hijack/malware logs here.  This is not the forum for that.  That's the virus/malware forum  Nothing found is good.

 

If you want to block ports you do it at the router not at the pc.

 

If you are concerned about your network I suggest the following:

1. turn off the router when not in use

2. hire a local computer technician to come in and review your pcs, mac and network.

3. quit trying to fix things you don't understand.  You will only dig yourself deeper in the hole.

 

Do you do online banking from this network or run a business/payroll from it?  What of financial value do you have on your network? How long has this been going on?

 

Note: your post #6 appears to have the same file posted multiple times but it does not open for me

Only errors seem to be associated with malwarebytes. Everything else looks normal.  Your comments about privileges dealing with admin also sounds normal for what you describe though I see more panic than actual facts in what you write. 

 

So lets take a step back and focus on one windows 10 machine.  What specifically do you see as wrong with it?


Edited by Wand3r3r, 07 September 2017 - 11:00 AM.


#14 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 6,869 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:09:41 PM

Posted 07 September 2017 - 11:19 AM

To the original poster.    If you believe you are infected please do not pursue that issue further here.  Instead, after having read these posting instructions,  

Am I Infected? What do I do? How do I get help? Who is helping me?, go to the Am I infected? What do I do? forum and start a new thread there.  An infection of any sort is not a networking problem (even if it were your network device that was infected).

 

Do not post logs in that forum.  If an assistant believes scans are needed your thread will be transferred to the Virus, Trojan, Spyware, and Malware Removal Logs forum for intensive analysis.


Brian  AKA  Bri the Tech Guy (my website address is in my profile) Windows 10 Home, 64-bit, Version 1709, Build 16299

       

    Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
             ~ Lauren Bacall
              

 


#15 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 07 September 2017 - 12:02 PM

He has already been there

https://www.bleepingcomputer.com/forums/t/654698/remote-control-over-my-entire-network/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users