Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit


  • Please log in to reply
9 replies to this topic

#1 rrwallace61

rrwallace61

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 02 April 2014 - 10:28 AM

Server has been experiencing rather strange NTFS errors\warnings.

 

Starting with stcvsm source event 260.

While re-activating on \Device\HarddiskVolume16, VDIFF has detected that previous boot session ended with a crash. VDIFF is terminated.

 

And then,

 

NTFS warning event 130.

The file system structure on volume C:\Windows\Temp\Harddisk1Partition1 has now been repaired.

 

Then,

 

NTFS warning event 136.

The default transaction resource manager on volume C:\Windows\Temp\Harddisk1Partition1 encountered an error while starting and its metadata was reset.  The data contains the error code.

 

Details of the above event.

+ System

  - Provider

   [ Name]  Ntfs
 
  - EventID 136

   [ Qualifiers]  32772
 
   Level 3
 
   Task 2
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2014-04-01T15:14:57.993Z
 
   EventRecordID 866010
 
   Channel System
 
   Computer FE-SBS.Farriselectric.local
 
   Security
 

- EventData

    
   C:\Windows\Temp\Harddisk1Partition1
   1C00040002003000020000008800048000000000060019C000000000000000000000000000000000060019C0


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 0004001C 00300002 00000002 80040088
0008: 00000000 C0190006 00000000 00000000
0010: 00000000 00000000 C0190006  


In Bytes

0000: 1C 00 04 00 02 00 30 00   ......0.
0008: 02 00 00 00 88 00 04 80   ......
0010: 00 00 00 00 06 00 19 C0   .......À
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0028: 06 00 19 C0               ...À
 

and again with

 

NTFS 130 2 times

The file system structure on volume C:\Windows\Temp\Harddisk1Partition1 has now been repaired.

 

Followed by

 

Quota event 9

The quota minifilter driver was successfully attached to volume "\Device\HarddiskVolume16 (C:\Windows\Temp\Harddisk1Partition1)" but the quota usage information is possibly out of date, and the volume will be rescanned. This can typically occur as a result of a system crash, quota configuration backup/restore, and volume failover in a cluster. Once the scan completes quotas will function properly.

 

followed by

 

stcvsm 260

While re-activating on \Device\HarddiskVolume17, VDIFF has detected that previous boot session ended with a crash. VDIFF is terminated.

 

app popup 26

Application popup: Windows - Corrupt File : Exception Processing Message 0xc0000102 Parameters 0x000007FEFE0A722C 0x000007FEFE0A722C 0x000007FEFE0A722C 0x000007FEFE0A722C

 

ntfs 55

The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume17.

 

ntfs 137

The default transaction resource manager on volume \Device\HarddiskVolume17 encountered a non-retryable error and could not start.  The data contains the error code.

 

details of 137

+ System

  - Provider

   [ Name]  Ntfs
 
  - EventID 137

   [ Qualifiers]  49156
 
   Level 2
 
   Task 2
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2014-04-01T15:15:01.175Z
 
   EventRecordID 866017
 
   Channel System
 
   Computer FE-SBS.Farriselectric.local
 
   Security
 

- EventData

    
   \Device\HarddiskVolume17
   1C0004000200300002000000890004C000000000020100C000000000000000000000000000000000020100C0


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 0004001C 00300002 00000002 C0040089
0008: 00000000 C0000102 00000000 00000000
0010: 00000000 00000000 C0000102  


In Bytes

0000: 1C 00 04 00 02 00 30 00   ......0.
0008: 02 00 00 00 89 00 04 C0   ......À
0010: 00 00 00 00 02 01 00 C0   .......À
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
0028: 02 01 00 C0               ...À
 

 

 

source iscsiprt event 20

Connection to the target was lost. The initiator will attempt to retry the connection.

 

source iscsiprt event 7

The initiator could not send an iSCSI PDU. Error status is given in the dump data.

 

I ran a GMER and the results are attached.

Attached Files



BC AdBot (Login to Remove)

 


#2 rrwallace61

rrwallace61
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 03 April 2014 - 03:48 PM

here is a hijackthis log

 

Logfile of HijackThis v1.99.1
Scan saved at 1:47:11 PM, on 4/3/2014
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.19507)
 
Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\KaUsrTsk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
D:\Downloads\aswMBR.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Downloads\hijackthis_sfx.exe\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVP] "c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe"
O4 - HKLM\..\Run: [KASHMYRNTW27718108730149] "C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\KaUsrTsk.exe"
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://blogs.technet.com
O16 - DPF: {AD545DE1-CA51-4DB3-BFE9-FA898626B926} (VALaunchX Control) - https://assist.va.sonicwall.com/VAX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://control.itsupport247.net/components/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Farriselectric.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC116B9-DF9B-4EE1-BBDB-037A2A076D12}: NameServer = 172.16.0.2,172.16.0.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Farriselectric.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC116B9-DF9B-4EE1-BBDB-037A2A076D12}: NameServer = 172.16.0.2,172.16.0.6
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe" -r (file missing)
O23 - Service: BDRAgentScheduler - Zenith Infotech LTD - C:\PROGRA~2\ZenithBDR\BDRAgentScheduler.exe
O23 - Service: @%systemroot%\system32\certocm.dll,-347 (CertSvc) - Unknown owner - C:\Windows\system32\certsrv.exe (file missing)
O23 - Service: DSM SA Event Manager (dcevt32) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
O23 - Service: DSM SA Data Manager (dcstor32) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
O23 - Service: @%systemroot%\system32\dfssvc.exe,-101 (Dfs) - Unknown owner - C:\Windows\system32\dfssvc.exe (file missing)
O23 - Service: @dfsrress.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSRs.exe (file missing)
O23 - Service: @%systemroot%\system32\dns.exe,-49157 (DNS) - Unknown owner - C:\Windows\system32\dns.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ismserv.exe,-1 (IsmServ) - Unknown owner - C:\Windows\System32\ismserv.exe (file missing)
O23 - Service: Kaseya Agent (KAMYRNTW27718108730149) - Kaseya International Limited - C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\AgentMon.exe
O23 - Service: @%SystemRoot%\System32\kdcsvc.dll,-1 (kdc) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: mr2kserv - LSI  Logic Corporation - C:\Program Files (x86)\Dell\SysMgt\sm\mr2kserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: SQL Server FullText Search (SBSMONITORING) (msftesql$SBSMONITORING) - Unknown owner - C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:SBSMONITORING (file missing)
O23 - Service: Microsoft Search  (Exchange) (msftesql-Exchange) - Unknown owner - C:\Program Files\Microsoft\Exchange Server\Bin\msftesql.exe" -Exchange -s:Exchange -f:Exchange (file missing)
O23 - Service: SQL Server (SBSMONITORING) (MSSQL$SBSMONITORING) - Unknown owner - C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSBSMONITORING (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ntdsmsg.dll,-1 (NTDS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: File Replication Service (NtFrs) - Unknown owner - C:\Windows\system32\ntfrs.exe (file missing)
O23 - Service: PowerChute Network Shutdown (PCNS1) - Schneider Electric - C:\Program Files\APC\PowerChute\group1\pcns.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%Systemroot%\system32\rqs.exe,-200 (Rqs) - Unknown owner - C:\Windows\system32\rqs.exe (file missing)
O23 - Service: @gpapi.dll,-114 (RSoPProv) - Unknown owner - C:\Windows\system32\RSoPProv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: DSM SA Connection Service (Server Administrator) - Unknown owner - C:\Program Files (x86)\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
O23 - Service: ShadowProtectCore - Zenith Infotech Ltd. - C:\PROGRA~2\ZenithBDR\ShadowProtectCore.exe
O23 - Service: ShadowProtect Service (ShadowProtectSvc) - StorageCraft Technology Corporation - C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%windir%\system32\srm.dll,-3022 (SrmReports) - Unknown owner - C:\Windows\system32\srmhost.exe (file missing)
O23 - Service: StorageCraft Raw Agent (stc_raw_agent) - StorageCraft Technology Corporation - C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
O23 - Service: StorageCraft ImageReady - Unknown owner - C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
O23 - Service: @%SystemRoot%\system32\aaedge.dll,-2002 (TSGateway) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: StorageCraft Shadow Copy Provider (VSNAPVSS) - StorageCraft Technology Corporation - C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:23 PM

Posted 05 April 2014 - 01:12 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please post the logs for my review.

#4 rrwallace61

rrwallace61
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 08 April 2014 - 06:53 PM

