Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Intruder Occupies a Portion of My Hard Drive

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby capnkrunch » March 2nd, 2016, 10:42 pm

Hello stu :)

Thanks for letting me know. It's much better to stop and ask for clarification than to continue if you are unsure about something. A couple things:

For Step one my instructions were unclear. Please redo that search but this time only paste the following into the Search: box:
mbar*;system-log.txt

I should have made it clear not to include the Code: Select all.

For Step two, since Protection is on you can continue with the rest of that step starting from "Click on Create". Afterwards, go ahead and finish the remaining steps and post the logs when ready.
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago
Advertisement
Register to Remove

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 2nd, 2016, 11:11 pm

Step One...

Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by G.S. Ovenden (2016-03-02 22:06:12)
Running from C:\Users\G.S. Ovenden\Documents\Computing\Troubleshooting Tools\FRST64
Boot Mode: Normal

================== Search Files: "mbar*;system-log.txt" =============

C:\Users\G.S. Ovenden\Documents\Computing\Troubleshooting Tools\Malwarebytes\Anti-Rootkit\mbar-1.09.3.1001.exe
[2016-02-15 10:54][2016-02-15 10:54] 16563352 ____A (Malwarebytes Corp.) 67B0906B68164E807BD5691C67696DA4 [File is digitally signed]

C:\Users\G.S. Ovenden\Documents\Computing\Troubleshooting Tools\Malwarebytes\Anti-Rootkit\mbar\mbar-log-2016-02-15 (10-59-01).txt
[2016-02-15 11:41][2016-02-15 11:41] 0005060 ____A () 5896741DF7075BD5332A27497A2E01DA [File not signed]

C:\Users\G.S. Ovenden\Documents\Computing\Troubleshooting Tools\Malwarebytes\Anti-Rootkit\mbar\mbar.cmd
[2016-02-15 10:57][2015-06-10 18:26] 0001118 ____A () CA4DB0BDD4BB1BD45783DF1AE9BA1A4B [File not signed]

C:\Users\G.S. Ovenden\Documents\Computing\Troubleshooting Tools\Malwarebytes\Anti-Rootkit\mbar\mbar.dll
[2016-02-15 10:57][2015-09-10 16:44] 1317176 ____A (Malwarebytes Corporation) C39CF7F4783008D9AD03B1B4821351A9 [File is digitally signed]

C:\Users\G.S. Ovenden\Documents\Computing\Troubleshooting Tools\Malwarebytes\Anti-Rootkit\mbar\mbar.exe
[2016-02-15 10:57][2015-09-10 16:44] 0270136 ____A (Malwarebytes) 8D704E13B735D87D227D05B5495F1B1B [File is digitally signed]

C:\Users\G.S. Ovenden\Documents\Computing\Troubleshooting Tools\Malwarebytes\Anti-Rootkit\mbar\system-log.txt
[2016-02-15 10:57][2016-02-15 11:41] 0023114 ____A () 3DBEB620E2479D10ABFEE1DEE8EEAA99 [File not signed]

====== End of Search ======
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 2nd, 2016, 11:33 pm

Step three...

22:20:22.0458 0x19ec TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:20:58.0197 0x19ec ============================================================
22:20:58.0197 0x19ec Current date / time: 2016/03/02 22:20:58.0197
22:20:58.0197 0x19ec SystemInfo:
22:20:58.0197 0x19ec
22:20:58.0197 0x19ec OS Version: 6.1.7601 ServicePack: 1.0
22:20:58.0197 0x19ec Product type: Workstation
22:20:58.0197 0x19ec ComputerName: GSOVENDEN-PC
22:20:58.0197 0x19ec UserName: G.S. Ovenden
22:20:58.0197 0x19ec Windows directory: C:\Windows
22:20:58.0197 0x19ec System windows directory: C:\Windows
22:20:58.0197 0x19ec Running under WOW64
22:20:58.0197 0x19ec Processor architecture: Intel x64
22:20:58.0197 0x19ec Number of processors: 8
22:20:58.0197 0x19ec Page size: 0x1000
22:20:58.0197 0x19ec Boot type: Normal boot
22:20:58.0197 0x19ec ============================================================
22:20:58.0427 0x19ec KLMD registered as C:\Windows\system32\drivers\82253944.sys
22:20:58.0922 0x19ec System UUID: {DBF05336-4FA3-B6D8-EC48-DDB55295B6F8}
22:20:59.0609 0x19ec Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:20:59.0619 0x19ec Drive \Device\Harddisk3\DR3 - Size: 0x7446E00000 ( 465.11 Gb ), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:20:59.0624 0x19ec ============================================================
22:20:59.0624 0x19ec \Device\Harddisk0\DR0:
22:20:59.0624 0x19ec MBR partitions:
22:20:59.0624 0x19ec \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1339000
22:20:59.0624 0x19ec \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x134D000, BlocksNum 0x39038800
22:20:59.0624 0x19ec \Device\Harddisk3\DR3:
22:20:59.0625 0x19ec MBR partitions:
22:20:59.0625 0x19ec \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
22:20:59.0625 0x19ec ============================================================
22:20:59.0663 0x19ec C: <-> \Device\Harddisk0\DR0\Partition2
22:20:59.0684 0x19ec I: <-> \Device\Harddisk3\DR3\Partition1
22:20:59.0684 0x19ec ============================================================
22:20:59.0684 0x19ec Initialize success
22:20:59.0684 0x19ec ============================================================
22:21:16.0604 0x1618 ============================================================
22:21:16.0604 0x1618 Scan started
22:21:16.0604 0x1618 Mode: Manual;
22:21:16.0604 0x1618 ============================================================
22:21:16.0604 0x1618 KSN ping started
22:21:19.0354 0x1618 KSN ping finished: true
22:21:20.0689 0x1618 ================ Scan system memory ========================
22:21:20.0689 0x1618 System memory - ok
22:21:20.0690 0x1618 ================ Scan services =============================
22:21:20.0934 0x1618 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:21:20.0942 0x1618 1394ohci - ok
22:21:20.0994 0x1618 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:21:21.0005 0x1618 ACPI - ok
22:21:21.0032 0x1618 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:21:21.0034 0x1618 AcpiPmi - ok
22:21:21.0173 0x1618 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A, F419E159D3E428A3929A1A983142E7B0783D3F104EE9587585418E51011E4B8F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:21:21.0176 0x1618 AdobeARMservice - ok
22:21:21.0310 0x1618 [ 785FD0E36CA75D90DD50042E2594BC63, 471A5ED43A3E18A5A69C28F7F351558E90F20416D9C532ADF50888808090AE89 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:21.0319 0x1618 AdobeFlashPlayerUpdateSvc - ok
22:21:21.0375 0x1618 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:21:21.0392 0x1618 adp94xx - ok
22:21:21.0440 0x1618 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:21:21.0452 0x1618 adpahci - ok
22:21:21.0473 0x1618 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:21:21.0477 0x1618 adpu320 - ok
22:21:21.0510 0x1618 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:21:21.0513 0x1618 AeLookupSvc - ok
22:21:21.0553 0x1618 [ 233EE06F203F6FD78CCBB8E0D139A271, 4AB63C3F82C7AB8FAA774EF320B5ABD3E97993869CA33DDEF9D2C02361DCC912 ] AERTFilters C:\Windows\system32\AERTSr64.exe
22:21:21.0556 0x1618 AERTFilters - ok
22:21:21.0625 0x1618 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
22:21:21.0639 0x1618 AFD - ok
22:21:21.0701 0x1618 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
22:21:21.0705 0x1618 agp440 - ok
22:21:21.0758 0x1618 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
22:21:21.0762 0x1618 ALG - ok
22:21:21.0811 0x1618 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
22:21:21.0813 0x1618 aliide - ok
22:21:21.0840 0x1618 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
22:21:21.0842 0x1618 amdide - ok
22:21:21.0901 0x1618 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:21:21.0905 0x1618 AmdK8 - ok
22:21:21.0943 0x1618 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:21:21.0946 0x1618 AmdPPM - ok
22:21:22.0027 0x1618 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:21:22.0032 0x1618 amdsata - ok
22:21:22.0069 0x1618 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:21:22.0076 0x1618 amdsbs - ok
22:21:22.0099 0x1618 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:21:22.0101 0x1618 amdxata - ok
22:21:22.0219 0x1618 [ 2B3F956AC2E0BA937FFF1BC407ACD6C9, 172097F294CD13FFABF8E4487AB1CC6BB156515CBC945C0B7507B85D569D210E ] APCPBEAgent C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe
22:21:22.0221 0x1618 APCPBEAgent - ok
22:21:22.0302 0x1618 [ 9F088AE503D1242FC922B2FB2986A8BB, 50D0FF9885A3E88751EA183B957E8AB6563484B4A059768CEDF4EC701B19713C ] APCPBEServer C:\PROGRA~2\APC\POWERC~1\server\PBESER~1.EXE
22:21:22.0303 0x1618 APCPBEServer - ok
22:21:22.0378 0x1618 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
22:21:22.0381 0x1618 AppID - ok
22:21:22.0426 0x1618 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:21:22.0428 0x1618 AppIDSvc - ok
22:21:22.0466 0x1618 [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll
22:21:22.0470 0x1618 Appinfo - ok
22:21:22.0574 0x1618 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:22.0576 0x1618 Apple Mobile Device - ok
22:21:22.0619 0x1618 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
22:21:22.0627 0x1618 AppMgmt - ok
22:21:22.0649 0x1618 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:21:22.0652 0x1618 arc - ok
22:21:22.0671 0x1618 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:21:22.0675 0x1618 arcsas - ok
22:21:22.0807 0x1618 [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:21:22.0810 0x1618 aspnet_state - ok
22:21:22.0830 0x1618 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:22.0832 0x1618 AsyncMac - ok
22:21:22.0890 0x1618 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
22:21:22.0892 0x1618 atapi - ok
22:21:22.0953 0x1618 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:21:22.0968 0x1618 AudioEndpointBuilder - ok
22:21:22.0984 0x1618 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:21:22.0995 0x1618 AudioSrv - ok
22:21:23.0040 0x1618 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:21:23.0043 0x1618 AxInstSV - ok
22:21:23.0092 0x1618 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:21:23.0106 0x1618 b06bdrv - ok
22:21:23.0127 0x1618 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:21:23.0133 0x1618 b57nd60a - ok
22:21:23.0162 0x1618 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
22:21:23.0166 0x1618 BDESVC - ok
22:21:23.0178 0x1618 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
22:21:23.0179 0x1618 Beep - ok
22:21:23.0251 0x1618 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
22:21:23.0266 0x1618 BFE - ok
22:21:23.0621 0x1618 [ 9CF4428D09C73B6F633AF9E58B835689, 173D1A8A3E1B1CA6D0E4773B048B8B6549A8124E87942992BDE30211BEFFBE20 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20160213.003\BHDrvx64.sys
22:21:23.0654 0x1618 BHDrvx64 - ok
22:21:23.0704 0x1618 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
22:21:23.0722 0x1618 BITS - ok
22:21:23.0755 0x1618 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:21:23.0757 0x1618 blbdrive - ok
22:21:23.0856 0x1618 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:21:23.0870 0x1618 Bonjour Service - ok
22:21:23.0917 0x1618 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:21:23.0921 0x1618 bowser - ok
22:21:23.0944 0x1618 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:21:23.0946 0x1618 BrFiltLo - ok
22:21:23.0956 0x1618 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:21:23.0957 0x1618 BrFiltUp - ok
22:21:24.0004 0x1618 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
22:21:24.0009 0x1618 Browser - ok
22:21:24.0031 0x1618 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:21:24.0038 0x1618 Brserid - ok
22:21:24.0052 0x1618 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:24.0054 0x1618 BrSerWdm - ok
22:21:24.0069 0x1618 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:24.0071 0x1618 BrUsbMdm - ok
22:21:24.0083 0x1618 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:24.0085 0x1618 BrUsbSer - ok
22:21:24.0105 0x1618 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:21:24.0108 0x1618 BTHMODEM - ok
22:21:24.0144 0x1618 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
22:21:24.0147 0x1618 bthserv - ok
22:21:24.0225 0x1618 [ 2C6FFCCA37B002AAB3C7C31A6D780A76, C28B4B8CE8D42D4F3EECB2F47DC0DADE560E0725E7D41CD42F39F179D3C8F6B0 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys
22:21:24.0231 0x1618 ccSet_N360 - ok
22:21:24.0252 0x1618 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:21:24.0256 0x1618 cdfs - ok
22:21:24.0310 0x1618 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:21:24.0316 0x1618 cdrom - ok
22:21:24.0358 0x1618 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
22:21:24.0361 0x1618 CertPropSvc - ok
22:21:24.0383 0x1618 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:21:24.0386 0x1618 circlass - ok
22:21:24.0441 0x1618 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
22:21:24.0453 0x1618 CLFS - ok
22:21:24.0524 0x1618 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:24.0527 0x1618 clr_optimization_v2.0.50727_32 - ok
22:21:24.0585 0x1618 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:24.0589 0x1618 clr_optimization_v2.0.50727_64 - ok
22:21:24.0671 0x1618 [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:24.0676 0x1618 clr_optimization_v4.0.30319_32 - ok
22:21:24.0696 0x1618 [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:24.0701 0x1618 clr_optimization_v4.0.30319_64 - ok
22:21:24.0728 0x1618 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:21:24.0730 0x1618 CmBatt - ok
22:21:24.0746 0x1618 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:21:24.0747 0x1618 cmdide - ok
22:21:24.0795 0x1618 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys
22:21:24.0810 0x1618 CNG - ok