16:46:41.0659 0x2a00  TDSS rootkit removing tool 3.0.0.30 Apr  7 2014 15:39:12
16:46:48.0008 0x2a00  ============================================================
16:46:48.0008 0x2a00  Current date / time: 2014/04/08 16:46:48.0008
16:46:48.0008 0x2a00  SystemInfo:
16:46:48.0008 0x2a00  
16:46:48.0008 0x2a00  OS Version: 6.0.6002 ServicePack: 2.0
16:46:48.0008 0x2a00  Product type: Domain controller
16:46:48.0008 0x2a00  ComputerName: FE-SBS
16:46:48.0008 0x2a00  UserName: Administrator
16:46:48.0008 0x2a00  Windows directory: C:\Windows
16:46:48.0008 0x2a00  System windows directory: C:\Windows
16:46:48.0008 0x2a00  Running under WOW64
16:46:48.0008 0x2a00  Processor architecture: Intel x64
16:46:48.0008 0x2a00  Number of processors: 12
16:46:48.0008 0x2a00  Page size: 0x1000
16:46:48.0008 0x2a00  Boot type: Normal boot
16:46:48.0008 0x2a00  ============================================================
16:46:48.0117 0x2a00  KLMD registered as C:\Windows\system32\drivers\06647066.sys
16:46:48.0304 0x2a00  System UUID: {6F08340C-7FB1-4F8E-5284-B2755D0DBE8F}
16:46:49.0037 0x2a00  Drive \Device\Harddisk0\DR0 - Size: 0x11730000000 (1116.75 Gb), SectorSize: 0x200, Cylinders: 0x463E2, SectorsPerTrack: 0x2C, TracksPerCylinder: 0xB9, Type 'K0', Flags 0x00000040
16:46:49.0053 0x2a00  ============================================================
16:46:49.0053 0x2a00  \Device\Harddisk0\DR0:
16:46:49.0053 0x2a00  MBR partitions:
16:46:49.0053 0x2a00  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0xC350000
16:46:49.0053 0x2a00  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC364000, BlocksNum 0x7F61B7F8
16:46:49.0053 0x2a00  ============================================================
16:46:49.0053 0x2a00  C: <-> \Device\Harddisk0\DR0\Partition1
16:46:49.0084 0x2a00  D: <-> \Device\Harddisk0\DR0\Partition2
16:46:49.0084 0x2a00  ============================================================
16:46:49.0084 0x2a00  Initialize success
16:46:49.0084 0x2a00  ============================================================
16:47:19.0926 0x2b84  ============================================================
16:47:19.0926 0x2b84  Scan started
16:47:19.0926 0x2b84  Mode: Manual; SigCheck; TDLFS; 
16:47:19.0926 0x2b84  ============================================================
16:47:19.0926 0x2b84  KSN ping started
16:47:20.0518 0x2b84  KSN ping finished: true
16:47:20.0784 0x2b84  ================ Scan system memory ========================
16:47:20.0784 0x2b84  System memory - ok
16:47:20.0799 0x2b84  ================ Scan services =============================
16:47:21.0033 0x2b84  [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:47:21.0267 0x2b84  ACPI - ok
16:47:21.0330 0x2b84  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:47:21.0361 0x2b84  AdobeARMservice - ok
16:47:21.0392 0x2b84  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:47:21.0454 0x2b84  adp94xx - ok
16:47:21.0470 0x2b84  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:47:21.0501 0x2b84  adpahci - ok
16:47:21.0517 0x2b84  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:47:21.0532 0x2b84  adpu160m - ok
16:47:21.0564 0x2b84  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:47:21.0595 0x2b84  adpu320 - ok
16:47:21.0642 0x2b84  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:47:21.0704 0x2b84  AeLookupSvc - ok
16:47:21.0751 0x2b84  [ 2BA159E1F9FD75F6A496742B20F1D9CF, 50094F6E8415ACDBC0DA9C24EDAB3F9B192D2F0D6A820C18E8DBC6D72849D612 ] AFD             C:\Windows\system32\drivers\afd.sys
16:47:21.0798 0x2b84  AFD - ok
16:47:21.0844 0x2b84  [ 1A90E77C24968A730FBA5E7A687F4601, 825AC641EAE82DD803F44A62A2B679950799DBBB95DBE38D1939B17E07DC087E ] AgentLive       C:\PROGRA~2\ZenithBDR\AgentLive.exe
16:47:21.0891 0x2b84  AgentLive - ok
16:47:21.0907 0x2b84  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:47:21.0938 0x2b84  agp440 - ok
16:47:21.0969 0x2b84  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:47:22.0000 0x2b84  aic78xx - ok
16:47:22.0016 0x2b84  [ CCC1C25DDAE3FCF39D0849F6AFB19DDE, 2D31003AE8A668F9D03E67D0DDC419D4BC2D4422BF6666DB7B496A92B8C4FF96 ] aksdf           C:\Windows\system32\drivers\aksdf.sys
16:47:22.0047 0x2b84  aksdf - ok
16:47:22.0063 0x2b84  [ BA2342582697D66A2BFE84B702BDD78F, 9C9999FA0CCF43F0AA6D20C4B9592AE895C85C6D5D287FFEE4B4E541DFC9E580 ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
16:47:22.0094 0x2b84  aksfridge - ok
16:47:22.0141 0x2b84  [ A56F1B0F967AEF8A82D7771E6D166DEF, 498B2C9AFC8298C0D06FD6278DEA698C2AFEEC419200C1EF8C150ED7CB6FA1E8 ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
16:47:22.0188 0x2b84  akshasp - ok
16:47:22.0203 0x2b84  [ E444E6F621A3CDF0E3FF018293895061, EDCCB742E38F1063ABFD8AAEE1EDA5039E323600AAB30F7C32DFB4C327D9F32D ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
16:47:22.0234 0x2b84  aksusb - ok
16:47:22.0250 0x2b84  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
16:47:22.0297 0x2b84  ALG - ok
16:47:22.0328 0x2b84  [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:47:22.0359 0x2b84  aliide - ok
16:47:22.0375 0x2b84  [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:47:22.0406 0x2b84  amdide - ok
16:47:22.0406 0x2b84  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:47:22.0500 0x2b84  AmdK8 - ok
16:47:22.0531 0x2b84  [ B11291CBC71231C373743055FB7F5B48, 441B2A1BE3C8FD11C67A135456C3D622A045E5A2348D9E733AF8499C36229D3A ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
16:47:22.0578 0x2b84  AppHostSvc - ok
16:47:22.0593 0x2b84  [ D216E697764A75630890D67A90C0A148, CAB248D990C320DDC6922D35E4ABC80968DE941CECB82AC52B4D53E56CACC038 ] Appinfo         C:\Windows\System32\appinfo.dll
16:47:22.0640 0x2b84  Appinfo - ok
16:47:22.0656 0x2b84  [ 3DA98C07B18A676180FE7EED924D1673, 830E48C2AF04CB57E886643DF1288EDEBEEAF03CE04A4850E13E05FF206C507A ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:47:22.0702 0x2b84  AppMgmt - ok
16:47:22.0702 0x2b84  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
16:47:22.0734 0x2b84  arc - ok
16:47:22.0765 0x2b84  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:47:22.0796 0x2b84  arcsas - ok
16:47:22.0905 0x2b84  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:47:22.0936 0x2b84  aspnet_state - ok
16:47:22.0952 0x2b84  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:23.0061 0x2b84  AsyncMac - ok
16:47:23.0077 0x2b84  [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi           C:\Windows\system32\drivers\atapi.sys
16:47:23.0092 0x2b84  atapi - ok
16:47:23.0217 0x2b84  [ 3CC3E7786FFD8AF358C40B9CE592F321, F936F52E8B86DB8CFACD97D9C6283CE591B1C63DBDD45545BCCFF9C16E49AC32 ] atashost        C:\Windows\SysWOW64\atashost.exe
16:47:23.0248 0x2b84  atashost - ok
16:47:23.0280 0x2b84  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:47:23.0358 0x2b84  AudioEndpointBuilder - ok
16:47:23.0389 0x2b84  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:47:23.0467 0x2b84  AudioSrv - ok
16:47:23.0514 0x2b84  [ DEE4201B2720B874856B7938C051B6A9, 9570C8C81348975A3ED54CB16C1AAA5FCFD223DDB59EE91E7C85EE268CD0E40C ] AVP             c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
16:47:23.0545 0x2b84  AVP - ok
16:47:23.0576 0x2b84  [ 325A7296A859C2A70B8D71A59878F4E4, ED1E8A4CFD5263EA8CACDE60FD193BFAD5A190F3AF509659B4A264EBBF86EE9F ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:47:23.0623 0x2b84  b06bdrv - ok
16:47:23.0654 0x2b84  [ 1777E5AC9FC74F7991B2ABA25EA34759, ABF9BFC70E574503CB3074FDA8111126C2D4AE97152CB15959E90E6A7C62032E ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:47:23.0779 0x2b84  b57nd60a - ok
16:47:23.0826 0x2b84  [ A8D7CE13AA06438BB8F3837BA36908FA, 44F6A1D72A5D470611DDCFC3AB8DBACF599990AE65E853BEADBE7542D166F95E ] BDRAgentScheduler C:\PROGRA~2\ZenithBDR\BDRAgentScheduler.exe
16:47:23.0857 0x2b84  BDRAgentScheduler - ok
16:47:23.0904 0x2b84  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE             C:\Windows\System32\bfe.dll
16:47:24.0044 0x2b84  BFE - ok
16:47:24.0091 0x2b84  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS            C:\Windows\System32\qmgr.dll
16:47:24.0216 0x2b84  BITS - ok
16:47:24.0231 0x2b84  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:47:24.0340 0x2b84  blbdrive - ok
16:47:24.0356 0x2b84  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:47:24.0387 0x2b84  bowser - ok
16:47:24.0403 0x2b84  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:47:24.0450 0x2b84  BrFiltLo - ok
16:47:24.0465 0x2b84  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:47:24.0512 0x2b84  BrFiltUp - ok
16:47:24.0512 0x2b84  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
16:47:24.0637 0x2b84  Browser - ok
16:47:24.0652 0x2b84  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:47:24.0746 0x2b84  Brserid - ok
16:47:24.0762 0x2b84  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:47:24.0840 0x2b84  BrSerWdm - ok
16:47:24.0840 0x2b84  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:47:24.0933 0x2b84  BrUsbMdm - ok
16:47:24.0933 0x2b84  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:47:25.0042 0x2b84  BrUsbSer - ok
16:47:25.0042 0x2b84  BTHMODEM - ok
16:47:25.0261 0x2b84  [ 5A1BB6957CF377CA7B4EE70493ABF7E8, C65408EA4B27D024708786959A0B4B4A74C65153D8111973DD7A69452E9EE8B1 ] Canon Driver Information Assist Service C:\Program Files\Canon\DIAS\CnxDIAS.exe
16:47:25.0573 0x2b84  Canon Driver Information Assist Service - ok
16:47:25.0604 0x2b84  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:47:25.0713 0x2b84  cdfs - ok
16:47:25.0729 0x2b84  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:47:25.0776 0x2b84  cdrom - ok
16:47:25.0791 0x2b84  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:47:25.0869 0x2b84  CertPropSvc - ok
16:47:25.0900 0x2b84  [ B59DD8375629BB3E38E670FBC8F9DC34, 1981A55443C91660589D08FB1F9ECB09F53C89D17600C24AD87466DE5BDF6DAA ] CertSvc         C:\Windows\system32\certsrv.exe
16:47:25.0963 0x2b84  CertSvc - ok
16:47:25.0963 0x2b84  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:47:26.0056 0x2b84  circlass - ok
16:47:26.0088 0x2b84  [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS            C:\Windows\system32\CLFS.sys
16:47:26.0134 0x2b84  CLFS - ok
16:47:26.0181 0x2b84  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:47:26.0212 0x2b84  clr_optimization_v2.0.50727_32 - ok
16:47:26.0244 0x2b84  [ CE07A466201096F021CD09D631B21540, 1A11DDAB7000569A89F3FA26BDEE4D527FA6D57D3F91CDABAA9C02CACDDE5F6D ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:47:26.0259 0x2b84  clr_optimization_v2.0.50727_64 - ok
16:47:26.0322 0x2b84  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:47:26.0353 0x2b84  clr_optimization_v4.0.30319_32 - ok
16:47:26.0368 0x2b84  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:47:26.0400 0x2b84  clr_optimization_v4.0.30319_64 - ok
16:47:26.0415 0x2b84  [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:47:26.0431 0x2b84  cmdide - ok
16:47:26.0446 0x2b84  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:47:26.0462 0x2b84  Compbatt - ok
16:47:26.0462 0x2b84  COMSysApp - ok
16:47:26.0478 0x2b84  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:47:26.0493 0x2b84  crcdisk - ok
16:47:26.0587 0x2b84  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:47:26.0618 0x2b84  CryptSvc - ok
16:47:26.0634 0x2b84  [ 4AC4C36D85915CE61BE2A049AD11F666, 0080D43373DB108F0C51432D1FCADE8EAC31EC549A7A0B883E57887AB0D03C99 ] CSBA            C:\PROGRA~2\ZenithBDR\CSBA.exe
16:47:26.0665 0x2b84  CSBA - ok
16:47:26.0712 0x2b84  [ F60F50C8ED3FCBE358430B95FE27D09C, 2BCEBEAAC5D95F6DCEE23216F0E0A6A3B06522B57FFFD912E79D7A031EF0449A ] CSC             C:\Windows\system32\drivers\csc.sys
16:47:26.0774 0x2b84  CSC - ok
16:47:26.0805 0x2b84  [ 1B5F256D31836ED2BA60B3A6C800200C, 82C6E80CCD01B269E2E9C1349E454C11CACCF44B8F810D47DADF796F3444B462 ] CscService      C:\Windows\System32\cscsvc.dll
16:47:26.0883 0x2b84  CscService - ok
16:47:27.0008 0x2b84  [ 8F65EC7CB653C741E0AC90794542AF1A, 3C93980143E4FCEE390F050E4A44D4D76552E0CF378DCE1147F66864B1011146 ] DataCollectorSvc C:\Program Files\Windows Small Business Server\Bin\DataCollectorSvc.exe
16:47:27.0039 0x2b84  DataCollectorSvc - ok
16:47:27.0055 0x2b84  [ 2019DAC67714ECE52C346E3E13F936F1, 18187EC21EB8B27FD029A63667D6840A573B3311BC47282BCCB168DD3247F1A4 ] Datascrn        C:\Windows\system32\drivers\datascrn.sys
16:47:27.0086 0x2b84  Datascrn - ok
16:47:27.0102 0x2b84  [ CE4577325CBC0BE6692EB09C0D778B2D, C9AC112BA1D37F2458063A57C47E849BAEAA9BA44286A45369A0361EE40D029F ] dcdbas          C:\Windows\system32\DRIVERS\dcdbas64.sys
16:47:27.0117 0x2b84  dcdbas - ok
16:47:27.0148 0x2b84  [ 34D4951820B884EB02AFE79A229AF4FD, 76144C0E680D07FEBD10B21C3938E804305D788D71A0D913BFAEBC8FDA3A83EE ] dcevt32         C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
16:47:27.0180 0x2b84  dcevt32 - ok
16:47:27.0226 0x2b84  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:47:27.0336 0x2b84  DcomLaunch - ok
16:47:27.0336 0x2b84  [ 35BABD3736B6BCCEC15F1CCDCB6EE5D3, 606E3BD644482583164F9F43FDBD67644E354F95BE29CEC37C3181C65B0EF297 ] dcstor32        C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
16:47:27.0367 0x2b84  dcstor32 - ok
16:47:27.0367 0x2b84  ddnsclient - ok
16:47:27.0398 0x2b84  [ FEB069CA869C583EEFFF97A287153559, 0FE93A6794DC0B56780F89CF112DF6FFFF777F5B65FDE551584550F971788ADF ] Dfs             C:\Windows\system32\dfssvc.exe
16:47:27.0445 0x2b84  Dfs - ok
16:47:27.0460 0x2b84  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:47:27.0507 0x2b84  DfsC - ok
16:47:27.0523 0x2b84  [ C4800D7555A1B069DED2345CD6CD2AFE, 936786745C5EACB013E1466A40754E4E9868A5620F7777FD3574B425263F89D3 ] DfsDriver       C:\Windows\system32\drivers\dfs.sys
16:47:27.0538 0x2b84  DfsDriver - ok
16:47:27.0694 0x2b84  [ B08263CAD62318D5FDE5940529D2989A, A2EC45689272F79724E101B59EB8676EC4822D66280FB1C4153988A0E36FF4EA ] DFSR            C:\Windows\system32\DFSRs.exe
16:47:27.0975 0x2b84  DFSR - ok
16:47:28.0006 0x2b84  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:47:28.0069 0x2b84  Dhcp - ok
16:47:28.0194 0x2b84  [ FE6C76139282DBEECE2C97AEF92F5C49, 3C435AB35BE169DC565C77CB9E97B1D9E4A42FB049379AC1E4B4D00093D6D973 ] DHCPServer      C:\Windows\System32\dhcpssvc.dll
16:47:28.0272 0x2b84  DHCPServer - ok
16:47:28.0318 0x2b84  [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk            C:\Windows\system32\drivers\disk.sys
16:47:28.0350 0x2b84  disk - ok
16:47:28.0459 0x2b84  [ E79BD15D16ABBE5CE575B5ACC5B0B979, B29DD52A9D4BC7A05927F298B5678F2B0F9DF287E95F9FEEBD2505B375718A66 ] DNS             C:\Windows\system32\dns.exe
16:47:28.0568 0x2b84  DNS - ok
16:47:28.0584 0x2b84  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:47:28.0615 0x2b84  Dnscache - ok
16:47:28.0646 0x2b84  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc         C:\Windows\System32\dot3svc.dll
16:47:28.0708 0x2b84  dot3svc - ok
16:47:28.0708 0x2b84  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
16:47:28.0818 0x2b84  DPS - ok
16:47:28.0864 0x2b84  [ 0A3C78677FF62E9E0AE7CC25C790A968, 6A2D81BC3715FD4960D2C853870C056C5BFE581B25C4592CBF65EAC044DFEAB3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:47:28.0927 0x2b84  DXGKrnl - ok
16:47:28.0989 0x2b84  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
16:47:29.0083 0x2b84  E1G60 - ok
16:47:29.0098 0x2b84  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
16:47:29.0145 0x2b84  EapHost - ok
16:47:29.0176 0x2b84  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:47:29.0223 0x2b84  elxstor - ok
16:47:29.0239 0x2b84  [ C2D322C84530DB37D3E8E1C7E011BF16, 3E21FFB9F58A2C6540297E1B75DDF0855CCFD0CA24B2A4223127C1DE7B46EC47 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
16:47:29.0286 0x2b84  ErrDev - ok
16:47:29.0332 0x2b84  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem     C:\Windows\system32\es.dll
16:47:29.0395 0x2b84  EventSystem - ok
16:47:29.0410 0x2b84  [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:47:29.0473 0x2b84  exfat - ok
16:47:29.0488 0x2b84  [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:47:29.0535 0x2b84  fastfat - ok
16:47:29.0551 0x2b84  [ 20370DF4FEFED598CA3BF62A3F8AC59C, E225A7B9C6B442DE4DC60730FED7D6BA25B9DC2BA2674AD7ED335BEFEA5FD428 ] FCRegSvc        C:\Windows\system32\FCRegSvc.dll
16:47:29.0598 0x2b84  FCRegSvc - ok
16:47:29.0598 0x2b84  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:47:29.0691 0x2b84  fdc - ok
16:47:29.0691 0x2b84  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:47:29.0785 0x2b84  fdPHost - ok
16:47:29.0785 0x2b84  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:47:29.0878 0x2b84  FDResPub - ok
16:47:29.0894 0x2b84  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:47:29.0910 0x2b84  FileInfo - ok
16:47:29.0941 0x2b84  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:47:30.0050 0x2b84  Filetrace - ok
16:47:30.0066 0x2b84  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:47:30.0144 0x2b84  flpydisk - ok
16:47:30.0159 0x2b84  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:47:30.0190 0x2b84  FltMgr - ok