22:21:24.0834 0x1618 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:21:24.0835 0x1618 Compbatt - ok
22:21:24.0892 0x1618 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:21:24.0895 0x1618 CompositeBus - ok
22:21:24.0910 0x1618 COMSysApp - ok
22:21:24.0929 0x1618 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:21:24.0931 0x1618 crcdisk - ok
22:21:24.0974 0x1618 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:21:24.0981 0x1618 CryptSvc - ok
22:21:25.0037 0x1618 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
22:21:25.0055 0x1618 CSC - ok
22:21:25.0103 0x1618 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
22:21:25.0117 0x1618 CscService - ok
22:21:25.0170 0x1618 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:21:25.0182 0x1618 DcomLaunch - ok
22:21:25.0234 0x1618 [ B56714DED87E29377F1EE930691DADA2, B3C3BC4F546A786A93823C1471D560BF678A9C95237065E3B99B2B80E6C28131 ] DDDriver C:\Windows\system32\drivers\DDDriver64Dcsa.sys
22:21:25.0236 0x1618 DDDriver - ok
22:21:25.0270 0x1618 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
22:21:25.0280 0x1618 defragsvc - ok
22:21:25.0346 0x1618 [ 66C87079CFCB61B650086802693114E0, B1EE411DF69BB98D5D9FA2D88C4C9FE1E4877FD8BBF572C3F444C90576ED0724 ] DellProf C:\Windows\system32\drivers\DellProf.sys
22:21:25.0348 0x1618 DellProf - ok
22:21:25.0417 0x1618 [ B0D48CBBA04D430A481D9ABF47F9C992, A8293DE036810BB03BF6AB7A70AB14E4DD36BC64D244846A3C33B1D7B7B85C64 ] dell_power_nap_service C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe
22:21:25.0418 0x1618 dell_power_nap_service - ok
22:21:25.0464 0x1618 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:21:25.0468 0x1618 DfsC - ok
22:21:25.0501 0x1618 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:21:25.0512 0x1618 Dhcp - ok
22:21:25.0620 0x1618 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll
22:21:25.0649 0x1618 DiagTrack - ok
22:21:25.0677 0x1618 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
22:21:25.0678 0x1618 discache - ok
22:21:25.0708 0x1618 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:21:25.0712 0x1618 Disk - ok
22:21:25.0755 0x1618 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:21:25.0762 0x1618 Dnscache - ok
22:21:25.0834 0x1618 [ 0840ABBBDF438691EE65A20040635CBE, F83597ECECFADBA45242B683A19A01ADF84203B016301B64530C7BE8234175E8 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:21:25.0838 0x1618 DockLoginService - ok
22:21:25.0878 0x1618 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
22:21:25.0888 0x1618 dot3svc - ok
22:21:25.0923 0x1618 [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:21:25.0928 0x1618 Dot4 - ok
22:21:25.0976 0x1618 [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:21:25.0978 0x1618 Dot4Print - ok
22:21:25.0997 0x1618 [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:21:26.0000 0x1618 dot4usb - ok
22:21:26.0047 0x1618 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
22:21:26.0053 0x1618 DPS - ok
22:21:26.0107 0x1618 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:21:26.0109 0x1618 drmkaud - ok
22:21:26.0171 0x1618 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:21:26.0191 0x1618 DXGKrnl - ok
22:21:26.0222 0x1618 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
22:21:26.0226 0x1618 EapHost - ok
22:21:26.0339 0x1618 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:21:26.0404 0x1618 ebdrv - ok
22:21:26.0486 0x1618 [ DB817375F4D6D3F2556DE7777775D885, 6DC5CC936E26CBB468ACDD008F6F8B30F8D9D1EC631BCDDF7E692814C9A54D7D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:21:26.0499 0x1618 eeCtrl - ok
22:21:26.0548 0x1618 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] EFS C:\Windows\System32\lsass.exe
22:21:26.0550 0x1618 EFS - ok
22:21:26.0607 0x1618 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:21:26.0623 0x1618 ehRecvr - ok
22:21:26.0646 0x1618 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
22:21:26.0650 0x1618 ehSched - ok
22:21:26.0697 0x1618 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:21:26.0710 0x1618 elxstor - ok
22:21:26.0764 0x1618 [ A47F76D4AAFD6193AAC5E049C560213D, 2B6E4EB31394C4D8D2444A197FFCC3C702BC17B0F7BDF0D6FF87DF5C14016FC1 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:21:26.0770 0x1618 EraserUtilRebootDrv - ok
22:21:26.0803 0x1618 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:21:26.0805 0x1618 ErrDev - ok
22:21:26.0849 0x1618 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
22:21:26.0859 0x1618 EventSystem - ok
22:21:26.0893 0x1618 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
22:21:26.0900 0x1618 exfat - ok
22:21:26.0921 0x1618 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:21:26.0929 0x1618 fastfat - ok
22:21:26.0999 0x1618 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
22:21:27.0014 0x1618 Fax - ok
22:21:27.0039 0x1618 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:21:27.0040 0x1618 fdc - ok
22:21:27.0052 0x1618 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
22:21:27.0054 0x1618 fdPHost - ok
22:21:27.0066 0x1618 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
22:21:27.0068 0x1618 FDResPub - ok
22:21:27.0100 0x1618 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:21:27.0103 0x1618 FileInfo - ok
22:21:27.0115 0x1618 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:21:27.0117 0x1618 Filetrace - ok
22:21:27.0144 0x1618 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:27.0146 0x1618 flpydisk - ok
22:21:27.0167 0x1618 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:21:27.0178 0x1618 FltMgr - ok
22:21:27.0263 0x1618 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
22:21:27.0289 0x1618 FontCache - ok
22:21:27.0339 0x1618 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:27.0342 0x1618 FontCache3.0.0.0 - ok
22:21:27.0360 0x1618 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:21:27.0363 0x1618 FsDepends - ok
22:21:27.0402 0x1618 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:21:27.0404 0x1618 Fs_Rec - ok
22:21:27.0455 0x1618 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:21:27.0463 0x1618 fvevol - ok
22:21:27.0481 0x1618 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:21:27.0484 0x1618 gagp30kx - ok
22:21:27.0541 0x1618 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:27.0543 0x1618 GEARAspiWDM - ok
22:21:27.0599 0x1618 [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
22:21:27.0601 0x1618 GoToAssist - ok
22:21:27.0666 0x1618 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
22:21:27.0682 0x1618 gpsvc - ok
22:21:27.0795 0x1618 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:27.0799 0x1618 gupdate - ok
22:21:27.0818 0x1618 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:27.0822 0x1618 gupdatem - ok
22:21:27.0880 0x1618 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:21:27.0886 0x1618 gusvc - ok
22:21:27.0930 0x1618 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:21:27.0932 0x1618 hcw85cir - ok
22:21:27.0981 0x1618 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:21:27.0994 0x1618 HdAudAddService - ok
22:21:28.0046 0x1618 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:21:28.0050 0x1618 HDAudBus - ok
22:21:28.0064 0x1618 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:21:28.0066 0x1618 HidBatt - ok
22:21:28.0086 0x1618 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:21:28.0089 0x1618 HidBth - ok
22:21:28.0110 0x1618 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:21:28.0112 0x1618 HidIr - ok
22:21:28.0134 0x1618 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
22:21:28.0136 0x1618 hidserv - ok
22:21:28.0178 0x1618 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:21:28.0181 0x1618 HidUsb - ok
22:21:28.0218 0x1618 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:21:28.0222 0x1618 hkmsvc - ok
22:21:28.0274 0x1618 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:21:28.0283 0x1618 HomeGroupListener - ok
22:21:28.0319 0x1618 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:21:28.0324 0x1618 HomeGroupProvider - ok
22:21:28.0440 0x1618 [ 97AAC45A375168C6A2297BEEB9692E31, 9C7285988D0C5DE8E3608F4E9F50A5C9398FFD0DA0F4C965C953859001FC76C8 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:21:28.0448 0x1618 hpqcxs08 - ok
22:21:28.0486 0x1618 [ 19A4FB67B1C97EA18EDFF44340973CD9, F1B6A7C1E450FF9A1D10F315F17D42DFE8390E88FF1AED4DE35237C4B81FC81D ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:21:28.0490 0x1618 hpqddsvc - ok
22:21:28.0533 0x1618 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:21:28.0536 0x1618 HpSAMD - ok
22:21:28.0715 0x1618 [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC C:\Users\GS47E1~1.OVE\AppData\Local\Temp\7zS4EF7\hpslpsvc64.dll
22:21:28.0734 0x1618 HPSLPSVC - ok
22:21:28.0804 0x1618 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:21:28.0819 0x1618 HTTP - ok
22:21:28.0868 0x1618 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:21:28.0869 0x1618 hwpolicy - ok
22:21:28.0922 0x1618 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:21:28.0926 0x1618 i8042prt - ok
22:21:28.0997 0x1618 [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:21:29.0009 0x1618 IAANTMON - ok
22:21:29.0050 0x1618 [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:21:29.0062 0x1618 iaStor - ok
22:21:29.0115 0x1618 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:21:29.0129 0x1618 iaStorV - ok
22:21:29.0209 0x1618 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:29.0232 0x1618 idsvc - ok
22:21:29.0516 0x1618 [ 3448DB2B812AA873ED6E5D609B1DB067, E0F9B35FE59713C09BD838FAD5305DF5FDF24DF1D88F8849F7F88466CF93A7F7 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20160302.001\IDSvia64.sys
22:21:29.0532 0x1618 IDSVia64 - ok
22:21:29.0563 0x1618 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:21:29.0565 0x1618 iirsp - ok
22:21:29.0638 0x1618 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
22:21:29.0657 0x1618 IKEEXT - ok
22:21:29.0715 0x1618 [ 358A23ACF3A78893EEACD4BEB20953D5, 7B9A3FD2B34B9E7801804186026C1987EA240849EFDEF5F257B7E9634C02D760 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:21:29.0745 0x1618 IntcAzAudAddService - ok
22:21:29.0791 0x1618 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
22:21:29.0793 0x1618 intelide - ok
22:21:29.0821 0x1618 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:21:29.0823 0x1618 intelppm - ok
22:21:29.0850 0x1618 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:21:29.0856 0x1618 IPBusEnum - ok
22:21:29.0906 0x1618 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:29.0909 0x1618 IpFilterDriver - ok
22:21:29.0969 0x1618 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:21:29.0981 0x1618 iphlpsvc - ok
22:21:30.0009 0x1618 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:21:30.0013 0x1618 IPMIDRV - ok
22:21:30.0026 0x1618 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:21:30.0032 0x1618 IPNAT - ok
22:21:30.0111 0x1618 [ 0FF335D687C85097725A53458160E81E, BF8BB3C8AF1822BEB5FF5F8008614B982F277D862B16B6516CA91F73D336E9D4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:21:30.0128 0x1618 iPod Service - ok
22:21:30.0157 0x1618 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:21:30.0158 0x1618 IRENUM - ok
22:21:30.0203 0x1618 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:21:30.0205 0x1618 isapnp - ok
22:21:30.0251 0x1618 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:21:30.0261 0x1618 iScsiPrt - ok
22:21:30.0290 0x1618 [ 71235F7BAA7E5E79D38157DF7A0F806A, DFD441C25EE1E3A656D38396F474E0B445DBDB34A380610A6695674210BFD55F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
22:21:30.0293 0x1618 JRAID - ok
22:21:30.0306 0x1618 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:30.0309 0x1618 kbdclass - ok
22:21:30.0353 0x1618 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:30.0355 0x1618 kbdhid - ok
22:21:30.0382 0x1618 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] KeyIso C:\Windows\system32\lsass.exe
22:21:30.0384 0x1618 KeyIso - ok
22:21:30.0417 0x1618 [ 7BDDD24C5A148534D3737DBFA96B3E69, 06130316A21B1D67B5885AB7030603097EC96F7104F3766D67793ECFC1143158 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:21:30.0421 0x1618 KSecDD - ok
22:21:30.0435 0x1618 [ BA500732D160C61E889E8180EE53C86F, 2E9B9FEF4E2F86DBF6778AD0A581CE2F1CA0AC777440BA05AB36B031CE1E8781 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:21:30.0441 0x1618 KSecPkg - ok
22:21:30.0460 0x1618 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:21:30.0461 0x1618 ksthunk - ok
22:21:30.0494 0x1618 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
22:21:30.0508 0x1618 KtmRm - ok
22:21:30.0557 0x1618 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:21:30.0566 0x1618 LanmanServer - ok
22:21:30.0608 0x1618 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:21:30.0614 0x1618 LanmanWorkstation - ok
22:21:30.0670 0x1618 [ 5BAC863D5A369E827E8F01747B4C33A2, 6F78C3B2CECF8E141773EC7B7BE5EA6EDAC0B790594BF1F502C33BBC7043B319 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
22:21:30.0672 0x1618 libusb0 - ok
22:21:30.0702 0x1618 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:21:30.0705 0x1618 lltdio - ok
22:21:30.0738 0x1618 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:21:30.0749 0x1618 lltdsvc - ok
22:21:30.0766 0x1618 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:21:30.0768 0x1618 lmhosts - ok
22:21:30.0794 0x1618 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:21:30.0799 0x1618 LSI_FC - ok
22:21:30.0807 0x1618 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:21:30.0811 0x1618 LSI_SAS - ok
22:21:30.0825 0x1618 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:21:30.0827 0x1618 LSI_SAS2 - ok
22:21:30.0840 0x1618 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:21:30.0843 0x1618 LSI_SCSI - ok
22:21:30.0856 0x1618 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
22:21:30.0859 0x1618 luafv - ok
22:21:30.0892 0x1618 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:21:30.0897 0x1618 Mcx2Svc - ok
22:21:30.0967 0x1618 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:21:30.0977 0x1618 MDM - ok
22:21:31.0063 0x1618 [ 5AC6D44CCB8D5C4ABAC823EAA85D571D, D3A5F83B7734E336DE496707DEEA9BED98D69F1C773F5FA17CBF22F1B293B4A4 ] Media Jukebox 14 Service C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe
22:21:31.0076 0x1618 Media Jukebox 14 Service - ok
22:21:31.0094 0x1618 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:21:31.0096 0x1618 megasas - ok
22:21:31.0127 0x1618 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:21:31.0133 0x1618 MegaSR - ok
22:21:31.0150 0x1618 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
22:21:31.0152 0x1618 MMCSS - ok
22:21:31.0169 0x1618 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
22:21:31.0171 0x1618 Modem - ok
22:21:31.0219 0x1618 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:21:31.0221 0x1618 monitor - ok
22:21:31.0275 0x1618 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:21:31.0278 0x1618 mouclass - ok
22:21:31.0302 0x1618 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:21:31.0305 0x1618 mouhid - ok
22:21:31.0350 0x1618 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:21:31.0353 0x1618 mountmgr - ok
22:21:31.0420 0x1618 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:21:31.0426 0x1618 MozillaMaintenance - ok
22:21:31.0469 0x1618 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
22:21:31.0475 0x1618 mpio - ok
22:21:31.0499 0x1618 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:21:31.0502 0x1618 mpsdrv - ok
22:21:31.0564 0x1618 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:21:31.0582 0x1618 MpsSvc - ok
22:21:31.0605 0x1618 MREMP50 - ok
22:21:31.0655 0x1618 MREMP50a64 - ok
22:21:31.0670 0x1618 MREMPR5 - ok
22:21:31.0674 0x1618 MRENDIS5 - ok
22:21:31.0682 0x1618 MRESP50 - ok
22:21:31.0686 0x1618 MRESP50a64 - ok
22:21:31.0721 0x1618 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:21:31.0726 0x1618 MRxDAV - ok
22:21:31.0769 0x1618 [ 355DF71D1DD1999E8AEDF986534B233C, 4F5B07A3E9F4C5EE259A72353835364BFEAEC792090C178C4EF91B517B1C49D0 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:31.0775 0x1618 mrxsmb - ok
22:21:31.0796 0x1618 [ A16FC9323A85CAEA5804D04646A91CF9, ABC9F1BE4B871EBB5FDED9FC248DABEC4004EBCCF53E6C4D1E54AF69653B00E0 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:31.0805 0x1618 mrxsmb10 - ok
22:21:31.0846 0x1618 [ 2539BE615440BA1EA4CF84A66B6C0AF9, 3369DE38EE49E5507A73036CDF3982AEF2331D61C7EC4F159004EAD14309A933 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:31.0851 0x1618 mrxsmb20 - ok
22:21:31.0890 0x1618 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
22:21:31.0892 0x1618 msahci - ok
22:21:31.0904 0x1618 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:21:31.0909 0x1618 msdsm - ok
22:21:31.0929 0x1618 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
22:21:31.0936 0x1618 MSDTC - ok
22:21:31.0966 0x1618 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:21:31.0968 0x1618 Msfs - ok
22:21:31.0976 0x1618 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:21:31.0978 0x1618 mshidkmdf - ok
22:21:32.0014 0x1618 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:21:32.0016 0x1618 msisadrv - ok
22:21:32.0051 0x1618 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:21:32.0058 0x1618 MSiSCSI - ok
22:21:32.0061 0x1618 msiserver - ok
22:21:32.0091 0x1618 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:21:32.0092 0x1618 MSKSSRV - ok
22:21:32.0113 0x1618 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:32.0114 0x1618 MSPCLOCK - ok
22:21:32.0124 0x1618 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:21:32.0131 0x1618 MSPQM - ok
22:21:32.0176 0x1618 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:21:32.0189 0x1618 MsRPC - ok
22:21:32.0205 0x1618 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:21:32.0206 0x1618 mssmbios - ok
22:21:32.0221 0x1618 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:21:32.0222 0x1618 MSTEE - ok
22:21:32.0233 0x1618 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:21:32.0235 0x1618 MTConfig - ok
22:21:32.0259 0x1618 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
22:21:32.0262 0x1618 Mup - ok
22:21:32.0341 0x1618 [ F2840DBFE9322F35557219AE82CC4597, 51AADE48DB7F61DFB3AF7CADF46250211B210DF35EA12E7767F1CACBA3B8F4D3 ] N360 C:\Program Files (x86)\Engine\6.4.1.14\ccSvcHst.exe
22:21:32.0343 0x1618 N360 - ok
22:21:32.0395 0x1618 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
22:21:32.0409 0x1618 napagent - ok
22:21:32.0435 0x1618 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:21:32.0442 0x1618 NativeWifiP - ok
22:21:32.0589 0x1618 [ FE7B38240E86075E6BC5953496B5C2F1, 13CBDCFD5E63A49D6E66D9EBA701037F014EEED9BBFE8588CE2968A35FF2E16E ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20160302.004\ENG64.SYS
22:21:32.0593 0x1618 NAVENG - ok
22:21:32.0690 0x1618 [ C002FA84570CA35F704ACF0AC4A5EAB0, E4246631E5D7AFD31CE642157A9102CB0DDE5B5051D08C3A5EA736CB3C99C6D9 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20160302.004\EX64.SYS
22:21:32.0724 0x1618 NAVEX15 - ok
22:21:32.0796 0x1618 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:21:32.0815 0x1618 NDIS - ok
22:21:32.0837 0x1618 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:32.0838 0x1618 NdisCap - ok
22:21:32.0866 0x1618 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:32.0868 0x1618 NdisTapi - ok
22:21:32.0903 0x1618 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:32.0906 0x1618 Ndisuio - ok
22:21:32.0941 0x1618 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:32.0947 0x1618 NdisWan - ok
22:21:32.0981 0x1618 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:21:32.0984 0x1618 NDProxy - ok
22:21:33.0075 0x1618 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:21:33.0078 0x1618 Net Driver HPZ12 - ok
22:21:33.0100 0x1618 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:21:33.0102 0x1618 NetBIOS - ok
22:21:33.0144 0x1618 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:21:33.0152 0x1618 NetBT - ok
22:21:33.0180 0x1618 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] Netlogon C:\Windows\system32\lsass.exe
22:21:33.0181 0x1618 Netlogon - ok
22:21:33.0225 0x1618 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
22:21:33.0239 0x1618 Netman - ok
22:21:33.0310 0x1618 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:33.0316 0x1618 NetMsmqActivator - ok
22:21:33.0323 0x1618 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:33.0327 0x1618 NetPipeActivator - ok
22:21:33.0349 0x1618 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
22:21:33.0358 0x1618 netprofm - ok
22:21:33.0375 0x1618 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:33.0377 0x1618 NetTcpActivator - ok
22:21:33.0382 0x1618 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:33.0385 0x1618 NetTcpPortSharing - ok
22:21:33.0408 0x1618 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:21:33.0410 0x1618 nfrd960 - ok
22:21:33.0455 0x1618 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:21:33.0466 0x1618 NlaSvc - ok
22:21:33.0533 0x1618 [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] npf C:\Windows\system32\drivers\npf.sys
22:21:33.0534 0x1618 npf - ok
22:21:33.0540 0x1618 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:21:33.0542 0x1618 Npfs - ok
22:21:33.0565 0x1618 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
22:21:33.0567 0x1618 nsi - ok
22:21:33.0579 0x1618 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:21:33.0581 0x1618 nsiproxy - ok
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 2nd, 2016, 11:35 pm