16:47:30.0237 0x2b84  [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache       C:\Windows\system32\FntCache.dll
16:47:30.0331 0x2b84  FontCache - ok
16:47:30.0346 0x2b84  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:47:30.0362 0x2b84  FontCache3.0.0.0 - ok
16:47:30.0378 0x2b84  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:47:30.0409 0x2b84  Fs_Rec - ok
16:47:30.0424 0x2b84  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:47:30.0456 0x2b84  gagp30kx - ok
16:47:30.0487 0x2b84  [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:47:30.0565 0x2b84  gpsvc - ok
16:47:30.0580 0x2b84  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:47:30.0612 0x2b84  gupdate - ok
16:47:30.0627 0x2b84  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:47:30.0643 0x2b84  gupdatem - ok
16:47:30.0674 0x2b84  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:47:30.0690 0x2b84  gusvc - ok
16:47:30.0736 0x2b84  [ 2C03A69F76A5075C9B63893503A36B87, 1113A70507FB84F7DF87B7293407D594BB63318B5ADAD89A4BD634057A48CBCB ] hardlock        C:\Windows\system32\drivers\hardlock.sys
16:47:30.0783 0x2b84  hardlock - ok
16:47:30.0799 0x2b84  hasplms - ok
16:47:30.0814 0x2b84  [ 0C0D0F8A3FF09ECC81963D09EC6A0A84, CB5F5E81F6E149D5E65717B5F9D4C3CF52F28FD424D6DECA7116EA3F7DA92265 ] HDAudBus        C:\Windows\system32\drivers\hdaudbus.sys
16:47:30.0908 0x2b84  HDAudBus - ok
16:47:30.0924 0x2b84  [ 824FD154B9371E42ADB67590BDED5F6C, 138C9040A64D06ECF0939C4D3E2D5C468CAEC311D479949198023A24742F3C37 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:47:31.0017 0x2b84  HidBth - ok
16:47:31.0017 0x2b84  [ 5F47839455D01FF6403B008D481A6F5B, 0CC1E8EE4C3E46937DEA39EAC2498C1A89667D6828430162FDFAE845C37D7079 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:47:31.0064 0x2b84  HidIr - ok
16:47:31.0080 0x2b84  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv         C:\Windows\system32\hidserv.dll
16:47:31.0126 0x2b84  hidserv - ok
16:47:31.0126 0x2b84  [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:47:31.0158 0x2b84  HidUsb - ok
16:47:31.0173 0x2b84  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:47:31.0251 0x2b84  hkmsvc - ok
16:47:31.0267 0x2b84  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:47:31.0282 0x2b84  HpCISSs - ok
16:47:31.0329 0x2b84  [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:47:31.0423 0x2b84  HTTP - ok
16:47:31.0438 0x2b84  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:47:31.0454 0x2b84  i2omp - ok
16:47:31.0470 0x2b84  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:31.0516 0x2b84  i8042prt - ok
16:47:31.0532 0x2b84  [ 8427CF0D0C171770C49B20B4C66311B1, 427722DD2B18983DD7BC24AE831CA6760CEA92E7FB695A99F141C1929EB11CE8 ] IAS             C:\Windows\System32\ias.dll
16:47:31.0579 0x2b84  IAS - ok
16:47:31.0594 0x2b84  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:47:31.0626 0x2b84  iaStorV - ok
16:47:31.0657 0x2b84  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:47:31.0672 0x2b84  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
16:47:32.0078 0x2b84  Detect skipped due to KSN trusted
16:47:32.0078 0x2b84  IDriverT - ok
16:47:32.0109 0x2b84  [ 749F5F8CEDCA70F2A512945325FC489D, 443B4F779F27CD69C1F072823FCD9E5BA7590B6F48BE759DC6A1F898C467E58F ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:47:32.0172 0x2b84  idsvc - ok
16:47:32.0187 0x2b84  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:47:32.0203 0x2b84  iirsp - ok
16:47:32.0234 0x2b84  [ 6C2FB6BCB6C008B62B9B9FD41E6512CB, E8B14D5B9C2F12D8F1D55B72E7788CC074681D4E7FAB493485058D777CB83800 ] IISADMIN        C:\Windows\system32\inetsrv\inetinfo.exe
16:47:32.0265 0x2b84  IISADMIN - ok
16:47:32.0296 0x2b84  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT          C:\Windows\System32\ikeext.dll
16:47:32.0359 0x2b84  IKEEXT - ok
16:47:32.0390 0x2b84  [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide        C:\Windows\system32\drivers\intelide.sys
16:47:32.0406 0x2b84  intelide - ok
16:47:32.0406 0x2b84  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:47:32.0499 0x2b84  intelppm - ok
16:47:32.0515 0x2b84  [ FF0FB51A0ACC2E2D0D412138A05A0B59, 6F4DAE1DF486FF6893683568D0342F201356844727C94147B18D147886574C72 ] ioatdma         C:\Windows\system32\drivers\qd260x64.sys
16:47:32.0530 0x2b84  ioatdma - ok
16:47:32.0562 0x2b84  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:47:32.0640 0x2b84  IPBusEnum - ok
16:47:32.0655 0x2b84  [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:32.0702 0x2b84  IpFilterDriver - ok
16:47:32.0718 0x2b84  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:47:32.0749 0x2b84  iphlpsvc - ok
16:47:32.0764 0x2b84  [ E41DD7038DB14AE9D35B47B10BDCE58A, AEC4BA807B25F982CA56CBB2EE5B235B610B16AEC1E381AEA82A78BDC9E2CC8C ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:47:32.0811 0x2b84  IPMIDRV - ok
16:47:32.0827 0x2b84  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:47:32.0936 0x2b84  IPNAT - ok
16:47:32.0936 0x2b84  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:47:33.0030 0x2b84  IRENUM - ok
16:47:33.0061 0x2b84  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:47:33.0076 0x2b84  isapnp - ok
16:47:33.0092 0x2b84  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:33.0123 0x2b84  iScsiPrt - ok
16:47:33.0139 0x2b84  [ 899242D5907EDAD2954A3E7C1DC8849B, 425FACF9E31B5ACC344B326F2CE0FD16ABE20E8C99A99FE5CF87481567F3A4A6 ] IsmServ         C:\Windows\System32\ismserv.exe
16:47:33.0186 0x2b84  IsmServ - ok
16:47:33.0201 0x2b84  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:47:33.0217 0x2b84  iteatapi - ok
16:47:33.0248 0x2b84  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:47:33.0264 0x2b84  iteraid - ok
16:47:33.0326 0x2b84  [ E421A1FE1FD50409C289207F721C488F, 326E152AEF38305B6642DEB2F27EC93FE00F0256ACA1F248F4EBC49D6DB6DF3F ] KAMYRNTW27718108730149 C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\AgentMon.exe
16:47:33.0388 0x2b84  KAMYRNTW27718108730149 - detected UnsignedFile.Multi.Generic ( 1 )
16:47:33.0700 0x2b84  KAMYRNTW27718108730149 ( UnsignedFile.Multi.Generic ) - warning
16:47:34.0122 0x2b84  [ 132951C404A042E8A82771EB41D17BEB, C7E1AC8B0D923EE91FB643ECD4FE1F815CCE0C518F20D5D9E69BCB1080EB1327 ] KAPFA           C:\Windows\system32\drivers\KAPFA.SYS
16:47:34.0137 0x2b84  KAPFA - ok
16:47:34.0153 0x2b84  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:34.0184 0x2b84  kbdclass - ok
16:47:34.0184 0x2b84  [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:47:34.0231 0x2b84  kbdhid - ok
16:47:34.0246 0x2b84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] kdc             C:\Windows\System32\lsass.exe
16:47:34.0278 0x2b84  kdc - ok
16:47:34.0278 0x2b84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso          C:\Windows\system32\lsass.exe
16:47:34.0309 0x2b84  KeyIso - ok
16:47:34.0324 0x2b84  [ 5D470398AA182E502C520E48E7A09FA5, A2814FF45EBBED0E10E354C07A3DA8556DE566E8B1A994B8DA654836D21A46C4 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
16:47:34.0356 0x2b84  kl1 - ok
16:47:34.0387 0x2b84  [ E03C26D496AA103856B3439F43085A35, 4E4FEC1834FDF1A63F811672B844774E69CBF9EDED04462A2003574F3590F71D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
16:47:34.0418 0x2b84  KLIF - ok
16:47:34.0527 0x2b84  [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:47:34.0621 0x2b84  KSecDD - ok
16:47:34.0636 0x2b84  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:47:34.0808 0x2b84  ksthunk - ok
16:47:34.0824 0x2b84  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:47:34.0933 0x2b84  KtmRm - ok
16:47:34.0948 0x2b84  [ F0BD362F1C23FAB0252644DD40064817, EAFD300A9C5412AD63BE729984948E62CEDED74ADFD6BE556454F76B42701A59 ] l2nd            C:\Windows\system32\DRIVERS\bxnd60a.sys
16:47:34.0980 0x2b84  l2nd - ok
16:47:35.0011 0x2b84  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:47:35.0058 0x2b84  LanmanServer - ok
16:47:35.0073 0x2b84  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:47:35.0120 0x2b84  LanmanWorkstation - ok
16:47:35.0198 0x2b84  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:47:35.0292 0x2b84  lltdio - ok
16:47:35.0307 0x2b84  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:47:35.0432 0x2b84  lltdsvc - ok
16:47:35.0432 0x2b84  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:47:35.0526 0x2b84  lmhosts - ok
16:47:35.0588 0x2b84  [ 1512E61EF7A2A8BD59AB11448411BE7B, 2654A5BB11F6DD2C660B50306E5624189C31EC932682D4DBA81DF88D7A74280E ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
16:47:35.0635 0x2b84  LMIGuardianSvc - ok
16:47:35.0666 0x2b84  [ 0F28935ECF1FBDEC22BAF720A5A94564, A4E8E13FD7FE1882243AD7139D5E0925F09069616920382F952D79586A4936E7 ] LMIInfo         C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
16:47:35.0697 0x2b84  LMIInfo - ok
16:47:35.0713 0x2b84  [ FF0935EBF4008F9299450D4FB5307CC0, 6A5060904991CEC7D0335BCEC1EF5AFF4E02018D4B9779D55EF865D36E81E1AF ] LMIMaint        C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
16:47:35.0744 0x2b84  LMIMaint - ok
16:47:35.0760 0x2b84  [ 413ECDCFAD9A82804D3674C8D7EEC24E, C8A65ED0B079D16D1A4449E840B4A9475388FBE61B5A84DFEFC35F4FB3B9A9B1 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
16:47:35.0775 0x2b84  lmimirr - ok
16:47:35.0978 0x2b84  [ C6267D349A65F67A611D5AE313F9F93A, 9B0301ABA8C0DF75488B93A80DC63168B78604E4E13438ED14979031A637CB89 ] LMIRescue_3b151bd4-9d82-4697-9fec-dadcff1dcd13 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
16:47:36.0119 0x2b84  LMIRescue_3b151bd4-9d82-4697-9fec-dadcff1dcd13 - ok
16:47:36.0119 0x2b84  LMIRfsClientNP - ok
16:47:36.0134 0x2b84  [ C57D3FAA50E6F395759FFB7C709BD944, 7B0B86F0E710934D57801E1F7BB048AD878F871147B2A16BBF81219A4022B499 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
16:47:36.0165 0x2b84  LMIRfsDriver - ok
16:47:36.0197 0x2b84  [ D3760BC17E1755091B7120CF32DBF56B, 2B31CA0CD838BEE0103054520E2FBEA2436A07D99E711B14543B85F3A511478F ] LogMeIn         C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
16:47:36.0243 0x2b84  LogMeIn - ok
16:47:36.0259 0x2b84  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:47:36.0290 0x2b84  LSI_FC - ok
16:47:36.0321 0x2b84  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:47:36.0337 0x2b84  LSI_SAS - ok
16:47:36.0368 0x2b84  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:47:36.0399 0x2b84  LSI_SCSI - ok
16:47:36.0431 0x2b84  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:47:36.0524 0x2b84  luafv - ok
16:47:36.0555 0x2b84  [ E04A4774EBA3CF06E7F27983EA95212E, F092BAFFF50707E07CDFE523AF481B8D119370F63DD1F7FD94957A744F7A0AC8 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:47:36.0571 0x2b84  MBAMProtector - ok
16:47:36.0602 0x2b84  [ 83E3A2E63E193D76A8A1F2BCBAD863D7, 74883B72727D59A180CD6DE55C40B79A7FAF8BE3407E5FE66188C9757491CACB ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:47:36.0649 0x2b84  MBAMService - ok
16:47:36.0680 0x2b84  [ F2684361CE3987C1AB84A0AD6B26B699, 1F7994E5EA314E1567A012823AAC7DDC7CAE221DA5BF812F9F7A0046C859CEB3 ] McCormick Systems Power Probes Service C:\Program Files (x86)\McCormick Systems\Power Probes v11\McCormick Systems Power Probes Service.exe
16:47:36.0696 0x2b84  McCormick Systems Power Probes Service - ok
16:47:36.0696 0x2b84  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:47:36.0727 0x2b84  megasas - ok
16:47:36.0758 0x2b84  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:47:36.0805 0x2b84  MegaSR - ok
16:47:36.0821 0x2b84  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
16:47:36.0930 0x2b84  MMCSS - ok
16:47:36.0930 0x2b84  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
16:47:37.0039 0x2b84  Modem - ok
16:47:37.0055 0x2b84  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:47:37.0148 0x2b84  monitor - ok
16:47:37.0148 0x2b84  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:47:37.0179 0x2b84  mouclass - ok
16:47:37.0195 0x2b84  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:47:37.0289 0x2b84  mouhid - ok
16:47:37.0304 0x2b84  [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:47:37.0320 0x2b84  mountmgr - ok
16:47:37.0351 0x2b84  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:47:37.0367 0x2b84  MozillaMaintenance - ok
16:47:37.0398 0x2b84  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
16:47:37.0429 0x2b84  mpio - ok
16:47:37.0429 0x2b84  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:47:37.0476 0x2b84  mpsdrv - ok
16:47:37.0523 0x2b84  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:47:37.0585 0x2b84  MpsSvc - ok
16:47:37.0616 0x2b84  [ 91EBE05CA28A514FD563E79DC5466F5E, DEAA4AA060E85D899B053716480674B52FB42A78EB32C3E7201FD6D72ED03F1B ] mr2kserv        C:\Program Files (x86)\Dell\SysMgt\sm\mr2kserv.exe
16:47:37.0616 0x2b84  mr2kserv - detected UnsignedFile.Multi.Generic ( 1 )
16:47:38.0178 0x2b84  Detect skipped due to KSN trusted
16:47:38.0178 0x2b84  mr2kserv - ok
16:47:38.0178 0x2b84  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:47:38.0209 0x2b84  Mraid35x - ok
16:47:38.0225 0x2b84  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:38.0271 0x2b84  mrxsmb - ok
16:47:38.0287 0x2b84  [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:38.0334 0x2b84  mrxsmb10 - ok
16:47:38.0334 0x2b84  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:38.0381 0x2b84  mrxsmb20 - ok
16:47:38.0381 0x2b84  [ 1AC860612B85D8E85EE257D372E39F4D, 74682CCE44BCEE31BCA286D4F4E53B64CAAE244155F2B4C8FEB6AE7C391CA89D ] msahci          C:\Windows\system32\drivers\msahci.sys
16:47:38.0412 0x2b84  msahci - ok
16:47:38.0427 0x2b84  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:47:38.0459 0x2b84  msdsm - ok
16:47:38.0474 0x2b84  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
16:47:38.0505 0x2b84  MSDTC - ok
16:47:38.0817 0x2b84  [ CD41875DA365AA1D5B71E58D6ADA2E4F, 27ADE9D831FDCC7E843E09671E9BB8D3561DDC0391D90127027E55C18B9D1834 ] MSExchangeADTopology C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeADTopologyService.exe
16:47:38.0849 0x2b84  MSExchangeADTopology - ok
16:47:38.0864 0x2b84  [ 73C6649081396AF05B32F6057E9C9F69, ED84E0C186E9A066604295BEBC7EB652E58B1CC8FD7E4F7151E12DC002CC58AA ] MSExchangeAntispamUpdate C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
16:47:38.0895 0x2b84  MSExchangeAntispamUpdate - ok
16:47:38.0911 0x2b84  [ C8F580945E3F565EF4EE53DFD0A46CBC, 91C73F8CC04E2B6DA0E781BC206D616D509FD0C88AE7E9B82F815EC0ACCE2CE8 ] MSExchangeEdgeSync C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
16:47:38.0942 0x2b84  MSExchangeEdgeSync - ok
16:47:38.0958 0x2b84  [ 4A5921DE2D39A82AD6BFB816B475F133, 1BD0DDC4D6A1C8DF98E2322876070AD59E0C19594F51917CB3A33A1C33BAF6F7 ] MSExchangeFDS   C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeFDS.exe
16:47:39.0005 0x2b84  MSExchangeFDS - ok
16:47:39.0036 0x2b84  [ DA7BB13FEF029F04C7A91437A80CDE60, 5D626E9ACCEAFBD3DE9A6649E93F8422F1287F921545C9CADD2BE79BB3785E1E ] MSExchangeImap4 C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe
16:47:39.0067 0x2b84  MSExchangeImap4 - ok
16:47:39.0379 0x2b84  [ 55D40F4371D94AF5E97D0711E352122E, BE9988395EBBE21EDF160250D4AD7170233ECA1DD4030806AFBB425256ED83BC ] MSExchangeIS    C:\Program Files\Microsoft\Exchange Server\bin\store.exe
16:47:39.0878 0x2b84  MSExchangeIS - ok
16:47:39.0941 0x2b84  [ 1B52886E823D4AB685F673103A4B72AA, D596D3ACDB33AB2BE9E60DF2F93FBFBBC14A10217DCF4EF19D3B2CB0650B0E5F ] MSExchangeMailboxAssistants C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailboxAssistants.exe
16:47:39.0987 0x2b84  MSExchangeMailboxAssistants - ok
16:47:40.0003 0x2b84  [ 8007DBB29AC2EB75E498FA3D33F9EAFF, 250C9ED8C9E93977ACFF3A51F36CC6CB026A9D8DE59A966674E2F7211AC5F233 ] MSExchangeMailSubmission C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailSubmission.exe
16:47:40.0034 0x2b84  MSExchangeMailSubmission - ok
16:47:40.0065 0x2b84  [ C070C2E01C0860A063B6689E296CB4CB, AB2C908501D49AF8C1827BD54DE10EF9712527C694435384C6FB3034267DB514 ] MSExchangeMonitoring C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Monitoring.exe
16:47:40.0097 0x2b84  MSExchangeMonitoring - ok
16:47:40.0112 0x2b84  [ 546B7906199031D70C5423D844625DEB, C24A36B18129C61542143D575D2A72153E25A16A6C7F930EE412E18F1ADA3DF5 ] MSExchangePop3  C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe
16:47:40.0143 0x2b84  MSExchangePop3 - ok
16:47:40.0159 0x2b84  [ 6B5F927D5C6EE06FFD5882932AC0EA7A, 9B616B42F47087C89AE6FF3BFC7DD1E17E6F6BA55CFEEF35CE1AA1462A813C0F ] MSExchangeRepl  C:\Program Files\Microsoft\Exchange Server\bin\Microsoft.Exchange.Cluster.ReplayService.exe
16:47:40.0190 0x2b84  MSExchangeRepl - ok
16:47:40.0284 0x2b84  [ 274EA620C9BAC28FF375C2F2A3C36EEC, DE08A64DBB2AAD2AA27E4286D8AB325CCC2C2B0362E8C619AEFE8092788F0457 ] MSExchangeSA    C:\Program Files\Microsoft\Exchange Server\bin\mad.exe
16:47:40.0502 0x2b84  MSExchangeSA - ok
16:47:40.0518 0x2b84  [ 4121581839B552A4EC4E179C5B718089, DC8EB3D43747EF37B15E539534ABBA91CA3DEB27445A3EBD048D76EDB8B2A593 ] MSExchangeSearch C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Search.ExSearch.exe
16:47:40.0549 0x2b84  MSExchangeSearch - ok
16:47:40.0565 0x2b84  [ E2757C5AA720042B5B48A5741DC22A0E, BB2F1AD5FC51858E537B7FA4B1B8F440EBD96AA3670FC36F0B784686186D7398 ] MSExchangeServiceHost C:\Program Files\Microsoft\Exchange Server\bin\Microsoft.Exchange.ServiceHost.exe
16:47:40.0580 0x2b84  MSExchangeServiceHost - ok
16:47:40.0627 0x2b84  [ 930F7A330CB2B715E5B4D806FAE1BEBD, 16F9C80A4241A1173D0E70CC2C48527ACFEBC3380AD780FBDE5EE7102D1E5809 ] MSExchangeTransport C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransport.exe
16:47:40.0658 0x2b84  MSExchangeTransport - ok
16:47:40.0705 0x2b84  [ A2E8A6CE7DFE1C842BA30187253F99E6, D325EF256ADECB9F0B93FF8C334200B7BC8B4504B6E8709E0178C4ECFFC85FE3 ] MSExchangeTransportLogSearch C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransportLogSearch.exe
16:47:40.0736 0x2b84  MSExchangeTransportLogSearch - ok
16:47:40.0752 0x2b84  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:47:40.0845 0x2b84  Msfs - ok
16:47:40.0861 0x2b84  [ 54819FC5C79E4B2C6E896F9DE440494D, EE042D65D1783D94382077D26DA9B988EED21892B87316EEDFC766C2E6B17727 ] msftesql$SBSMONITORING C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
16:47:40.0892 0x2b84  msftesql$SBSMONITORING - ok
16:47:40.0923 0x2b84  [ A7594D05C1C28FF3A66B4B0E7A45B799, D08CFD0948B84A80C8B8FB878CB82C71F0B0D42CDFF86F1DA913FD2725751CAF ] msftesql-Exchange C:\Program Files\Microsoft\Exchange Server\Bin\msftesql.exe
16:47:40.0939 0x2b84  msftesql-Exchange - ok
16:47:40.0955 0x2b84  [ 6C2FB6BCB6C008B62B9B9FD41E6512CB, E8B14D5B9C2F12D8F1D55B72E7788CC074681D4E7FAB493485058D777CB83800 ] MSFTPSVC        C:\Windows\system32\inetsrv\inetinfo.exe
16:47:40.0986 0x2b84  MSFTPSVC - ok
16:47:40.0986 0x2b84  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:47:41.0017 0x2b84  msisadrv - ok
16:47:41.0033 0x2b84  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:47:41.0126 0x2b84  MSiSCSI - ok
16:47:41.0126 0x2b84  msiserver - ok
16:47:41.0157 0x2b84  [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:47:41.0189 0x2b84  MsRPC - ok
16:47:41.0204 0x2b84  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:41.0220 0x2b84  mssmbios - ok
16:47:41.0251 0x2b84  MSSQL$MICROSOFT##SSEE - ok
16:47:41.0251 0x2b84  MSSQL$SBSMONITORING - ok
16:47:41.0282 0x2b84  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:47:41.0298 0x2b84  MSSQLServerADHelper - ok
16:47:41.0298 0x2b84  [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:47:41.0329 0x2b84  Mup - ok
16:47:41.0345 0x2b84  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent        C:\Windows\system32\qagentRT.dll
16:47:41.0454 0x2b84  napagent - ok
16:47:41.0485 0x2b84  [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:47:41.0547 0x2b84  NDIS - ok
16:47:41.0563 0x2b84  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:41.0610 0x2b84  NdisTapi - ok
16:47:41.0625 0x2b84  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:41.0703 0x2b84  Ndisuio - ok
16:47:41.0719 0x2b84  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:41.0766 0x2b84  NdisWan - ok
16:47:41.0766 0x2b84  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:47:41.0828 0x2b84  NDProxy - ok
16:47:41.0828 0x2b84  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:47:41.0937 0x2b84  NetBIOS - ok
16:47:41.0937 0x2b84  [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:47:42.0000 0x2b84  NetBT - ok
16:47:42.0000 0x2b84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon        C:\Windows\system32\lsass.exe
16:47:42.0031 0x2b84  Netlogon - ok
16:47:42.0062 0x2b84  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
16:47:42.0156 0x2b84  Netman - ok
16:47:42.0296 0x2b84  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:42.0327 0x2b84  NetMsmqActivator - ok
16:47:42.0343 0x2b84  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:42.0374 0x2b84  NetPipeActivator - ok
16:47:42.0405 0x2b84  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
16:47:42.0499 0x2b84  netprofm - ok
16:47:42.0515 0x2b84  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:42.0530 0x2b84  NetTcpActivator - ok
16:47:42.0530 0x2b84  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:47:42.0546 0x2b84  NetTcpPortSharing - ok
16:47:42.0561 0x2b84  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:47:42.0577 0x2b84  nfrd960 - ok
16:47:42.0593 0x2b84  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:47:42.0686 0x2b84  NlaSvc - ok
16:47:42.0702 0x2b84  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:47:42.0733 0x2b84  Npfs - ok
16:47:42.0749 0x2b84  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
16:47:42.0889 0x2b84  nsi - ok
16:47:42.0905 0x2b84  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:47:42.0998 0x2b84  nsiproxy - ok
16:47:42.0998 0x2b84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] NTDS            C:\Windows\System32\lsass.exe
16:47:43.0014 0x2b84  NTDS - ok
16:47:43.0061 0x2b84  [ 3FC7B9AA048208DEF7340B84F36F9D9B, 75B93DDF0E23706E2710B1CFD0123D31527ECCB4104BE0FEEAEEB68391B9950E ] NtFrs           C:\Windows\system32\ntfrs.exe
16:47:43.0139 0x2b84  NtFrs - ok
16:47:43.0232 0x2b84  [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:47:43.0326 0x2b84  Ntfs - ok
16:47:43.0326 0x2b84  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
16:47:43.0419 0x2b84  Null - ok
16:47:43.0435 0x2b84  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:47:43.0466 0x2b84  nvraid - ok
16:47:43.0466 0x2b84  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:47:43.0513 0x2b84  nvstor - ok
16:47:43.0513 0x2b84  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:47:43.0544 0x2b84  nv_agp - ok
16:47:43.0544 0x2b84  [ 1B30103FDE512915A9214B108B6E7A9C, C572D3DCB2058A0619D165D4EFC389AFB6C93CDD70D80C29ED34C6397C88356B ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:47:43.0638 0x2b84  ohci1394 - ok
16:47:43.0653 0x2b84  [ 753DAFA7153E5D3B034C3FAD96E893A6, 06A3B6DAA448FFC366056B2EC3CBF686D38BD0876F1E4B2CE618C5F105AB78C7 ] omsad           C:\Program Files (x86)\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
16:47:43.0685 0x2b84  omsad - ok
16:47:43.0731 0x2b84  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:47:43.0763 0x2b84  ose - ok
16:47:43.0997 0x2b84  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:47:44.0277 0x2b84  osppsvc - ok
16:47:44.0309 0x2b84  [ 4C6A7FD04DDF4DB88791048382E3EDB1, 0F3827F8C41549C4B41A688ED78B8EE27EBBF5F907595481D37C635D2583DBA6 ] Parport         C:\Windows\system32\drivers\parport.sys
16:47:44.0402 0x2b84  Parport - ok
16:47:44.0433 0x2b84  [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:47:44.0449 0x2b84  partmgr - ok
16:47:44.0480 0x2b84  [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci             C:\Windows\system32\drivers\pci.sys
16:47:44.0511 0x2b84  pci - ok
16:47:44.0511 0x2b84  [ 2657F6C0B78C36D95034BE109336E382, C85CFDA57A64B7CC1BB09225C2F81629CEF21C5F25735B098F214397D6DE0D2C ] pciide          C:\Windows\system32\drivers\pciide.sys
16:47:44.0527 0x2b84  pciide - ok
16:47:44.0543 0x2b84  [ A2D6B9C3F532BAA27CB0C158D8EF4DA6, 87983C2428E1C41FC9B11779A5589C853F1FB5F0CEFFB53AFE7ECAB3461568D2 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:47:44.0574 0x2b84  pcmcia - ok
16:47:44.0605 0x2b84  [ FB5BB78674F63938B487B1CA51854F19, 3A3199680D57E9712FC903CDEC785B873EECCB19F60BFBA2241877C8ECFC2CBA ] PCNS1           C:\Program Files\APC\PowerChute\group1\pcns.exe
16:47:44.0636 0x2b84  PCNS1 - ok
16:47:44.0683 0x2b84  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:47:44.0839 0x2b84  PEAUTH - ok
16:47:44.0855 0x2b84  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:47:44.0886 0x2b84  PerfHost - ok
16:47:44.0964 0x2b84  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
16:47:45.0120 0x2b84  pla - ok
16:47:45.0135 0x2b84  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:47:45.0198 0x2b84  PlugPlay - ok
16:47:45.0229 0x2b84  [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:47:45.0307 0x2b84  PolicyAgent - ok
16:47:45.0307 0x2b84  Pop3Connector - ok
16:47:45.0323 0x2b84  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:47:45.0369 0x2b84  PptpMiniport - ok
16:47:45.0385 0x2b84  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\drivers\processr.sys
16:47:45.0494 0x2b84  Processor - ok
16:47:45.0525 0x2b84  [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc         C:\Windows\system32\profsvc.dll
16:47:45.0588 0x2b84  ProfSvc - ok
16:47:45.0588 0x2b84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:47:45.0619 0x2b84  ProtectedStorage - ok
16:47:45.0635 0x2b84  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:47:45.0681 0x2b84  PSched - ok
16:47:45.0759 0x2b84  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:47:45.0853 0x2b84  ql2300 - ok
16:47:45.0869 0x2b84  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:47:45.0884 0x2b84  ql40xx - ok
16:47:45.0900 0x2b84  [ 4485462E4C5498D9575BECF0271808D9, 427905D62FBC1343D21D9A47C8B03A16346EFAA86273C1C4CF45A4DD00CB8D33 ] Quota           C:\Windows\system32\drivers\quota.sys
16:47:45.0931 0x2b84  Quota - ok
16:47:45.0947 0x2b84  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:47:46.0056 0x2b84  RasAcd - ok
16:47:46.0071 0x2b84  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
16:47:46.0181 0x2b84  RasAuto - ok
16:47:46.0181 0x2b84  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:47:46.0227 0x2b84  Rasl2tp - ok
16:47:46.0274 0x2b84  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan          C:\Windows\System32\rasmans.dll
16:47:46.0321 0x2b84  RasMan - ok
16:47:46.0337 0x2b84  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:47:46.0368 0x2b84  RasPppoe - ok
16:47:46.0383 0x2b84  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:47:46.0430 0x2b84  RasSstp - ok
16:47:46.0461 0x2b84  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:47:46.0508 0x2b84  rdbss - ok
16:47:46.0508 0x2b84  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:47:46.0602 0x2b84  RDPCDD - ok
16:47:46.0617 0x2b84  [ AE23E79B13FEB62939E2CA1189E71735, 72E8886B801FB8C86DD787141CC3B83006C92CC2B5F7C8D3EBC209CDA7769EA7 ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
16:47:46.0695 0x2b84  rdpdr - ok
16:47:46.0711 0x2b84  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:47:46.0805 0x2b84  RDPENCDD - ok
16:47:46.0836 0x2b84  [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:47:46.0883 0x2b84  RDPWD - ok
16:47:46.0898 0x2b84  [ 1D75715AC6A64C5EEF2A4BCB5036DB48, 2AF962B11C0AC7B2174DE59E78D4494D248E7C498A104C832C27ADA9EC3E1D99 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:47:46.0929 0x2b84  RemoteAccess - ok
16:47:46.0961 0x2b84  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:47:47.0023 0x2b84  RemoteRegistry - ok
16:47:47.0039 0x2b84  [ E4A2C2E1B4D916A6F32241D4B94C77A5, DEB2F31DC636CBFB5B52E0D2016A7693F83077A7522C8322EE1763E98ABFB283 ] RPCHTTPLBS      C:\Windows\System32\RpcProxy\LBService.dll
16:47:47.0070 0x2b84  RPCHTTPLBS - ok
16:47:47.0070 0x2b84  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
16:47:47.0101 0x2b84  RpcLocator - ok
16:47:47.0132 0x2b84  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs           C:\Windows\system32\rpcss.dll
16:47:47.0195 0x2b84  RpcSs - ok
16:47:47.0210 0x2b84  [ 5E77439EB6FE0770BAFE2658C2BD56E6, CDB9ACD05D17D5AF41B8AAFC0BE1232CEDC4CFF8A4C1D67208DB9AA0D021CBCA ] Rqs             C:\Windows\system32\rqs.exe
16:47:47.0241 0x2b84  Rqs - ok
16:47:47.0257 0x2b84  [ 40850907342E13461C51487C705DA425, F8F07DA92D3A278EA9443132830A83DDCB3EEFBD91D4E68EE5CB547FD8278E8A ] RSoPProv        C:\Windows\system32\RSoPProv.exe
16:47:47.0304 0x2b84  RSoPProv - ok
16:47:47.0335 0x2b84  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:47:47.0444 0x2b84  rspndr - ok
16:47:47.0444 0x2b84  s3cap - ok
16:47:47.0460 0x2b84  [ 51139D836E6912E82C74A083A8D7C912, 5A4F05B5535154EC691BFE9ABA10A3E7D89867A6672AE446BE188865E73207AD ] sacdrv          C:\Windows\system32\DRIVERS\sacdrv.sys
16:47:47.0491 0x2b84  sacdrv - ok
16:47:47.0507 0x2b84  [ 3C395AA528E21F2BD6EA0AA9C8C74965, 1FC2B8FF8DE3D6150DB5F26A7EC0E609FB114FFF6D6D198A5527A46B9B172E85 ] sacsvr          C:\Windows\system32\sacsvr.dll
16:47:47.0538 0x2b84  sacsvr - ok
16:47:47.0538 0x2b84  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs           C:\Windows\system32\lsass.exe
16:47:47.0569 0x2b84  SamSs - ok
16:47:47.0585 0x2b84  [ 860C56B7F9CCA3E4ADCF57D4F58D80D8, BCA42E5F90D0958E7328EFDEC8BB99923BD1A3AEE7C7FAB2B4583CF279BF0C54 ] sbmount         C:\Windows\system32\drivers\sbmount.sys
16:47:47.0600 0x2b84  sbmount - ok
16:47:47.0616 0x2b84  [ EE92F9B915E7933A2C181A601D01DDCE, CF00A799A210C0433AC0097697D03D3B5622DAFD3117661B2C556EA192AFABB8 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:47:47.0631 0x2b84  sbp2port - ok
16:47:47.0647 0x2b84  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:47:47.0694 0x2b84  SCardSvr - ok
16:47:47.0741 0x2b84  [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule        C:\Windows\system32\schedsvc.dll
16:47:47.0819 0x2b84  Schedule - ok
16:47:47.0834 0x2b84  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:47:47.0881 0x2b84  SCPolicySvc - ok
16:47:47.0881 0x2b84  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:47:47.0975 0x2b84  secdrv - ok
16:47:47.0990 0x2b84  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon        C:\Windows\system32\seclogon.dll
16:47:48.0099 0x2b84  seclogon - ok
16:47:48.0115 0x2b84  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\System32\sens.dll
16:47:48.0209 0x2b84  SENS - ok
16:47:48.0224 0x2b84  [ 2449316316411D65BD2C761A6FFB2CE2, A428D3B4E113D3CB6DD87CC52CF71E179189A9A9E326B39FB50C7B3155A41A88 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:47:48.0302 0x2b84  Serenum - ok
16:47:48.0333 0x2b84  [ 4B438170BE2FC8E0BD35EE87A960F84F, A585E17607DCB3E79518BC9914C7030C39B30A1B5B5B32137DABA32FF7079858 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:47:48.0427 0x2b84  Serial - ok
16:47:48.0427 0x2b84  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:47:48.0521 0x2b84  sermouse - ok
16:47:48.0536 0x2b84  [ 21F6F179B567111903C15DEE4B9405ED, 236BD833A9E7A9BFD8DB2B0B10D581D0A4528C2F2BC699C6282A7AD4575856D7 ] Server Administrator C:\Program Files (x86)\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
16:47:48.0567 0x2b84  Server Administrator - ok
16:47:48.0583 0x2b84  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
16:47:48.0677 0x2b84  SessionEnv - ok
16:47:48.0677 0x2b84  [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:47:48.0786 0x2b84  sffdisk - ok
16:47:48.0786 0x2b84  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:47:48.0864 0x2b84  sffp_mmc - ok
16:47:48.0879 0x2b84  [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:47:48.0973 0x2b84  sffp_sd - ok
16:47:48.0973 0x2b84  [ 40567781F0785C4A69411D1B40DA8987, 21758430F21F8A9D4D1F717D4ECE99967567107D2DB50B613872432C166B414B ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:47:49.0098 0x2b84  sfloppy - ok
16:47:49.0207 0x2b84  [ 5FD93D334016848C5092D2869BD873CA, 6724FD1A783044AAE8C1492CE25A53F6F2A6EFA2FCDC0227EB7038FED418590C ] ShadowProtectCore C:\PROGRA~2\ZenithBDR\ShadowProtectCore.exe
16:47:49.0223 0x2b84  ShadowProtectCore - ok
16:47:49.0488 0x2b84  [ FF9F4511883B2FCAC574A55D3493D3B5, 5C4502A8AC6A715DC3DA9B5FE54B63F16E3CC73EE49A5184B20355CF86E87838 ] ShadowProtectSvc C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
16:47:49.0706 0x2b84  ShadowProtectSvc - ok
16:47:49.0737 0x2b84  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:47:49.0847 0x2b84  SharedAccess - ok
16:47:49.0862 0x2b84  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:47:49.0909 0x2b84  ShellHWDetection - ok
16:47:49.0909 0x2b84  Suspicious service (NoAccess): silsvc
16:47:49.0956 0x2b84  [ BDB35B06BF9F69335EBDED15D39904CB, 1EEA4FB5BE04289D89B23908D7EDDD833335A9361C16A6E1460B74DDA5F62D73 ] silsvc          C:\Windows\system32\silsvc.exe
16:47:50.0003 0x2b84  silsvc - detected LockedService.Multi.Generic ( 1 )
16:47:50.0486 0x2b84  Detect skipped due to KSN trusted
16:47:50.0486 0x2b84  silsvc - ok
16:47:50.0502 0x2b84  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:47:50.0533 0x2b84  SiSRaid2 - ok
16:47:50.0549 0x2b84  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:47:50.0580 0x2b84  SiSRaid4 - ok
16:47:50.0658 0x2b84  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc           C:\Windows\system32\SLsvc.exe
16:47:50.0861 0x2b84  slsvc - ok
16:47:50.0876 0x2b84  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:47:50.0923 0x2b84  SLUINotify - ok
16:47:50.0954 0x2b84  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:47:50.0985 0x2b84  Smb - ok
16:47:51.0001 0x2b84  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:47:51.0032 0x2b84  SNMPTRAP - ok
16:47:51.0063 0x2b84  [ 752511DA3C31B51438CC34F94CAA2693, 2D9DC06CE1D8709EE5E3188132CDE640617CCC722C54F4FAD41E10E2C97FEAF5 ] SPAdmin         C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\WSSADMIN.EXE
16:47:51.0079 0x2b84  SPAdmin - ok