Step three continued...

22:21:33.0666 0x1618 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:21:33.0699 0x1618 Ntfs - ok
22:21:33.0711 0x1618 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
22:21:33.0712 0x1618 Null - ok
22:21:33.0744 0x1618 [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:21:33.0747 0x1618 NVHDA - ok
22:21:34.0081 0x1618 [ 5D89C0070BC2643117CF33D0367AFABA, C245E0C0DB6665B6226B4D188F620272C175F0FEA63617ECA45B4FA86273E20C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:21:34.0385 0x1618 nvlddmkm - ok
22:21:34.0450 0x1618 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:21:34.0456 0x1618 nvraid - ok
22:21:34.0478 0x1618 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:21:34.0485 0x1618 nvstor - ok
22:21:34.0922 0x1618 [ 63B5DCF3A9EEA1C418468A312B54E612, 1094032CA6D6C6E06868483667B454781C10E820E3A727B59FA9AF727D713360 ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
22:21:35.0289 0x1618 NvStreamSvc - ok
22:21:35.0358 0x1618 [ C5647FB500C2A1F946B77C953528042D, E0A53D158B2141EBBE6762165154B4DE9524E6BD3AD7247B6D25AC96E0A34AA0 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:21:35.0383 0x1618 nvsvc - ok
22:21:35.0400 0x1618 nvvad_WaveExtensible - ok
22:21:35.0445 0x1618 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:21:35.0450 0x1618 nv_agp - ok
22:21:35.0484 0x1618 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:21:35.0487 0x1618 ohci1394 - ok
22:21:35.0536 0x1618 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:35.0539 0x1618 ose - ok
22:21:35.0577 0x1618 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:21:35.0587 0x1618 p2pimsvc - ok
22:21:35.0608 0x1618 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
22:21:35.0618 0x1618 p2psvc - ok
22:21:35.0675 0x1618 [ B87EFC9994F53124622FA2A0CAA6D828, A0F761A6BE9B44CE0E87B270DC2745C092226B1431B6C360FCFF9D299E0E6B63 ] PAC7302 C:\Windows\system32\DRIVERS\PAC7302.SYS
22:21:35.0690 0x1618 PAC7302 - ok
22:21:35.0721 0x1618 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:21:35.0724 0x1618 Parport - ok
22:21:35.0758 0x1618 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:21:35.0762 0x1618 partmgr - ok
22:21:35.0801 0x1618 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:21:35.0810 0x1618 PcaSvc - ok
22:21:35.0823 0x1618 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
22:21:35.0829 0x1618 pci - ok
22:21:35.0871 0x1618 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
22:21:35.0873 0x1618 pciide - ok
22:21:35.0896 0x1618 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:21:35.0904 0x1618 pcmcia - ok
22:21:35.0923 0x1618 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
22:21:35.0926 0x1618 pcw - ok
22:21:35.0955 0x1618 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:21:35.0975 0x1618 PEAUTH - ok
22:21:36.0054 0x1618 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:21:36.0084 0x1618 PeerDistSvc - ok
22:21:36.0167 0x1618 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:21:36.0169 0x1618 PerfHost - ok
22:21:36.0254 0x1618 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
22:21:36.0284 0x1618 pla - ok
22:21:36.0346 0x1618 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:21:36.0361 0x1618 PlugPlay - ok
22:21:36.0440 0x1618 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:21:36.0444 0x1618 Pml Driver HPZ12 - ok
22:21:36.0469 0x1618 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:21:36.0473 0x1618 PNRPAutoReg - ok
22:21:36.0496 0x1618 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:21:36.0506 0x1618 PNRPsvc - ok
22:21:36.0551 0x1618 [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:21:36.0554 0x1618 Point64 - ok
22:21:36.0580 0x1618 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:21:36.0595 0x1618 PolicyAgent - ok
22:21:36.0632 0x1618 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
22:21:36.0638 0x1618 Power - ok
22:21:36.0693 0x1618 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:21:36.0698 0x1618 PptpMiniport - ok
22:21:36.0710 0x1618 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:21:36.0713 0x1618 Processor - ok
22:21:36.0753 0x1618 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
22:21:36.0762 0x1618 ProfSvc - ok
22:21:36.0781 0x1618 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] ProtectedStorage C:\Windows\system32\lsass.exe
22:21:36.0784 0x1618 ProtectedStorage - ok
22:21:36.0843 0x1618 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:21:36.0847 0x1618 Psched - ok
22:21:36.0887 0x1618 [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:21:36.0889 0x1618 PxHlpa64 - ok
22:21:36.0970 0x1618 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:21:37.0001 0x1618 ql2300 - ok
22:21:37.0014 0x1618 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:21:37.0017 0x1618 ql40xx - ok
22:21:37.0043 0x1618 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
22:21:37.0050 0x1618 QWAVE - ok
22:21:37.0061 0x1618 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:21:37.0062 0x1618 QWAVEdrv - ok
22:21:37.0070 0x1618 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:21:37.0071 0x1618 RasAcd - ok
22:21:37.0092 0x1618 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:21:37.0094 0x1618 RasAgileVpn - ok
22:21:37.0099 0x1618 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
22:21:37.0102 0x1618 RasAuto - ok
22:21:37.0139 0x1618 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:37.0142 0x1618 Rasl2tp - ok
22:21:37.0196 0x1618 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
22:21:37.0207 0x1618 RasMan - ok
22:21:37.0240 0x1618 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:37.0244 0x1618 RasPppoe - ok
22:21:37.0253 0x1618 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:21:37.0257 0x1618 RasSstp - ok
22:21:37.0311 0x1618 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:21:37.0322 0x1618 rdbss - ok
22:21:37.0334 0x1618 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:21:37.0335 0x1618 rdpbus - ok
22:21:37.0363 0x1618 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:37.0364 0x1618 RDPCDD - ok
22:21:37.0410 0x1618 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:21:37.0416 0x1618 RDPDR - ok
22:21:37.0430 0x1618 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:21:37.0431 0x1618 RDPENCDD - ok
22:21:37.0442 0x1618 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:21:37.0442 0x1618 RDPREFMP - ok
22:21:37.0532 0x1618 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:21:37.0534 0x1618 RdpVideoMiniport - ok
22:21:37.0580 0x1618 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:21:37.0588 0x1618 RDPWD - ok
22:21:37.0628 0x1618 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:21:37.0636 0x1618 rdyboost - ok
22:21:37.0718 0x1618 [ A0FF419B61AE47E26ADF3BB15DB4F2FE, 974FF9751D123E212BD3CE8DAE70D4BCCC988A01431A1BD91A532849E492BBD8 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
22:21:37.0720 0x1618 RealNetworks Downloader Resolver Service - ok
22:21:37.0744 0x1618 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:21:37.0749 0x1618 RemoteAccess - ok
22:21:37.0773 0x1618 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:21:37.0781 0x1618 RemoteRegistry - ok
22:21:37.0920 0x1618 [ 05FC44D32A144925EAE45570029FD6E1, 843976755AC807920C84D769D91C04AFA9CD02B71F4E8F20B0C16493AA878923 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
22:21:37.0943 0x1618 RoxMediaDB10 - ok
22:21:37.0961 0x1618 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:21:37.0964 0x1618 RpcEptMapper - ok
22:21:37.0972 0x1618 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
22:21:37.0974 0x1618 RpcLocator - ok
22:21:38.0018 0x1618 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
22:21:38.0031 0x1618 RpcSs - ok
22:21:38.0064 0x1618 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:21:38.0066 0x1618 rspndr - ok
22:21:38.0103 0x1618 [ 2DB8116D52B19216812C4E6D5D837810, 00A524FF80DE69B6B6CA767C90723E833891C006AB43E65A1F6F14C38B8F2427 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:21:38.0111 0x1618 RSUSBSTOR - ok
22:21:38.0151 0x1618 [ B49DC435AE3695BAC5623DD94B05732D, D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:21:38.0159 0x1618 RTL8167 - ok
22:21:38.0191 0x1618 RtsUIR - ok
22:21:38.0195 0x1618 RxFilter - ok
22:21:38.0228 0x1618 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:21:38.0230 0x1618 s3cap - ok
22:21:38.0247 0x1618 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] SamSs C:\Windows\system32\lsass.exe
22:21:38.0249 0x1618 SamSs - ok
22:21:38.0287 0x1618 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:21:38.0292 0x1618 sbp2port - ok
22:21:38.0321 0x1618 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:21:38.0330 0x1618 SCardSvr - ok
22:21:38.0366 0x1618 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:21:38.0368 0x1618 scfilter - ok
22:21:38.0440 0x1618 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
22:21:38.0463 0x1618 Schedule - ok
22:21:38.0500 0x1618 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:21:38.0502 0x1618 SCPolicySvc - ok
22:21:38.0543 0x1618 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:21:38.0551 0x1618 SDRSVC - ok
22:21:38.0590 0x1618 [ 0A6A1C9A7F80A2A5DCCED5C4C0473765, 6CB51AE871FBD5D07C5AAD6FF8EEA43D34063089528603CA9CEB8B4F52F68DDC ] se64a C:\Windows\system32\Drivers\se64a.sys
22:21:38.0591 0x1618 se64a - ok
22:21:38.0621 0x1618 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:21:38.0623 0x1618 secdrv - ok
22:21:38.0653 0x1618 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
22:21:38.0657 0x1618 seclogon - ok
22:21:38.0685 0x1618 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
22:21:38.0689 0x1618 SENS - ok
22:21:38.0694 0x1618 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:21:38.0698 0x1618 SensrSvc - ok
22:21:38.0721 0x1618 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:21:38.0723 0x1618 Serenum - ok
22:21:38.0737 0x1618 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:21:38.0741 0x1618 Serial - ok
22:21:38.0783 0x1618 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:21:38.0785 0x1618 sermouse - ok
22:21:38.0823 0x1618 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
22:21:38.0828 0x1618 SessionEnv - ok
22:21:38.0903 0x1618 SessionLauncher - ok
22:21:38.0941 0x1618 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:21:38.0943 0x1618 sffdisk - ok
22:21:38.0951 0x1618 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:21:38.0953 0x1618 sffp_mmc - ok
22:21:38.0964 0x1618 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:21:38.0966 0x1618 sffp_sd - ok
22:21:38.0974 0x1618 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:21:38.0975 0x1618 sfloppy - ok
22:21:39.0066 0x1618 [ 4215C271D6E6898C3F4DABAB4F387DC9, 10D845466AC239E18A381FA3BCF1DA1CDCF7CC4363D3A6B4695D6562B3EF7541 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
22:21:39.0099 0x1618 SftService - ok
22:21:39.0136 0x1618 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:21:39.0149 0x1618 SharedAccess - ok
22:21:39.0200 0x1618 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:21:39.0214 0x1618 ShellHWDetection - ok
22:21:39.0240 0x1618 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:21:39.0242 0x1618 SiSRaid2 - ok
22:21:39.0257 0x1618 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:21:39.0261 0x1618 SiSRaid4 - ok
22:21:39.0302 0x1618 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:21:39.0306 0x1618 Smb - ok
22:21:39.0344 0x1618 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:21:39.0347 0x1618 SNMPTRAP - ok
22:21:39.0441 0x1618 [ 0F979F7EFEBEC9FBF7520125564EDF79, 0937DCF27168993BFF98E354FB20346991EBB73ED862413E9A1D93DBD903B1F1 ] softOSD C:\Program Files (x86)\softOSD\softOSD.exe
22:21:39.0450 0x1618 softOSD - ok
22:21:39.0461 0x1618 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
22:21:39.0462 0x1618 spldr - ok
22:21:39.0512 0x1618 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
22:21:39.0524 0x1618 Spooler - ok
22:21:39.0646 0x1618 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
22:21:39.0717 0x1618 sppsvc - ok
22:21:39.0734 0x1618 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:21:39.0737 0x1618 sppuinotify - ok
22:21:39.0852 0x1618 [ 891793E00432FA055CF040605C260E49, 3DB1251B5473CDE19CAAA6C4FAC00414120209534F45A5CE24DCCC9645C989C2 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS
22:21:39.0872 0x1618 SRTSP - ok
22:21:39.0909 0x1618 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E, E911DA0DCEE83F92DB97D933C8E35548C2D8F21850720E197DC31F75F681F32D ] SRTSPX C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS
22:21:39.0912 0x1618 SRTSPX - ok
22:21:39.0960 0x1618 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:21:39.0977 0x1618 srv - ok
22:21:40.0027 0x1618 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:21:40.0042 0x1618 srv2 - ok
22:21:40.0057 0x1618 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:21:40.0061 0x1618 srvnet - ok
22:21:40.0102 0x1618 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:21:40.0107 0x1618 SSDPSRV - ok
22:21:40.0122 0x1618 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:21:40.0126 0x1618 SstpSvc - ok
22:21:40.0233 0x1618 [ 32B37DD6E7D423DF3CF3B196C8005F85, 5989DD72AB03009625D5A49CC05D7955D07E3A933AEB292882F22928C5D60565 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:21:40.0243 0x1618 Stereo Service - ok
22:21:40.0270 0x1618 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:21:40.0272 0x1618 stexstor - ok
22:21:40.0333 0x1618 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
22:21:40.0355 0x1618 stisvc - ok
22:21:40.0421 0x1618 [ FF5EB78AF7DFB68C2FB363537AAF753E, BF34EBC28A18D31ADA21098FCD2F2D5FACE7AA9B49DB1AFA4AD248B2A58FE86E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:21:40.0424 0x1618 stllssvr - ok
22:21:40.0460 0x1618 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:21:40.0462 0x1618 storflt - ok
22:21:40.0491 0x1618 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
22:21:40.0495 0x1618 StorSvc - ok
22:21:40.0537 0x1618 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:21:40.0539 0x1618 storvsc - ok
22:21:40.0576 0x1618 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
22:21:40.0578 0x1618 swenum - ok
22:21:40.0612 0x1618 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
22:21:40.0627 0x1618 swprv - ok
22:21:40.0671 0x1618 [ 8B2430762099598DA40686F754632EFD, BEF443EB8CDB8792E8B9CF861E8D2205DEA336BC24A92417D67DD5A28DD35BE9 ] SymDS C:\Windows\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS
22:21:40.0686 0x1618 SymDS - ok
22:21:40.0737 0x1618 [ 5CB7F2FD7E30A0F52F93574BFC3A8041, C44FC8931C6BC5F9B0EDC64796ED87A68CDCF9D88815A7CE8D73CC195DAF00DE ] SymEFA C:\Windows\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS
22:21:40.0759 0x1618 SymEFA - ok
22:21:40.0817 0x1618 [ 898BB48C797483420DF523B2BBC1ECDB, 39C510395950B50AABB339A76FF2CB1706761B196F05F9B86B12472B9C1EF3DC ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:21:40.0824 0x1618 SymEvent - ok
22:21:40.0844 0x1618 [ 5013A76CAAA1D7CF1C55214B490B4E35, B7AC28C29C4152977A6313FB47984643EC395BCDD9B417853D4E31D7AD98598B ] SymIRON C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS
22:21:40.0851 0x1618 SymIRON - ok
22:21:40.0870 0x1618 [ 3911BD0E68C010E5438A87706ABBE9AB, C79D2444830E4AE8A36D8686635463BF34B22913AA417A48AB0AC0A48F7D227B ] SymNetS C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS
22:21:40.0879 0x1618 SymNetS - ok
22:21:40.0964 0x1618 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
22:21:41.0000 0x1618 SysMain - ok
22:21:41.0032 0x1618 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:21:41.0035 0x1618 TabletInputService - ok
22:21:41.0052 0x1618 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
22:21:41.0065 0x1618 TapiSrv - ok
22:21:41.0091 0x1618 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
22:21:41.0094 0x1618 TBS - ok
22:21:41.0181 0x1618 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:21:41.0219 0x1618 Tcpip - ok
22:21:41.0274 0x1618 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:21:41.0304 0x1618 TCPIP6 - ok
22:21:41.0337 0x1618 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:21:41.0338 0x1618 tcpipreg - ok
22:21:41.0362 0x1618 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:21:41.0364 0x1618 TDPIPE - ok
22:21:41.0398 0x1618 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:21:41.0400 0x1618 TDTCP - ok
22:21:41.0439 0x1618 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:21:41.0444 0x1618 tdx - ok
22:21:41.0484 0x1618 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
22:21:41.0487 0x1618 TermDD - ok
22:21:41.0545 0x1618 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
22:21:41.0563 0x1618 TermService - ok
22:21:41.0570 0x1618 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
22:21:41.0573 0x1618 Themes - ok
22:21:41.0590 0x1618 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
22:21:41.0591 0x1618 THREADORDER - ok
22:21:41.0618 0x1618 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
22:21:41.0624 0x1618 TrkWks - ok
22:21:41.0688 0x1618 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:21:41.0695 0x1618 TrustedInstaller - ok
22:21:41.0730 0x1618 [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:41.0732 0x1618 tssecsrv - ok
22:21:41.0771 0x1618 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:21:41.0774 0x1618 TsUsbFlt - ok
22:21:41.0821 0x1618 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:21:41.0826 0x1618 tunnel - ok
22:21:41.0840 0x1618 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:21:41.0843 0x1618 uagp35 - ok
22:21:41.0881 0x1618 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:21:41.0892 0x1618 udfs - ok
22:21:41.0905 0x1618 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:21:41.0909 0x1618 UI0Detect - ok
22:21:41.0937 0x1618 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:21:41.0940 0x1618 uliagpkx - ok
22:21:41.0991 0x1618 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
22:21:41.0993 0x1618 umbus - ok
22:21:42.0020 0x1618 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:21:42.0022 0x1618 UmPass - ok
22:21:42.0062 0x1618 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
22:21:42.0072 0x1618 UmRdpService - ok
22:21:42.0092 0x1618 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
22:21:42.0102 0x1618 upnphost - ok
22:21:42.0144 0x1618 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:42.0149 0x1618 usbccgp - ok
22:21:42.0173 0x1618 USBCCID - ok
22:21:42.0224 0x1618 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:21:42.0228 0x1618 usbcir - ok
22:21:42.0259 0x1618 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:21:42.0262 0x1618 usbehci - ok
22:21:42.0305 0x1618 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:21:42.0316 0x1618 usbhub - ok
22:21:42.0351 0x1618 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:21:42.0352 0x1618 usbohci - ok
22:21:42.0389 0x1618 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:21:42.0391 0x1618 usbprint - ok
22:21:42.0431 0x1618 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:21:42.0433 0x1618 usbscan - ok
22:21:42.0465 0x1618 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:42.0469 0x1618 USBSTOR - ok
22:21:42.0506 0x1618 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:21:42.0508 0x1618 usbuhci - ok
22:21:42.0527 0x1618 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
22:21:42.0530 0x1618 UxSms - ok
22:21:42.0544 0x1618 [ 5673794F254FE312AF62D9DA32805A2F, 76400BF26F87303924A4FA9DFE5DD13170D1E4A195CD12548DBAA0E6E8C11B1B ] VaultSvc C:\Windows\system32\lsass.exe
22:21:42.0546 0x1618 VaultSvc - ok
22:21:42.0589 0x1618 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:21:42.0592 0x1618 vdrvroot - ok
22:21:42.0646 0x1618 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
22:21:42.0665 0x1618 vds - ok
22:21:42.0682 0x1618 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:42.0684 0x1618 vga - ok
22:21:42.0697 0x1618 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:21:42.0699 0x1618 VgaSave - ok
22:21:42.0742 0x1618 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:21:42.0751 0x1618 vhdmp - ok
22:21:42.0802 0x1618 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
22:21:42.0804 0x1618 viaide - ok
22:21:42.0845 0x1618 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:21:42.0852 0x1618 vmbus - ok
22:21:42.0864 0x1618 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:21:42.0866 0x1618 VMBusHID - ok
22:21:42.0892 0x1618 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:21:42.0896 0x1618 volmgr - ok
22:21:42.0937 0x1618 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:21:42.0949 0x1618 volmgrx - ok
22:21:42.0968 0x1618 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:21:42.0975 0x1618 volsnap - ok
22:21:43.0008 0x1618 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:21:43.0012 0x1618 vsmraid - ok
22:21:43.0094 0x1618 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
22:21:43.0127 0x1618 VSS - ok
22:21:43.0143 0x1618 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:21:43.0144 0x1618 vwifibus - ok
22:21:43.0195 0x1618 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
22:21:43.0207 0x1618 W32Time - ok
22:21:43.0219 0x1618 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:21:43.0221 0x1618 WacomPen - ok
22:21:43.0252 0x1618 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:21:43.0256 0x1618 WANARP - ok
22:21:43.0262 0x1618 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:21:43.0265 0x1618 Wanarpv6 - ok
22:21:43.0363 0x1618 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:21:43.0389 0x1618 WatAdminSvc - ok
22:21:43.0469 0x1618 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
22:21:43.0500 0x1618 wbengine - ok
22:21:43.0517 0x1618 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:21:43.0523 0x1618 WbioSrvc - ok
22:21:43.0558 0x1618 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:21:43.0567 0x1618 wcncsvc - ok
22:21:43.0578 0x1618 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:21:43.0581 0x1618 WcsPlugInService - ok
22:21:43.0595 0x1618 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:21:43.0597 0x1618 Wd - ok
22:21:43.0643 0x1618 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:21:43.0645 0x1618 WDC_SAM - ok
22:21:43.0696 0x1618 [ AFA293DAE84019BB65E17F926E9F5185, EE056291483376D7944CD2AB4EDE34B1031915EAB1C168B9777A4C8E840033AD ] WDDriveService C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
22:21:43.0704 0x1618 WDDriveService - ok
22:21:43.0756 0x1618 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:21:43.0779 0x1618 Wdf01000 - ok
22:21:43.0809 0x1618 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:21:43.0814 0x1618 WdiServiceHost - ok
22:21:43.0820 0x1618 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:21:43.0825 0x1618 WdiSystemHost - ok
22:21:43.0871 0x1618 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
22:21:43.0883 0x1618 WebClient - ok
22:21:43.0919 0x1618 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:21:43.0926 0x1618 Wecsvc - ok
22:21:43.0941 0x1618 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:21:43.0945 0x1618 wercplsupport - ok
22:21:43.0969 0x1618 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
22:21:43.0974 0x1618 WerSvc - ok
22:21:44.0004 0x1618 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:21:44.0005 0x1618 WfpLwf - ok
22:21:44.0050 0x1618 [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:21:44.0056 0x1618 WimFltr - ok
22:21:44.0071 0x1618 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:21:44.0073 0x1618 WIMMount - ok
22:21:44.0094 0x1618 WinDefend - ok
22:21:44.0103 0x1618 WinHttpAutoProxySvc - ok
22:21:44.0163 0x1618 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:21:44.0173 0x1618 Winmgmt - ok
22:21:44.0265 0x1618 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
22:21:44.0306 0x1618 WinRM - ok
22:21:44.0349 0x1618 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] winusb C:\Windows\system32\drivers\WinUSB.SYS
22:21:44.0351 0x1618 winusb - ok
22:21:44.0406 0x1618 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:21:44.0425 0x1618 Wlansvc - ok
22:21:44.0568 0x1618 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:21:44.0613 0x1618 wlidsvc - ok
22:21:44.0657 0x1618 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:21:44.0658 0x1618 WmiAcpi - ok
22:21:44.0689 0x1618 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:21:44.0696 0x1618 wmiApSrv - ok
22:21:44.0723 0x1618 WMPNetworkSvc - ok
22:21:44.0751 0x1618 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:21:44.0754 0x1618 WPCSvc - ok
22:21:44.0787 0x1618 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:21:44.0793 0x1618 WPDBusEnum - ok
22:21:44.0819 0x1618 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:21:44.0821 0x1618 ws2ifsl - ok
22:21:44.0839 0x1618 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
22:21:44.0844 0x1618 wscsvc - ok
22:21:44.0848 0x1618 WSearch - ok
22:21:44.0959 0x1618 [ 3D4032E6A5885C007AEF4BA816AB4032, 21EB2B5B5A64EED44B5B7743820842205175F52A6F5525BD0F95DCB2733F449C ] wuauserv C:\Windows\system32\wuaueng.dll
22:21:45.0011 0x1618 wuauserv - ok
22:21:45.0054 0x1618 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:21:45.0056 0x1618 WudfPf - ok
22:21:45.0091 0x1618 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:45.0098 0x1618 WUDFRd - ok
22:21:45.0132 0x1618 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:21:45.0137 0x1618 wudfsvc - ok
22:21:45.0176 0x1618 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
22:21:45.0186 0x1618 WwanSvc - ok
22:21:45.0199 0x1618 ================ Scan global ===============================
22:21:45.0235 0x1618 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
22:21:45.0282 0x1618 [ 96AEEE466EA56AF34AE4AD5E55DAD164, 467DA5C29E04E02520974163AEBF7FAA3DED8212A765616C0D877E4F36AD173C ] C:\Windows\system32\winsrv.dll
22:21:45.0300 0x1618 [ 96AEEE466EA56AF34AE4AD5E55DAD164, 467DA5C29E04E02520974163AEBF7FAA3DED8212A765616C0D877E4F36AD173C ] C:\Windows\system32\winsrv.dll
22:21:45.0330 0x1618 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:21:45.0379 0x1618 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
22:21:45.0392 0x1618 [ Global ] - ok
22:21:45.0392 0x1618 ================ Scan MBR ==================================
22:21:45.0402 0x1618 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
22:21:45.0599 0x1618 \Device\Harddisk0\DR0 - ok
22:21:45.0602 0x1618 [ 7393077CA6EA53102C377176288BF2F3 ] \Device\Harddisk3\DR3
22:21:45.0608 0x1618 \Device\Harddisk3\DR3 - ok
22:21:45.0609 0x1618 ================ Scan VBR ==================================
22:21:45.0611 0x1618 [ 81B2553D177A9E56891B2EC897494859 ] \Device\Harddisk0\DR0\Partition1
22:21:45.0612 0x1618 \Device\Harddisk0\DR0\Partition1 - ok
22:21:45.0614 0x1618 [ E3BC3E22DCEF8947B8239CF38B8B8282 ] \Device\Harddisk0\DR0\Partition2
22:21:45.0616 0x1618 \Device\Harddisk0\DR0\Partition2 - ok
22:21:45.0619 0x1618 [ 77737746A31A53018595175C23F66B88 ] \Device\Harddisk3\DR3\Partition1
22:21:45.0622 0x1618 \Device\Harddisk3\DR3\Partition1 - ok
22:21:45.0622 0x1618 ================ Scan generic autorun ======================
22:21:45.0623 0x1618 Skytel - ok
22:21:45.0801 0x1618 [ 135886BF0A92CE6CEA1B516F8FCB4545, 6EB4A8F5BA13732135737649C8C7D958647547EF639E2C6FA5A27E16C789419A ] C:\Windows\RAVCpl64.exe
22:21:45.0927 0x1618 RtHDVCpl - ok
22:21:46.0004 0x1618 [ 72334F906C2E2B002CDD2FF9022FD957, 991F7C606E122BBD388BA37E56B37CC6D2DCA304784E4CE06018D698C57F320F ] C:\Windows\PixArt\PAC7302\Monitor.exe
22:21:46.0014 0x1618 PAC7302_Monitor - ok
22:21:46.0065 0x1618 [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
22:21:46.0069 0x1618 IAAnotif - ok
22:21:46.0101 0x1618 [ 33EC4FFA56B0487E5118B39C77A87709, 7F2CBF00B2F4B079ADBF077D7EDDEF215FC5BB61C2BF46F3B914B18C5CCB8B07 ] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe
22:21:46.0111 0x1618 dslToasterLauncher - ok
22:21:46.0197 0x1618 [ 2FA512C0875B2599E51580764620C46E, 6B4EA1C62AE1DF5EA9418BD0A757720409375A2F3559D0347C53C5E84470AB10 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
22:21:46.0204 0x1618 Launcher - ok
22:21:46.0282 0x1618 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:21:46.0307 0x1618 Sidebar - ok
22:21:46.0342 0x1618 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:21:46.0346 0x1618 mctadmin - ok
22:21:46.0386 0x1618 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:21:46.0404 0x1618 Sidebar - ok
22:21:46.0409 0x1618 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:21:46.0411 0x1618 mctadmin - ok
22:21:46.0490 0x1618 [ C4EFFE930649C758E208BDED65B408CB, BDA46FE42D469C8D05CD2665896490831DFB9450F645FA7961AC2ED2E77D92AB ] C:\Users\G.S. Ovenden\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
22:21:46.0493 0x1618 Octoshape Streaming Services - ok
22:21:46.0534 0x1618 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:21:46.0552 0x1618 Sidebar - ok
22:21:46.0557 0x1618 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:21:46.0559 0x1618 mctadmin - ok
22:21:46.0586 0x1618 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:21:46.0603 0x1618 Sidebar - ok
22:21:46.0702 0x1618 [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
22:21:46.0704 0x1618 swg - ok
22:21:46.0753 0x1618 [ C31AAE3D6F9739EC1534D88E2444A0E8, BF92A3F9128E0C65D1233A94EC9695002433A4F86158980178F0353AC9B56E8C ] C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
22:21:46.0761 0x1618 NortonUtilities - ok
22:21:46.0767 0x1618 [ C4EFFE930649C758E208BDED65B408CB, BDA46FE42D469C8D05CD2665896490831DFB9450F645FA7961AC2ED2E77D92AB ] C:\Users\G.S. Ovenden\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
22:21:46.0769 0x1618 Octoshape Streaming Services - ok
22:21:46.0775 0x1618 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:21:46.0777 0x1618 mctadmin - ok
22:21:46.0778 0x1618 Waiting for KSN requests completion. In queue: 104
22:21:47.0778 0x1618 Waiting for KSN requests completion. In queue: 104
22:21:48.0778 0x1618 Waiting for KSN requests completion. In queue: 104
22:21:49.0887 0x1618 AV detected via SS2: Norton 360, C:\Program Files (x86)\Engine\6.4.1.14\WSCStub.exe ( 19.10.0.0 ), 0x51000 ( enabled : updated )
22:21:49.0889 0x1618 FW detected via SS2: Norton 360, C:\Program Files (x86)\Engine\6.4.1.14\WSCStub.exe ( 19.10.0.0 ), 0x51010 ( enabled )
22:21:52.0730 0x1618 ============================================================
22:21:52.0730 0x1618 Scan finished
22:21:52.0730 0x1618 ============================================================
22:21:52.0738 0x11dc Detected object count: 0
22:21:52.0738 0x11dc Actual detected object count: 0
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 3rd, 2016, 12:09 am