16:47:51.0095 0x2b84  [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:47:51.0126 0x2b84  spldr - ok
16:47:51.0157 0x2b84  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler         C:\Windows\System32\spoolsv.exe
16:47:51.0188 0x2b84  Spooler - ok
16:47:51.0219 0x2b84  [ EC36AF9E07851B1FEFC87F9C62573848, C3928907E78AB9C85E4FE2CC939A1D9A55C3BCFA031F895A678E64F7F14E3116 ] SPSearch        C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\mssearch.exe
16:47:51.0251 0x2b84  SPSearch - ok
16:47:51.0266 0x2b84  [ 7C3A6FF3701250ECF974D9FFE9D78BE5, F2AD596703B8EF64C72C3A2E19BB3643FA094EEDDB5D77C2BEAFDE2050778416 ] SPTimerV3       C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\OWSTIMER.EXE
16:47:51.0282 0x2b84  SPTimerV3 - ok
16:47:51.0297 0x2b84  [ E52DD28AD1017CB3F4F036F47890BF32, B36E12C43CD22DDA5C26D2AD41D5E7B37BFE8BE4F78C0058D9C5994B77996DAF ] SPTrace         C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\wsstracing.exe
16:47:51.0313 0x2b84  SPTrace - ok
16:47:51.0329 0x2b84  [ DD40524852659A8FC50E028E75F637BE, 803E636F545AE3E0C6953E71B1381923A898A91705D6DAA80CA2152577EE649D ] SPWriter        C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\SPWRITER.EXE
16:47:51.0344 0x2b84  SPWriter - ok
16:47:51.0360 0x2b84  [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:47:51.0391 0x2b84  SQLBrowser - ok
16:47:51.0422 0x2b84  [ 3C432A96363097870995E2A3C8B66ABD, AA0AE0935FC5317FE93D7D3C3B9A6B2E026915D07704AF3E36F14FEA8595F4A6 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:47:51.0438 0x2b84  SQLWriter - ok
16:47:51.0453 0x2b84  [ E663CDE5F140447635D6E3EA81DFE923, 37BF5C9DD9F6102BDA6D4EC0D5007DF8472A19442E89F56DA5B515810A1E34DE ] SrmReports      C:\Windows\system32\srmhost.exe
16:47:51.0500 0x2b84  SrmReports - ok
16:47:51.0641 0x2b84  [ 8F6987EA275D5A441DC108DE7E2E8E6A, 416ABD61D73590EA5F59D7B55FB244D4F6FA45B076E87147A02BE221C9D70280 ] SrmSvc          C:\Windows\system32\srmsvc.dll
16:47:51.0843 0x2b84  SrmSvc - ok
16:47:51.0875 0x2b84  [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:47:51.0937 0x2b84  srv - ok
16:47:51.0968 0x2b84  [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:47:52.0015 0x2b84  srv2 - ok
16:47:52.0031 0x2b84  [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:47:52.0062 0x2b84  srvnet - ok
16:47:52.0093 0x2b84  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:47:52.0187 0x2b84  SSDPSRV - ok
16:47:52.0202 0x2b84  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:47:52.0249 0x2b84  SstpSvc - ok
16:47:52.0265 0x2b84  [ 05D9310EC29D1A29510AD8A3DD0C1332, B5481500A06892986321E0E4EF1CB69E65A1647DCF143F763C22650C3A6F3268 ] stcvsm          C:\Windows\system32\DRIVERS\stcvsm.sys
16:47:52.0296 0x2b84  stcvsm - ok
16:47:52.0561 0x2b84  [ 44A05EA03B32957018BC081BE1FF490E, 0234B3516D4FE7F99C956DABEE483E81854E7CA1DE967DF80197FBCAE2314C3C ] stc_raw_agent   C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
16:47:52.0764 0x2b84  stc_raw_agent - ok
16:47:52.0967 0x2b84  [ 6C3DC0FE344BE6E4DBF4CE150105E334, 3CDA0205E368A01475B41722C667CB3B1A732D190D293C9268D7EC865B496969 ] StorageCraft ImageReady C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
16:47:53.0169 0x2b84  StorageCraft ImageReady - ok
16:47:53.0185 0x2b84  storflt - ok
16:47:53.0201 0x2b84  [ 42E3DB142BCECBA166CA5AD52DF397AC, 2DD84416DF635D4225C613D3C2C93D6210931894FBEC0F8D0DAA72BA77537EE1 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:47:53.0216 0x2b84  storvsc - ok
16:47:53.0232 0x2b84  [ 399EDFFF80B89BB857F2C60AFA497056, 18C902F5FA88108D76F6C7546823795934BDABE0E951BB33DF4954A2EDE4854E ] storvsp         C:\Windows\system32\drivers\storvsp.sys
16:47:53.0263 0x2b84  storvsp - ok
16:47:53.0263 0x2b84  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:47:53.0279 0x2b84  swenum - ok
16:47:53.0325 0x2b84  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv           C:\Windows\System32\swprv.dll
16:47:53.0403 0x2b84  swprv - ok
16:47:53.0403 0x2b84  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:47:53.0450 0x2b84  Symc8xx - ok
16:47:53.0450 0x2b84  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:47:53.0466 0x2b84  Sym_hi - ok
16:47:53.0481 0x2b84  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:47:53.0497 0x2b84  Sym_u3 - ok
16:47:53.0528 0x2b84  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain         C:\Windows\system32\sysmain.dll
16:47:53.0622 0x2b84  SysMain - ok
16:47:53.0653 0x2b84  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:47:53.0715 0x2b84  TapiSrv - ok
16:47:53.0715 0x2b84  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
16:47:53.0809 0x2b84  TBS - ok
16:47:53.0934 0x2b84  [ C2CB949645C299E23FBFD26CAD3FC96E, D2DB2F3F1013EA1E6E04D0AD74B8CDC3AD4BF6653F1092408629DD3492BE8968 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:47:54.0074 0x2b84  Tcpip - ok
16:47:54.0168 0x2b84  [ C2CB949645C299E23FBFD26CAD3FC96E, D2DB2F3F1013EA1E6E04D0AD74B8CDC3AD4BF6653F1092408629DD3492BE8968 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:47:54.0246 0x2b84  Tcpip6 - ok
16:47:54.0261 0x2b84  [ C7E72A4071EE0200E3C075DACFB2B334, 925A68FD021C7957792F31E9D69A31C180BEB878CD93D2C3E2BE463F58011A6C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:47:54.0293 0x2b84  tcpipreg - ok
16:47:54.0308 0x2b84  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:47:54.0402 0x2b84  TDPIPE - ok
16:47:54.0417 0x2b84  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:47:54.0527 0x2b84  TDTCP - ok
16:47:54.0527 0x2b84  [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:47:54.0573 0x2b84  tdx - ok
16:47:54.0573 0x2b84  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:47:54.0605 0x2b84  TermDD - ok
16:47:54.0636 0x2b84  [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService     C:\Windows\System32\termsrv.dll
16:47:54.0714 0x2b84  TermService - ok
16:47:54.0729 0x2b84  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes          C:\Windows\system32\shsvcs.dll
16:47:54.0776 0x2b84  Themes - ok
16:47:54.0792 0x2b84  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:47:54.0870 0x2b84  THREADORDER - ok
16:47:54.0885 0x2b84  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
16:47:54.0979 0x2b84  TrkWks - ok
16:47:55.0010 0x2b84  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:47:55.0057 0x2b84  TrustedInstaller - ok
16:47:55.0073 0x2b84  [ A09499138C97000C8A2F056132D9835D, 74FF65B15725A0D97571AC3BBC44DFD99DDC684AD8AD18D8C05C9D5F49C6D494 ] TSGateway       C:\Windows\system32\aaedge.dll
16:47:55.0119 0x2b84  TSGateway - ok
16:47:55.0135 0x2b84  [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:47:55.0151 0x2b84  tssecsrv - ok
16:47:55.0151 0x2b84  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:47:55.0182 0x2b84  tunmp - ok
16:47:55.0197 0x2b84  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:47:55.0213 0x2b84  tunnel - ok
16:47:55.0244 0x2b84  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:47:55.0260 0x2b84  uagp35 - ok
16:47:55.0275 0x2b84  [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:47:55.0338 0x2b84  udfs - ok
16:47:55.0369 0x2b84  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:47:55.0400 0x2b84  UI0Detect - ok
16:47:55.0431 0x2b84  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:47:55.0463 0x2b84  uliagpkx - ok
16:47:55.0478 0x2b84  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:47:55.0509 0x2b84  uliahci - ok
16:47:55.0525 0x2b84  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:47:55.0556 0x2b84  UlSata - ok
16:47:55.0556 0x2b84  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:47:55.0587 0x2b84  ulsata2 - ok
16:47:55.0587 0x2b84  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:47:55.0681 0x2b84  umbus - ok
16:47:55.0681 0x2b84  [ 01ABE05C401E70795B43A8933B44831E, FF41E2C37F2629C7D18ED448D5217076EB9A5D038D6EC026FC54E3EB41FDAC86 ] UMPass          C:\Windows\system32\drivers\umpass.sys
16:47:55.0759 0x2b84  UMPass - ok
16:47:55.0775 0x2b84  [ DC5E34F189B827199B9CC8481C648269, DDB94085F125F07F9C57C917B391C441DB6D016EE19332B00C12EB59F3E6A000 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:47:55.0821 0x2b84  UmRdpService - ok
16:47:55.0853 0x2b84  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
16:47:55.0962 0x2b84  upnphost - ok
16:47:55.0977 0x2b84  [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:47:56.0009 0x2b84  usbccgp - ok
16:47:56.0024 0x2b84  [ 8C39D53E1A343F4C47EE8F3C052126D8, E37A85DC8EF4C60C1480316A492B0D12F9D512D186F2D97338EBABCF50AED5D2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:47:56.0149 0x2b84  usbcir - ok
16:47:56.0289 0x2b84  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:47:56.0305 0x2b84  usbehci - ok
16:47:56.0352 0x2b84  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:47:56.0399 0x2b84  usbhub - ok
16:47:56.0399 0x2b84  [ 540B622DA0949695C40CDC9D5D497A8B, 2390308ABE02AB169B708F05C17F753EBF2B2FEE57629CA8919E9420157A06FF ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:47:56.0492 0x2b84  usbohci - ok
16:47:56.0492 0x2b84  [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:47:56.0601 0x2b84  usbprint - ok
16:47:56.0617 0x2b84  [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:47:56.0664 0x2b84  USBSTOR - ok
16:47:56.0679 0x2b84  [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:47:56.0695 0x2b84  usbuhci - ok
16:47:56.0711 0x2b84  [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms           C:\Windows\System32\uxsms.dll
16:47:56.0773 0x2b84  UxSms - ok
16:47:56.0789 0x2b84  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds             C:\Windows\System32\vds.exe
16:47:56.0867 0x2b84  vds - ok
16:47:56.0898 0x2b84  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:47:56.0991 0x2b84  vga - ok
16:47:56.0991 0x2b84  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:47:57.0085 0x2b84  VgaSave - ok
16:47:57.0101 0x2b84  [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide          C:\Windows\system32\drivers\viaide.sys
16:47:57.0116 0x2b84  viaide - ok
16:47:57.0147 0x2b84  [ A989ED2C2AFBDDFDEB870690D6B9D2DC, DADEF228071303EBE0D4F1F6C2D5F24FC3BFB1A5D3F80A5C9497C62C1498ABA6 ] Vid             C:\Windows\system32\drivers\vid.sys
16:47:57.0179 0x2b84  Vid - ok
16:47:57.0194 0x2b84  [ DC09798FBD7502D5B5065ED21CD453B5, A5C158F3598328217618BECEF68C6EA410089B68347DC37A350072F728BDB8DF ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:47:57.0225 0x2b84  vmbus - ok
16:47:57.0241 0x2b84  [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:47:57.0272 0x2b84  volmgr - ok
16:47:57.0288 0x2b84  [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:47:57.0335 0x2b84  volmgrx - ok
16:47:57.0366 0x2b84  [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:47:57.0397 0x2b84  volsnap - ok
16:47:57.0413 0x2b84  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:47:57.0444 0x2b84  vsmraid - ok
16:47:57.0475 0x2b84  [ C5F7A8D67C998CE3D3602FD384CAB829, 674BB1B01A440B71E534953B19100A4DDF3896E2982C9C60D59D32215CB05565 ] VSNAPVSS        C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
16:47:57.0491 0x2b84  VSNAPVSS - ok
16:47:57.0553 0x2b84  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS             C:\Windows\system32\vssvc.exe
16:47:57.0678 0x2b84  VSS - ok
16:47:57.0693 0x2b84  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time         C:\Windows\system32\w32time.dll
16:47:57.0787 0x2b84  W32Time - ok
16:47:57.0834 0x2b84  [ 1ED89751BBC0B2A050B6367A613C1C51, C5FC11CF27FCA5A1D2A34CBDD07C2ACE16377DF39AF2E875ECF9CD52ADA356EE ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
16:47:57.0896 0x2b84  W3SVC - ok
16:47:57.0896 0x2b84  [ 2B0243F983B8DCEC35BCC66825B7EB67, A97E4B5EE6D9E5BE72135256E9C7022F143422B5D720107C12BA5945685B8E18 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:47:58.0037 0x2b84  WacomPen - ok
16:47:58.0037 0x2b84  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:47:58.0099 0x2b84  Wanarp - ok
16:47:58.0115 0x2b84  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:47:58.0161 0x2b84  Wanarpv6 - ok
16:47:58.0177 0x2b84  [ 1ED89751BBC0B2A050B6367A613C1C51, C5FC11CF27FCA5A1D2A34CBDD07C2ACE16377DF39AF2E875ECF9CD52ADA356EE ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
16:47:58.0224 0x2b84  WAS - ok
16:47:58.0286 0x2b84  [ 48EEE289DF9E4989128B2283F3EEACC6, 5B2F26CE90B7B254381B23F6D4DE7A8B4ACA58AF9A460D3A80F50DDF37078C92 ] wbengine        C:\Windows\system32\wbengine.exe
16:47:58.0380 0x2b84  wbengine - ok
16:47:58.0380 0x2b84  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:47:58.0427 0x2b84  WcsPlugInService - ok
16:47:58.0427 0x2b84  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
16:47:58.0442 0x2b84  Wd - ok
16:47:58.0505 0x2b84  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:47:58.0567 0x2b84  Wdf01000 - ok
16:47:58.0567 0x2b84  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:47:58.0614 0x2b84  WdiServiceHost - ok
16:47:58.0614 0x2b84  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:47:58.0661 0x2b84  WdiSystemHost - ok
16:47:58.0676 0x2b84  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:47:58.0739 0x2b84  Wecsvc - ok
16:47:58.0754 0x2b84  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:47:58.0817 0x2b84  wercplsupport - ok
16:47:58.0832 0x2b84  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:47:58.0895 0x2b84  WerSvc - ok
16:47:58.0926 0x2b84  [ 0D372A78E6DAB2289AC1F9C8B3907B35, FA791DFC98F3E8638A7D57E5AAF405444CDB3A07F6C71FBC7DBC332214350414 ] WinDriver6      C:\Windows\system32\drivers\windrvr6.sys
16:47:58.0973 0x2b84  WinDriver6 - ok
16:47:58.0973 0x2b84  WinHttpAutoProxySvc - ok
16:47:59.0035 0x2b84  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:47:59.0082 0x2b84  Winmgmt - ok
16:47:59.0191 0x2b84  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM           C:\Windows\system32\WsmSvc.dll
16:47:59.0331 0x2b84  WinRM - ok
16:47:59.0347 0x2b84  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:47:59.0394 0x2b84  WmiAcpi - ok
16:47:59.0425 0x2b84  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:47:59.0487 0x2b84  wmiApSrv - ok
16:47:59.0503 0x2b84  [ F55CF711F33C68A695A6982EE15F21C7, 18FA308AF2A1012F3E01A82EADD50B1AAA5D11BC9AEFA1F36FA8381C6EB692BD ] WMSvc           C:\Windows\system32\inetsrv\wmsvc.exe
16:47:59.0534 0x2b84  WMSvc - ok
16:47:59.0550 0x2b84  [ A27C8F92D84E2DDC151978E4692C978E, B0CFB3DA19827E170E6A29AD023C29D70F73EF648CE1344A5E0AFD2002287024 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:47:59.0581 0x2b84  WPDBusEnum - ok
16:47:59.0753 0x2b84  [ B42B9D8ABC18DFBCD6044BC10B3A9B99, FD00756DADD3BFC382FC80D7D1D25592385E647C7EAC318C154E949A51D9DC27 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:47:59.0877 0x2b84  WPFFontCache_v0400 - ok
16:47:59.0893 0x2b84  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:47:59.0971 0x2b84  ws2ifsl - ok
16:48:00.0049 0x2b84  [ 6C1E96EC6DA12291569F82FE737732AD, 80648B542446CDEB792A7D9AF0C33B3C9EE74C645854B93D04164B20D6035655 ] wsbexchange     C:\Program Files\Microsoft\Exchange Server\bin\wsbexchange.exe
16:48:00.0096 0x2b84  wsbexchange - ok
16:48:00.0252 0x2b84  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:48:00.0486 0x2b84  wuauserv - ok
16:48:00.0517 0x2b84  [ 6CBD51FF913C851D56ED9DC7F2A27DDE, 736C66A944F3D37464052211B2728AD53D31CB631CD33B9E094C00D76BF17399 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:48:00.0611 0x2b84  wudfsvc - ok
16:48:00.0642 0x2b84  ================ Scan global ===============================
16:48:00.0657 0x2b84  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
16:48:00.0704 0x2b84  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
16:48:00.0735 0x2b84  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
16:48:00.0782 0x2b84  [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe
16:48:00.0798 0x2b84  [ Global ] - ok
16:48:00.0798 0x2b84  ================ Scan MBR ==================================
16:48:00.0813 0x2b84  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:48:01.0313 0x2b84  \Device\Harddisk0\DR0 - ok
16:48:01.0313 0x2b84  ================ Scan VBR ==================================
16:48:01.0328 0x2b84  [ 4E734078E259DD6969E7F16A4010CC57 ] \Device\Harddisk0\DR0\Partition1
16:48:01.0328 0x2b84  \Device\Harddisk0\DR0\Partition1 - ok
16:48:01.0344 0x2b84  [ 6DA8485B72B9F4B491B12695EB1157D0 ] \Device\Harddisk0\DR0\Partition2
16:48:01.0375 0x2b84  \Device\Harddisk0\DR0\Partition2 - ok
16:48:01.0391 0x2b84  Waiting for KSN requests completion. In queue: 73
16:48:02.0451 0x2b84  Win FW state via NFP2: enabled
16:48:02.0685 0x2b84  ============================================================
16:48:02.0685 0x2b84  Scan finished
16:48:02.0685 0x2b84  ============================================================
16:48:02.0685 0x240c  Detected object count: 1
16:48:02.0685 0x240c  Actual detected object count: 1
16:49:25.0560 0x240c  C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\AgentMon.exe - copied to quarantine
16:49:25.0560 0x240c  KAMYRNTW27718108730149 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 
16:52:14.0915 0x2ae8  Deinitialize success


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:23 PM

Posted 09 April 2014 - 07:43 AM

Please post the Farbar Recovery Scan Tool log and let me know what problem persists.

#6 rrwallace61

rrwallace61
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 09 April 2014 - 10:34 AM

Here is the Avast scan results.

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-01 16:44:31
-----------------------------
16:44:31.516    OS Version: Windows x64 6.0.6002 Service Pack 2
16:44:31.516    Number of processors: 12 586 0x2C02
16:44:31.516    ComputerName: FE-SBS  UserName: 
16:44:31.843    Initialize success
16:56:16.504    AVAST engine defs: 14040101
16:56:31.246    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
16:56:31.246    Disk 0 Vendor: DELL____ 1.22 Size: 1143552MB BusType: 8
16:56:31.542    Disk 0 MBR read successfully
16:56:31.558    Disk 0 MBR scan
16:56:31.558    Disk 0 Windows VISTA default MBR code
16:56:31.589    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
16:56:31.605    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       100000 MB offset 81920
16:56:31.652    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS      1043510 MB offset 204881920
16:56:31.964    Disk 0 scanning C:\Windows\system32\drivers
16:56:58.547    Service scanning
16:57:20.060    Modules scanning
16:57:20.060    Disk 0 trace - called modules:
16:57:20.091    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll megasas.sys 
16:57:20.091    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a5ed060]
16:57:20.106    3 CLASSPNP.SYS[fffffa60011a5c33] -> nt!IofCallDriver -> \Device\00000060[0xfffffa800a263060]
16:57:20.496    AVAST engine scan C:\Windows
16:57:31.775    AVAST engine scan C:\Windows\system32
17:06:01.363    AVAST engine scan C:\Windows\system32\drivers
17:06:52.844    AVAST engine scan C:\Users\Administrator.FARRISELECTRIC
17:12:06.942    AVAST engine scan C:\ProgramData
17:20:36.342    Scan finished successfully
08:06:50.259    Disk 0 MBR has been saved successfully to "C:\Users\Administrator.FARRISELECTRIC\Documents\MBR.dat"
08:06:50.259    The log file has been saved successfully to "C:\Users\Administrator.FARRISELECTRIC\Documents\aswMBR.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-08 16:55:53
-----------------------------
16:55:53.247    OS Version: Windows x64 6.0.6002 Service Pack 2
16:55:53.247    Number of processors: 12 586 0x2C02
16:55:53.247    ComputerName: FE-SBS  UserName: 
16:55:53.527    Initialize success
17:12:38.634    AVAST engine defs: 14040802
08:32:48.350    The log file has been saved successfully to "C:\Users\Administrator.FARRISELECTRIC\Documents\aswMBR.txt"


#7 rrwallace61

rrwallace61
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 09 April 2014 - 10:38 AM

Here is the Farbar results.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Administrator at 2014-04-09 08:35:59
Running from D:\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.159.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
American Contractor Server (HKLM-x32\...\{7FD39676-DBCC-4CA1-9C58-14C1BCFDDD77}) (Version: 08.40.1389 - Maxwell Systems, Inc.)
American Contractor Workstation (HKLM-x32\...\{20672F48-C627-4F54-932A-C0395D1284DE}) (Version: 08.40.1389 - Maxwell Systems, Inc.)
BDR Backup Agent (HKLM-x32\...\ZenithARCA) (Version: 4.6.0.0 - Zenith Infotech Ltd.)
Broadcom Drivers and Management Applications (HKLM\...\{4CD4EE21-1762-4E29-A5AA-DEE1E7B3E775}) (Version: 14.4.11.5 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Dell OpenManage Server Administrator (HKLM-x32\...\{54C04D53-C3C3-46EA-A75F-7AFF4BEB727C}) (Version: 6.5.0 - Dell)
Device IP Configuration Utility 5.0.2 (HKLM-x32\...\Device IP Configuration Utility) (Version: 5.0.2 - Schneider Electric)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Kaseya Agent (fe-sbs.root.farris - tech.myersnetsol.com) (HKLM-x32\...\KAMYRNTW27718108730149) (Version: 6.3.0.6 - Kaseya)
Kaspersky Anti-Virus 6.0 for Windows Servers (HKLM-x32\...\{1B419CE6-A1AA-4207-8581-A414BE9C7B85}) (Version: 6.0.4.1424 - Kaspersky Lab)
LogMeIn (HKLM-x32\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
McCormick Systems Power Probes (HKLM-x32\...\InstallShield_{A31A9D64-F9CA-49A2-8453-76C4B2C89EF0}) (Version: 11.0.0.0 - McCormick Systems)
McCormick Systems Power Probes (x32 Version: 11.0.0.0 - McCormick Systems) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET 2.0 AJAX Extensions 1.0 (HKLM-x32\...\{082BDF7B-4810-4599-BF0D-E3AC44EC8524}) (Version: 1.0.61025 - Microsoft Corporation)
Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Exchange 2007 Enterprise Anti-spam Signatures (Version: 3.3.4604.600 - Microsoft Corporation) Hidden
Microsoft Exchange 2007 Enterprise Block List Updates (Version: 3.3.4604.001 - Microsoft Corporation) Hidden
Microsoft Exchange 2007 Standard Anti-spam Filter Updates (Version: 3.3.4604.600 - Microsoft Corporation) Hidden
Microsoft Exchange Server (Version: 8.3.83.6 - Microsoft Corporation) Hidden
Microsoft Exchange Server 2007 (HKLM\...\Microsoft Exchange) (Version: 8.3.83.6 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Office Access Runtime 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 (SBSMONITORING) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{D49E9256-B639-4D13-82B3-8EBECA577680}) (Version: 8.05.2102 - Microsoft Corporation)
Microsoft SQL Server 2005 Tools (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Management Studio Express (HKLM\...\{C40D6727-57FE-4671-B51A-69B0F21F44B5}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft Windows SharePoint Services 3.0 (HKLM-x32\...\WSS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Windows SharePoint Services 3.0 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Windows SharePoint Services 3.0 1033 Lang Pack (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PowerChute Network Shutdown (HKLM\...\PowerChute Network Shutdown) (Version: 3.1 - APC by Schneider Electric)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
ShadowSnap (HKLM\...\ShadowSnap) (Version: 1.1..17 - )
StorageCraft ShadowProtect (HKLM-x32\...\ShadowProtect) (Version: 5.0.1.23057 - StorageCraft Technology Corporation (STC))
The 2007 Microsoft Office Servers Service Pack 3 (SP3) and Windows SharePoint Services 3.0 SP3, 64-bit Editions (x32 Version:  - Microsoft) Hidden
Tool Tracking System (HKLM-x32\...\Tool Tracking System) (Version: 1.19.0 - GigaTrak)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update Rollup 12 for Exchange Server 2007 Service Pack 3 (KB2903911) (HKLM\...\KB2903911) (Version: 1 - Microsoft Corporation)
Update Rollup 13 for Exchange Server 2007 Service Pack 3 (KB2917522) (HKLM\...\KB2917522) (Version: 1 - Microsoft Corporation)
Update Rollup 3-v2 for Exchange Server 2007 Service Pack 3 (KB2530488) (HKLM\...\KB2530488) (Version: 2 - Microsoft Corporation)
Update Rollup 4 for Exchange Server 2007 Service Pack 3 (KB2509911) (HKLM\...\KB2509911) (Version: 1 - Microsoft Corporation)
Update Rollup 5 for Exchange Server 2007 Service Pack 3 (KB2602324) (HKLM\...\KB2602324) (Version: 1 - Microsoft Corporation)
Update Rollup 6 for Windows Small Business Server 2008 (KB2729101) (HKLM\...\{8ef4b79a-fd0b-4b0d-809e-0626f5d57908}) (Version:  - Microsoft Corporation)
Update Rollup 8-v2 for Exchange Server 2007 Service Pack 3 (KB2756497) (HKLM\...\KB2756497) (Version: 2 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Windows Internal Database (MICROSOFT##SSEE) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Windows SharePoint Services 3.0 SP3 (SP3) (HKLM-x32\...\{90120000-1110-0000-1000-0000000FF1CE}_WSS_{E65822F8-D000-4E0E-9740-74EF2EFF3A13}) (Version:  - Microsoft)
Windows SharePoint Services 3.0 SP3 (SP3) (x32 Version:  - Microsoft) Hidden
Windows Small Business Server 2008 (HKLM\...\Windows Small Business Server 2008) (Version: 6.0.5601.8540 - Microsoft Corporation)
Windows Small Business Server 2008 (Version: 6.0.5601.8540 - Microsoft Corporation) Hidden
Windows Small Business Server 2008 Best Practices Analyzer (HKLM\...\{0D8D876B-28DA-479A-92AA-5E5B2336C1A7}) (Version: 6.0.0006.0 - Microsoft Corporation)
Windows Small Business Server 2008 IDCRL (Version: 6.0.5601.0 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
2008-01-19 02:33 - 2006-09-18 14:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {17B464BC-EA0D-4459-BFDA-AE7C379EA049} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2008-01-19] (Microsoft Corporation)
Task: {24232922-4EC5-4D4F-94CD-7341DC395287} - System32\Tasks\Shadow copy schedule for disk drive C => C:\Windows\system32\vssadmin.exe [2008-01-19] (Microsoft Corporation)
Task: {4EABA957-8324-4BE2-B63A-6B2DE912E4F1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {4ED2E1FD-6F08-4564-B659-80AD59BD9CF3} - System32\Tasks\Microsoft\Windows\Windows Small Business Server 2008\Console => C:\Program Files\Windows Small Business Server\Bin\Console.exe [2012-08-14] (Microsoft Corporation)
Task: {51AD245C-1F8E-4D06-849F-39DC694E96A8} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2009-04-11] (Microsoft Corporation)
Task: {776F5A9D-224C-42DB-AE93-A187AB05FE8D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2009-04-11] (Microsoft Corporation)
Task: {96B14201-8C6F-41BD-B569-FC38CA8CF402} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-12] (Google Inc.)
Task: {A4088BB9-AA63-4312-AF43-B6AB07D73D45} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {B0309C79-361B-46D0-B77D-A8B1034861ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-12] (Google Inc.)
Task: {DD25599F-58D9-40D5-91E1-8113201891A0} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {F3B67DB4-12C2-4081-8A62-B8421092D5F7} - System32\Tasks\Microsoft\Windows\Windows Small Business Server 2008\WSUSLogCleaner => C:\Program Files\Windows Small Business Server\Bin\WSUSLogCleaner.vbs [2012-07-19] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Shadow copy schedule for disk drive C.job => Y¤©\ëN•Ù–Ý°;‘šF<
 s€!Þ
 
vssadmin.exe%Create Shadow /AutoRetry=15 /For=C:\%systemroot%\system32Administrator0Û>1Û>
Task: C:\Windows\Tasks\User_Feed_Synchronization-{0D3E5BFF-1E8B-45BA-B3EC-A78ADEAEB36B}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-02-19 05:01 - 2011-02-19 05:01 - 00055208 _____ () C:\Program Files (x86)\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
2011-12-16 01:09 - 2011-12-16 01:09 - 01568640 _____ () C:\Windows\assembly\GAC_64\Microsoft.SharePoint.Search\12.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.Search.dll
2014-02-23 16:58 - 2014-02-23 16:58 - 04408008 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
2014-03-25 16:20 - 2014-03-25 16:20 - 00003584 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\microsoft-server-activesync\9b416402\8cc2170d\App_global.asax.br3w4opa.dll
2014-03-25 16:20 - 2014-03-25 16:20 - 00004096 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\autodiscover\d7ea5478\ced0d684\App_global.asax.pzfacv0r.dll
2012-03-14 11:16 - 2012-03-14 11:16 - 04762384 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\MSSrch.dll
2011-07-04 19:49 - 2011-07-04 19:49 - 04784464 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\tquery.dll
2012-03-14 11:16 - 2012-03-14 11:16 - 04762384 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\bin\MSSrch.dll
2011-05-26 20:35 - 2011-05-26 20:35 - 00219472 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\bin\query.dll
2011-08-02 12:18 - 2011-08-02 12:18 - 01959760 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\mssph.dll
2011-05-06 15:33 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-02-20 17:38 - 2014-02-20 17:38 - 01040384 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\0388c6b3\318b26e2\App_GlobalResources.t3yeix1a.dll
2014-02-20 17:38 - 2014-02-20 17:38 - 00003584 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\0388c6b3\318b26e2\App_global.asax.odsjbv7l.dll
2014-02-20 17:38 - 2014-02-20 17:38 - 00016384 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\0388c6b3\318b26e2\App_Browsers.pc3n2nwt.dll
2014-02-20 17:38 - 2014-02-20 17:38 - 01511424 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\bed3688c\62adb5b4\App_GlobalResources.hkdqhbdh.dll
2014-02-20 17:38 - 2014-02-20 17:38 - 00003584 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\bed3688c\62adb5b4\App_global.asax.eaheugsa.dll
2014-02-20 17:38 - 2014-02-20 17:38 - 00016384 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\bed3688c\62adb5b4\App_Browsers.dxdn_fel.dll
2014-03-25 16:20 - 2014-03-25 16:20 - 00003584 _____ () C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\ews\92c01bc7\454b0b71\App_global.asax.09rkgvnx.dll
2011-02-19 04:53 - 2011-02-19 04:53 - 00043432 _____ () C:\Program Files (x86)\Dell\SysMgt\oma\bin\omaep32.dll
2011-06-10 18:32 - 2011-06-10 18:32 - 00028464 _____ () c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\volenum.ppl
2011-09-09 00:51 - 2011-11-07 14:21 - 00925696 _____ () C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\libkacm.dll
2011-05-16 22:17 - 2011-05-16 22:17 - 00167936 _____ () C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\lua5.1.dll
2013-10-01 09:44 - 2013-10-01 09:44 - 00098816 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32api.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00110080 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\pywintypes27.dll
2013-10-01 09:44 - 2013-10-01 09:44 - 00358912 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\pythoncom27.dll
2013-10-01 09:44 - 2013-10-01 09:44 - 00042496 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32service.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00027648 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\servicemanager.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00040960 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_socket.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00721920 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_ssl.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00285184 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_hashlib.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00031232 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_psutil_mswindows.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00074240 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_ctypes.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00103424 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\pyexpat.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00033792 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32evtlog.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00108544 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32security.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00018432 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32event.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00023552 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_multiprocessing.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00010240 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\sqlalchemy.cprocessors.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00011776 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\sqlalchemy.cresultproxy.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00041984 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\_sqlite3.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00337920 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\sqlite3.dll
2013-10-01 09:44 - 2013-10-01 09:44 - 00111616 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\win32file.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00098816 _____ () C:\Windows\TEMP\_MEI48922\win32api.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00110080 _____ () C:\Windows\TEMP\_MEI48922\pywintypes27.dll
2014-04-08 16:18 - 2014-04-08 16:18 - 00358912 _____ () C:\Windows\TEMP\_MEI48922\pythoncom27.dll
2014-04-08 16:18 - 2014-04-08 16:18 - 00042496 _____ () C:\Windows\TEMP\_MEI48922\win32service.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00027648 _____ () C:\Windows\TEMP\_MEI48922\servicemanager.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00018432 _____ () C:\Windows\TEMP\_MEI48922\win32event.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00040960 _____ () C:\Windows\TEMP\_MEI48922\_socket.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00721920 _____ () C:\Windows\TEMP\_MEI48922\_ssl.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00009728 _____ () C:\Windows\TEMP\_MEI48922\select.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00074240 _____ () C:\Windows\TEMP\_MEI48922\_ctypes.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00285184 _____ () C:\Windows\TEMP\_MEI48922\_hashlib.pyd
2014-04-08 16:18 - 2014-04-08 16:18 - 00103424 _____ () C:\Windows\TEMP\_MEI48922\pyexpat.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00009728 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\select.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00056320 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\OpenSSL.crypto.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00010752 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\OpenSSL.rand.pyd
2013-10-01 09:44 - 2013-10-01 09:44 - 00043520 _____ () C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\OpenSSL.SSL.pyd
2013-01-24 15:27 - 2012-02-16 19:48 - 00110592 _____ () C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\extensions\scripts\socket\core.dll
2013-01-24 15:27 - 2012-02-16 19:48 - 00073728 _____ () C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\extensions\scripts\mime\core.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:37DAD37B
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAMYRNTW27718108730149 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KAMYRNTW27718108730149 => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AgentLive => 2
MSCONFIG\Services: atashost => 2
MSCONFIG\Services: AudioEndpointBuilder => 3
MSCONFIG\Services: AudioSrv => 3
MSCONFIG\Services: Canon Driver Information Assist Service => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: FCRegSvc => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McCormick Systems Power Probes Service => 2
MSCONFIG\Services: MMCSS => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSFTPSVC => 3
MSCONFIG\Services: omsad => 2
MSCONFIG\Services: SPAdmin => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: bacstray => C:\Program Files\Broadcom\BACS\BacsTray.exe
MSCONFIG\startupreg: DWPersistentQueuedReporting => C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) #34
Description: Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom Corporation
Service: l2nd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2014 08:34:19 AM) (Source: MSExchangeTransport) (User: )
Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.farriselectric.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.farriselectric.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
 
Error: (04/09/2014 08:03:27 AM) (Source: MSExchangeTransport) (User: )
Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.farriselectric.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.farriselectric.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
 
Error: (04/09/2014 08:00:38 AM) (Source: MSExchangeFBPublish) (User: )
Description: Error updating public folder with free/busy information on virtual machine FE-SBS. The error number is 0x8004010f.
 
Error: (04/09/2014 07:43:46 AM) (Source: MSExchangeTransport) (User: )
Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.farriselectric.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.farriselectric.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
 
Error: (04/09/2014 07:20:52 AM) (Source: MSExchangeTransport) (User: )
Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.farriselectric.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.farriselectric.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
 
Error: (04/09/2014 07:10:38 AM) (Source: MSExchangeFBPublish) (User: )
Description: Error updating public folder with free/busy information on virtual machine FE-SBS. The error number is 0x8004010f.
 
Error: (04/09/2014 06:44:18 AM) (Source: MSExchangeTransport) (User: )
Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.farriselectric.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.farriselectric.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
 
Error: (04/09/2014 06:23:58 AM) (Source: MSExchangeTransport) (User: )
Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.farriselectric.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.farriselectric.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
 
Error: (04/09/2014 06:10:37 AM) (Source: MSExchangeFBPublish) (User: )
Description: Error updating public folder with free/busy information on virtual machine FE-SBS. The error number is 0x8004010f.
 
Error: (04/09/2014 06:06:56 AM) (Source: MSExchangeTransport) (User: )
Description: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.farriselectric.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.farriselectric.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
 
 
System errors:
=============
Error: (04/09/2014 08:30:29 AM) (Source: DCOM) (User: )
Description: Jim-PC.Farriselectric.local
 
Error: (04/09/2014 08:30:29 AM) (Source: DCOM) (User: )
Description: Jim-PC.Farriselectric.local
 
Error: (04/09/2014 08:30:29 AM) (Source: DCOM) (User: )
Description: Jim-PC.Farriselectric.local
 
Error: (04/09/2014 08:30:29 AM) (Source: DCOM) (User: )
Description: Jim-PC.Farriselectric.local
 
Error: (04/09/2014 08:30:29 AM) (Source: DCOM) (User: )
Description: Jim-PC.Farriselectric.local
 
Error: (04/09/2014 08:30:28 AM) (Source: DCOM) (User: )
Description: Jim-PC.Farriselectric.local
 
Error: (04/09/2014 08:30:28 AM) (Source: DCOM) (User: )
Description: Jim-PC.Farriselectric.local
 
Error: (04/09/2014 08:30:28 AM) (Source: DCOM) (User: )
Description: Jim-PC.Farriselectric.local
 
Error: (04/09/2014 08:30:28 AM) (Source: Kerberos) (User: )
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server shane-pc$. The target name used was RPCSS/Jim-PC.Farriselectric.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (FARRISELECTRIC.LOCAL) is different from the client domain (FARRISELECTRIC.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
 
Error: (04/09/2014 08:00:28 AM) (Source: DCOM) (User: )
Description: Jim-PC.Farriselectric.local
 
 
Microsoft Office Sessions:
=========================
Error: (04/09/2014 08:34:19 AM) (Source: MSExchangeTransport)(User: )
Description: remote.farriselectric.com3ED9A903C3E4FAEDA07685AC70969C3CBE61DDEA
 
Error: (04/09/2014 08:03:27 AM) (Source: MSExchangeTransport)(User: )
Description: remote.farriselectric.com3ED9A903C3E4FAEDA07685AC70969C3CBE61DDEA
 
Error: (04/09/2014 08:00:38 AM) (Source: MSExchangeFBPublish)(User: )
Description: FE-SBS0x8004010f
 
Error: (04/09/2014 07:43:46 AM) (Source: MSExchangeTransport)(User: )
Description: remote.farriselectric.com3ED9A903C3E4FAEDA07685AC70969C3CBE61DDEA
 
Error: (04/09/2014 07:20:52 AM) (Source: MSExchangeTransport)(User: )
Description: remote.farriselectric.com3ED9A903C3E4FAEDA07685AC70969C3CBE61DDEA
 
Error: (04/09/2014 07:10:38 AM) (Source: MSExchangeFBPublish)(User: )
Description: FE-SBS0x8004010f
 
Error: (04/09/2014 06:44:18 AM) (Source: MSExchangeTransport)(User: )
Description: remote.farriselectric.com3ED9A903C3E4FAEDA07685AC70969C3CBE61DDEA
 
Error: (04/09/2014 06:23:58 AM) (Source: MSExchangeTransport)(User: )
Description: remote.farriselectric.com3ED9A903C3E4FAEDA07685AC70969C3CBE61DDEA
 
Error: (04/09/2014 06:10:37 AM) (Source: MSExchangeFBPublish)(User: )
Description: FE-SBS0x8004010f
 
Error: (04/09/2014 06:06:56 AM) (Source: MSExchangeTransport)(User: )
Description: remote.farriselectric.com3ED9A903C3E4FAEDA07685AC70969C3CBE61DDEA
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-09 08:35:55.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-09 08:35:54.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-09 08:35:54.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-09 08:35:54.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-09 08:35:54.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-09 08:35:54.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-09 08:35:54.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-09 08:35:54.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-01 15:23:41.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-01 15:23:41.759
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\klif.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 61%
Total physical RAM: 12274.17 MB
Available physical RAM: 4731.29 MB
Total Pagefile: 40653.83 MB
Available Pagefile: 31937.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.66 GB) (Free:8.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:1019.05 GB) (Free:967.12 GB) NTFS
Drive o: (New Volume) (Network) (Total:700 GB) (Free:266.32 GB) NTFS
Drive q: (New Volume) (Network) (Total:700 GB) (Free:266.32 GB) NTFS
Drive s: (New Volume) (Network) (Total:700 GB) (Free:266.32 GB) NTFS
Drive t: (New Volume) (Network) (Total:700 GB) (Free:266.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1117 GB) (Disk ID: C648A405)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:23 PM

Posted 09 April 2014 - 01:04 PM

The FRST log is not complete.

Right click on the Desktop and create a new folder.
Name it My_FRST

Move the Farbar Recovery Scan .exe file to the new folder.

It's presently in the D:\Downloads folder.

Run the Farbar tool again from that folder. Post a fresh log for my review.

#9 rrwallace61

rrwallace61
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 09 April 2014 - 01:20 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Administrator (administrator) on FE-SBS on 09-04-2014 11:18:44
Running from C:\Users\Administrator.FARRISELECTRIC\Desktop\My_FRST
Windows ® Small Business Server 2008 Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Kaspersky Lab) c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
(Zenith Infotech LTD) C:\Program Files (x86)\ZenithBDR\BDRAgentScheduler.exe
(Microsoft Corporation) C:\Windows\system32\certsrv.exe
(Microsoft Corporation) C:\Program Files\Windows Small Business Server\Bin\DataCollectorSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
(Kaspersky Lab) c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
(Microsoft Corporation) C:\Windows\system32\DFSRs.exe
(Microsoft Corporation) C:\Windows\system32\dns.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Kaseya International Limited) C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\AgentMon.exe
(Microsoft Corporation) C:\Windows\system32\iashost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(LSI  Logic Corporation) C:\Program Files (x86)\Dell\SysMgt\sm\mr2kserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeADTopologyService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\bin\store.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\bin\mad.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\msftesql.exe
(Microsoft Corporation) C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\system32\ntfrs.exe
(Schneider Electric) C:\Program Files\APC\PowerChute\group1\pcns.exe
(Oracle Corporation) C:\Program Files\APC\PowerChute\jre_x64\bin\java.exe
() C:\Program Files (x86)\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
(Zenith Infotech Ltd.) C:\Program Files (x86)\ZenithBDR\ShadowProtectCore.exe
(Microsoft Corporation) C:\Windows\system32\silsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\OWSTIMER.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\wsstracing.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\SPWRITER.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
() C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe
(Microsoft Corporation) C:\Windows\system32\dfssvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeFDS.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailboxAssistants.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailSubmission.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\bin\Microsoft.Exchange.Cluster.ReplayService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Search.ExSearch.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\bin\Microsoft.Exchange.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransport.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransportLogSearch.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\edgetransport.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\mssearch.exe
( ) C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\extensions\lua.exe
( ) C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\extensions\lua.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\bin\mssdmn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
(Kaseya International Limited) C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\KaUsrTsk.exe
(Microsoft Corporation) C:\Windows\system32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\system32\srmhost.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Exchange Server\Bin\MsFTEFD.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [AVP] - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe [342280 2011-06-10] (Kaspersky Lab)
HKLM-x32\...\Run: [KASHMYRNTW27718108730149] - C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\KaUsrTsk.exe [577536 2012-10-31] (Kaseya International Limited)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
Lsa: [Notification Packages] scecli RASSFM
SecurityProviders: credssp.dll, pwdssp.dll
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {AD545DE1-CA51-4DB3-BFE9-FA898626B926} https://assist.va.sonicwall.com/VAX.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://control.itsupport247.net/components/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\..\Interfaces\{0CC116B9-DF9B-4EE1-BBDB-037A2A076D12}: [NameServer]172.16.0.2,172.16.0.6
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator.FARRISELECTRIC\AppData\Roaming\Mozilla\Firefox\Profiles\5tb7uaho.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
==================== Services (Whitelisted) =================
 
S4 AgentLive; C:\Program Files (x86)\ZenithBDR\AgentLive.exe [203824 2013-10-04] (Zenith Infotech)
R2 AVP; c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe [342280 2011-06-10] (Kaspersky Lab)
R2 BDRAgentScheduler; C:\Program Files (x86)\ZenithBDR\BDRAgentScheduler.exe [113712 2013-06-19] (Zenith Infotech LTD)
S4 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [6075816 2010-08-04] (CANON INC.)
R2 CertSvc; C:\Windows\system32\certsrv.exe [718336 2009-04-11] (Microsoft Corporation)
S4 CSBA; C:\Program Files (x86)\ZenithBDR\CSBA.exe [109616 2013-06-19] (Zenith Infotech)
R2 DataCollectorSvc; C:\Program Files\Windows Small Business Server\Bin\DataCollectorSvc.exe [72368 2012-08-14] (Microsoft Corporation)
R2 dcevt32; C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe [153560 2011-01-22] (Dell Inc.)
R2 dcstor32; C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe [202712 2011-01-22] (Dell Inc.)
S4 ddnsclient; C:\Program Files\Windows Small Business Server\Bin\DDnsClient.exe [50256 2008-08-12] (Microsoft Corporation)
R2 Dfs; C:\Windows\system32\dfssvc.exe [326656 2009-04-11] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [3672576 2009-04-11] (Microsoft Corporation)
R2 DHCPServer; C:\Windows\System32\dhcpssvc.dll [620032 2009-04-11] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [639488 2011-12-23] (Microsoft Corporation)
S4 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [26112 2008-01-19] (Microsoft Corporation)
S4 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
R2 IAS; C:\Windows\System32\ias.dll [25600 2008-01-19] (Microsoft Corporation)
R2 IAS; C:\Windows\SysWOW64\ias.dll [18944 2008-01-19] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2008-01-19] (Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [59392 2008-01-19] (Microsoft Corporation)
R2 KAMYRNTW27718108730149; C:\Program Files (x86)\Kaseya\MYRNTW27718108730149\AgentMon.exe [1085440 2013-01-07] (Kaseya International Limited)
R2 kdc; C:\Windows\System32\lsass.exe [11264 2011-11-16] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-20] (LogMeIn, Inc.)
S4 LMIRescue_3b151bd4-9d82-4697-9fec-dadcff1dcd13; C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [2570592 2014-02-10] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [363856 2010-12-29] (Malwarebytes Corporation)
S4 McCormick Systems Power Probes Service; C:\Program Files (x86)\McCormick Systems\Power Probes v11\McCormick Systems Power Probes Service.exe [103848 2013-04-01] (McCormick Systems)
R2 mr2kserv; C:\Program Files (x86)\Dell\SysMgt\sm\mr2kserv.exe [69632 2011-03-09] (LSI  Logic Corporation)
R2 MSExchangeADTopology; C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeADTopologyService.exe [120504 2013-12-02] (Microsoft Corporation)
R2 MSExchangeAntispamUpdate; C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe [44848 2014-01-29] (Microsoft Corporation)
S4 MSExchangeEdgeSync; C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.EdgeSyncSvc.exe [89880 2014-01-29] (Microsoft Corporation)
R2 MSExchangeFDS; C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeFDS.exe [93912 2014-01-29] (Microsoft Corporation)
S3 MSExchangeImap4; C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe [27936 2014-01-29] (Microsoft Corporation)
R2 MSExchangeIS; C:\Program Files\Microsoft\Exchange Server\bin\store.exe [9554104 2014-01-29] (Microsoft Corporation)
R2 MSExchangeMailboxAssistants; C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailboxAssistants.exe [270096 2014-01-29] (Microsoft Corporation)
R2 MSExchangeMailSubmission; C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailSubmission.exe [65280 2014-01-29] (Microsoft Corporation)
S3 MSExchangeMonitoring; C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Monitoring.exe [61208 2014-01-29] (Microsoft Corporation)
S3 MSExchangePop3; C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe [27928 2014-01-29] (Microsoft Corporation)
R2 MSExchangeRepl; C:\Program Files\Microsoft\Exchange Server\bin\Microsoft.Exchange.Cluster.ReplayService.exe [69448 2014-01-29] (Microsoft Corporation)
R2 MSExchangeSA; C:\Program Files\Microsoft\Exchange Server\bin\mad.exe [2770096 2014-01-29] (Microsoft Corporation)
R2 MSExchangeSearch; C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Search.ExSearch.exe [245544 2014-01-29] (Microsoft Corporation)
R2 MSExchangeServiceHost; C:\Program Files\Microsoft\Exchange Server\bin\Microsoft.Exchange.ServiceHost.exe [40728 2014-01-29] (Microsoft Corporation)
R2 MSExchangeTransport; C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransport.exe [69360 2014-01-29] (Microsoft Corporation)
R2 MSExchangeTransportLogSearch; C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransportLogSearch.exe [77584 2014-01-29] (Microsoft Corporation)
R2 msftesql$SBSMONITORING; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [91992 2010-03-26] (Microsoft Corporation)
R3 msftesql-Exchange; C:\Program Files\Microsoft\Exchange Server\Bin\msftesql.exe [183728 2010-06-19] (Microsoft Corporation)
S4 MSFTPSVC; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2008-01-19] (Microsoft Corporation)
R2 MSSQL$MICROSOFT##SSEE; C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe [39627104 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SBSMONITORING; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NTDS; C:\Windows\System32\lsass.exe [11264 2011-11-16] (Microsoft Corporation)
R2 NtFrs; C:\Windows\system32\ntfrs.exe [1019392 2009-04-11] (Microsoft Corporation)
S4 omsad; C:\Program Files (x86)\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe [22952 2011-02-19] (Dell Inc.)
R2 PCNS1; C:\Program Files\APC\PowerChute\group1\pcns.exe [32504 2013-11-21] (Schneider Electric)
S4 Pop3Connector; C:\Program Files\Windows Small Business Server\Bin\Pop3Connector.exe [243280 2008-08-12] (Microsoft Corporation)
R3 RPCHTTPLBS; C:\Windows\System32\RpcProxy\LBService.dll [24064 2009-04-11] (Microsoft Corporation)
S3 Rqs; C:\Windows\system32\rqs.exe [41472 2008-01-19] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-04-11] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2008-01-19] (Microsoft Corporation)
R2 Server Administrator; C:\Program Files (x86)\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe [55208 2011-02-19] ()
R2 ShadowProtectCore; C:\Program Files (x86)\ZenithBDR\ShadowProtectCore.exe [89136 2013-08-08] (Zenith Infotech Ltd.)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4701448 2014-02-23] (StorageCraft Technology Corporation)
S4 SPAdmin; C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\WSSADMIN.EXE [16032 2012-06-07] (Microsoft Corporation)
R3 SPSearch; C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\mssearch.exe [572312 2011-05-26] (Microsoft Corporation)
R2 SPTimerV3; C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\OWSTIMER.EXE [89456 2011-05-26] (Microsoft Corporation)
R2 SPTrace; C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\wsstracing.exe [84328 2009-02-26] (Microsoft Corporation)
R2 SPWriter; C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\SPWRITER.EXE [56168 2009-02-26] (Microsoft Corporation)
R3 SrmReports; C:\Windows\system32\srmhost.exe [64512 2009-04-11] (Microsoft Corporation)
R2 SrmSvc; C:\Windows\system32\srmsvc.dll [3171328 2009-04-11] (Microsoft Corporation)
R2 stc_raw_agent; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowSnap\raw_agent_svc.exe [4072464 2013-10-01] (StorageCraft Technology Corporation)
R2 StorageCraft ImageReady; C:\Program Files (x86)\StorageCraft\ShadowProtect\ImageReady.exe [4408008 2014-02-23] ()
R2 TSGateway; C:\Windows\system32\aaedge.dll [219648 2009-04-11] (Microsoft Corporation)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [94984 2014-02-23] (StorageCraft Technology Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
S3 WMSvc; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2008-01-19] (Microsoft Corporation)
S3 wsbexchange; C:\Program Files\Microsoft\Exchange Server\bin\wsbexchange.exe [138960 2014-01-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [296576 2012-06-15] (SafeNet Inc.)
R0 Datascrn; C:\Windows\System32\drivers\datascrn.sys [80856 2009-04-11] (Microsoft Corporation)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2010-10-21] (Dell Inc.)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [45112 2008-01-19] (Microsoft Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.)
S4 ioatdma; C:\Windows\system32\drivers\qd260x64.sys [35328 2008-01-19] (Intel Corporation)
R3 KAPFA; C:\Windows\system32\drivers\KAPFA.SYS [35048 2013-01-07] (Kaseya)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-11-11] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [268376 2012-05-02] (Kaspersky Lab)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [103464 2011-02-04] (Broadcom Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24152 2010-12-29] (Malwarebytes Corporation)
R0 Quota; C:\Windows\System32\drivers\quota.sys [162280 2009-04-11] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [103992 2008-01-19] (Microsoft Corporation)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [117000 2014-02-23] (StorageCraft Technology Corporation)
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [283400 2014-02-23] (StorageCraft Technology Corporation)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [274616 2013-02-22] (Jungo)
U5 WPDBusEnum; C:\Windows\system32\svchost.exe [27648 2008-01-19] (Microsoft Corporation)
S4 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [X]
S4 s3cap; \SystemRoot\system32\drivers\s3cap.sys [X]
S0 storflt; system32\drivers\storflt.sys [X]
U3 aswMBR; \??\C:\Users\Administrator.FARRISELECTRIC\AppData\Local\Temp\1\aswMBR.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
2014-04-09 11:18 - 2014-04-09 11:18 - 00000000 ____D () C:\Users\Administrator.FARRISELECTRIC\Desktop\My_FRST
2014-04-09 08:35 - 2014-04-09 11:18 - 00000000 ____D () C:\FRST
2014-04-08 16:49 - 2014-04-08 16:49 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-08 16:40 - 2014-04-09 11:18 - 00000000 ____D () C:\Users\Administrator.FARRISELECTRIC\AppData\Local\Temp\1
2014-04-08 12:50 - 2014-03-04 08:10 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-08 12:50 - 2014-03-04 08:09 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-08 12:50 - 2014-03-04 08:09 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-08 12:50 - 2014-03-04 08:08 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-08 12:50 - 2014-03-04 08:06 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-04-08 12:50 - 2014-03-04 08:05 - 09347072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-08 12:50 - 2014-03-04 08:05 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-08 12:50 - 2014-03-04 08:05 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-08 12:50 - 2014-03-04 08:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-08 12:50 - 2014-03-04 08:05 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-08 12:50 - 2014-03-04 08:04 - 12510720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-08 12:50 - 2014-03-04 08:04 - 02357760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-08 12:50 - 2014-03-04 08:04 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-08 12:50 - 2014-03-04 08:04 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-08 12:50 - 2014-03-04 08:04 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-08 12:50 - 2014-03-04 08:04 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-08 12:50 - 2014-03-04 08:04 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-08 12:50 - 2014-03-04 08:04 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-08 12:50 - 2014-03-04 08:04 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-08 12:50 - 2014-03-04 08:04 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-08 12:50 - 2014-03-04 08:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-04-08 12:50 - 2014-03-04 06:33 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-08 12:50 - 2014-03-04 05:10 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-08 12:50 - 2014-03-04 05:09 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-08 12:50 - 2014-03-04 05:08 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 12:50 - 2014-03-04 05:08 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-08 12:50 - 2014-02-23 03:53 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-08 12:50 - 2014-02-23 03:52 - 01213440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-08 12:50 - 2014-02-23 03:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-08 12:50 - 2014-02-23 03:50 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-08 12:50 - 2014-02-23 03:48 - 06020096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-08 12:50 - 2014-02-23 03:48 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-08 12:50 - 2014-02-23 03:48 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2014-04-08 12:50 - 2014-02-23 03:48 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-08 12:50 - 2014-02-23 03:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-08 12:50 - 2014-02-23 03:47 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-08 12:50 - 2014-02-23 03:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-08 12:50 - 2014-02-23 03:46 - 11111424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-08 12:50 - 2014-02-23 03:46 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-08 12:50 - 2014-02-23 03:46 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-08 12:50 - 2014-02-23 03:46 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-08 12:50 - 2014-02-23 03:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-08 12:50 - 2014-02-23 03:46 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-08 12:50 - 2014-02-23 03:46 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-08 12:50 - 2014-02-23 03:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-08 12:50 - 2014-02-23 03:46 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-08 12:50 - 2014-02-23 03:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2014-04-08 12:50 - 2014-02-23 02:12 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-08 12:50 - 2014-02-23 00:25 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-04-08 12:50 - 2014-02-23 00:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-08 12:50 - 2014-02-23 00:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-08 12:50 - 2014-02-23 00:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-08 12:49 - 2014-02-05 21:21 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 12:49 - 2014-02-05 18:57 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-03 13:45 - 2014-04-03 13:47 - 00000000 ____D () C:\Program Files\HijackThis
2014-04-02 08:06 - 2014-04-09 08:32 - 00002454 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\aswMBR.txt
2014-04-02 08:06 - 2014-04-02 08:06 - 00000512 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\MBR.dat
2014-04-01 15:35 - 2014-04-01 15:35 - 00002922 _____ () C:\Users\Administrator.FARRISELECTRIC\Desktop\Rkill.txt
2014-04-01 15:22 - 2014-04-01 15:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-01 15:22 - 2014-04-01 15:22 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 15:20 - 2014-04-01 15:31 - 00000000 ____D () C:\Users\Administrator.FARRISELECTRIC\Desktop\mbar
2014-04-01 15:20 - 2014-04-01 15:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 14:39 - 2014-03-28 14:39 - 00015586 _____ () C:\Users\Administrator.FARRISELECTRIC\Desktop\MBRCheck_03.28.14_14.39.13.txt
2014-03-28 14:25 - 2014-03-28 14:25 - 00073404 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\cc_20140328_142508.reg
2014-03-28 14:25 - 2014-03-28 14:25 - 00003778 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\cc_20140328_142530.reg
2014-03-28 14:23 - 2014-03-28 14:23 - 00538290 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\cc_20140328_142323.reg
2014-03-14 15:22 - 2014-03-14 15:22 - 00004096 ___SH () C:\VSM000.IDX
2014-03-11 18:56 - 2014-02-07 05:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 18:56 - 2014-01-30 03:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 18:56 - 2014-01-30 03:11 - 02652160 _____ (Microsoft Corporation) C:\Windows\system32\ntdsai.dll
2014-03-11 18:56 - 2014-01-30 03:11 - 00672256 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-03-11 18:56 - 2014-01-30 03:11 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-03-11 18:56 - 2014-01-30 00:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 18:56 - 2014-01-30 00:46 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
 
==================== One Month Modified Files and Folders =======
 
2014-04-09 11:18 - 2014-04-09 11:18 - 00000000 ____D () C:\Users\Administrator.FARRISELECTRIC\Desktop\My_FRST
2014-04-09 11:18 - 2014-04-09 08:35 - 00000000 ____D () C:\FRST
2014-04-09 11:18 - 2014-04-08 16:40 - 00000000 ____D () C:\Users\Administrator.FARRISELECTRIC\AppData\Local\Temp\1
2014-04-09 11:18 - 2008-08-12 20:58 - 00000000 ____D () C:\Windows\system32\dhcp
2014-04-09 11:10 - 2011-04-20 14:09 - 00000000 ____D () C:\Windows\ntds
2014-04-09 11:04 - 2011-04-20 14:41 - 00000000 ____D () C:\Windows\system32\CertLog
2014-04-09 11:04 - 2008-01-19 03:11 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-04-09 11:01 - 2013-06-19 19:47 - 00000000 ____D () C:\Program Files (x86)\ZenithBDR
2014-04-09 10:56 - 2012-06-12 07:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 10:17 - 2008-01-19 06:58 - 00003776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 10:17 - 2008-01-19 06:58 - 00003776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 09:25 - 2014-01-04 10:07 - 00000332 _____ () C:\options.ini
2014-04-09 09:03 - 2012-05-02 20:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-09 08:32 - 2014-04-02 08:06 - 00002454 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\aswMBR.txt
2014-04-09 07:00 - 2011-04-20 14:41 - 00000362 _____ () C:\Windows\Tasks\Shadow copy schedule for disk drive C.job
2014-04-09 03:50 - 2011-04-20 11:14 - 01922197 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 03:49 - 2011-04-22 19:58 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-08 16:49 - 2014-04-08 16:49 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-08 16:40 - 2012-06-12 07:49 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 16:29 - 2011-04-27 17:41 - 00004114 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0D3E5BFF-1E8B-45BA-B3EC-A78ADEAEB36B}
2014-04-08 16:29 - 2011-04-27 17:41 - 00000450 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{0D3E5BFF-1E8B-45BA-B3EC-A78ADEAEB36B}.job
2014-04-08 16:26 - 2011-04-22 19:13 - 00000000 ____D () C:\kworking
2014-04-08 16:24 - 2008-01-19 02:41 - 02187646 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 16:23 - 2011-04-20 14:13 - 00006624 _____ () C:\Windows\system32\config\netlogon.dnb
2014-04-08 16:23 - 2011-04-20 14:13 - 00002537 _____ () C:\Windows\system32\config\netlogon.dns
2014-04-08 16:18 - 2011-04-20 14:08 - 00000000 ____D () C:\Windows\system32\dns
2014-04-08 16:17 - 2008-01-19 07:14 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 16:05 - 2008-01-19 07:14 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 16:02 - 2014-02-01 17:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-08 16:00 - 2008-08-12 21:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 16:00 - 2008-01-19 02:33 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-04 15:24 - 2014-01-29 09:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-04 06:14 - 2012-06-05 18:20 - 00000000 _____ () C:\Windows\SysWOW64\signal.txt
2014-04-03 13:47 - 2014-04-03 13:45 - 00000000 ____D () C:\Program Files\HijackThis
2014-04-02 08:06 - 2014-04-02 08:06 - 00000512 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\MBR.dat
2014-04-01 15:35 - 2014-04-01 15:35 - 00002922 _____ () C:\Users\Administrator.FARRISELECTRIC\Desktop\Rkill.txt
2014-04-01 15:31 - 2014-04-01 15:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-01 15:31 - 2014-04-01 15:20 - 00000000 ____D () C:\Users\Administrator.FARRISELECTRIC\Desktop\mbar
2014-04-01 15:22 - 2014-04-01 15:22 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 15:20 - 2014-04-01 15:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 11:18 - 2014-01-15 10:45 - 00000000 ____D () C:\Users\Administrator.FARRISELECTRIC\AppData\Local\Temp\vmrc-plugin
2014-04-01 11:18 - 2014-01-15 10:44 - 00029031 _____ () C:\Users\Administrator.FARRISELECTRIC\AppData\Local\Temp\vminst.log
2014-03-28 17:26 - 2011-04-20 14:13 - 00003766 __RSH () C:\ProgramData\ntuser.pol
2014-03-28 14:39 - 2014-03-28 14:39 - 00015586 _____ () C:\Users\Administrator.FARRISELECTRIC\Desktop\MBRCheck_03.28.14_14.39.13.txt
2014-03-28 14:26 - 2011-04-27 11:31 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-28 14:25 - 2014-03-28 14:25 - 00073404 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\cc_20140328_142508.reg
2014-03-28 14:25 - 2014-03-28 14:25 - 00003778 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\cc_20140328_142530.reg
2014-03-28 14:23 - 2014-03-28 14:23 - 00538290 _____ () C:\Users\Administrator.FARRISELECTRIC\Documents\cc_20140328_142323.reg
2014-03-28 12:51 - 2012-06-12 07:50 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-28 12:51 - 2012-06-12 07:50 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 16:14 - 2008-01-19 03:11 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-24 12:01 - 2014-01-15 11:01 - 00000000 ____D () C:\Users\Administrator.FARRISELECTRIC\AppData\Roaming\VMware
2014-03-14 15:42 - 2008-01-19 03:11 - 00000000 ____D () C:\Windows\rescache
2014-03-14 15:24 - 2008-01-19 06:57 - 00258616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 15:22 - 2014-03-14 15:22 - 00004096 ___SH () C:\VSM000.IDX
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-09 05:00
 
==================== End Of Log ============================


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:23 PM

Posted 10 April 2014 - 08:49 AM

Nothing suspicious was found on your log.

Quoted from your first log.
 

ntfs 55
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume17.


Did you run the SHKDSK utility?

How to:
http://www.eightforums.com/tutorials/6221-chkdsk-check-drive-errors-windows-8-a.html

If a repair must be done then execute the utility with the /x switch.

===

Have a look at the Application errors: in your log in post No. 7.

This is not malware and not my forte.

If you need help on that these issues I suggest you start a new topic in the Windows 8 Forum
http://www.bleepingcomputer.com/forums/f/209/windows-8/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users