Step four...
Quick scan ran for several minutes and then quit with a message box containing the following:

Avast! Antirootkit has stopped working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.


I intend to disable the Norton products and run this tool again. I know that Norton was running some program in the background and sense that there may have been a conflict. I don't think that this can do any harm.
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 3rd, 2016, 12:58 am

capnkrunch, Avast Antirootkit hung up again with the same message.

Early in the scan, it highlighted 6 lines which I captured in a screenshot.

Where the scanner was apparently looking when it hung up with the "stopped working" message is an area of my files that I have not looked at in years. It contains files that were stored for a period of time when transitioning from one laptop to another. The files have no value. Some are executable. Could malware be hidden here? Can I purge these files? Or is there some risk?

I don't think that I will proceed until I get your opinion.

stu
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby capnkrunch » March 3rd, 2016, 2:02 am

Hello stu :)

Good job with those scans. If aswMBR keeps hanging we will just skip it for now.

the stuart wrote:Early in the scan, it highlighted 6 lines which I captured in a screenshot.

I don't need to see this right now, but don't delete it yet.

the stuart wrote:Could malware be hidden here? Can I purge these files? Or is there some risk?

Leave them alone for now.

Please navigate to the following folder:
C:\Users\G.S. Ovenden\Documents\Computing\Troubleshooting Tools\Malwarebytes\Anti-Rootkit\mbar

There should be 2 logs mbar-log-2016-02-15 (10-59-01).txt and system-log.txt. Please copy and paste them in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • mbar-log-2016-02-15 (10-59-01).txt
  • system-log.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 3rd, 2016, 7:08 am

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
http://www.malwarebytes.org

Database version:
main: v2016.02.15.03
rootkit: v2016.02.08.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
G.S. Ovenden :: GSOVENDEN-PC [administrator]

2016-02-15 10:59:01 AM
mbar-log-2016-02-15 (10-59-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 493632
Time elapsed: 28 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKU\S-1-5-21-2615649320-1316126405-2989575285-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Delete on reboot. [7f8068f81881d16597b7bcc9e0222dd3]
HKU\S-1-5-21-2615649320-1316126405-2989575285-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Delete on reboot. [7f8068f81881d16597b7bcc9e0222dd3]
HKLM\SOFTWARE\CLASSES\INTERFACE\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Delete on reboot. [7e81abb5d7c2d75f85ccaed77290e917]
HKLM\SOFTWARE\CLASSES\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Delete on reboot. [16e9fb653e5bff37371a43427a88629e]
HKLM\SOFTWARE\CLASSES\INTERFACE\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Delete on reboot. [f708d38d9900d0669eb9414460a222de]
HKLM\SOFTWARE\CLASSES\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Delete on reboot. [07f83927405969cd80d7dca9df23e31d]
HKLM\SOFTWARE\CLASSES\INTERFACE\{618AAD04-921F-44C2-BE38-C0818AF69861} (Adware.ClickPotato) -> Delete on reboot. [07f83927405969cd80d7dca9df23e31d]
HKLM\SOFTWARE\CLASSES\INTERFACE\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} (Adware.ClickPotato) -> Delete on reboot. [07f83927405969cd80d7dca9df23e31d]
HKLM\SOFTWARE\CLASSES\INTERFACE\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} (Adware.ClickPotato) -> Delete on reboot. [07f83927405969cd80d7dca9df23e31d]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 3rd, 2016, 7:11 am

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 6433001472, free: 3633537024

Downloaded database version: v2016.02.15.03
Downloaded database version: v2016.02.08.01
Downloaded database version: v2016.02.12.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
02/15/2016 10:58:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\0604010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\0604010.00E\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\0604010.00E\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\0604010.00E\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\se64a.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20160213.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20160125.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\usbcir.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20160214.020\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20160214.020\ENG64.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\shlwapi.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2016.02.15.03
rootkit: v2016.02.08.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800669f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800669f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800669f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800640d050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C796C701

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition is not bootable

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 20156416
Partition is bootable
Partition file system is NTFS

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 20238336 Numsec = 956532736
Partition is not bootable
Partition file system is NTFS

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: HKU\S-1-5-21-2615649320-1316126405-2989575285-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} --> [Adware.ClickPotato]
Infected: HKU\S-1-5-21-2615649320-1316126405-2989575285-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} --> [Adware.ClickPotato]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{419EDA30-6DFF-432C-B534-E15D899ABEE4} --> [Adware.ClickPotato]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} --> [Adware.ClickPotato]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{30B15818-E110-4527-9C05-46ACE5A3460D} --> [Adware.ClickPotato]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} --> [Adware.ClickPotato]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{618AAD04-921F-44C2-BE38-C0818AF69861} --> [Adware.ClickPotato]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} --> [Adware.ClickPotato]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} --> [Adware.ClickPotato]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
=======================================
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 3rd, 2016, 11:09 am

I am taking this computer off-line for two to three days.

I have not abandoned this thread.
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby capnkrunch » March 3rd, 2016, 5:58 pm

Hello stu :)

Thanks for the heads up. I will review your logs and post the next set of instructions in the meantime but do not feel like you need to follow them immediately. We will not close your topic while you are gone. It would be great if you have a chance to review my post while you are away but if not that's fine as well.

Regards,
capnkrunch
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby capnkrunch » March 4th, 2016, 8:03 pm

Hello stu :)

I want to take a second to explain where your system stands. There is evidence of infections but it is all rather minor adware kind of junk. These can usually be removed with no problem. There is no evidence of backdoor trojans, rookits or other very dangerous malware.

However, that still leaves us with your Windows Update and permissions issues. I don't believe them to be malware related but that doesn't make them any easier to solve. Windows Update problems in particular are notoriously difficult to resolve.

This brings me to my recommendation. I believe the fastest and easiest way to get your system up and running again is to backup your data, reformat your harddrive and reinstall Windows (also known as repaving your computer). This should leave you with a fully functioning and clean computer.

I know this is not what you wanted to hear and so I don't make the recommendation lightly. With the issues your computer is experiencing I believe this will be the most painless way to resolve them. It will take some time to reinstall your programs and move your files back but I believe that would be minimal compared to the amount of time we could spend troubleshooting and even then I don't think the chances of success are great.

Please take some time to think about this and let me know how you want to proceed. Remember, my recommendation is that you repave.

If you need help repaving see these tutorials:
If your computer came with Windows Pre-Installed
If you installed Windows yourself using a Genuine Windows Installation Disk

Thanks,
capnkrunch
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 5th, 2016, 8:46 pm

capnkrunch, thank you for the effort that you have put into helping me. I appreciate your assurance that the computer seems clean. As you know, I had spent some time scrubbing the hard drive with various tools before I came to this site, so one or more of them must have intercepted any perpetrator. I had vacillated for a couple of weeks between thinking that I had a Windows Update problem versus a malware problem. By the time that I came to this site, I was of the belief that I had been violated, and I still hold that belief.

Thus, I recognize the conventional wisdom of your recommendation to repave. You could not do otherwise. Nevertheless, having reconstructed some systems in the past, I have to say that it typically took a matter of days, rather than hours, for me to regain a fully functioning system. I do have a disc for the reinstallation of the Windows 7, provided by Dell with the computer, and I find several program DVD's that I made at the time of the purchase. However, I do not know what may exist in the way of a recovery partition or recovery discs, and I will have to relearn the procedure with W7 operating system.

I do not know if the OS repair function exists within W7 as it did within XP. I will have some reading to do. Meanwhile, I still have a functioning system. Is it one without an open backdoor? I do not know. If I need to reformat the hard drive, I might just pull this one and buy a new(er) and perhaps larger drive, do a minimal W7 plus SP1 install and upgrade to W10. Dell does not guarantee drivers for the system components, so there is some risk of further grief. However, judging by the viewer traffic and participation on all of the computer help forums, I am suspicious that MS operating systems and software have come under an onslaught of malicious campaigns, perhaps similar in nature to the one that I experienced. There are reasons that MS is giving away free upgrades to W10. It is likely time for me to ditch Office 2003 as well, as I know that MS condemns the vulnerability of the Outlook SSL protocol versus the TLS of the succeeding generations.

It is it your belief that a W10 upgrade could not/should not be run over top of my current W7 condition?

Can you express an opinion as to what part of the OS is compromised in order to mess up my permissions and program installations? Registry, or otherwise?

I have a number of things to consider here, and no particular urgency as long as the system is working and there is no evidence of current alien cohabitation.

One disconcerting thing that I have learned is that the WD external hard drive has ceased to mirror the content of my C drive. I can still access the stale data, but it will not provide the "backup" function as intended. I do not yet know if this is a "permission" issue, or a flawed Windows Update that broke communication. I will have to attempt some simulation in order to gain confidence that any of my backup programs are working as intended.

Thanks for any further thoughts.

stu
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby capnkrunch » March 6th, 2016, 6:12 am

the stuart wrote:However, I do not know what may exist in the way of a recovery partition or recovery discs, and I will have to relearn the procedure with W7 operating system.

That 39MB partition that you were worried about is a Dell recovery partition. We do not have the expertise to walk you through a reformat here but I can definitely point you in the right direction if you need assisstance.

the stuart wrote:Meanwhile, I still have a functioning system. Is it one without an open backdoor? I do not know.

Having reviewed some of the logs from scans that you ran as well as the ones I asked you to run I see no evidence of a backdoor.

the stuart wrote:However, judging by the viewer traffic and participation on all of the computer help forums, I am suspicious that MS operating systems and software have come under an onslaught of malicious campaigns, perhaps similar in nature to the one that I experienced. There are reasons that MS is giving away free upgrades to W10.

Windows has always been under attack because it is the biggest target. Whether you upgrade to Windows 10 or not is a personal decision. There are certain security improvements in it but I do not think the security is better enough for that to be a reason to upgrade.

the stuart wrote:It is likely time for me to ditch Office 2003 as well, as I know that MS condemns the vulnerability of the Outlook SSL protocol versus the TLS of the succeeding generations.

Using outdated software leaves you open to known vulnerabilities. Office is often a target of malware authors and so it is inadvisable to use an unsupported version

the stuart wrote:It is it your belief that a W10 upgrade could not/should not be run over top of my current W7 condition?

I would not recommend it. Windows version upgrades are volatile on a good day. Doing one on a damaged system is a bad idea. Especially when Windows Update is broken.

the stuart wrote:Can you express an opinion as to what part of the OS is compromised in order to mess up my permissions and program installations? Registry, or otherwise?

Permissions issues are usually a file system problem. Like I said, there is no evidence of your machine being compromised. The issues could occur do to a corrupted update or losing power while certain system resources are in use or any number of reasons.

In reviewing your logs and the SevenForums thread I've only come to believe more firmly in my recommendation for repaving. Having confirmed my findings allow me to be more frank in my assessment:

Recovering from widespread permissions damage as your computer appears to have is not realistic.

You are caught in a nasty catch-22. The permissions and Windows Update issues are outside of my expertise and I would need to refer you elsewhere to resolve them. Most places will not help while your computer is infected, but the system problems make your computer too unstable so I do not feel comfortable running our removal tools on it. In addition, I suspect even if we did and I referred you out the recommendation would still be to repave (recall that the SevenForums helper was leaning towards this solution as well).

the stuart wrote:I have a number of things to consider here, and no particular urgency as long as the system is working and there is no evidence of current alien cohabitation.

Certainly take some time and think this through. However, I would not recommend using your computer as is for an extended period. Even though there's no backdoor, you are still infected and having a broken Windows Update puts you at high risk of additional infections.

the stuart wrote:One disconcerting thing that I have learned is that the WD external hard drive has ceased to mirror the content of my C drive. I can still access the stale data, but it will not provide the "backup" function as intended. I do not yet know if this is a "permission" issue, or a flawed Windows Update that broke communication. I will have to attempt some simulation in order to gain confidence that any of my backup programs are working as intended.

Plug your drive into one of your other machines and make sure the files are up to date and readable. That is the best way to do it. This problem sounds like a driver issue but I would definitely not mess with drivers with your system in its current state. Best to manually backup, verify it on another machine if your worried and repave.

If you need a referral for assisstance with repaving let me know. If you go that route let me know when you are done and I will leave you with some advice on staying secure. If you choose to continue your recovery attempts it will have to be on your own. In that case please let me know so I can request that this thread be closed.

Regards,
capnkrunch
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Intruder Occupies a Portion of My Hard Drive

Unread postby the stuart » March 6th, 2016, 6:37 am

Thanks capnkrunch.
With apparently little to lose, I purged the files that I had mentioned regarding the failed Avast scan. This allowed the aswMBR scan to run. It seems basically clean, but did complain about Elf. You had recommended removing it before I got hung up on a previous failed tool installation. I was able to uninstall Elf.
I then tried to uninstall vShare Plug-in, but it says that it is waiting for a previous operation to complete.
Is this anything informative? Or just more of the same?
the stuart
Regular Member
 
Posts: 20
Joined: February 27th, 2016, 11:37 pm
Location: Ontario, Canada
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 361 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware