Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please help! Viral/Worm infection in all machines in home network

Started by majorlag , Apr 07 2014 08:42 AM

Please log in to reply

#46
majorlag

Posted 16 April 2014 - 06:36 AM

Member

Topic Starter
Member
70 posts

Alright, first tried to run an AVAST boot scan before getting the fixlist script, PC felt the need to run chksk and replaced at least one file attribute (don't have my notes in front of, don't recall what exactly) Then the bootscan ran, found some corrupted files but no baddies.

Ran the fixlist, below is the log. Ran FRST after the fixlist, below is its log. No Addition.txt came out this time. AVAST boot time scan log below that.

While trying to find the avast log, I ran across a lot of NTUSER.DATA(hash).TMContainer00001.regtrans-ms files in my users folder that coincide with the date problems started. There's about six of them. Dunno if that helps any.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by ahutsell2001 at 2014-04-16 08:28:06 Run:1
Running from C:\Users\ahutsell2001\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8100 (Network).lnk -> (No File)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
S3 MSICDSetup; \??\H:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [X]
C:\Program Files\COMODO
AlternateDataStreams: C:\ProgramData\TEMP:9638A27E
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
*****************

C:\Program Files\COMODO\COMODO Internet Security\cistray.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Internet Security => Value not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8100 (Network).lnk -> (No File) not found.
cmdAgent => Service not found.
cmdvirth => Service not found.
cmderd => Service not found.
cmdGuard => Service not found.
cmdHlp => Service not found.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
C:\Program Files\COMODO => Moved successfully.
C:\ProgramData\TEMP => ":9638A27E" ADS removed successfully.
C:\ProgramData\TEMP => ":BC359956" ADS removed successfully.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 34 days old and could be outdated)
Ran by ahutsell2001 (administrator) on HUTSELL1-7 on 16-04-2014 08:30:56
Running from C:\Users\ahutsell2001\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Cypherix Software (India) Pvt. Ltd.) C:\Windows\SysWOW64\cypxsrv10.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
() C:\Windows\runservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Launchpad.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Sysinternals - www.sysinternals.com) C:\Windows\System32\Process Explorer\procexp.exe
(Audiovox Electronics Corp.) C:\Users\ahutsell2001\Documents\RCA Detective\RCADetective.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sysinternals - www.sysinternals.com) C:\Users\ahutsell2001\AppData\Local\Temp\procexp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [Launchpad] - C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [UVS12 Preload] - C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe [397456 2008-06-09] (Corel TW Corp.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-06] (Microsoft Corporation)
HKU\S-1-5-21-2368243782-2037709877-4180025535-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2368243782-2037709877-4180025535-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-14] (SUPERAntiSpyware)
HKU\S-1-5-21-2368243782-2037709877-4180025535-1000\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
Startup: C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8100 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8100 (Network).lnk -> (No File)
Startup: C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk
ShortcutTarget: procexp.exe - Shortcut.lnk -> C:\Windows\System32\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)
Startup: C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
ShortcutTarget: RCA Detective.lnk -> C:\Users\ahutsell2001\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://myvaughnmelton.com/NELX.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ahutsell2001\AppData\Roaming\Mozilla\Firefox\Profiles\r36d9hnq.default
FF Homepage: bing.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Extension: NoScript - C:\Users\ahutsell2001\AppData\Roaming\Mozilla\Firefox\Profiles\r36d9hnq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-03]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software)
R2 cypherix10service; C:\Windows\SysWOW64\cypxsrv10.exe [1055072 2012-01-18] (Cypherix Software (India) Pvt. Ltd.)
S2 cypherixservice; C:\Windows\system32\cypherixsrv.exe [74240 2008-09-02] (Cypherix Software (India) Pvt. Ltd.)
S2 cypherixservice; C:\Windows\SysWOW64\cypherixsrv.exe [928496 2009-12-24] (Cypherix Software (India) Pvt. Ltd.)
R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2013-11-24] ()
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-11] ()
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41568 2012-11-02] (Microsoft Corporation)
R2 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows ® Win 7 DDK provider)
R2 cyphxdrv; C:\Windows\system32\Drivers\cyphxdrv.sys [101880 2010-02-09] (Cypherix Software (India) Pvt. Ltd.)
R1 cypxdv10; C:\Windows\system32\Drivers\cypxdv10.sys [102656 2012-01-18] (Cypherix Software (India) Pvt. Ltd.)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2012-03-26] (SonicWALL Inc.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-16 08:30 - 2014-04-16 08:30 - 00014810 _____ () C:\Users\ahutsell2001\Desktop\FRST.txt
2014-04-15 23:03 - 2014-04-15 23:03 - 00000000 __SHD () C:\found.000
2014-04-15 21:51 - 2014-04-15 21:51 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\Uninstaller Tool(Comodo Forums)
2014-04-15 19:22 - 2014-04-15 19:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-15 18:54 - 2014-04-15 18:54 - 00003312 _____ () C:\Windows\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2014-04-15 18:54 - 2013-11-11 10:58 - 04900568 _____ (COMODO) C:\ProgramData\cisFAD2.exe
2014-04-15 18:54 - 2013-11-11 10:58 - 04900568 _____ (COMODO) C:\ProgramData\cis13D2.exe
2014-04-15 17:51 - 2014-04-16 08:30 - 00000000 ____D () C:\FRST
2014-04-15 17:50 - 2014-04-07 17:09 - 02157056 _____ (Farbar) C:\Users\ahutsell2001\Desktop\FRST64.exe
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_9.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_8.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_7.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_6.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_5.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_4.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_33.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_32.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_31.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_30.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_3.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_29.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_28.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_27.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_26.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_25.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_24.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_23.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_22.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_20.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_2.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_19.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_18.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_17.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_16.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_15.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_14.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_13.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_12.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_11.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_10.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_1.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_0.log
2014-04-15 00:20 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_20_59.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_9.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_8.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_7.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_6.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_58.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_57.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_56.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_55.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_54.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_53.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_52.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_51.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_50.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_5.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_49.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_48.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_47.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_46.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_45.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_44.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_43.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_42.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_41.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_40.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_4.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_39.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_38.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_37.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_36.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_35.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_34.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_32.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_30.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_3.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_29.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_28.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_27.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_26.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_25.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_24.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_23.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_2.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_19.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_18.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_17.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_16.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_15.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_14.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_13.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_12.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_11.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_10.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_1.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_0.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000038 _____ () C:\15_4_20_31.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_59.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_58.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_57.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_56.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_55.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_54.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_53.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_52.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_51.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_50.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_49.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_48.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_47.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_46.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_45.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_44.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_43.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_42.log
2014-04-14 23:41 - 2014-04-15 19:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 23:41 - 2014-04-14 23:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 23:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 23:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 21:34 - 2014-04-14 21:34 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\cuggcwid.sys
2014-04-14 21:29 - 2014-04-14 21:29 - 00068906 _____ () C:\Users\ahutsell2001\Desktop\OTL.4.14.Txt
2014-04-14 21:27 - 2014-04-14 21:27 - 00068906 _____ () C:\Users\ahutsell2001\Desktop\OTL.Txt
2014-04-14 21:24 - 2014-04-14 21:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\zopugfmj.sys
2014-04-14 21:24 - 2014-04-06 18:42 - 00602112 _____ (OldTimer Tools) C:\Users\ahutsell2001\Desktop\OTL.exe
2014-04-14 21:23 - 2014-04-09 10:43 - 04745728 _____ (AVAST Software) C:\Users\ahutsell2001\Desktop\aswmbr.exe
2014-04-14 21:18 - 2013-04-09 23:09 - 00108104 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-04-14 21:18 - 2013-04-09 23:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-04-06 06:24 - 2014-04-15 18:54 - 00003310 _____ () C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2014-03-27 15:00 - 2014-03-27 15:00 - 00001030 _____ () C:\Users\Public\Desktop\Full Video Converter Free 9.lnk
2014-03-27 14:59 - 2014-03-27 15:00 - 00000000 ____D () C:\Program Files (x86)\Full Video Converter Free 9
2014-03-27 12:47 - 2014-03-27 12:47 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\LeapingBrain
2014-03-27 12:46 - 2014-03-27 12:46 - 00001352 _____ () C:\Users\ahutsell2001\Desktop\Paladin Press On Demand.lnk
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Windows\SysWOW64\tFolderToCreate
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\LeapingBrain
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Program Files (x86)\LeapingBrain
2014-03-20 13:30 - 2014-03-20 13:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 15:07 - 2014-03-19 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-04-16 08:31 - 2014-04-16 08:30 - 00014810 _____ () C:\Users\ahutsell2001\Desktop\FRST.txt
2014-04-16 08:30 - 2014-04-15 17:51 - 00000000 ____D () C:\FRST
2014-04-16 06:15 - 2013-11-03 15:15 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f0414407-5f3d-4e2b-a002-10e3e76b9ab0.job
2014-04-16 02:13 - 2013-11-03 13:26 - 00038205 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 02:00 - 2014-03-08 23:32 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task efe55bae-0870-40a4-a515-a0bf0fab057d.job
2014-04-16 01:11 - 2009-07-14 00:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 01:11 - 2009-07-14 00:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 01:08 - 2009-07-14 01:13 - 00779266 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 01:03 - 2013-11-29 01:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-16 01:03 - 2013-11-24 02:01 - 00001393 ___SH () C:\Windows\SysWOW64\mmf.sys
2014-04-16 01:03 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 01:03 - 2009-07-14 00:51 - 00024925 _____ () C:\Windows\setupact.log
2014-04-15 23:06 - 2013-12-18 01:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-04-15 23:06 - 2013-11-03 14:17 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-15 23:06 - 2013-11-03 14:17 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-04-15 23:06 - 2013-11-03 14:17 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-15 23:06 - 2013-11-03 14:17 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-15 23:06 - 2013-11-03 14:17 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-15 23:03 - 2014-04-15 23:03 - 00000000 __SHD () C:\found.000
2014-04-15 22:09 - 2013-12-12 01:46 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Local\Microsoft Games
2014-04-15 21:51 - 2014-04-15 21:51 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\Uninstaller Tool(Comodo Forums)
2014-04-15 21:51 - 2013-11-03 14:47 - 00000000 ____D () C:\ProgramData\COMODO
2014-04-15 19:23 - 2014-04-14 23:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 19:22 - 2014-04-15 19:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-15 19:22 - 2013-11-03 14:17 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-15 19:22 - 2013-11-03 14:17 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-15 19:22 - 2013-11-03 14:17 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-15 19:22 - 2013-11-03 14:17 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-15 18:54 - 2014-04-15 18:54 - 00003312 _____ () C:\Windows\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2014-04-15 18:54 - 2014-04-06 06:24 - 00003310 _____ () C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_9.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_8.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_7.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_6.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_5.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_4.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_33.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_32.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_31.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_30.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_3.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_29.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_28.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_27.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_26.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_25.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_24.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_23.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_22.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_20.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_2.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_19.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_18.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_17.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_16.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_15.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_14.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_13.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_12.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_11.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_10.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_1.log
2014-04-15 00:21 - 2014-04-15 00:21 - 00000076 _____ () C:\15_4_21_0.log
2014-04-15 00:21 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_59.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_9.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_8.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_7.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_6.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_58.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_57.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_56.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_55.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_54.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_53.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_52.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_51.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_50.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_5.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_49.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_48.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_47.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_46.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_45.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_44.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_43.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_42.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_41.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_40.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_4.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_39.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_38.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_37.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_36.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_35.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_34.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_32.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_30.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_3.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_29.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_28.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_27.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_26.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_25.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_24.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_23.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_2.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_19.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_18.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_17.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_16.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_15.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_14.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_13.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_12.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_11.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_10.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_1.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000076 _____ () C:\15_4_20_0.log
2014-04-15 00:20 - 2014-04-15 00:20 - 00000038 _____ () C:\15_4_20_31.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_59.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_58.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_57.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_56.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_55.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_54.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_53.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_52.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_51.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_50.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_49.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_48.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_47.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_46.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_45.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_44.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_43.log
2014-04-15 00:19 - 2014-04-15 00:19 - 00000076 _____ () C:\15_4_19_42.log
2014-04-14 23:41 - 2014-04-14 23:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 23:41 - 2013-11-03 15:16 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-14 23:41 - 2013-11-03 15:16 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\Malwarebytes
2014-04-14 23:41 - 2013-11-03 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 21:34 - 2014-04-14 21:34 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\cuggcwid.sys
2014-04-14 21:29 - 2014-04-14 21:29 - 00068906 _____ () C:\Users\ahutsell2001\Desktop\OTL.4.14.Txt
2014-04-14 21:27 - 2014-04-14 21:27 - 00068906 _____ () C:\Users\ahutsell2001\Desktop\OTL.Txt
2014-04-14 21:24 - 2014-04-14 21:24 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\zopugfmj.sys
2014-04-14 21:18 - 2013-11-03 13:34 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-04-09 10:43 - 2014-04-14 21:23 - 04745728 _____ (AVAST Software) C:\Users\ahutsell2001\Desktop\aswmbr.exe
2014-04-07 17:09 - 2014-04-15 17:50 - 02157056 _____ (Farbar) C:\Users\ahutsell2001\Desktop\FRST64.exe
2014-04-06 18:42 - 2014-04-14 21:24 - 00602112 _____ (OldTimer Tools) C:\Users\ahutsell2001\Desktop\OTL.exe
2014-04-06 06:43 - 2013-11-03 13:25 - 00000000 ____D () C:\Users\ahutsell2001
2014-04-06 06:40 - 2014-01-04 17:02 - 00000000 ____D () C:\Users\ahutsell2001\Desktop\H&R Block Tax Software Deluxe 2013 Win (Download)
2014-04-06 06:40 - 2013-12-10 12:53 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-04-06 06:40 - 2013-11-03 15:27 - 00000000 ____D () C:\Windows\system32\Macromed
2014-04-06 06:40 - 2013-11-03 14:46 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-04-06 06:40 - 2013-11-03 14:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 06:40 - 2013-11-03 13:25 - 00000000 ___RD () C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 06:40 - 2009-07-14 03:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-06 06:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-04-06 06:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-03 09:51 - 2014-04-14 23:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 23:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-11-03 15:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 23:47 - 2013-12-10 22:41 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Local\Adobe
2014-03-31 23:27 - 2013-11-03 15:12 - 00003812 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1159398F-F9D3-44D7-81DC-485539E19408}
2014-03-31 21:52 - 2013-11-03 14:44 - 00001772 _____ () C:\Windows\Sandboxie.ini
2014-03-31 20:46 - 2013-11-11 00:26 - 00268952 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-27 15:00 - 2014-03-27 15:00 - 00001030 _____ () C:\Users\Public\Desktop\Full Video Converter Free 9.lnk
2014-03-27 15:00 - 2014-03-27 14:59 - 00000000 ____D () C:\Program Files (x86)\Full Video Converter Free 9
2014-03-27 12:47 - 2014-03-27 12:47 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\LeapingBrain
2014-03-27 12:46 - 2014-03-27 12:46 - 00001352 _____ () C:\Users\ahutsell2001\Desktop\Paladin Press On Demand.lnk
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Windows\SysWOW64\tFolderToCreate
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\LeapingBrain
2014-03-27 12:46 - 2014-03-27 12:46 - 00000000 ____D () C:\Program Files (x86)\LeapingBrain
2014-03-20 13:31 - 2014-03-20 13:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 15:47 - 2014-03-18 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 23:09 - 2013-11-24 18:08 - 00000000 ____D () C:\Users\ahutsell2001\Desktop\eBay
2014-03-17 23:06 - 2013-11-06 12:19 - 00000000 ____D () C:\Users\ahutsell2001\AppData\Local\Paint.NET

Files to move or delete:
====================
C:\ProgramData\cis13D2.exe
C:\ProgramData\cisFAD2.exe

Some content of TEMP:
====================
C:\Users\ahutsell2001\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-16 01:33

==================== End Of Log ============================

04/15/2014 23:09
Scan of all local drives

File C:\Program Files (x86)\Wolfenstein - Enemy Territory\etmain\resurrection.pk3.tmp|>maps\resurrection.bsp Error 42125 {ZIP archive is corrupted.}
File C:\Program Files (x86)\Wolfenstein - Enemy Territory\etmain\secret_bay_et.pk3.tmp|>sound\ron\war.wav Error 42125 {ZIP archive is corrupted.}
File C:\Program Files (x86)\Wolfenstein - Enemy Territory\etmain\UJE_snow_sniper_b4.pk3.tmp|>textures\UJE_snow_sniper\rocksnow3.tga Error 42125 {ZIP archive is corrupted.}
File C:\Program Files (x86)\Wolfenstein - Enemy Territory\etmain\darji2.pk3.tmp|>maps\darji2\lm_0000.tga Error 42125 {ZIP archive is corrupted.}
File C:\Program Files (x86)\Wolfenstein - Enemy Territory\jaymod\jaymod-2.1.7.pk3.tmp|>models\weapons2\m97\shotgunBarrel.tga Error 42125 {ZIP archive is corrupted.}
File C:\Program Files (x86)\Wolfenstein - Enemy Territory\jaymod\sp_com2.pk3.tmp|>sound\com_duck_sounds\06suck2.wav Error 42125 {ZIP archive is corrupted.}
File C:\Users\ahutsell2001\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File D:\ACH\Downloads\DOSBox0.63-win32-installer.exe|>$INSTDIR\dosbox.exe Error 42145 {Installer archive is corrupted.}
File F:\Documents and Settings\ahutsell2001\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File F:\Program Files\Wolfenstein - Enemy Territory\etmain\darji2.pk3.tmp|>maps\darji2\lm_0000.tga Error 42125 {ZIP archive is corrupted.}
File F:\Program Files\Wolfenstein - Enemy Territory\etmain\resurrection.pk3.tmp|>maps\resurrection.bsp Error 42125 {ZIP archive is corrupted.}
File F:\Program Files\Wolfenstein - Enemy Territory\etmain\secret_bay_et.pk3.tmp|>sound\ron\war.wav Error 42125 {ZIP archive is corrupted.}
File F:\Program Files\Wolfenstein - Enemy Territory\etmain\UJE_snow_sniper_b4.pk3.tmp|>textures\UJE_snow_sniper\rocksnow3.tga Error 42125 {ZIP archive is corrupted.}
File F:\Program Files\Wolfenstein - Enemy Territory\jaymod\jaymod-2.1.7.pk3.tmp|>models\weapons2\m97\shotgunBarrel.tga Error 42125 {ZIP archive is corrupted.}
File F:\Program Files\Wolfenstein - Enemy Territory\jaymod\sp_com2.pk3.tmp|>sound\com_duck_sounds\06suck2.wav Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 43065
Number of tested files: 2017062
Number of infected files: 0

Thanks!

Edited by majorlag, 16 April 2014 - 07:44 AM.

#47
RKinner

Posted 16 April 2014 - 08:39 AM

Malware Expert

Expert
24,624 posts

Comodo is gone and the funny logs have stopped. Comodo did leave a task - probably to cleanup after the reboot but I don't see anything running. Avast didn't find anything evil. Just some corrupt archives which may be caused by a bad spot on the disk. How is this one running now? We should probably check the event logs with vew:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

In either case proceed with the next step:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#48
majorlag

Posted 16 April 2014 - 04:13 PM

Member

Topic Starter
Member
70 posts

Ok, here's the junk.txt output:

2014-04-16 17:45:10, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:10, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:12, Info                  CSI    0000000c [SR] Verify complete
2014-04-16 17:45:12, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:12, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:14, Info                  CSI    00000010 [SR] Verify complete
2014-04-16 17:45:14, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:14, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:15, Info                  CSI    00000014 [SR] Verify complete
2014-04-16 17:45:16, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:16, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:17, Info                  CSI    00000018 [SR] Verify complete
2014-04-16 17:45:17, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:17, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:20, Info                  CSI    0000001c [SR] Verify complete
2014-04-16 17:45:20, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:20, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:22, Info                  CSI    00000020 [SR] Verify complete
2014-04-16 17:45:22, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:22, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:24, Info                  CSI    00000024 [SR] Verify complete
2014-04-16 17:45:24, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:24, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:27, Info                  CSI    00000028 [SR] Verify complete
2014-04-16 17:45:27, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:27, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:31, Info                  CSI    0000002c [SR] Verify complete
2014-04-16 17:45:31, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:31, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:32, Info                  CSI    00000030 [SR] Verify complete
2014-04-16 17:45:32, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:32, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:34, Info                  CSI    00000034 [SR] Verify complete
2014-04-16 17:45:34, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:34, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:39, Info                  CSI    00000039 [SR] Verify complete
2014-04-16 17:45:39, Info                  CSI    0000003a [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:39, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:43, Info                  CSI    00000040 [SR] Verify complete
2014-04-16 17:45:43, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:43, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:46, Info                  CSI    00000044 [SR] Verify complete
2014-04-16 17:45:46, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:46, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:49, Info                  CSI    00000049 [SR] Verify complete
2014-04-16 17:45:49, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:49, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:52, Info                  CSI    0000004d [SR] Verify complete
2014-04-16 17:45:52, Info                  CSI    0000004e [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:52, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2014-04-16 17:45:58, Info                  CSI    00000074 [SR] Verify complete
2014-04-16 17:45:58, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:45:58, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:02, Info                  CSI    00000078 [SR] Verify complete
2014-04-16 17:46:02, Info                  CSI    00000079 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:02, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:05, Info                  CSI    0000007c [SR] Verify complete
2014-04-16 17:46:05, Info                  CSI    0000007d [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:05, Info                  CSI    0000007e [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:11, Info                  CSI    00000080 [SR] Verify complete
2014-04-16 17:46:11, Info                  CSI    00000081 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:11, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:17, Info                  CSI    00000084 [SR] Verify complete
2014-04-16 17:46:17, Info                  CSI    00000085 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:17, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:20, Info                  CSI    00000088 [SR] Verify complete
2014-04-16 17:46:20, Info                  CSI    00000089 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:20, Info                  CSI    0000008a [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:24, Info                  CSI    0000008c [SR] Verify complete
2014-04-16 17:46:24, Info                  CSI    0000008d [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:24, Info                  CSI    0000008e [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:30, Info                  CSI    000000b1 [SR] Verify complete
2014-04-16 17:46:31, Info                  CSI    000000b2 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:31, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:35, Info                  CSI    000000b5 [SR] Verify complete
2014-04-16 17:46:35, Info                  CSI    000000b6 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:35, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:43, Info                  CSI    000000b9 [SR] Verify complete
2014-04-16 17:46:43, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:43, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:47, Info                  CSI    000000bf [SR] Verify complete
2014-04-16 17:46:47, Info                  CSI    000000c0 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:47, Info                  CSI    000000c1 [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:49, Info                  CSI    000000c3 [SR] Verify complete
2014-04-16 17:46:49, Info                  CSI    000000c4 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:49, Info                  CSI    000000c5 [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:50, Info                  CSI    000000c7 [SR] Verify complete
2014-04-16 17:46:50, Info                  CSI    000000c8 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:50, Info                  CSI    000000c9 [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:52, Info                  CSI    000000cb [SR] Verify complete
2014-04-16 17:46:52, Info                  CSI    000000cc [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:52, Info                  CSI    000000cd [SR] Beginning Verify and Repair transaction
2014-04-16 17:46:58, Info                  CSI    000000e0 [SR] Verify complete
2014-04-16 17:46:58, Info                  CSI    000000e1 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:46:58, Info                  CSI    000000e2 [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:00, Info                  CSI    000000e4 [SR] Verify complete
2014-04-16 17:47:00, Info                  CSI    000000e5 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:00, Info                  CSI    000000e6 [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:02, Info                  CSI    000000e8 [SR] Verify complete
2014-04-16 17:47:02, Info                  CSI    000000e9 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:02, Info                  CSI    000000ea [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:03, Info                  CSI    000000ec [SR] Verify complete
2014-04-16 17:47:03, Info                  CSI    000000ed [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:03, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:07, Info                  CSI    000000f1 [SR] Verify complete
2014-04-16 17:47:07, Info                  CSI    000000f2 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:07, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:14, Info                  CSI    000000f6 [SR] Verify complete
2014-04-16 17:47:14, Info                  CSI    000000f7 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:14, Info                  CSI    000000f8 [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:18, Info                  CSI    000000fa [SR] Verify complete
2014-04-16 17:47:18, Info                  CSI    000000fb [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:18, Info                  CSI    000000fc [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:20, Info                  CSI    000000fe [SR] Verify complete
2014-04-16 17:47:20, Info                  CSI    000000ff [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:20, Info                  CSI    00000100 [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:23, Info                  CSI    00000102 [SR] Verify complete
2014-04-16 17:47:23, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:23, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:27, Info                  CSI    00000106 [SR] Verify complete
2014-04-16 17:47:27, Info                  CSI    00000107 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:27, Info                  CSI    00000108 [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:31, Info                  CSI    0000010a [SR] Verify complete
2014-04-16 17:47:31, Info                  CSI    0000010b [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:31, Info                  CSI    0000010c [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:38, Info                  CSI    00000118 [SR] Verify complete
2014-04-16 17:47:38, Info                  CSI    00000119 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:38, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:42, Info                  CSI    00000128 [SR] Verify complete
2014-04-16 17:47:42, Info                  CSI    00000129 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:42, Info                  CSI    0000012a [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:46, Info                  CSI    0000012c [SR] Verify complete
2014-04-16 17:47:46, Info                  CSI    0000012d [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:46, Info                  CSI    0000012e [SR] Beginning Verify and Repair transaction
2014-04-16 17:47:57, Info                  CSI    00000130 [SR] Verify complete
2014-04-16 17:47:57, Info                  CSI    00000131 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:47:57, Info                  CSI    00000132 [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:02, Info                  CSI    00000135 [SR] Verify complete
2014-04-16 17:48:03, Info                  CSI    00000136 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:03, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:07, Info                  CSI    00000139 [SR] Verify complete
2014-04-16 17:48:07, Info                  CSI    0000013a [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:07, Info                  CSI    0000013b [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:10, Info                  CSI    0000013d [SR] Verify complete
2014-04-16 17:48:11, Info                  CSI    0000013e [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:11, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:14, Info                  CSI    00000141 [SR] Verify complete
2014-04-16 17:48:14, Info                  CSI    00000142 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:14, Info                  CSI    00000143 [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:17, Info                  CSI    00000145 [SR] Verify complete
2014-04-16 17:48:17, Info                  CSI    00000146 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:17, Info                  CSI    00000147 [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:21, Info                  CSI    0000014b [SR] Verify complete
2014-04-16 17:48:21, Info                  CSI    0000014c [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:21, Info                  CSI    0000014d [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:29, Info                  CSI    0000014f [SR] Verify complete
2014-04-16 17:48:29, Info                  CSI    00000150 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:29, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:33, Info                  CSI    00000154 [SR] Verify complete
2014-04-16 17:48:33, Info                  CSI    00000155 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:33, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:36, Info                  CSI    00000158 [SR] Verify complete
2014-04-16 17:48:36, Info                  CSI    00000159 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:36, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:40, Info                  CSI    0000015d [SR] Verify complete
2014-04-16 17:48:40, Info                  CSI    0000015e [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:40, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:46, Info                  CSI    00000162 [SR] Verify complete
2014-04-16 17:48:46, Info                  CSI    00000163 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:46, Info                  CSI    00000164 [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:51, Info                  CSI    00000166 [SR] Verify complete
2014-04-16 17:48:51, Info                  CSI    00000167 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:51, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:54, Info                  CSI    0000016a [SR] Verify complete
2014-04-16 17:48:54, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:54, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
2014-04-16 17:48:58, Info                  CSI    0000016e [SR] Verify complete
2014-04-16 17:48:58, Info                  CSI    0000016f [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:48:58, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:02, Info                  CSI    00000173 [SR] Verify complete
2014-04-16 17:49:02, Info                  CSI    00000174 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:02, Info                  CSI    00000175 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:06, Info                  CSI    00000177 [SR] Verify complete
2014-04-16 17:49:07, Info                  CSI    00000178 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:07, Info                  CSI    00000179 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:09, Info                  CSI    0000017b [SR] Verify complete
2014-04-16 17:49:09, Info                  CSI    0000017c [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:09, Info                  CSI    0000017d [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:14, Info                  CSI    00000180 [SR] Verify complete
2014-04-16 17:49:14, Info                  CSI    00000181 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:14, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:18, Info                  CSI    00000184 [SR] Verify complete
2014-04-16 17:49:18, Info                  CSI    00000185 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:18, Info                  CSI    00000186 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:21, Info                  CSI    0000018a [SR] Verify complete
2014-04-16 17:49:21, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:21, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:25, Info                  CSI    0000018e [SR] Verify complete
2014-04-16 17:49:25, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:25, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:30, Info                  CSI    00000193 [SR] Verify complete
2014-04-16 17:49:30, Info                  CSI    00000194 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:30, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:32, Info                  CSI    00000197 [SR] Verify complete
2014-04-16 17:49:33, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:33, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:34, Info                  CSI    0000019b [SR] Verify complete
2014-04-16 17:49:35, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:35, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:39, Info                  CSI    0000019f [SR] Verify complete
2014-04-16 17:49:39, Info                  CSI    000001a0 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:39, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:42, Info                  CSI    000001a3 [SR] Verify complete
2014-04-16 17:49:42, Info                  CSI    000001a4 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:42, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:46, Info                  CSI    000001a7 [SR] Verify complete
2014-04-16 17:49:46, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:46, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:50, Info                  CSI    000001ab [SR] Verify complete
2014-04-16 17:49:50, Info                  CSI    000001ac [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:50, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:52, Info                  CSI    000001af [SR] Verify complete
2014-04-16 17:49:52, Info                  CSI    000001b0 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:52, Info                  CSI    000001b1 [SR] Beginning Verify and Repair transaction
2014-04-16 17:49:57, Info                  CSI    000001b3 [SR] Verify complete
2014-04-16 17:49:57, Info                  CSI    000001b4 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:49:57, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:04, Info                  CSI    000001b7 [SR] Verify complete
2014-04-16 17:50:04, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:04, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:06, Info                  CSI    000001bb [SR] Verify complete
2014-04-16 17:50:06, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:06, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:08, Info                  CSI    000001bf [SR] Verify complete
2014-04-16 17:50:08, Info                  CSI    000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:08, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:09, Info                  CSI    000001c3 [SR] Verify complete
2014-04-16 17:50:09, Info                  CSI    000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:09, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:12, Info                  CSI    000001c7 [SR] Verify complete
2014-04-16 17:50:12, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:12, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:14, Info                  CSI    000001cb [SR] Verify complete
2014-04-16 17:50:14, Info                  CSI    000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:14, Info                  CSI    000001cd [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:16, Info                  CSI    000001cf [SR] Verify complete
2014-04-16 17:50:16, Info                  CSI    000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:16, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:17, Info                  CSI    000001d3 [SR] Verify complete
2014-04-16 17:50:17, Info                  CSI    000001d4 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:17, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:21, Info                  CSI    000001dd [SR] Verify complete
2014-04-16 17:50:21, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:21, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:23, Info                  CSI    000001e1 [SR] Verify complete
2014-04-16 17:50:24, Info                  CSI    000001e2 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:24, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:26, Info                  CSI    000001e5 [SR] Verify complete
2014-04-16 17:50:26, Info                  CSI    000001e6 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:26, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:28, Info                  CSI    000001e9 [SR] Verify complete
2014-04-16 17:50:28, Info                  CSI    000001ea [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:28, Info                  CSI    000001eb [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:31, Info                  CSI    000001ed [SR] Verify complete
2014-04-16 17:50:31, Info                  CSI    000001ee [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:31, Info                  CSI    000001ef [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:35, Info                  CSI    000001f1 [SR] Verify complete
2014-04-16 17:50:35, Info                  CSI    000001f2 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:35, Info                  CSI    000001f3 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:40, Info                  CSI    000001f6 [SR] Verify complete
2014-04-16 17:50:40, Info                  CSI    000001f7 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:40, Info                  CSI    000001f8 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:41, Info                  CSI    000001fa [SR] Verify complete
2014-04-16 17:50:41, Info                  CSI    000001fb [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:41, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:43, Info                  CSI    000001fe [SR] Verify complete
2014-04-16 17:50:43, Info                  CSI    000001ff [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:43, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:52, Info                  CSI    00000205 [SR] Verify complete
2014-04-16 17:50:52, Info                  CSI    00000206 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:52, Info                  CSI    00000207 [SR] Beginning Verify and Repair transaction
2014-04-16 17:50:55, Info                  CSI    0000020c [SR] Verify complete
2014-04-16 17:50:55, Info                  CSI    0000020d [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:50:55, Info                  CSI    0000020e [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:01, Info                  CSI    00000210 [SR] Verify complete
2014-04-16 17:51:01, Info                  CSI    00000211 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:01, Info                  CSI    00000212 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:06, Info                  CSI    0000021e [SR] Verify complete
2014-04-16 17:51:06, Info                  CSI    0000021f [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:06, Info                  CSI    00000220 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:11, Info                  CSI    00000226 [SR] Verify complete
2014-04-16 17:51:11, Info                  CSI    00000227 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:11, Info                  CSI    00000228 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:14, Info                  CSI    0000022a [SR] Verify complete
2014-04-16 17:51:14, Info                  CSI    0000022b [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:14, Info                  CSI    0000022c [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:16, Info                  CSI    00000230 [SR] Verify complete
2014-04-16 17:51:16, Info                  CSI    00000231 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:16, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:19, Info                  CSI    00000234 [SR] Verify complete
2014-04-16 17:51:19, Info                  CSI    00000235 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:19, Info                  CSI    00000236 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:23, Info                  CSI    0000025b [SR] Verify complete
2014-04-16 17:51:23, Info                  CSI    0000025c [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:23, Info                  CSI    0000025d [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:25, Info                  CSI    0000025f [SR] Verify complete
2014-04-16 17:51:26, Info                  CSI    00000260 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:26, Info                  CSI    00000261 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:28, Info                  CSI    00000263 [SR] Verify complete
2014-04-16 17:51:28, Info                  CSI    00000264 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:28, Info                  CSI    00000265 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:31, Info                  CSI    00000267 [SR] Verify complete
2014-04-16 17:51:31, Info                  CSI    00000268 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:31, Info                  CSI    00000269 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:35, Info                  CSI    00000277 [SR] Verify complete
2014-04-16 17:51:35, Info                  CSI    00000278 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:35, Info                  CSI    00000279 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:38, Info                  CSI    0000027b [SR] Verify complete
2014-04-16 17:51:39, Info                  CSI    0000027c [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:39, Info                  CSI    0000027d [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:43, Info                  CSI    0000028b [SR] Verify complete
2014-04-16 17:51:43, Info                  CSI    0000028c [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:43, Info                  CSI    0000028d [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:45, Info                  CSI    0000028f [SR] Verify complete
2014-04-16 17:51:45, Info                  CSI    00000290 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:45, Info                  CSI    00000291 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:47, Info                  CSI    00000293 [SR] Verify complete
2014-04-16 17:51:48, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:48, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:51, Info                  CSI    00000298 [SR] Verify complete
2014-04-16 17:51:51, Info                  CSI    00000299 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:51, Info                  CSI    0000029a [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:52, Info                  CSI    0000029c [SR] Verify complete
2014-04-16 17:51:53, Info                  CSI    0000029d [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:53, Info                  CSI    0000029e [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:55, Info                  CSI    000002a0 [SR] Verify complete
2014-04-16 17:51:55, Info                  CSI    000002a1 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:55, Info                  CSI    000002a2 [SR] Beginning Verify and Repair transaction
2014-04-16 17:51:57, Info                  CSI    000002a4 [SR] Verify complete
2014-04-16 17:51:58, Info                  CSI    000002a5 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:51:58, Info                  CSI    000002a6 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:00, Info                  CSI    000002a8 [SR] Verify complete
2014-04-16 17:52:01, Info                  CSI    000002a9 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:01, Info                  CSI    000002aa [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:05, Info                  CSI    000002c4 [SR] Verify complete
2014-04-16 17:52:06, Info                  CSI    000002c5 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:06, Info                  CSI    000002c6 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:15, Info                  CSI    000002c8 [SR] Verify complete
2014-04-16 17:52:15, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:15, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:19, Info                  CSI    000002cc [SR] Verify complete
2014-04-16 17:52:19, Info                  CSI    000002cd [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:19, Info                  CSI    000002ce [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:21, Info                  CSI    000002d0 [SR] Verify complete
2014-04-16 17:52:21, Info                  CSI    000002d1 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:21, Info                  CSI    000002d2 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:23, Info                  CSI    000002d6 [SR] Verify complete
2014-04-16 17:52:23, Info                  CSI    000002d7 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:23, Info                  CSI    000002d8 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:25, Info                  CSI    000002da [SR] Verify complete
2014-04-16 17:52:25, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:25, Info                  CSI    000002dc [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:28, Info                  CSI    000002de [SR] Verify complete
2014-04-16 17:52:29, Info                  CSI    000002df [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:29, Info                  CSI    000002e0 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:31, Info                  CSI    000002e2 [SR] Verify complete
2014-04-16 17:52:31, Info                  CSI    000002e3 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:31, Info                  CSI    000002e4 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:34, Info                  CSI    000002e7 [SR] Verify complete
2014-04-16 17:52:34, Info                  CSI    000002e8 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:34, Info                  CSI    000002e9 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:36, Info                  CSI    000002eb [SR] Verify complete
2014-04-16 17:52:37, Info                  CSI    000002ec [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:37, Info                  CSI    000002ed [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:39, Info                  CSI    000002ef [SR] Verify complete
2014-04-16 17:52:39, Info                  CSI    000002f0 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:39, Info                  CSI    000002f1 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:42, Info                  CSI    000002f3 [SR] Verify complete
2014-04-16 17:52:43, Info                  CSI    000002f4 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:43, Info                  CSI    000002f5 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:45, Info                  CSI    000002f8 [SR] Verify complete
2014-04-16 17:52:45, Info                  CSI    000002f9 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:45, Info                  CSI    000002fa [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:48, Info                  CSI    000002fc [SR] Verify complete
2014-04-16 17:52:48, Info                  CSI    000002fd [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:48, Info                  CSI    000002fe [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:50, Info                  CSI    00000300 [SR] Verify complete
2014-04-16 17:52:50, Info                  CSI    00000301 [SR] Verifying 100 (0x0000000000000064) components
2014-04-16 17:52:50, Info                  CSI    00000302 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:54, Info                  CSI    00000304 [SR] Verify complete
2014-04-16 17:52:54, Info                  CSI    00000305 [SR] Verifying 81 (0x0000000000000051) components
2014-04-16 17:52:54, Info                  CSI    00000306 [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:56, Info                  CSI    00000308 [SR] Verify complete
2014-04-16 17:52:56, Info                  CSI    00000309 [SR] Repairing 0 components
2014-04-16 17:52:56, Info                  CSI    0000030a [SR] Beginning Verify and Repair transaction
2014-04-16 17:52:56, Info                  CSI    0000030c [SR] Repair complete

And the VEW system output:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/04/2014 6:02:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/04/2014 9:43:54 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Cypherix service service terminated with the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/04/2014 10:02:00 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk1\DR1'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 16/04/2014 10:02:00 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk1\DR1'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 16/04/2014 10:01:50 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk1\DR1'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 16/04/2014 10:01:40 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk1\DR1'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 16/04/2014 10:01:30 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk1\DR1'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 16/04/2014 10:01:20 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk1\DR1'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 16/04/2014 10:01:10 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk1\DR1'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 16/04/2014 10:01:00 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk1\DR1'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 16/04/2014 10:00:53 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\CdRom0'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 16/04/2014 10:00:50 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk1\DR1'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

And the Application output:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/04/2014 6:03:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/04/2014 9:44:06 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: cis13D2.exe, version: 6.3.38526.2970, time stamp: 0x5280e90f Faulting module name: cis13D2.exe, version: 6.3.38526.2970, time stamp: 0x5280e90f Exception code: 0xc0000005 Fault offset: 0x0000000000239256 Faulting process id: 0xe64 Faulting application start time: 0x01cf59bcfb9c18ba Faulting application path: C:\ProgramData\cis13D2.exe Faulting module path: C:\ProgramData\cis13D2.exe Report Id: 3bc43303-c5b0-11e3-a8c7-d43d7ef0363d

Log: 'Application' Date/Time: 16/04/2014 9:43:54 PM
Type: Error Category: 0
Event: 0 Source: cyphxservice
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/04/2014 9:44:39 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-2368243782-2037709877-4180025535-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)

Log: 'Application' Date/Time: 16/04/2014 9:42:39 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-2368243782-2037709877-4180025535-1000_Classes:
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000_CLASSES
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000_CLASSES
Process 2012 (\Device\HarddiskVolume3\Program Files\SUPERAntiSpyware\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000_CLASSES\Interface

Log: 'Application' Date/Time: 16/04/2014 9:42:38 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 13 user registry handles leaked from \Registry\User\S-1-5-21-2368243782-2037709877-4180025535-1000:
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Microsoft\Internet Explorer\Main
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Policies
Process 1004 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1004 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 4304 (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe) has opened key \REGISTRY\USER\S-1-5-21-2368243782-2037709877-4180025535-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

#49
RKinner

Posted 16 April 2014 - 04:31 PM

Malware Expert

Expert
24,624 posts

We are getting errors related to Comodo. Let's run FRST again with the attached fix file as before.

Then clear the errors and run VEW again.

#50
majorlag

Posted 16 April 2014 - 07:20 PM

Member

Topic Starter
Member
70 posts

OK, ran the fixlist and the log reported moving all three files. I cleared the Windows logs, and when I try to run VEW I get a Runtime Error 75: Path/file access error. Tried rebooting, still get the error.

#51
RKinner

Posted 16 April 2014 - 07:34 PM

Malware Expert

Expert
24,624 posts

Sounds like you might have forgotten to right click on vew.exe and Run As Admin.

#52
majorlag

Posted 16 April 2014 - 08:25 PM

Member

Topic Starter
Member
70 posts

lol, exactly right. Sorry. Logs attached.

One weird thing: on my folder views, date modified has gone to the international day-month-year format. Just noticed that.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/04/2014 10:14:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/04/2014 1:19:07 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Cypherix service service terminated with the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/04/2014 2:13:58 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:13:58 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:13:48 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:13:38 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:13:28 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:13:18 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:13:08 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:12:58 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:12:48 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:12:38 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 17/04/2014 2:12:28 AM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'CFRMD' (Version 6.1, ?2012?-?07?-?17T01:05:37.000000000Z) failed to attach to volume '\Device\Harddisk2\DR2'. The filter returned a non-standard final status of 0xc01c0016. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/04/2014 10:20:33 PM

Note: All dates below are in the format dd/mm/yyyy

Log: 'Application' Date/Time: 17/04/2014 1:17:54 AM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: Launchpad.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.IO.FileStream.get_Length()
   at Microsoft.WindowsServerSolutions.Diagnostics.Logging.TraceListeners.RotatingLogTraceListener.UpdateWriter(System.String)
   at Microsoft.WindowsServerSolutions.Diagnostics.Logging.TraceListeners.LogTraceListener.Write(System.String)
   at Microsoft.WindowsServerSolutions.Diagnostics.Logging.TraceListeners.LogTraceListener.TraceData(System.Diagnostics.TraceEventCache, System.String, System.Diagnostics.TraceEventType, Int32, System.Object)
   at Microsoft.WindowsServerSolutions.Diagnostics.Logging.LogTraceSource.TraceData(System.Diagnostics.TraceEventType, Int32, Microsoft.WindowsServerSolutions.Diagnostics.Logging.LogEventInfo)
   at Microsoft.WindowsServerSolutions.Diagnostics.Logging.LogOrchestrator.Write(Microsoft.WindowsServerSolutions.Diagnostics.Logging.LogEventInfo)
   at Microsoft.WindowsServerSolutions.Diagnostics.Logging.Log.Write(System.Object, System.Collections.Generic.IEnumerable`1<System.String>, Int32, Int32, System.Diagnostics.TraceEventType, System.String)
   at Microsoft.WindowsServerSolutions.Diagnostics.Logging.Log.WriteInfo(System.Object, System.String)
   at Microsoft.WindowsServerSolutions.Administration.Controls.AlertsView.AlertsViewer.Dispose(Boolean)
   at System.ComponentModel.Component.Dispose()
   at System.Windows.Forms.Control.Dispose(Boolean)
   at System.Windows.Forms.ContainerControl.Dispose(Boolean)
   at System.Windows.Forms.Form.Dispose(Boolean)
   at System.ComponentModel.Component.Dispose()
   at Microsoft.WindowsServerSolutions.LaunchPad.MainWindow.alertsViewDialog_FormClosed(System.Object, System.Windows.Forms.FormClosedEventArgs)
   at System.Windows.Forms.Form.WmClose(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.Form.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr, Int32, IntPtr, IntPtr)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/04/2014 1:19:45 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-2368243782-2037709877-4180025535-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Edited by majorlag, 16 April 2014 - 08:26 PM.

#53
RKinner

Posted 16 April 2014 - 11:07 PM

Malware Expert

Expert
24,624 posts

Download aswMBR.exe to your desktop.

Right click aswMBR.exe and Run as Administrator

uncheck trace disk IO calls

Click the "Scan" button to start scan (Accept the Avast Engine)

On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply

If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:

http://download.blee...Bs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:

http://support.kaspe.../tdsskiller.exe

Save it to your desktop then run it by right clicking and Run As Admin.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:

before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.

In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

#54
majorlag

Posted 17 April 2014 - 04:51 PM

Member

Topic Starter
Member
70 posts

aswMBR, Combofix & TDSSKiller all run. Logs below.

BTW, the TDSSKiller link didn't work if clicked, but copy and paste worked fine.

Thanks!

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-17 17:50:19
-----------------------------
17:50:19.938    OS Version: Windows x64 6.1.7601 Service Pack 1
17:50:19.939    Number of processors: 4 586 0x403
17:50:19.939    ComputerName: HUTSELL1-7 UserName:
17:50:20.894    Initialize success
17:50:24.908    AVAST engine defs: 14031900
17:50:38.617    Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
17:50:38.622    Disk 0 Vendor: WDC_WD7500AADS-00L5B1 01.01A01 Size: 715404MB BusType: 3
17:50:38.630    Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
17:50:38.635    Disk 1 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
17:50:38.643    Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
17:50:38.650    Disk 2 Vendor: WDC_WD10EZEX-00RKKA0 80.00A80 Size: 953869MB BusType: 3
17:50:38.656    Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T1L0-6
17:50:38.660    Disk 3 Vendor: WDC_WD20EZRX-00DC0B0 80.00A80 Size: 1907729MB BusType: 3
17:50:38.743    Disk 2 MBR read successfully
17:50:38.747    Disk 2 MBR scan
17:50:38.753    Disk 2 unknown MBR code
17:50:38.761    Disk 2 Partition 1 00     07    HPFS/NTFS NTFS       953867 MB offset 2048
17:50:38.777    Disk 2 scanning C:\Windows\system32\drivers
17:50:46.062    Service scanning
17:51:00.813    Modules scanning
17:51:01.634    AVAST engine scan C:\Windows
17:51:03.735    AVAST engine scan C:\Windows\system32
17:52:50.940    AVAST engine scan C:\Windows\system32\drivers
17:53:02.380    AVAST engine scan C:\Users\ahutsell2001
17:53:38.838    AVAST engine scan C:\ProgramData
17:54:01.298    Scan finished successfully
18:03:53.093    Disk 2 MBR has been saved successfully to "C:\Users\ahutsell2001\Desktop\New Logs\MBR.dat"
18:03:53.096    The log file has been saved successfully to "C:\Users\ahutsell2001\Desktop\New Logs\aswMBR.txt"

ComboFix 14-04-17.01 - ahutsell2001 17/04/2014 18:06:32.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8158.5760 [GMT -4:00]
Running from: c:\users\ahutsell2001\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-17 to 2014-04-17 )))))))))))))))))))))))))))))))
.
.
2014-04-17 22:11 . 2014-04-17 22:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-17 22:11 . 2014-04-17 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-17 09:30 . 2014-04-17 09:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C236EF5F-996F-47AD-BF62-EFE8DC369394}\offreg.dll
2014-04-16 03:03 . 2014-04-16 03:03 -------- d-----w- C:\found.000
2014-04-16 01:51 . 2014-04-16 01:51 -------- d-----w- c:\users\ahutsell2001\AppData\Roaming\Uninstaller Tool(Comodo Forums)
2014-04-15 23:22 . 2014-04-15 23:22 43152 ----a-w- c:\windows\avastSS.scr
2014-04-15 21:51 . 2014-04-17 01:14 -------- d-----w- C:\FRST
2014-04-15 03:41 . 2014-04-15 23:23 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-15 03:41 . 2014-04-15 03:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-15 03:41 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-15 03:41 . 2014-04-03 13:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-15 01:34 . 2014-04-15 01:34 423240 ----a-w- c:\windows\system32\drivers\cuggcwid.sys
2014-04-15 01:24 . 2014-04-15 01:24 423240 ----a-w- c:\windows\system32\drivers\zopugfmj.sys
2014-04-15 01:18 . 2013-04-10 03:09 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-04-15 01:18 . 2013-04-10 03:09 108104 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-04-06 10:48 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C236EF5F-996F-47AD-BF62-EFE8DC369394}\mpengine.dll
2014-03-27 18:59 . 2014-03-27 19:00 -------- d-----w- c:\program files (x86)\Full Video Converter Free 9
2014-03-27 16:47 . 2014-03-27 16:47 -------- d-----w- c:\users\ahutsell2001\AppData\Roaming\LeapingBrain
2014-03-27 16:46 . 2014-03-27 16:46 -------- d-----w- c:\windows\SysWow64\tFolderToCreate
2014-03-27 16:46 . 2014-03-27 16:46 -------- d-----w- c:\program files (x86)\LeapingBrain
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-16 03:06 . 2013-12-18 05:51 84816 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-04-16 03:06 . 2013-11-03 18:17 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-16 03:06 . 2013-11-03 18:17 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-16 03:06 . 2013-11-03 18:17 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-04-15 23:22 . 2013-11-03 18:17 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-15 23:22 . 2013-11-03 18:17 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-15 23:22 . 2013-11-03 18:17 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-15 23:22 . 2013-11-03 18:17 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-03 13:50 . 2013-11-03 19:16 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-01 00:46 . 2013-11-11 04:26 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-12 02:05 . 2013-11-11 04:26 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-12 00:10 . 2013-11-03 19:57 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-04 02:11 . 2013-11-11 04:26 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-03-01 06:05 . 2014-03-12 00:09 23133696 ----a-w- c:\windows\system32\mshtml.dll
2014-03-01 05:17 . 2014-03-12 00:09 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-01 05:16 . 2014-03-12 00:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-12 00:09 2765824 ----a-w- c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-12 00:09 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-12 00:09 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-12 00:09 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-12 00:09 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-12 00:09 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-12 00:09 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-12 00:09 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-12 00:09 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-12 00:09 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-12 00:09 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-01 04:11 . 2014-03-12 00:09 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-03-01 04:02 . 2014-03-12 00:09 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-12 00:09 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-12 00:09 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-12 00:09 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-12 00:09 627200 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-12 00:09 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-12 00:09 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-12 00:09 2041856 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-12 00:09 13051904 ----a-w- c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-12 00:09 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-12 00:09 2334208 ----a-w- c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-12 00:09 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-12 00:09 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-12 00:09 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-12 00:09 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2014-02-25 15:51 . 2013-11-03 19:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-25 15:51 . 2013-11-03 19:27 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-07 01:23 . 2014-03-12 00:05 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 00:05 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 00:05 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 00:05 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 00:05 381440 ----a-w- c:\windows\SysWow64\wer.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-15 6563608]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 630912]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-15 3854640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"UVS12 Preload"="c:\program files (x86)\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
.
c:\users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
procexp.exe - Shortcut.lnk - c:\windows\System32\Process Explorer\procexp.exe [2013-7-31 2799296]
RCA Detective.lnk - c:\users\ahutsell2001\Documents\RCA Detective\RCADetective.exe [2013-11-6 942592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cypherixservice;Cypherix service;cypherixsrv.exe;cypherixsrv.exe [x]
R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe;c:\program files\Windows Server\Bin\SharedServiceHost.exe [x]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys;c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys [x]
S1 cypxdv10;cypxdv10;c:\windows\system32\Drivers\cypxdv10.sys;c:\windows\SYSNATIVE\Drivers\cypxdv10.sys [x]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cypherix10service;Cypherix 10 service;c:\windows\SysWOW64\cypxsrv10.exe;c:\windows\SysWOW64\cypxsrv10.exe [x]
S2 cyphxdrv;cyphxdrv;c:\windows\system32\Drivers\cyphxdrv.sys;c:\windows\SYSNATIVE\Drivers\cyphxdrv.sys [x]
S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe;c:\program files\Windows Server\Bin\SharedServiceHost.exe [x]
S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe;c:\program files\Windows Server\Bin\LANConfigSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe;c:\program files\Windows Server\Bin\SharedServiceHost.exe [x]
S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe;c:\program files\Windows Server\Bin\SharedServiceHost.exe [x]
S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [x]
S2 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe;c:\program files\Windows Server\Bin\SharedServiceHost.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe;c:\program files\Windows Server\Bin\WhsMcClient.exe [x]
S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [x]
S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe;c:\program files\Windows Server\Bin\SharedServiceHost.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys;c:\windows\SYSNATIVE\DRIVERS\BackupReader.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 17:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task efe55bae-0870-40a4-a515-a0bf0fab057d.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
2014-04-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f0414407-5f3d-4e2b-a002-10e3e76b9ab0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-15 23:22 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: myvaughnmelton.com
FF - ProfilePath - c:\users\ahutsell2001\AppData\Roaming\Mozilla\Firefox\Profiles\r36d9hnq.default\
FF - prefs.js: browser.startup.homepage - bing.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\ahutsell2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8100 (Network).lnk - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Launchpad - c:\program files (x86)\Windows Server\Bin\Launchpad.exe
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
   25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
   c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
   8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\5090D0C6F0C41D66F1FC186653400623]
"1"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,d5,35,55,01,4a,fa,87,
   5b,05,b9,40,36,74,e8,ba,9b,68,bf,3f,9f,70,2a,e2,47
"2"=hex:b9,79,92,49,84,61,ca,64
"3"=hex:ec,a7,82,8b,f7,35,81,f7,f9,f4,cf,a8,1b,45,cb,06,07,31,19,43,e2,39,93,
   1e,24,7f,37,81,4c,ca,21,79,4b,04,c1,8d,86,a1,98,4c,98,10,b4,76,78,ce,01,80,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
   1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,6a,73,4a,48,57,d9,26,5d,d7,11,8b,51,ce,1c,37,d5,35,55,01,4a,fa,87,
   5b,cb,fb,81,cd,c4,7c,14,7a,ec,b1,2c,0b,31,b7,01,87,bb,2f,ac,3d,2b,97,1a,1b,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,a0,00,aa,b4,e4,7b,e0,c8,74,2a,16,32,d3,b5,82,
   f9,9f,42,18,f6,e4,ae,ab,8d,63,db,05,00,73,01,e2,83,29,05,70,f6,f1,7e,78,c9,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c,
   de,a0,46,ee,d1,e1,d8,58,7c,16,70,d4,a0,8c,ec,86,77,7d,72,2c,53,77,0b,6f,be,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:a9,1b,a2,62,69,3a,5e,7a,7d,2b,5a,9c,99,9d,17,65,16,bb,69,c3,35,f8,1c,
   09,a4,cb,5b,1e,c4,8f,e6,7c,a0,3a,38,85,2b,96,20,2e,81,2f,48,aa,ff,07,f8,47,\
"13"=hex:2c,7d,07,5d,bc,25,f4,02,ed,43,66,10,e3,2a,55,f2,12,56,ce,20,b0,0b,fe,
   ff,cc,a8,f9,c7,64,07,58,23,c4,5c,ea,82,28,c6,52,26
"14"=hex:1f,8a,67,97,71,05,61,4c,7f,43,3b,71,e0,a5,64,da
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:b0,82,3b,98,ad,5f,c8,ed,6e,3e,31,64,53,fb,ed,12
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:90,64,f0,29,49,32,61,68,86,76,92,be,9f,25,6c,6a,a9,df,02,87,d1,20,b8,
   27,04,5e,01,c6,df,c6,b0,8c,83,33,6e,c0,cc,0a,e8,6e,48,33,53,da,81,19,ee,02,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-17 18:12:40
ComboFix-quarantined-files.txt 2014-04-17 22:12
.
Pre-Run: 928,907,882,496 bytes free
Post-Run: 928,510,238,720 bytes free
.
- - End Of File - - AB6DEC50FB9DC2ACB5739687A4457BE0
8F558EB6672622401DA993E1E865C861

18:31:47.0711 0204 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:31:47.0711 0204 ============================================================
18:31:47.0711 0204 Current date / time: 2014/04/17 18:31:47.0711
18:31:47.0711 0204 SystemInfo:
18:31:47.0711 0204
18:31:47.0711 0204 OS Version: 6.1.7601 ServicePack: 1.0
18:31:47.0711 0204 Product type: Workstation
18:31:47.0711 0204 ComputerName: HUTSELL1-7
18:31:47.0711 0204 UserName: ahutsell2001
18:31:47.0711 0204 Windows directory: C:\Windows
18:31:47.0711 0204 System windows directory: C:\Windows
18:31:47.0711 0204 Running under WOW64
18:31:47.0711 0204 Processor architecture: Intel x64
18:31:47.0711 0204 Number of processors: 4
18:31:47.0711 0204 Page size: 0x1000
18:31:47.0711 0204 Boot type: Normal boot
18:31:47.0711 0204 ============================================================
18:31:48.0585 0204 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:31:48.0585 0204 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:31:49.0209 0204 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:31:49.0224 0204 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
18:31:49.0240 0204 ============================================================
18:31:49.0240 0204 \Device\Harddisk1\DR1:
18:31:49.0240 0204 MBR partitions:
18:31:49.0240 0204 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x249F16E6
18:31:49.0256 0204 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x249F1764, BlocksNum 0x1598F61C
18:31:49.0256 0204 \Device\Harddisk2\DR2:
18:31:49.0256 0204 MBR partitions:
18:31:49.0256 0204 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:31:49.0256 0204 \Device\Harddisk3\DR3:
18:31:49.0256 0204 MBR partitions:
18:31:49.0256 0204 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
18:31:49.0256 0204 \Device\Harddisk0\DR0:
18:31:49.0256 0204 MBR partitions:
18:31:49.0256 0204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575456F1
18:31:49.0256 0204 ============================================================
18:31:49.0271 0204 C: <-> \Device\Harddisk2\DR2\Partition1
18:31:49.0302 0204 D: <-> \Device\Harddisk3\DR3\Partition1
18:31:49.0318 0204 E: <-> \Device\Harddisk0\DR0\Partition1
18:31:49.0349 0204 F: <-> \Device\Harddisk1\DR1\Partition1
18:31:49.0365 0204 G: <-> \Device\Harddisk1\DR1\Partition2
18:31:49.0365 0204 ============================================================
18:31:49.0365 0204 Initialize success
18:31:49.0365 0204 ============================================================
18:31:51.0689 4308 ============================================================
18:31:51.0689 4308 Scan started
18:31:51.0689 4308 Mode: Manual;
18:31:51.0689 4308 ============================================================
18:31:52.0656 4308 ================ Scan system memory ========================
18:31:52.0672 4308 System memory - ok
18:31:52.0672 4308 ================ Scan services =============================
18:31:52.0703 4308 [ 620C92D6EEFA9853A3EAD41B5EB9B5FD ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:31:52.0703 4308 !SASCORE - ok
18:31:52.0828 4308 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:31:52.0844 4308 1394ohci - ok
18:31:52.0859 4308 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:31:52.0875 4308 ACPI - ok
18:31:52.0906 4308 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:31:52.0906 4308 AcpiPmi - ok
18:31:52.0937 4308 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:31:52.0937 4308 adp94xx - ok
18:31:52.0968 4308 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:31:52.0968 4308 adpahci - ok
18:31:52.0984 4308 [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:31:52.0984 4308 adpu320 - ok
18:31:53.0000 4308 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:31:53.0000 4308 AeLookupSvc - ok
18:31:53.0046 4308 [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
18:31:53.0046 4308 AFD - ok
18:31:53.0062 4308 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:31:53.0062 4308 agp440 - ok
18:31:53.0078 4308 [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:31:53.0093 4308 ALG - ok
18:31:53.0093 4308 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:31:53.0093 4308 aliide - ok
18:31:53.0109 4308 AMD FUEL Service - ok
18:31:53.0140 4308 [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:31:53.0140 4308 amdide - ok
18:31:53.0156 4308 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
18:31:53.0156 4308 amdiox64 - ok
18:31:53.0171 4308 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:31:53.0171 4308 AmdK8 - ok
18:31:53.0187 4308 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:31:53.0187 4308 AmdPPM - ok
18:31:53.0202 4308 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:31:53.0202 4308 amdsata - ok
18:31:53.0202 4308 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:31:53.0202 4308 amdsbs - ok
18:31:53.0218 4308 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:31:53.0218 4308 amdxata - ok
18:31:53.0218 4308 [ D7253A1A7A49FA40EF0BA1955AAFB346 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:31:53.0218 4308 AODDriver4.1 - ok
18:31:53.0249 4308 [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:31:53.0249 4308 AppID - ok
18:31:53.0249 4308 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:31:53.0265 4308 AppIDSvc - ok
18:31:53.0280 4308 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
18:31:53.0280 4308 Appinfo - ok
18:31:53.0312 4308 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:31:53.0312 4308 AppMgmt - ok
18:31:53.0327 4308 [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:31:53.0327 4308 arc - ok
18:31:53.0343 4308 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:31:53.0343 4308 arcsas - ok
18:31:53.0374 4308 [ 1E00D45122C5417F3110A69FCB1B7751 ] arXfrSvc        C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
18:31:53.0390 4308 arXfrSvc - ok
18:31:53.0405 4308 [ 425A881DFFB426660A6861DC44927DD3 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
18:31:53.0405 4308 asmthub3 - ok
18:31:53.0436 4308 [ 0B19AE36FAAE5294B19B0AD4E5F2F37E ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
18:31:53.0436 4308 asmtxhci - ok
18:31:53.0514 4308 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:31:53.0514 4308 aspnet_state - ok
18:31:53.0546 4308 [ 8BE618EB795A87DBFD1E09DA63F009C7 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:31:53.0546 4308 aswMonFlt - ok
18:31:53.0577 4308 [ D4259F75734EBCC8D815753B09EB2F0A ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
18:31:53.0577 4308 aswRdr - ok
18:31:53.0577 4308 [ 8D4B8BF93C65BDBC133B20706A3B5208 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:31:53.0592 4308 aswRvrt - ok
18:31:53.0608 4308 [ AA0D1B47BE967E1E17301DDFB66C432C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:31:53.0624 4308 aswSnx - ok
18:31:53.0639 4308 [ 15C6B7D20EE0E44A4DF82183A89CCFC2 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:31:53.0639 4308 aswSP - ok
18:31:53.0670 4308 [ 81FA56F29440406A7264CBD7B1C7CB29 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
18:31:53.0670 4308 aswStm - ok
18:31:53.0686 4308 [ 0606875650850B0697D662934529F6FC ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:31:53.0702 4308 aswVmm - ok
18:31:53.0702 4308 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:31:53.0717 4308 AsyncMac - ok
18:31:53.0733 4308 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:31:53.0748 4308 atapi - ok
18:31:53.0795 4308 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:31:53.0795 4308 AudioEndpointBuilder - ok
18:31:53.0811 4308 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:31:53.0826 4308 AudioSrv - ok
18:31:53.0858 4308 [ BEA8D0FA8805CC2E6BB49728166699C7 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:31:53.0858 4308 avast! Antivirus - ok
18:31:53.0889 4308 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:31:53.0889 4308 AxInstSV - ok
18:31:53.0904 4308 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:31:53.0904 4308 b06bdrv - ok
18:31:53.0936 4308 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:31:53.0936 4308 b57nd60a - ok
18:31:53.0967 4308 [ 7729395761F4061A643B573BF7F19AA8 ] BackupReader    C:\Windows\system32\DRIVERS\BackupReader.sys
18:31:53.0967 4308 BackupReader - ok
18:31:53.0998 4308 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:31:53.0998 4308 BDESVC - ok
18:31:53.0998 4308 [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:31:54.0014 4308 Beep - ok
18:31:54.0045 4308 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:31:54.0045 4308 BFE - ok
18:31:54.0076 4308 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
18:31:54.0092 4308 BITS - ok
18:31:54.0123 4308 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:31:54.0123 4308 blbdrive - ok
18:31:54.0138 4308 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:31:54.0138 4308 bowser - ok
18:31:54.0154 4308 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:31:54.0154 4308 BrFiltLo - ok
18:31:54.0170 4308 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:31:54.0170 4308 BrFiltUp - ok
18:31:54.0185 4308 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:31:54.0185 4308 BridgeMP - ok
18:31:54.0201 4308 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:31:54.0201 4308 Browser - ok
18:31:54.0216 4308 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:31:54.0216 4308 Brserid - ok
18:31:54.0232 4308 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:31:54.0232 4308 BrSerWdm - ok
18:31:54.0248 4308 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:31:54.0248 4308 BrUsbMdm - ok
18:31:54.0248 4308 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:31:54.0248 4308 BrUsbSer - ok
18:31:54.0263 4308 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:31:54.0263 4308 BTHMODEM - ok
18:31:54.0294 4308 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:31:54.0294 4308 bthserv - ok
18:31:54.0326 4308 catchme - ok
18:31:54.0341 4308 [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:31:54.0341 4308 cdfs - ok
18:31:54.0372 4308 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:31:54.0372 4308 cdrom - ok
18:31:54.0404 4308 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:31:54.0404 4308 CertPropSvc - ok
18:31:54.0419 4308 [ 7AD735DB1A9CC82D75E8854952EE8052 ] CFRMD           C:\Windows\system32\DRIVERS\CFRMD.sys
18:31:54.0419 4308 CFRMD - ok
18:31:54.0450 4308 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:31:54.0450 4308 circlass - ok
18:31:54.0466 4308 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:31:54.0466 4308 CLFS - ok
18:31:54.0513 4308 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:31:54.0513 4308 clr_optimization_v2.0.50727_32 - ok
18:31:54.0544 4308 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:31:54.0544 4308 clr_optimization_v2.0.50727_64 - ok
18:31:54.0606 4308 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:31:54.0606 4308 clr_optimization_v4.0.30319_32 - ok
18:31:54.0638 4308 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:31:54.0638 4308 clr_optimization_v4.0.30319_64 - ok
18:31:54.0638 4308 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:31:54.0638 4308 CmBatt - ok
18:31:54.0669 4308 [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:31:54.0669 4308 cmdide - ok
18:31:54.0700 4308 [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:31:54.0700 4308 CNG - ok
18:31:54.0716 4308 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:31:54.0716 4308 Compbatt - ok
18:31:54.0731 4308 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:31:54.0731 4308 CompositeBus - ok
18:31:54.0747 4308 COMSysApp - ok
18:31:54.0747 4308 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:31:54.0747 4308 crcdisk - ok
18:31:54.0778 4308 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:31:54.0778 4308 CryptSvc - ok
18:31:54.0809 4308 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:31:54.0809 4308 CSC - ok
18:31:54.0825 4308 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:31:54.0825 4308 CscService - ok
18:31:54.0887 4308 [ 8AEC9C2998620CA6946B7183DAD4ACF2 ] cypherix10service C:\Windows\SysWOW64\cypxsrv10.exe
18:31:54.0903 4308 cypherix10service - ok
18:31:54.0918 4308 cypherixservice - ok
18:31:54.0934 4308 [ F5A61340A820768B18CC8BEC0C750FC9 ] cyphxdrv        C:\Windows\system32\Drivers\cyphxdrv.sys
18:31:54.0950 4308 cyphxdrv - ok
18:31:54.0965 4308 [ 8F1BA5DCFE8D9CE041B606DC661B5E5A ] cypxdv10        C:\Windows\system32\Drivers\cypxdv10.sys
18:31:54.0965 4308 cypxdv10 - ok
18:31:54.0996 4308 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:31:54.0996 4308 DcomLaunch - ok
18:31:55.0028 4308 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:31:55.0028 4308 defragsvc - ok
18:31:55.0043 4308 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:31:55.0043 4308 DfsC - ok
18:31:55.0074 4308 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:31:55.0074 4308 Dhcp - ok
18:31:55.0090 4308 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:31:55.0090 4308 discache - ok
18:31:55.0106 4308 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:31:55.0106 4308 Disk - ok
18:31:55.0137 4308 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:31:55.0137 4308 Dnscache - ok
18:31:55.0168 4308 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:31:55.0168 4308 dot3svc - ok
18:31:55.0184 4308 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:31:55.0184 4308 DPS - ok
18:31:55.0215 4308 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:31:55.0215 4308 drmkaud - ok
18:31:55.0246 4308 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:31:55.0246 4308 DXGKrnl - ok
18:31:55.0262 4308 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:31:55.0277 4308 EapHost - ok
18:31:55.0324 4308 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:31:55.0340 4308 ebdrv - ok
18:31:55.0371 4308 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
18:31:55.0371 4308 EFS - ok
18:31:55.0402 4308 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:31:55.0402 4308 ehRecvr - ok
18:31:55.0418 4308 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:31:55.0418 4308 ehSched - ok
18:31:55.0433 4308 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:31:55.0449 4308 elxstor - ok
18:31:55.0449 4308 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:31:55.0449 4308 ErrDev - ok
18:31:55.0480 4308 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:31:55.0480 4308 EventSystem - ok
18:31:55.0496 4308 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:31:55.0496 4308 exfat - ok
18:31:55.0496 4308 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:31:55.0511 4308 fastfat - ok
18:31:55.0542 4308 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:31:55.0558 4308 Fax - ok
18:31:55.0574 4308 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:31:55.0574 4308 fdc - ok
18:31:55.0589 4308 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:31:55.0589 4308 fdPHost - ok
18:31:55.0589 4308 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:31:55.0605 4308 FDResPub - ok
18:31:55.0605 4308 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:31:55.0605 4308 FileInfo - ok
18:31:55.0620 4308 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:31:55.0620 4308 Filetrace - ok
18:31:55.0620 4308 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:31:55.0620 4308 flpydisk - ok
18:31:55.0652 4308 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:31:55.0667 4308 FltMgr - ok
18:31:55.0698 4308 [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:31:55.0714 4308 FontCache - ok
18:31:55.0745 4308 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:31:55.0745 4308 FontCache3.0.0.0 - ok
18:31:55.0761 4308 [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:31:55.0761 4308 FsDepends - ok
18:31:55.0776 4308 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:31:55.0776 4308 Fs_Rec - ok
18:31:55.0808 4308 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:31:55.0808 4308 fvevol - ok
18:31:55.0839 4308 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:31:55.0839 4308 gagp30kx - ok
18:31:55.0870 4308 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:31:55.0886 4308 gpsvc - ok
18:31:55.0917 4308 [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:31:55.0917 4308 gusvc - ok
18:31:55.0932 4308 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:31:55.0932 4308 hcw85cir - ok
18:31:55.0979 4308 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:31:55.0979 4308 HdAudAddService - ok
18:31:56.0010 4308 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:31:56.0010 4308 HDAudBus - ok
18:31:56.0057 4308 [ D319A833EC173AD83C67885B3ED6C71C ] HealthAlertsSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:31:56.0057 4308 HealthAlertsSvc - ok
18:31:56.0073 4308 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:31:56.0073 4308 HidBatt - ok
18:31:56.0088 4308 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:31:56.0088 4308 HidBth - ok
18:31:56.0120 4308 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:31:56.0120 4308 HidIr - ok
18:31:56.0120 4308 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
18:31:56.0135 4308 hidserv - ok
18:31:56.0151 4308 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:31:56.0151 4308 HidUsb - ok
18:31:56.0166 4308 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:31:56.0166 4308 hkmsvc - ok
18:31:56.0198 4308 [ D3A6BCD0047EE7923C2C3960C4CDCA4D ] HMD             C:\Windows\system32\DRIVERS\hmd.sys
18:31:56.0198 4308 HMD - ok
18:31:56.0229 4308 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:31:56.0229 4308 HomeGroupListener - ok
18:31:56.0244 4308 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:31:56.0244 4308 HomeGroupProvider - ok
18:31:56.0291 4308 [ BA09645B01CF9778FBD01A7B082CCA3C ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:31:56.0291 4308 hpqcxs08 - ok
18:31:56.0307 4308 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:31:56.0307 4308 HpSAMD - ok
18:31:56.0338 4308 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:31:56.0354 4308 HTTP - ok
18:31:56.0369 4308 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:31:56.0385 4308 hwpolicy - ok
18:31:56.0400 4308 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:31:56.0400 4308 i8042prt - ok
18:31:56.0432 4308 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:31:56.0432 4308 iaStorV - ok
18:31:56.0463 4308 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:31:56.0478 4308 idsvc - ok
18:31:56.0510 4308 IEEtwCollectorService - ok
18:31:56.0541 4308 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:31:56.0541 4308 iirsp - ok
18:31:56.0572 4308 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:31:56.0588 4308 IKEEXT - ok
18:31:56.0588 4308 [ D319A833EC173AD83C67885B3ED6C71C ] initMonitor     C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:31:56.0588 4308 initMonitor - ok
18:31:56.0666 4308 [ E551BB77E7D436380139977124BDFF62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:31:56.0697 4308 IntcAzAudAddService - ok
18:31:56.0712 4308 [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:31:56.0712 4308 intelide - ok
18:31:56.0728 4308 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:31:56.0728 4308 intelppm - ok
18:31:56.0744 4308 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:31:56.0744 4308 IPBusEnum - ok
18:31:56.0759 4308 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:31:56.0759 4308 IpFilterDriver - ok
18:31:56.0790 4308 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:31:56.0790 4308 iphlpsvc - ok
18:31:56.0806 4308 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:31:56.0806 4308 IPMIDRV - ok
18:31:56.0806 4308 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:31:56.0806 4308 IPNAT - ok
18:31:56.0822 4308 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:31:56.0822 4308 IRENUM - ok
18:31:56.0837 4308 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:31:56.0837 4308 isapnp - ok
18:31:56.0853 4308 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:31:56.0853 4308 iScsiPrt - ok
18:31:56.0868 4308 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:31:56.0868 4308 kbdclass - ok
18:31:56.0884 4308 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:31:56.0884 4308 kbdhid - ok
18:31:56.0884 4308 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
18:31:56.0884 4308 KeyIso - ok
18:31:56.0915 4308 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:31:56.0915 4308 KSecDD - ok
18:31:56.0931 4308 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:31:56.0931 4308 KSecPkg - ok
18:31:56.0946 4308 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:31:56.0946 4308 ksthunk - ok
18:31:56.0946 4308 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:31:56.0946 4308 KtmRm - ok
18:31:56.0962 4308 [ F11FF47203538DD145FAF56A4DAF5D75 ] LANConfig       C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
18:31:56.0978 4308 LANConfig - ok
18:31:56.0978 4308 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:31:56.0993 4308 LanmanServer - ok
18:31:56.0993 4308 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:31:57.0009 4308 LanmanWorkstation - ok
18:31:57.0009 4308 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
18:31:57.0009 4308 LicCtrlService - ok
18:31:57.0056 4308 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:31:57.0071 4308 LightScribeService - ok
18:31:57.0102 4308 [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:31:57.0102 4308 lltdio - ok
18:31:57.0118 4308 [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:31:57.0134 4308 lltdsvc - ok
18:31:57.0165 4308 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:31:57.0165 4308 lmhosts - ok
18:31:57.0180 4308 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:31:57.0196 4308 LSI_FC - ok
18:31:57.0212 4308 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:31:57.0212 4308 LSI_SAS - ok
18:31:57.0227 4308 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:31:57.0227 4308 LSI_SAS2 - ok
18:31:57.0243 4308 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:31:57.0243 4308 LSI_SCSI - ok
18:31:57.0258 4308 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:31:57.0258 4308 luafv - ok
18:31:57.0290 4308 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:31:57.0290 4308 Mcx2Svc - ok
18:31:57.0336 4308 [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:31:57.0352 4308 MDM - ok
18:31:57.0368 4308 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:31:57.0368 4308 megasas - ok
18:31:57.0399 4308 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:31:57.0399 4308 MegaSR - ok
18:31:57.0430 4308 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:31:57.0430 4308 MMCSS - ok
18:31:57.0461 4308 [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:31:57.0461 4308 Modem - ok
18:31:57.0492 4308 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:31:57.0492 4308 monitor - ok
18:31:57.0508 4308 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
18:31:57.0524 4308 mouclass - ok
18:31:57.0524 4308 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:31:57.0524 4308 mouhid - ok
18:31:57.0555 4308 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:31:57.0555 4308 mountmgr - ok
18:31:57.0586 4308 [ AEE4E9CC59CDEB55B1ECB0E596E796BE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:31:57.0586 4308 MozillaMaintenance - ok
18:31:57.0617 4308 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:31:57.0617 4308 mpio - ok
18:31:57.0633 4308 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:31:57.0633 4308 mpsdrv - ok
18:31:57.0664 4308 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:31:57.0680 4308 MpsSvc - ok
18:31:57.0695 4308 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:31:57.0695 4308 MRxDAV - ok
18:31:57.0726 4308 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:31:57.0726 4308 mrxsmb - ok
18:31:57.0742 4308 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:31:57.0742 4308 mrxsmb10 - ok
18:31:57.0773 4308 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:31:57.0773 4308 mrxsmb20 - ok
18:31:57.0773 4308 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:31:57.0789 4308 msahci - ok
18:31:57.0789 4308 [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:31:57.0789 4308 msdsm - ok
18:31:57.0804 4308 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:31:57.0820 4308 MSDTC - ok
18:31:57.0851 4308 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:31:57.0851 4308 Msfs - ok
18:31:57.0851 4308 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:31:57.0851 4308 mshidkmdf - ok
18:31:57.0867 4308 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:31:57.0867 4308 msisadrv - ok
18:31:57.0882 4308 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:31:57.0898 4308 MSiSCSI - ok
18:31:57.0898 4308 msiserver - ok
18:31:57.0914 4308 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:31:57.0914 4308 MSKSSRV - ok
18:31:57.0929 4308 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:31:57.0929 4308 MSPCLOCK - ok
18:31:57.0945 4308 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:31:57.0945 4308 MSPQM - ok
18:31:57.0976 4308 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:31:57.0976 4308 MsRPC - ok
18:31:57.0992 4308 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:31:58.0007 4308 mssmbios - ok
18:31:58.0023 4308 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:31:58.0023 4308 MSTEE - ok
18:31:58.0023 4308 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:31:58.0023 4308 MTConfig - ok
18:31:58.0038 4308 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:31:58.0038 4308 Mup - ok
18:31:58.0085 4308 [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:31:58.0085 4308 napagent - ok
18:31:58.0116 4308 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:31:58.0116 4308 NativeWifiP - ok
18:31:58.0163 4308 [ E59AFB64C2F6E0C99350E1C944C75088 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
18:31:58.0179 4308 NAUpdate - ok
18:31:58.0210 4308 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:31:58.0210 4308 NDIS - ok
18:31:58.0226 4308 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:31:58.0226 4308 NdisCap - ok
18:31:58.0241 4308 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:31:58.0241 4308 NdisTapi - ok
18:31:58.0272 4308 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:31:58.0272 4308 Ndisuio - ok
18:31:58.0304 4308 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:31:58.0304 4308 NdisWan - ok
18:31:58.0335 4308 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:31:58.0335 4308 NDProxy - ok
18:31:58.0350 4308 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:31:58.0350 4308 NetBIOS - ok
18:31:58.0397 4308 [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:31:58.0397 4308 NetBT - ok
18:31:58.0413 4308 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
18:31:58.0413 4308 Netlogon - ok
18:31:58.0428 4308 [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:31:58.0444 4308 Netman - ok
18:31:58.0475 4308 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:58.0475 4308 NetMsmqActivator - ok
18:31:58.0491 4308 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:58.0491 4308 NetPipeActivator - ok
18:31:58.0506 4308 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:31:58.0506 4308 netprofm - ok
18:31:58.0506 4308 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:58.0506 4308 NetTcpActivator - ok
18:31:58.0522 4308 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:58.0522 4308 NetTcpPortSharing - ok
18:31:58.0538 4308 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:31:58.0538 4308 nfrd960 - ok
18:31:58.0569 4308 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:31:58.0569 4308 NlaSvc - ok
18:31:58.0569 4308 [ D319A833EC173AD83C67885B3ED6C71C ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:31:58.0569 4308 NotificationsProviderSvc - ok
18:31:58.0584 4308 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:31:58.0584 4308 Npfs - ok
18:31:58.0600 4308 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:31:58.0600 4308 nsi - ok
18:31:58.0600 4308 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:31:58.0600 4308 nsiproxy - ok
18:31:58.0662 4308 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:31:58.0662 4308 Ntfs - ok
18:31:58.0678 4308 [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:31:58.0678 4308 Null - ok
18:31:58.0850 4308 [ E71E299FF15390E585BACF2C18F55078 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:31:58.0912 4308 nvlddmkm - ok
18:31:58.0928 4308 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:31:58.0928 4308 nvraid - ok
18:31:58.0959 4308 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:31:58.0959 4308 nvstor - ok
18:31:58.0990 4308 [ 415695F5A54E91E869EEBFEA261361A6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:31:58.0990 4308 nvsvc - ok
18:31:59.0052 4308 [ AA130938A27BB80A8B6438EF83232275 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:31:59.0052 4308 nvUpdatusService - ok
18:31:59.0084 4308 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:31:59.0084 4308 nv_agp - ok
18:31:59.0099 4308 [ CE1EE08EF492FC0D1EF7718CC5D07A26 ] NxDrv           C:\Windows\system32\DRIVERS\NxDrv.sys
18:31:59.0099 4308 NxDrv - ok
18:31:59.0115 4308 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:31:59.0115 4308 ohci1394 - ok
18:31:59.0130 4308 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:31:59.0130 4308 ose - ok
18:31:59.0146 4308 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:31:59.0162 4308 p2pimsvc - ok
18:31:59.0177 4308 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:31:59.0177 4308 p2psvc - ok
18:31:59.0193 4308 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:31:59.0193 4308 Parport - ok
18:31:59.0224 4308 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:31:59.0224 4308 partmgr - ok
18:31:59.0224 4308 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:31:59.0240 4308 PcaSvc - ok
18:31:59.0240 4308 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:31:59.0240 4308 pci - ok
18:31:59.0255 4308 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:31:59.0255 4308 pciide - ok
18:31:59.0271 4308 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:31:59.0271 4308 pcmcia - ok
18:31:59.0286 4308 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:31:59.0286 4308 pcw - ok
18:31:59.0286 4308 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:31:59.0302 4308 PEAUTH - ok
18:31:59.0333 4308 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:31:59.0333 4308 PeerDistSvc - ok
18:31:59.0380 4308 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:31:59.0396 4308 PerfHost - ok
18:31:59.0427 4308 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:31:59.0442 4308 pla - ok
18:31:59.0474 4308 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:31:59.0489 4308 PlugPlay - ok
18:31:59.0505 4308 PnkBstrA - ok
18:31:59.0505 4308 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:31:59.0520 4308 PNRPAutoReg - ok
18:31:59.0536 4308 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:31:59.0536 4308 PNRPsvc - ok
18:31:59.0567 4308 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:31:59.0567 4308 PolicyAgent - ok
18:31:59.0598 4308 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:31:59.0598 4308 Power - ok
18:31:59.0630 4308 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:31:59.0645 4308 PptpMiniport - ok
18:31:59.0661 4308 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:31:59.0661 4308 Processor - ok
18:31:59.0676 4308 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
18:31:59.0676 4308 ProfSvc - ok
18:31:59.0692 4308 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
18:31:59.0692 4308 ProtectedStorage - ok
18:31:59.0708 4308 [ D319A833EC173AD83C67885B3ED6C71C ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:31:59.0708 4308 providers_system - ok
18:31:59.0754 4308 [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:31:59.0754 4308 Psched - ok
18:31:59.0801 4308 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:31:59.0817 4308 ql2300 - ok
18:31:59.0832 4308 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:31:59.0848 4308 ql40xx - ok
18:31:59.0864 4308 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:31:59.0879 4308 QWAVE - ok
18:31:59.0895 4308 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:31:59.0895 4308 QWAVEdrv - ok
18:31:59.0895 4308 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:31:59.0910 4308 RasAcd - ok
18:31:59.0910 4308 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:31:59.0910 4308 RasAgileVpn - ok
18:31:59.0942 4308 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:31:59.0942 4308 RasAuto - ok
18:31:59.0957 4308 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:31:59.0957 4308 Rasl2tp - ok
18:32:00.0004 4308 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:32:00.0004 4308 RasMan - ok
18:32:00.0020 4308 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:32:00.0020 4308 RasPppoe - ok
18:32:00.0035 4308 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:32:00.0035 4308 RasSstp - ok
18:32:00.0051 4308 [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:32:00.0051 4308 rdbss - ok
18:32:00.0051 4308 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:32:00.0051 4308 rdpbus - ok
18:32:00.0066 4308 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:32:00.0066 4308 RDPCDD - ok
18:32:00.0098 4308 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:32:00.0098 4308 RDPDR - ok
18:32:00.0098 4308 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:32:00.0098 4308 RDPENCDD - ok
18:32:00.0113 4308 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:32:00.0113 4308 RDPREFMP - ok
18:32:00.0129 4308 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:32:00.0129 4308 RDPWD - ok
18:32:00.0144 4308 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:32:00.0144 4308 rdyboost - ok
18:32:00.0176 4308 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:32:00.0176 4308 RemoteAccess - ok
18:32:00.0191 4308 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:32:00.0191 4308 RemoteRegistry - ok
18:32:00.0207 4308 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:32:00.0207 4308 RpcEptMapper - ok
18:32:00.0238 4308 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:32:00.0238 4308 RpcLocator - ok
18:32:00.0254 4308 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
18:32:00.0269 4308 RpcSs - ok
18:32:00.0269 4308 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:32:00.0269 4308 rspndr - ok
18:32:00.0300 4308 [ 68DD0457D18FCCEF7384AE84022F0C86 ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
18:32:00.0300 4308 RTL8023x64 - ok
18:32:00.0332 4308 [ 130DD683DCC902F47A4AC35201D07E2F ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:32:00.0332 4308 RTL8167 - ok
18:32:00.0347 4308 [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:32:00.0347 4308 s3cap - ok
18:32:00.0363 4308 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
18:32:00.0363 4308 SamSs - ok
18:32:00.0394 4308 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:32:00.0394 4308 SASDIFSV - ok
18:32:00.0394 4308 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:32:00.0394 4308 SASKUTIL - ok
18:32:00.0410 4308 [ AD7231A60287E71E6D754264D55F3386 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
18:32:00.0425 4308 SbieDrv - ok
18:32:00.0425 4308 [ A9E1788755F2E37E5FC37A8D56845C92 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
18:32:00.0425 4308 SbieSvc - ok
18:32:00.0456 4308 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:32:00.0456 4308 sbp2port - ok
18:32:00.0472 4308 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:32:00.0472 4308 SCardSvr - ok
18:32:00.0503 4308 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:32:00.0503 4308 scfilter - ok
18:32:00.0534 4308 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:32:00.0550 4308 Schedule - ok
18:32:00.0581 4308 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:32:00.0581 4308 SCPolicySvc - ok
18:32:00.0597 4308 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:32:00.0612 4308 SDRSVC - ok
18:32:00.0612 4308 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:32:00.0612 4308 secdrv - ok
18:32:00.0644 4308 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:32:00.0644 4308 seclogon - ok
18:32:00.0659 4308 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
18:32:00.0659 4308 SENS - ok
18:32:00.0675 4308 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:32:00.0690 4308 SensrSvc - ok
18:32:00.0690 4308 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:32:00.0690 4308 Serenum - ok
18:32:00.0706 4308 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:32:00.0706 4308 Serial - ok
18:32:00.0722 4308 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:32:00.0722 4308 sermouse - ok
18:32:00.0753 4308 [ 2E70B053A90C040F8BFC28E75C0E4153 ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
18:32:00.0753 4308 ServiceProviderRegistry - ok
18:32:00.0768 4308 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:32:00.0784 4308 SessionEnv - ok
18:32:00.0800 4308 [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:32:00.0800 4308 sffdisk - ok
18:32:00.0815 4308 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:32:00.0815 4308 sffp_mmc - ok
18:32:00.0831 4308 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:32:00.0831 4308 sffp_sd - ok
18:32:00.0846 4308 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:32:00.0846 4308 sfloppy - ok
18:32:00.0862 4308 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:32:00.0862 4308 SharedAccess - ok
18:32:00.0893 4308 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:32:00.0909 4308 ShellHWDetection - ok
18:32:00.0909 4308 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:32:00.0909 4308 SiSRaid2 - ok
18:32:00.0924 4308 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:32:00.0924 4308 SiSRaid4 - ok
18:32:00.0940 4308 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:32:00.0940 4308 Smb - ok
18:32:00.0971 4308 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:32:00.0971 4308 SNMPTRAP - ok
18:32:00.0987 4308 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:32:00.0987 4308 spldr - ok
18:32:01.0002 4308 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
18:32:01.0002 4308 Spooler - ok
18:32:01.0065 4308 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:32:01.0080 4308 sppsvc - ok
18:32:01.0096 4308 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:32:01.0096 4308 sppuinotify - ok
18:32:01.0112 4308 [ D319A833EC173AD83C67885B3ED6C71C ] SqmProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:01.0112 4308 SqmProviderSvc - ok
18:32:01.0127 4308 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:32:01.0127 4308 srv - ok
18:32:01.0143 4308 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:32:01.0158 4308 srv2 - ok
18:32:01.0174 4308 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:32:01.0174 4308 srvnet - ok
18:32:01.0205 4308 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:32:01.0205 4308 SSDPSRV - ok
18:32:01.0236 4308 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:32:01.0252 4308 SstpSvc - ok
18:32:01.0283 4308 [ A9D26626BEADF5A0641BF6B5095EF309 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:32:01.0299 4308 Stereo Service - ok
18:32:01.0314 4308 [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:32:01.0314 4308 stexstor - ok
18:32:01.0346 4308 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:32:01.0361 4308 stisvc - ok
18:32:01.0377 4308 [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:32:01.0392 4308 storflt - ok
18:32:01.0408 4308 [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
18:32:01.0424 4308 StorSvc - ok
18:32:01.0455 4308 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:32:01.0455 4308 storvsc - ok
18:32:01.0470 4308 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:32:01.0470 4308 swenum - ok
18:32:01.0486 4308 [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:32:01.0502 4308 swprv - ok
18:32:01.0548 4308 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:32:01.0564 4308 SysMain - ok
18:32:01.0580 4308 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:32:01.0580 4308 TabletInputService - ok
18:32:01.0595 4308 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:32:01.0595 4308 TapiSrv - ok
18:32:01.0595 4308 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:32:01.0611 4308 TBS - ok
18:32:01.0658 4308 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:32:01.0658 4308 Tcpip - ok
18:32:01.0720 4308 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:32:01.0736 4308 TCPIP6 - ok
18:32:01.0751 4308 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:32:01.0751 4308 tcpipreg - ok
18:32:01.0767 4308 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:32:01.0767 4308 TDPIPE - ok
18:32:01.0782 4308 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:32:01.0798 4308 TDTCP - ok
18:32:01.0814 4308 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:32:01.0814 4308 tdx - ok
18:32:01.0938 4308 [ 2B29FD3AF7B4FEB272CD1F6EEC8FE4BA ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
18:32:01.0970 4308 TeamViewer9 - ok
18:32:01.0970 4308 Scan interrupted by user!
18:32:01.0970 4308 ================ Scan global ===============================
18:32:01.0970 4308 Scan interrupted by user!
18:32:01.0970 4308 ================ Scan MBR ==================================
18:32:01.0970 4308 Scan interrupted by user!
18:32:01.0970 4308 ================ Scan VBR ==================================
18:32:01.0970 4308 Scan interrupted by user!
18:32:01.0970 4308 ============================================================
18:32:01.0970 4308 Scan finished
18:32:01.0970 4308 ============================================================
18:32:01.0985 3680 Detected object count: 0
18:32:01.0985 3680 Actual detected object count: 0
18:32:04.0107 3860 Deinitialize success

18:32:05.0526 5948 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:32:05.0542 5948 ============================================================
18:32:05.0542 5948 Current date / time: 2014/04/17 18:32:05.0542
18:32:05.0542 5948 SystemInfo:
18:32:05.0542 5948
18:32:05.0542 5948 OS Version: 6.1.7601 ServicePack: 1.0
18:32:05.0542 5948 Product type: Workstation
18:32:05.0542 5948 ComputerName: HUTSELL1-7
18:32:05.0542 5948 UserName: ahutsell2001
18:32:05.0542 5948 Windows directory: C:\Windows
18:32:05.0542 5948 System windows directory: C:\Windows
18:32:05.0542 5948 Running under WOW64
18:32:05.0542 5948 Processor architecture: Intel x64
18:32:05.0542 5948 Number of processors: 4
18:32:05.0542 5948 Page size: 0x1000
18:32:05.0542 5948 Boot type: Normal boot
18:32:05.0542 5948 ============================================================
18:32:06.0369 5948 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:32:06.0369 5948 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:32:06.0369 5948 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:32:06.0868 5948 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
18:32:06.0899 5948 ============================================================
18:32:06.0899 5948 \Device\Harddisk1\DR1:
18:32:06.0899 5948 MBR partitions:
18:32:06.0899 5948 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x249F16E6
18:32:06.0915 5948 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x249F1764, BlocksNum 0x1598F61C
18:32:06.0915 5948 \Device\Harddisk2\DR2:
18:32:06.0915 5948 MBR partitions:
18:32:06.0915 5948 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:32:06.0915 5948 \Device\Harddisk3\DR3:
18:32:06.0915 5948 MBR partitions:
18:32:06.0915 5948 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
18:32:06.0915 5948 \Device\Harddisk0\DR0:
18:32:06.0915 5948 MBR partitions:
18:32:06.0915 5948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575456F1
18:32:06.0915 5948 ============================================================
18:32:06.0930 5948 C: <-> \Device\Harddisk2\DR2\Partition1
18:32:06.0930 5948 D: <-> \Device\Harddisk3\DR3\Partition1
18:32:06.0946 5948 E: <-> \Device\Harddisk0\DR0\Partition1
18:32:06.0977 5948 F: <-> \Device\Harddisk1\DR1\Partition1
18:32:06.0977 5948 G: <-> \Device\Harddisk1\DR1\Partition2
18:32:06.0977 5948 ============================================================
18:32:06.0977 5948 Initialize success
18:32:06.0977 5948 ============================================================
18:32:09.0083 4924 ============================================================
18:32:09.0083 4924 Scan started
18:32:09.0083 4924 Mode: Manual;
18:32:09.0083 4924 ============================================================
18:32:09.0567 4924 ================ Scan system memory ========================
18:32:09.0567 4924 System memory - ok
18:32:09.0567 4924 ================ Scan services =============================
18:32:09.0614 4924 [ 620C92D6EEFA9853A3EAD41B5EB9B5FD ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:32:09.0614 4924 !SASCORE - ok
18:32:09.0723 4924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:32:09.0723 4924 1394ohci - ok
18:32:09.0738 4924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:32:09.0754 4924 ACPI - ok
18:32:09.0785 4924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:32:09.0785 4924 AcpiPmi - ok
18:32:09.0816 4924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:32:09.0816 4924 adp94xx - ok
18:32:09.0848 4924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:32:09.0848 4924 adpahci - ok
18:32:09.0863 4924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:32:09.0863 4924 adpu320 - ok
18:32:09.0894 4924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:32:09.0910 4924 AeLookupSvc - ok
18:32:09.0941 4924 [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
18:32:09.0957 4924 AFD - ok
18:32:09.0972 4924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:32:09.0972 4924 agp440 - ok
18:32:10.0004 4924 [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:32:10.0004 4924 ALG - ok
18:32:10.0019 4924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:32:10.0019 4924 aliide - ok
18:32:10.0035 4924 AMD FUEL Service - ok
18:32:10.0050 4924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:32:10.0050 4924 amdide - ok
18:32:10.0097 4924 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
18:32:10.0097 4924 amdiox64 - ok
18:32:10.0113 4924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:32:10.0113 4924 AmdK8 - ok
18:32:10.0128 4924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:32:10.0128 4924 AmdPPM - ok
18:32:10.0144 4924 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:32:10.0144 4924 amdsata - ok
18:32:10.0160 4924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:32:10.0160 4924 amdsbs - ok
18:32:10.0175 4924 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:32:10.0175 4924 amdxata - ok
18:32:10.0175 4924 [ D7253A1A7A49FA40EF0BA1955AAFB346 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:32:10.0175 4924 AODDriver4.1 - ok
18:32:10.0206 4924 [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:32:10.0206 4924 AppID - ok
18:32:10.0206 4924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:32:10.0222 4924 AppIDSvc - ok
18:32:10.0238 4924 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
18:32:10.0238 4924 Appinfo - ok
18:32:10.0269 4924 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:32:10.0269 4924 AppMgmt - ok
18:32:10.0284 4924 [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:32:10.0284 4924 arc - ok
18:32:10.0300 4924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:32:10.0300 4924 arcsas - ok
18:32:10.0331 4924 [ 1E00D45122C5417F3110A69FCB1B7751 ] arXfrSvc        C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
18:32:10.0347 4924 arXfrSvc - ok
18:32:10.0362 4924 [ 425A881DFFB426660A6861DC44927DD3 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
18:32:10.0362 4924 asmthub3 - ok
18:32:10.0394 4924 [ 0B19AE36FAAE5294B19B0AD4E5F2F37E ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
18:32:10.0394 4924 asmtxhci - ok
18:32:10.0472 4924 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:32:10.0472 4924 aspnet_state - ok
18:32:10.0503 4924 [ 8BE618EB795A87DBFD1E09DA63F009C7 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:32:10.0503 4924 aswMonFlt - ok
18:32:10.0534 4924 [ D4259F75734EBCC8D815753B09EB2F0A ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
18:32:10.0534 4924 aswRdr - ok
18:32:10.0550 4924 [ 8D4B8BF93C65BDBC133B20706A3B5208 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:32:10.0550 4924 aswRvrt - ok
18:32:10.0581 4924 [ AA0D1B47BE967E1E17301DDFB66C432C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:32:10.0596 4924 aswSnx - ok
18:32:10.0612 4924 [ 15C6B7D20EE0E44A4DF82183A89CCFC2 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:32:10.0628 4924 aswSP - ok
18:32:10.0643 4924 [ 81FA56F29440406A7264CBD7B1C7CB29 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
18:32:10.0643 4924 aswStm - ok
18:32:10.0659 4924 [ 0606875650850B0697D662934529F6FC ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:32:10.0674 4924 aswVmm - ok
18:32:10.0674 4924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:32:10.0674 4924 AsyncMac - ok
18:32:10.0690 4924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:32:10.0706 4924 atapi - ok
18:32:10.0737 4924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:32:10.0737 4924 AudioEndpointBuilder - ok
18:32:10.0752 4924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:32:10.0768 4924 AudioSrv - ok
18:32:10.0784 4924 [ BEA8D0FA8805CC2E6BB49728166699C7 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:32:10.0784 4924 avast! Antivirus - ok
18:32:10.0815 4924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:32:10.0815 4924 AxInstSV - ok
18:32:10.0846 4924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:32:10.0862 4924 b06bdrv - ok
18:32:10.0893 4924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:32:10.0893 4924 b57nd60a - ok
18:32:10.0924 4924 [ 7729395761F4061A643B573BF7F19AA8 ] BackupReader    C:\Windows\system32\DRIVERS\BackupReader.sys
18:32:10.0924 4924 BackupReader - ok
18:32:10.0955 4924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:32:10.0955 4924 BDESVC - ok
18:32:10.0971 4924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:32:10.0971 4924 Beep - ok
18:32:11.0018 4924 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:32:11.0033 4924 BFE - ok
18:32:11.0080 4924 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
18:32:11.0080 4924 BITS - ok
18:32:11.0111 4924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:32:11.0111 4924 blbdrive - ok
18:32:11.0127 4924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:32:11.0127 4924 bowser - ok
18:32:11.0142 4924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:32:11.0142 4924 BrFiltLo - ok
18:32:11.0158 4924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:32:11.0158 4924 BrFiltUp - ok
18:32:11.0174 4924 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:32:11.0174 4924 BridgeMP - ok
18:32:11.0189 4924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:32:11.0189 4924 Browser - ok
18:32:11.0205 4924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:32:11.0205 4924 Brserid - ok
18:32:11.0205 4924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:32:11.0205 4924 BrSerWdm - ok
18:32:11.0220 4924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:32:11.0220 4924 BrUsbMdm - ok
18:32:11.0236 4924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:32:11.0236 4924 BrUsbSer - ok
18:32:11.0252 4924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:32:11.0252 4924 BTHMODEM - ok
18:32:11.0267 4924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:32:11.0267 4924 bthserv - ok
18:32:11.0314 4924 catchme - ok
18:32:11.0314 4924 [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:32:11.0330 4924 cdfs - ok
18:32:11.0345 4924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:32:11.0361 4924 cdrom - ok
18:32:11.0392 4924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:32:11.0392 4924 CertPropSvc - ok
18:32:11.0408 4924 [ 7AD735DB1A9CC82D75E8854952EE8052 ] CFRMD           C:\Windows\system32\DRIVERS\CFRMD.sys
18:32:11.0423 4924 CFRMD - ok
18:32:11.0439 4924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:32:11.0439 4924 circlass - ok
18:32:11.0470 4924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:32:11.0470 4924 CLFS - ok
18:32:11.0501 4924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:32:11.0501 4924 clr_optimization_v2.0.50727_32 - ok
18:32:11.0548 4924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:32:11.0548 4924 clr_optimization_v2.0.50727_64 - ok
18:32:11.0610 4924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:32:11.0610 4924 clr_optimization_v4.0.30319_32 - ok
18:32:11.0642 4924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:32:11.0642 4924 clr_optimization_v4.0.30319_64 - ok
18:32:11.0657 4924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:32:11.0657 4924 CmBatt - ok
18:32:11.0688 4924 [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:32:11.0688 4924 cmdide - ok
18:32:11.0720 4924 [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:32:11.0720 4924 CNG - ok
18:32:11.0751 4924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:32:11.0751 4924 Compbatt - ok
18:32:11.0766 4924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:32:11.0766 4924 CompositeBus - ok
18:32:11.0782 4924 COMSysApp - ok
18:32:11.0798 4924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:32:11.0798 4924 crcdisk - ok
18:32:11.0829 4924 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:32:11.0844 4924 CryptSvc - ok
18:32:11.0876 4924 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:32:11.0876 4924 CSC - ok
18:32:11.0922 4924 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:32:11.0938 4924 CscService - ok
18:32:12.0000 4924 [ 8AEC9C2998620CA6946B7183DAD4ACF2 ] cypherix10service C:\Windows\SysWOW64\cypxsrv10.exe
18:32:12.0016 4924 cypherix10service - ok
18:32:12.0047 4924 cypherixservice - ok
18:32:12.0078 4924 [ F5A61340A820768B18CC8BEC0C750FC9 ] cyphxdrv        C:\Windows\system32\Drivers\cyphxdrv.sys
18:32:12.0078 4924 cyphxdrv - ok
18:32:12.0094 4924 [ 8F1BA5DCFE8D9CE041B606DC661B5E5A ] cypxdv10        C:\Windows\system32\Drivers\cypxdv10.sys
18:32:12.0094 4924 cypxdv10 - ok
18:32:12.0110 4924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:32:12.0110 4924 DcomLaunch - ok
18:32:12.0141 4924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:32:12.0156 4924 defragsvc - ok
18:32:12.0172 4924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:32:12.0172 4924 DfsC - ok
18:32:12.0188 4924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:32:12.0188 4924 Dhcp - ok
18:32:12.0203 4924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:32:12.0203 4924 discache - ok
18:32:12.0219 4924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:32:12.0219 4924 Disk - ok
18:32:12.0234 4924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:32:12.0250 4924 Dnscache - ok
18:32:12.0266 4924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:32:12.0266 4924 dot3svc - ok
18:32:12.0297 4924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:32:12.0297 4924 DPS - ok
18:32:12.0312 4924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:32:12.0312 4924 drmkaud - ok
18:32:12.0359 4924 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:32:12.0359 4924 DXGKrnl - ok
18:32:12.0375 4924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:32:12.0375 4924 EapHost - ok
18:32:12.0437 4924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:32:12.0453 4924 ebdrv - ok
18:32:12.0484 4924 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
18:32:12.0484 4924 EFS - ok
18:32:12.0515 4924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:32:12.0515 4924 ehRecvr - ok
18:32:12.0531 4924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:32:12.0531 4924 ehSched - ok
18:32:12.0562 4924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:32:12.0562 4924 elxstor - ok
18:32:12.0578 4924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:32:12.0578 4924 ErrDev - ok
18:32:12.0624 4924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:32:12.0624 4924 EventSystem - ok
18:32:12.0640 4924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:32:12.0640 4924 exfat - ok
18:32:12.0656 4924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:32:12.0671 4924 fastfat - ok
18:32:12.0702 4924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:32:12.0718 4924 Fax - ok
18:32:12.0734 4924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:32:12.0734 4924 fdc - ok
18:32:12.0749 4924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:32:12.0749 4924 fdPHost - ok
18:32:12.0765 4924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:32:12.0765 4924 FDResPub - ok
18:32:12.0765 4924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:32:12.0780 4924 FileInfo - ok
18:32:12.0780 4924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:32:12.0780 4924 Filetrace - ok
18:32:12.0796 4924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:32:12.0796 4924 flpydisk - ok
18:32:12.0827 4924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:32:12.0827 4924 FltMgr - ok
18:32:12.0858 4924 [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:32:12.0874 4924 FontCache - ok
18:32:12.0905 4924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:32:12.0905 4924 FontCache3.0.0.0 - ok
18:32:12.0921 4924 [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:32:12.0921 4924 FsDepends - ok
18:32:12.0936 4924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:32:12.0936 4924 Fs_Rec - ok
18:32:12.0968 4924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:32:12.0968 4924 fvevol - ok
18:32:12.0983 4924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:32:12.0983 4924 gagp30kx - ok
18:32:13.0014 4924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:32:13.0030 4924 gpsvc - ok
18:32:13.0061 4924 [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:32:13.0061 4924 gusvc - ok
18:32:13.0077 4924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:32:13.0077 4924 hcw85cir - ok
18:32:13.0124 4924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:32:13.0124 4924 HdAudAddService - ok
18:32:13.0170 4924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:32:13.0170 4924 HDAudBus - ok
18:32:13.0217 4924 [ D319A833EC173AD83C67885B3ED6C71C ] HealthAlertsSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:13.0217 4924 HealthAlertsSvc - ok
18:32:13.0233 4924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:32:13.0233 4924 HidBatt - ok
18:32:13.0248 4924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:32:13.0248 4924 HidBth - ok
18:32:13.0280 4924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:32:13.0280 4924 HidIr - ok
18:32:13.0295 4924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
18:32:13.0295 4924 hidserv - ok
18:32:13.0326 4924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:32:13.0326 4924 HidUsb - ok
18:32:13.0358 4924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:32:13.0373 4924 hkmsvc - ok
18:32:13.0404 4924 [ D3A6BCD0047EE7923C2C3960C4CDCA4D ] HMD             C:\Windows\system32\DRIVERS\hmd.sys
18:32:13.0404 4924 HMD - ok
18:32:13.0436 4924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:32:13.0436 4924 HomeGroupListener - ok
18:32:13.0467 4924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:32:13.0482 4924 HomeGroupProvider - ok
18:32:13.0529 4924 [ BA09645B01CF9778FBD01A7B082CCA3C ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:32:13.0529 4924 hpqcxs08 - ok
18:32:13.0545 4924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:32:13.0545 4924 HpSAMD - ok
18:32:13.0592 4924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:32:13.0592 4924 HTTP - ok
18:32:13.0654 4924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:32:13.0654 4924 hwpolicy - ok
18:32:13.0748 4924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:32:13.0748 4924 i8042prt - ok
18:32:13.0841 4924 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:32:13.0857 4924 iaStorV - ok
18:32:13.0888 4924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:32:13.0904 4924 idsvc - ok
18:32:13.0935 4924 IEEtwCollectorService - ok
18:32:13.0950 4924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:32:13.0950 4924 iirsp - ok
18:32:13.0997 4924 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:32:14.0013 4924 IKEEXT - ok
18:32:14.0028 4924 [ D319A833EC173AD83C67885B3ED6C71C ] initMonitor     C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:14.0028 4924 initMonitor - ok
18:32:14.0091 4924 [ E551BB77E7D436380139977124BDFF62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:32:14.0106 4924 IntcAzAudAddService - ok
18:32:14.0122 4924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:32:14.0122 4924 intelide - ok
18:32:14.0138 4924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:32:14.0138 4924 intelppm - ok
18:32:14.0153 4924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:32:14.0153 4924 IPBusEnum - ok
18:32:14.0169 4924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:32:14.0169 4924 IpFilterDriver - ok
18:32:14.0200 4924 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:32:14.0200 4924 iphlpsvc - ok
18:32:14.0216 4924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:32:14.0216 4924 IPMIDRV - ok
18:32:14.0216 4924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:32:14.0216 4924 IPNAT - ok
18:32:14.0231 4924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:32:14.0231 4924 IRENUM - ok
18:32:14.0231 4924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:32:14.0247 4924 isapnp - ok
18:32:14.0247 4924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:32:14.0247 4924 iScsiPrt - ok
18:32:14.0262 4924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:32:14.0262 4924 kbdclass - ok
18:32:14.0278 4924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:32:14.0278 4924 kbdhid - ok
18:32:14.0294 4924 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
18:32:14.0294 4924 KeyIso - ok
18:32:14.0309 4924 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:32:14.0309 4924 KSecDD - ok
18:32:14.0325 4924 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:32:14.0325 4924 KSecPkg - ok
18:32:14.0340 4924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:32:14.0340 4924 ksthunk - ok
18:32:14.0356 4924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:32:14.0356 4924 KtmRm - ok
18:32:14.0372 4924 [ F11FF47203538DD145FAF56A4DAF5D75 ] LANConfig       C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
18:32:14.0372 4924 LANConfig - ok
18:32:14.0387 4924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:32:14.0387 4924 LanmanServer - ok
18:32:14.0403 4924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:32:14.0403 4924 LanmanWorkstation - ok
18:32:14.0418 4924 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
18:32:14.0418 4924 LicCtrlService - ok
18:32:14.0465 4924 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:32:14.0465 4924 LightScribeService - ok
18:32:14.0496 4924 [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:32:14.0496 4924 lltdio - ok
18:32:14.0528 4924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:32:14.0528 4924 lltdsvc - ok
18:32:14.0559 4924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:32:14.0559 4924 lmhosts - ok
18:32:14.0590 4924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:32:14.0590 4924 LSI_FC - ok
18:32:14.0606 4924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:32:14.0606 4924 LSI_SAS - ok
18:32:14.0621 4924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:32:14.0621 4924 LSI_SAS2 - ok
18:32:14.0621 4924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:32:14.0621 4924 LSI_SCSI - ok
18:32:14.0637 4924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:32:14.0637 4924 luafv - ok
18:32:14.0668 4924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:32:14.0668 4924 Mcx2Svc - ok
18:32:14.0715 4924 [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:32:14.0715 4924 MDM - ok
18:32:14.0746 4924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:32:14.0746 4924 megasas - ok
18:32:14.0762 4924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:32:14.0762 4924 MegaSR - ok
18:32:14.0777 4924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:32:14.0777 4924 MMCSS - ok
18:32:14.0793 4924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:32:14.0793 4924 Modem - ok
18:32:14.0808 4924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:32:14.0808 4924 monitor - ok
18:32:14.0824 4924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
18:32:14.0824 4924 mouclass - ok
18:32:14.0840 4924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:32:14.0840 4924 mouhid - ok
18:32:14.0855 4924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:32:14.0855 4924 mountmgr - ok
18:32:14.0902 4924 [ AEE4E9CC59CDEB55B1ECB0E596E796BE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:32:14.0902 4924 MozillaMaintenance - ok
18:32:14.0918 4924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:32:14.0918 4924 mpio - ok
18:32:14.0949 4924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:32:14.0949 4924 mpsdrv - ok
18:32:14.0980 4924 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:32:14.0996 4924 MpsSvc - ok
18:32:15.0042 4924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:32:15.0042 4924 MRxDAV - ok
18:32:15.0074 4924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:32:15.0074 4924 mrxsmb - ok
18:32:15.0105 4924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:32:15.0120 4924 mrxsmb10 - ok
18:32:15.0152 4924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:32:15.0152 4924 mrxsmb20 - ok
18:32:15.0183 4924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:32:15.0183 4924 msahci - ok
18:32:15.0198 4924 [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:32:15.0198 4924 msdsm - ok
18:32:15.0214 4924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:32:15.0230 4924 MSDTC - ok
18:32:15.0261 4924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:32:15.0261 4924 Msfs - ok
18:32:15.0261 4924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:32:15.0261 4924 mshidkmdf - ok
18:32:15.0276 4924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:32:15.0276 4924 msisadrv - ok
18:32:15.0292 4924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:32:15.0308 4924 MSiSCSI - ok
18:32:15.0308 4924 msiserver - ok
18:32:15.0323 4924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:32:15.0323 4924 MSKSSRV - ok
18:32:15.0339 4924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:32:15.0339 4924 MSPCLOCK - ok
18:32:15.0354 4924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:32:15.0354 4924 MSPQM - ok
18:32:15.0386 4924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:32:15.0386 4924 MsRPC - ok
18:32:15.0401 4924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:32:15.0401 4924 mssmbios - ok
18:32:15.0417 4924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:32:15.0417 4924 MSTEE - ok
18:32:15.0432 4924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:32:15.0432 4924 MTConfig - ok
18:32:15.0448 4924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:32:15.0448 4924 Mup - ok
18:32:15.0479 4924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:32:15.0479 4924 napagent - ok
18:32:15.0510 4924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:32:15.0510 4924 NativeWifiP - ok
18:32:15.0557 4924 [ E59AFB64C2F6E0C99350E1C944C75088 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
18:32:15.0573 4924 NAUpdate - ok
18:32:15.0604 4924 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:32:15.0620 4924 NDIS - ok
18:32:15.0635 4924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:32:15.0635 4924 NdisCap - ok
18:32:15.0635 4924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:32:15.0635 4924 NdisTapi - ok
18:32:15.0666 4924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:32:15.0666 4924 Ndisuio - ok
18:32:15.0698 4924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:32:15.0698 4924 NdisWan - ok
18:32:15.0713 4924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:32:15.0713 4924 NDProxy - ok
18:32:15.0729 4924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:32:15.0729 4924 NetBIOS - ok
18:32:15.0760 4924 [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:32:15.0760 4924 NetBT - ok
18:32:15.0760 4924 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
18:32:15.0760 4924 Netlogon - ok
18:32:15.0776 4924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:32:15.0791 4924 Netman - ok
18:32:15.0822 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:15.0838 4924 NetMsmqActivator - ok
18:32:15.0838 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:15.0838 4924 NetPipeActivator - ok
18:32:15.0885 4924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:32:15.0885 4924 netprofm - ok
18:32:15.0900 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:15.0900 4924 NetTcpActivator - ok
18:32:15.0916 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:15.0916 4924 NetTcpPortSharing - ok
18:32:15.0932 4924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:32:15.0932 4924 nfrd960 - ok
18:32:15.0947 4924 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:32:15.0963 4924 NlaSvc - ok
18:32:15.0963 4924 [ D319A833EC173AD83C67885B3ED6C71C ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:15.0963 4924 NotificationsProviderSvc - ok
18:32:15.0978 4924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:32:15.0978 4924 Npfs - ok
18:32:15.0994 4924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:32:15.0994 4924 nsi - ok
18:32:15.0994 4924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:32:15.0994 4924 nsiproxy - ok
18:32:16.0041 4924 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:32:16.0056 4924 Ntfs - ok
18:32:16.0072 4924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:32:16.0072 4924 Null - ok
18:32:16.0259 4924 [ E71E299FF15390E585BACF2C18F55078 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:32:16.0322 4924 nvlddmkm - ok
18:32:16.0337 4924 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:32:16.0337 4924 nvraid - ok
18:32:16.0353 4924 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:32:16.0353 4924 nvstor - ok
18:32:16.0384 4924 [ 415695F5A54E91E869EEBFEA261361A6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:32:16.0400 4924 nvsvc - ok
18:32:16.0446 4924 [ AA130938A27BB80A8B6438EF83232275 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:32:16.0462 4924 nvUpdatusService - ok
18:32:16.0493 4924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:32:16.0493 4924 nv_agp - ok
18:32:16.0509 4924 [ CE1EE08EF492FC0D1EF7718CC5D07A26 ] NxDrv           C:\Windows\system32\DRIVERS\NxDrv.sys
18:32:16.0509 4924 NxDrv - ok
18:32:16.0524 4924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:32:16.0524 4924 ohci1394 - ok
18:32:16.0540 4924 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:32:16.0540 4924 ose - ok
18:32:16.0556 4924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:32:16.0571 4924 p2pimsvc - ok
18:32:16.0587 4924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:32:16.0587 4924 p2psvc - ok
18:32:16.0602 4924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:32:16.0602 4924 Parport - ok
18:32:16.0634 4924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:32:16.0634 4924 partmgr - ok
18:32:16.0649 4924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:32:16.0665 4924 PcaSvc - ok
18:32:16.0665 4924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:32:16.0665 4924 pci - ok
18:32:16.0680 4924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:32:16.0680 4924 pciide - ok
18:32:16.0696 4924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:32:16.0696 4924 pcmcia - ok
18:32:16.0712 4924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:32:16.0712 4924 pcw - ok
18:32:16.0727 4924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:32:16.0727 4924 PEAUTH - ok
18:32:16.0790 4924 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:32:16.0790 4924 PeerDistSvc - ok
18:32:16.0836 4924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:32:16.0852 4924 PerfHost - ok
18:32:16.0883 4924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:32:16.0899 4924 pla - ok
18:32:16.0930 4924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:32:16.0930 4924 PlugPlay - ok
18:32:16.0930 4924 PnkBstrA - ok
18:32:16.0946 4924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:32:16.0961 4924 PNRPAutoReg - ok
18:32:16.0961 4924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:32:16.0977 4924 PNRPsvc - ok
18:32:16.0992 4924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:32:16.0992 4924 PolicyAgent - ok
18:32:17.0008 4924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:32:17.0024 4924 Power - ok
18:32:17.0039 4924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:32:17.0039 4924 PptpMiniport - ok
18:32:17.0055 4924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:32:17.0055 4924 Processor - ok
18:32:17.0070 4924 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
18:32:17.0070 4924 ProfSvc - ok
18:32:17.0086 4924 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
18:32:17.0086 4924 ProtectedStorage - ok
18:32:17.0102 4924 [ D319A833EC173AD83C67885B3ED6C71C ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:17.0102 4924 providers_system - ok
18:32:17.0133 4924 [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:32:17.0148 4924 Psched - ok
18:32:17.0195 4924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:32:17.0211 4924 ql2300 - ok
18:32:17.0226 4924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:32:17.0226 4924 ql40xx - ok
18:32:17.0242 4924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:32:17.0242 4924 QWAVE - ok
18:32:17.0258 4924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:32:17.0258 4924 QWAVEdrv - ok
18:32:17.0273 4924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:32:17.0273 4924 RasAcd - ok
18:32:17.0273 4924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:32:17.0289 4924 RasAgileVpn - ok
18:32:17.0289 4924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:32:17.0289 4924 RasAuto - ok
18:32:17.0304 4924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:32:17.0304 4924 Rasl2tp - ok
18:32:17.0336 4924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:32:17.0351 4924 RasMan - ok
18:32:17.0351 4924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:32:17.0351 4924 RasPppoe - ok
18:32:17.0367 4924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:32:17.0367 4924 RasSstp - ok
18:32:17.0382 4924 [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:32:17.0382 4924 rdbss - ok
18:32:17.0382 4924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:32:17.0382 4924 rdpbus - ok
18:32:17.0398 4924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:32:17.0398 4924 RDPCDD - ok
18:32:17.0429 4924 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:32:17.0429 4924 RDPDR - ok
18:32:17.0429 4924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:32:17.0429 4924 RDPENCDD - ok
18:32:17.0429 4924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:32:17.0429 4924 RDPREFMP - ok
18:32:17.0445 4924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:32:17.0445 4924 RDPWD - ok
18:32:17.0476 4924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:32:17.0476 4924 rdyboost - ok
18:32:17.0507 4924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:32:17.0507 4924 RemoteAccess - ok
18:32:17.0538 4924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:32:17.0554 4924 RemoteRegistry - ok
18:32:17.0570 4924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:32:17.0570 4924 RpcEptMapper - ok
18:32:17.0585 4924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:32:17.0585 4924 RpcLocator - ok
18:32:17.0616 4924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
18:32:17.0616 4924 RpcSs - ok
18:32:17.0632 4924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:32:17.0632 4924 rspndr - ok
18:32:17.0648 4924 [ 68DD0457D18FCCEF7384AE84022F0C86 ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
18:32:17.0648 4924 RTL8023x64 - ok
18:32:17.0694 4924 [ 130DD683DCC902F47A4AC35201D07E2F ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:32:17.0694 4924 RTL8167 - ok
18:32:17.0710 4924 [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:32:17.0710 4924 s3cap - ok
18:32:17.0726 4924 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
18:32:17.0726 4924 SamSs - ok
18:32:17.0757 4924 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:32:17.0757 4924 SASDIFSV - ok
18:32:17.0757 4924 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:32:17.0757 4924 SASKUTIL - ok
18:32:17.0772 4924 [ AD7231A60287E71E6D754264D55F3386 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
18:32:17.0772 4924 SbieDrv - ok
18:32:17.0788 4924 [ A9E1788755F2E37E5FC37A8D56845C92 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
18:32:17.0788 4924 SbieSvc - ok
18:32:17.0804 4924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:32:17.0819 4924 sbp2port - ok
18:32:17.0819 4924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:32:17.0819 4924 SCardSvr - ok
18:32:17.0850 4924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:32:17.0850 4924 scfilter - ok
18:32:17.0897 4924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:32:17.0913 4924 Schedule - ok
18:32:17.0944 4924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:32:17.0960 4924 SCPolicySvc - ok
18:32:17.0975 4924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:32:17.0991 4924 SDRSVC - ok
18:32:18.0022 4924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:32:18.0022 4924 secdrv - ok
18:32:18.0038 4924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:32:18.0053 4924 seclogon - ok
18:32:18.0084 4924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
18:32:18.0100 4924 SENS - ok
18:32:18.0116 4924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:32:18.0116 4924 SensrSvc - ok
18:32:18.0116 4924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:32:18.0116 4924 Serenum - ok
18:32:18.0131 4924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:32:18.0147 4924 Serial - ok
18:32:18.0147 4924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:32:18.0147 4924 sermouse - ok
18:32:18.0178 4924 [ 2E70B053A90C040F8BFC28E75C0E4153 ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
18:32:18.0178 4924 ServiceProviderRegistry - ok
18:32:18.0194 4924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:32:18.0209 4924 SessionEnv - ok
18:32:18.0225 4924 [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:32:18.0225 4924 sffdisk - ok
18:32:18.0240 4924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:32:18.0240 4924 sffp_mmc - ok
18:32:18.0256 4924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:32:18.0256 4924 sffp_sd - ok
18:32:18.0272 4924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:32:18.0272 4924 sfloppy - ok
18:32:18.0303 4924 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:32:18.0303 4924 SharedAccess - ok
18:32:18.0334 4924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:32:18.0334 4924 ShellHWDetection - ok
18:32:18.0350 4924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:32:18.0350 4924 SiSRaid2 - ok
18:32:18.0365 4924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:32:18.0365 4924 SiSRaid4 - ok
18:32:18.0381 4924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:32:18.0381 4924 Smb - ok
18:32:18.0412 4924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:32:18.0412 4924 SNMPTRAP - ok
18:32:18.0428 4924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:32:18.0428 4924 spldr - ok
18:32:18.0443 4924 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
18:32:18.0443 4924 Spooler - ok
18:32:18.0537 4924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:32:18.0552 4924 sppsvc - ok
18:32:18.0568 4924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:32:18.0568 4924 sppuinotify - ok
18:32:18.0584 4924 [ D319A833EC173AD83C67885B3ED6C71C ] SqmProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:18.0584 4924 SqmProviderSvc - ok
18:32:18.0599 4924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:32:18.0615 4924 srv - ok
18:32:18.0630 4924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:32:18.0630 4924 srv2 - ok
18:32:18.0646 4924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:32:18.0646 4924 srvnet - ok
18:32:18.0662 4924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:32:18.0662 4924 SSDPSRV - ok
18:32:18.0677 4924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:32:18.0677 4924 SstpSvc - ok
18:32:18.0708 4924 [ A9D26626BEADF5A0641BF6B5095EF309 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:32:18.0708 4924 Stereo Service - ok
18:32:18.0740 4924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:32:18.0740 4924 stexstor - ok
18:32:18.0755 4924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:32:18.0771 4924 stisvc - ok
18:32:18.0786 4924 [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:32:18.0786 4924 storflt - ok
18:32:18.0818 4924 [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
18:32:18.0818 4924 StorSvc - ok
18:32:18.0833 4924 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:32:18.0833 4924 storvsc - ok
18:32:18.0864 4924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:32:18.0864 4924 swenum - ok
18:32:18.0880 4924 [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:32:18.0896 4924 swprv - ok
18:32:18.0942 4924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:32:18.0958 4924 SysMain - ok
18:32:18.0974 4924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:32:18.0974 4924 TabletInputService - ok
18:32:18.0989 4924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:32:18.0989 4924 TapiSrv - ok
18:32:19.0005 4924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:32:19.0005 4924 TBS - ok
18:32:19.0052 4924 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:32:19.0052 4924 Tcpip - ok
18:32:19.0098 4924 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:32:19.0098 4924 TCPIP6 - ok
18:32:19.0130 4924 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:32:19.0130 4924 tcpipreg - ok
18:32:19.0145 4924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:32:19.0145 4924 TDPIPE - ok
18:32:19.0161 4924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:32:19.0161 4924 TDTCP - ok
18:32:19.0176 4924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:32:19.0176 4924 tdx - ok
18:32:19.0317 4924 [ 2B29FD3AF7B4FEB272CD1F6EEC8FE4BA ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
18:32:19.0348 4924 TeamViewer9 - ok
18:32:19.0364 4924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:32:19.0364 4924 TermDD - ok
18:32:19.0379 4924 [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:32:19.0379 4924 TermService - ok
18:32:19.0379 4924 [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:32:19.0395 4924 Themes - ok
18:32:19.0410 4924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:32:19.0410 4924 THREADORDER - ok
18:32:19.0410 4924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:32:19.0410 4924 TrkWks - ok
18:32:19.0426 4924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:32:19.0426 4924 TrustedInstaller - ok
18:32:19.0457 4924 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:32:19.0457 4924 tssecsrv - ok
18:32:19.0473 4924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:32:19.0473 4924 TsUsbFlt - ok
18:32:19.0504 4924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:32:19.0504 4924 tunnel - ok
18:32:19.0535 4924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:32:19.0535 4924 uagp35 - ok
18:32:19.0551 4924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:32:19.0551 4924 udfs - ok
18:32:19.0566 4924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:32:19.0582 4924 UI0Detect - ok
18:32:19.0582 4924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:32:19.0598 4924 uliagpkx - ok
18:32:19.0613 4924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:32:19.0613 4924 umbus - ok
18:32:19.0629 4924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:32:19.0629 4924 UmPass - ok
18:32:19.0644 4924 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
18:32:19.0644 4924 UmRdpService - ok
18:32:19.0660 4924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:32:19.0660 4924 upnphost - ok
18:32:19.0676 4924 [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:32:19.0676 4924 usbccgp - ok
18:32:19.0691 4924 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:32:19.0691 4924 usbcir - ok
18:32:19.0722 4924 [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:32:19.0722 4924 usbehci - ok
18:32:19.0754 4924 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
18:32:19.0754 4924 usbfilter - ok
18:32:19.0769 4924 [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:32:19.0785 4924 usbhub - ok
18:32:19.0800 4924 [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:32:19.0800 4924 usbohci - ok
18:32:19.0816 4924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:32:19.0816 4924 usbprint - ok
18:32:19.0847 4924 [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:32:19.0847 4924 usbscan - ok
18:32:19.0878 4924 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:32:19.0878 4924 USBSTOR - ok
18:32:19.0910 4924 [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:32:19.0910 4924 usbuhci - ok
18:32:19.0925 4924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:32:19.0941 4924 UxSms - ok
18:32:19.0956 4924 [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
18:32:19.0972 4924 VaultSvc - ok
18:32:19.0988 4924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:32:19.0988 4924 vdrvroot - ok
18:32:20.0019 4924 [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:32:20.0034 4924 vds - ok
18:32:20.0034 4924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:32:20.0034 4924 vga - ok
18:32:20.0050 4924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:32:20.0050 4924 VgaSave - ok
18:32:20.0066 4924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:32:20.0066 4924 vhdmp - ok
18:32:20.0097 4924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:32:20.0097 4924 viaide - ok
18:32:20.0112 4924 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:32:20.0112 4924 vmbus - ok
18:32:20.0144 4924 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:32:20.0144 4924 VMBusHID - ok
18:32:20.0159 4924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:32:20.0159 4924 volmgr - ok
18:32:20.0159 4924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:32:20.0175 4924 volmgrx - ok
18:32:20.0190 4924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:32:20.0190 4924 volsnap - ok
18:32:20.0206 4924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:32:20.0206 4924 vsmraid - ok
18:32:20.0253 4924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:32:20.0268 4924 VSS - ok
18:32:20.0284 4924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:32:20.0284 4924 vwifibus - ok
18:32:20.0300 4924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:32:20.0300 4924 W32Time - ok
18:32:20.0331 4924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:32:20.0331 4924 WacomPen - ok
18:32:20.0346 4924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:32:20.0346 4924 WANARP - ok
18:32:20.0346 4924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:32:20.0346 4924 Wanarpv6 - ok
18:32:20.0378 4924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:32:20.0378 4924 WatAdminSvc - ok
18:32:20.0424 4924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:32:20.0424 4924 wbengine - ok
18:32:20.0440 4924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:32:20.0440 4924 WbioSrvc - ok
18:32:20.0456 4924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:32:20.0456 4924 wcncsvc - ok
18:32:20.0471 4924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:32:20.0471 4924 WcsPlugInService - ok
18:32:20.0471 4924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:32:20.0471 4924 Wd - ok
18:32:20.0518 4924 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:32:20.0534 4924 Wdf01000 - ok
18:32:20.0534 4924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:32:20.0549 4924 WdiServiceHost - ok
18:32:20.0549 4924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:32:20.0549 4924 WdiSystemHost - ok
18:32:20.0596 4924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:32:20.0612 4924 WebClient - ok
18:32:20.0627 4924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:32:20.0643 4924 Wecsvc - ok
18:32:20.0643 4924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:32:20.0658 4924 wercplsupport - ok
18:32:20.0658 4924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:32:20.0674 4924 WerSvc - ok
18:32:20.0690 4924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:32:20.0690 4924 WfpLwf - ok
18:32:20.0705 4924 [ 090A1AB6E47626592B78AFDF7DCFBC9F ] WhsMcClient     C:\Program Files\Windows Server\Bin\WhsMcClient.exe
18:32:20.0705 4924 WhsMcClient - ok
18:32:20.0721 4924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:32:20.0721 4924 WIMMount - ok
18:32:20.0736 4924 WinDefend - ok
18:32:20.0752 4924 WinHttpAutoProxySvc - ok
18:32:20.0783 4924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:32:20.0783 4924 Winmgmt - ok
18:32:20.0846 4924 [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:32:20.0861 4924 WinRM - ok
18:32:20.0892 4924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:32:20.0892 4924 Wlansvc - ok
18:32:20.0908 4924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:32:20.0908 4924 WmiAcpi - ok
18:32:20.0924 4924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:32:20.0924 4924 wmiApSrv - ok
18:32:20.0939 4924 WMPNetworkSvc - ok
18:32:20.0955 4924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:32:20.0955 4924 WPCSvc - ok
18:32:20.0970 4924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:32:20.0970 4924 WPDBusEnum - ok
18:32:20.0970 4924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:32:20.0970 4924 ws2ifsl - ok
18:32:21.0002 4924 [ AAA0F5CDE4D5C357A65E14DF793FDA81 ] WSConnectorUpdate C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
18:32:21.0002 4924 WSConnectorUpdate - ok
18:32:21.0017 4924 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
18:32:21.0033 4924 wscsvc - ok
18:32:21.0064 4924 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:32:21.0064 4924 WSDPrintDevice - ok
18:32:21.0064 4924 WSearch - ok
18:32:21.0080 4924 [ D319A833EC173AD83C67885B3ED6C71C ] WSS_ComputerBackupProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:21.0080 4924 WSS_ComputerBackupProviderSvc - ok
18:32:21.0126 4924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:32:21.0142 4924 wuauserv - ok
18:32:21.0173 4924 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:32:21.0173 4924 WudfPf - ok
18:32:21.0189 4924 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:32:21.0189 4924 WUDFRd - ok
18:32:21.0204 4924 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:32:21.0204 4924 wudfsvc - ok
18:32:21.0220 4924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:32:21.0220 4924 WwanSvc - ok
18:32:21.0220 4924 ================ Scan global ===============================
18:32:21.0236 4924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:32:21.0251 4924 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
18:32:21.0267 4924 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
18:32:21.0267 4924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:32:21.0282 4924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:32:21.0298 4924 [Global] - ok
18:32:21.0298 4924 ================ Scan MBR ==================================
18:32:21.0298 4924 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:32:21.0454 4924 \Device\Harddisk1\DR1 - ok
18:32:21.0485 4924 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
18:32:21.0485 4924 \Device\Harddisk2\DR2 - ok
18:32:22.0125 4924 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
18:32:22.0140 4924 \Device\Harddisk3\DR3 - ok
18:32:22.0640 4924 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:32:22.0889 4924 \Device\Harddisk0\DR0 - ok
18:32:22.0889 4924 ================ Scan VBR ==================================
18:32:22.0905 4924 [ 1B2E109955F0A21A7AC826ED4805891F ] \Device\Harddisk1\DR1\Partition1
18:32:22.0905 4924 \Device\Harddisk1\DR1\Partition1 - ok
18:32:22.0905 4924 [ DD11F9A117EF0A3E60C8AB23A3F856A9 ] \Device\Harddisk1\DR1\Partition2
18:32:22.0905 4924 \Device\Harddisk1\DR1\Partition2 - ok
18:32:22.0905 4924 [ 0781ED599AA5DE17E7912B63E9D5508A ] \Device\Harddisk2\DR2\Partition1
18:32:22.0905 4924 \Device\Harddisk2\DR2\Partition1 - ok
18:32:22.0905 4924 [ AE5A6D5093033813582FDB5763FCDD90 ] \Device\Harddisk3\DR3\Partition1
18:32:22.0905 4924 \Device\Harddisk3\DR3\Partition1 - ok
18:32:22.0905 4924 [ 331B5935D6F88C03A70B7D797CFF01FE ] \Device\Harddisk0\DR0\Partition1
18:32:22.0905 4924 \Device\Harddisk0\DR0\Partition1 - ok
18:32:22.0905 4924 ============================================================
18:32:22.0905 4924 Scan finished
18:32:22.0920 4924 ============================================================
18:32:22.0920 6032 Detected object count: 0
18:32:22.0920 6032 Actual detected object count: 0
18:32:27.0881 3204 ============================================================
18:32:27.0881 3204 Scan started
18:32:27.0881 3204 Mode: Manual; SigCheck; TDLFS;
18:32:27.0897 3204 ============================================================
18:32:28.0474 3204 ================ Scan system memory ========================
18:32:28.0474 3204 System memory - ok
18:32:28.0474 3204 ================ Scan services =============================
18:32:28.0490 3204 [ 620C92D6EEFA9853A3EAD41B5EB9B5FD ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:32:28.0536 3204 !SASCORE - ok
18:32:28.0614 3204 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:32:28.0646 3204 1394ohci - ok
18:32:28.0661 3204 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:32:28.0692 3204 ACPI - ok
18:32:28.0708 3204 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:32:28.0724 3204 AcpiPmi - ok
18:32:28.0755 3204 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:32:28.0770 3204 adp94xx - ok
18:32:28.0786 3204 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:32:28.0802 3204 adpahci - ok
18:32:28.0802 3204 [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:32:28.0817 3204 adpu320 - ok
18:32:28.0848 3204 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:32:28.0880 3204 AeLookupSvc - ok
18:32:28.0895 3204 [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
18:32:28.0911 3204 AFD - ok
18:32:28.0942 3204 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:32:28.0942 3204 agp440 - ok
18:32:28.0958 3204 [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:32:28.0973 3204 ALG - ok
18:32:28.0973 3204 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:32:28.0989 3204 aliide - ok
18:32:29.0004 3204 AMD FUEL Service - ok
18:32:29.0004 3204 [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:32:29.0020 3204 amdide - ok
18:32:29.0020 3204 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
18:32:29.0036 3204 amdiox64 - ok
18:32:29.0051 3204 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:32:29.0067 3204 AmdK8 - ok
18:32:29.0082 3204 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:32:29.0098 3204 AmdPPM - ok
18:32:29.0098 3204 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:32:29.0114 3204 amdsata - ok
18:32:29.0114 3204 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:32:29.0129 3204 amdsbs - ok
18:32:29.0129 3204 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:32:29.0145 3204 amdxata - ok
18:32:29.0145 3204 [ D7253A1A7A49FA40EF0BA1955AAFB346 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:32:29.0160 3204 AODDriver4.1 - ok
18:32:29.0176 3204 [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:32:29.0207 3204 AppID - ok
18:32:29.0223 3204 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:32:29.0254 3204 AppIDSvc - ok
18:32:29.0270 3204 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
18:32:29.0285 3204 Appinfo - ok
18:32:29.0301 3204 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:32:29.0316 3204 AppMgmt - ok
18:32:29.0332 3204 [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:32:29.0348 3204 arc - ok
18:32:29.0348 3204 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:32:29.0363 3204 arcsas - ok
18:32:29.0410 3204 [ 1E00D45122C5417F3110A69FCB1B7751 ] arXfrSvc        C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
18:32:29.0410 3204 arXfrSvc - ok
18:32:29.0426 3204 [ 425A881DFFB426660A6861DC44927DD3 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
18:32:29.0441 3204 asmthub3 - ok
18:32:29.0457 3204 [ 0B19AE36FAAE5294B19B0AD4E5F2F37E ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
18:32:29.0472 3204 asmtxhci - ok
18:32:29.0535 3204 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:32:29.0566 3204 aspnet_state - ok
18:32:29.0582 3204 [ 8BE618EB795A87DBFD1E09DA63F009C7 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:32:29.0613 3204 aswMonFlt - ok
18:32:29.0628 3204 [ D4259F75734EBCC8D815753B09EB2F0A ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
18:32:29.0644 3204 aswRdr - ok
18:32:29.0644 3204 [ 8D4B8BF93C65BDBC133B20706A3B5208 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:32:29.0660 3204 aswRvrt - ok
18:32:29.0675 3204 [ AA0D1B47BE967E1E17301DDFB66C432C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:32:29.0706 3204 aswSnx - ok
18:32:29.0722 3204 [ 15C6B7D20EE0E44A4DF82183A89CCFC2 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:32:29.0738 3204 aswSP - ok
18:32:29.0769 3204 [ 81FA56F29440406A7264CBD7B1C7CB29 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
18:32:29.0816 3204 aswStm - ok
18:32:29.0816 3204 [ 0606875650850B0697D662934529F6FC ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:32:29.0847 3204 aswVmm - ok
18:32:29.0862 3204 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:32:29.0878 3204 AsyncMac - ok
18:32:29.0909 3204 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:32:29.0909 3204 atapi - ok
18:32:29.0940 3204 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:32:29.0972 3204 AudioEndpointBuilder - ok
18:32:29.0987 3204 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:32:30.0018 3204 AudioSrv - ok
18:32:30.0050 3204 [ BEA8D0FA8805CC2E6BB49728166699C7 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:32:30.0065 3204 avast! Antivirus - ok
18:32:30.0081 3204 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:32:30.0096 3204 AxInstSV - ok
18:32:30.0112 3204 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:32:30.0128 3204 b06bdrv - ok
18:32:30.0143 3204 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:32:30.0159 3204 b57nd60a - ok
18:32:30.0174 3204 [ 7729395761F4061A643B573BF7F19AA8 ] BackupReader    C:\Windows\system32\DRIVERS\BackupReader.sys
18:32:30.0190 3204 BackupReader - ok
18:32:30.0206 3204 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:32:30.0221 3204 BDESVC - ok
18:32:30.0252 3204 [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:32:30.0299 3204 Beep - ok
18:32:30.0330 3204 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:32:30.0346 3204 BFE - ok
18:32:30.0393 3204 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
18:32:30.0424 3204 BITS - ok
18:32:30.0440 3204 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:32:30.0440 3204 blbdrive - ok
18:32:30.0455 3204 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:32:30.0471 3204 bowser - ok
18:32:30.0486 3204 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:32:30.0518 3204 BrFiltLo - ok
18:32:30.0533 3204 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:32:30.0533 3204 BrFiltUp - ok
18:32:30.0549 3204 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:32:30.0580 3204 BridgeMP - ok
18:32:30.0596 3204 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:32:30.0611 3204 Browser - ok
18:32:30.0611 3204 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:32:30.0627 3204 Brserid - ok
18:32:30.0642 3204 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:32:30.0642 3204 BrSerWdm - ok
18:32:30.0658 3204 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:32:30.0674 3204 BrUsbMdm - ok
18:32:30.0674 3204 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:32:30.0689 3204 BrUsbSer - ok
18:32:30.0705 3204 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:32:30.0705 3204 BTHMODEM - ok
18:32:30.0720 3204 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:32:30.0752 3204 bthserv - ok
18:32:30.0783 3204 catchme - ok
18:32:30.0798 3204 [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:32:30.0861 3204 cdfs - ok
18:32:30.0876 3204 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:32:30.0892 3204 cdrom - ok
18:32:30.0923 3204 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:32:30.0939 3204 CertPropSvc - ok
18:32:30.0970 3204 [ 7AD735DB1A9CC82D75E8854952EE8052 ] CFRMD           C:\Windows\system32\DRIVERS\CFRMD.sys
18:32:30.0970 3204 CFRMD ( UnsignedFile.Multi.Generic ) - warning
18:32:30.0970 3204 CFRMD - detected UnsignedFile.Multi.Generic (1)
18:32:30.0986 3204 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:32:30.0986 3204 circlass - ok
18:32:31.0017 3204 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:32:31.0032 3204 CLFS - ok
18:32:31.0064 3204 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:32:31.0079 3204 clr_optimization_v2.0.50727_32 - ok
18:32:31.0110 3204 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:32:31.0110 3204 clr_optimization_v2.0.50727_64 - ok
18:32:31.0157 3204 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:32:31.0204 3204 clr_optimization_v4.0.30319_32 - ok
18:32:31.0235 3204 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:32:31.0266 3204 clr_optimization_v4.0.30319_64 - ok
18:32:31.0266 3204 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:32:31.0282 3204 CmBatt - ok
18:32:31.0298 3204 [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:32:31.0313 3204 cmdide - ok
18:32:31.0329 3204 [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:32:31.0360 3204 CNG - ok
18:32:31.0376 3204 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:32:31.0391 3204 Compbatt - ok
18:32:31.0407 3204 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:32:31.0407 3204 CompositeBus - ok
18:32:31.0422 3204 COMSysApp - ok
18:32:31.0422 3204 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:32:31.0438 3204 crcdisk - ok
18:32:31.0454 3204 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:32:31.0469 3204 CryptSvc - ok
18:32:31.0500 3204 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:32:31.0516 3204 CSC - ok
18:32:31.0532 3204 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:32:31.0547 3204 CscService - ok
18:32:31.0610 3204 [ 8AEC9C2998620CA6946B7183DAD4ACF2 ] cypherix10service C:\Windows\SysWOW64\cypxsrv10.exe
18:32:31.0641 3204 cypherix10service - ok
18:32:31.0641 3204 cypherixservice - ok
18:32:31.0641 3204 [ F5A61340A820768B18CC8BEC0C750FC9 ] cyphxdrv        C:\Windows\system32\Drivers\cyphxdrv.sys
18:32:31.0656 3204 cyphxdrv - ok
18:32:31.0672 3204 [ 8F1BA5DCFE8D9CE041B606DC661B5E5A ] cypxdv10        C:\Windows\system32\Drivers\cypxdv10.sys
18:32:31.0688 3204 cypxdv10 - ok
18:32:31.0703 3204 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:32:31.0734 3204 DcomLaunch - ok
18:32:31.0766 3204 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:32:31.0797 3204 defragsvc - ok
18:32:31.0812 3204 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:32:31.0844 3204 DfsC - ok
18:32:31.0859 3204 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:32:31.0890 3204 Dhcp - ok
18:32:31.0906 3204 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:32:31.0937 3204 discache - ok
18:32:31.0953 3204 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:32:31.0953 3204 Disk - ok
18:32:31.0984 3204 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:32:32.0000 3204 Dnscache - ok
18:32:32.0015 3204 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:32:32.0046 3204 dot3svc - ok
18:32:32.0062 3204 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:32:32.0093 3204 DPS - ok
18:32:32.0109 3204 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:32:32.0124 3204 drmkaud - ok
18:32:32.0156 3204 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:32:32.0171 3204 DXGKrnl - ok
18:32:32.0187 3204 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:32:32.0218 3204 EapHost - ok
18:32:32.0265 3204 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:32:32.0296 3204 ebdrv - ok
18:32:32.0327 3204 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
18:32:32.0327 3204 EFS - ok
18:32:32.0358 3204 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:32:32.0374 3204 ehRecvr - ok
18:32:32.0405 3204 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:32:32.0405 3204 ehSched - ok
18:32:32.0436 3204 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:32:32.0452 3204 elxstor - ok
18:32:32.0452 3204 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:32:32.0468 3204 ErrDev - ok
18:32:32.0483 3204 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:32:32.0514 3204 EventSystem - ok
18:32:32.0530 3204 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:32:32.0561 3204 exfat - ok
18:32:32.0577 3204 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:32:32.0608 3204 fastfat - ok
18:32:32.0639 3204 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:32:32.0655 3204 Fax - ok
18:32:32.0670 3204 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:32:32.0686 3204 fdc - ok
18:32:32.0686 3204 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:32:32.0717 3204 fdPHost - ok
18:32:32.0733 3204 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:32:32.0764 3204 FDResPub - ok
18:32:32.0764 3204 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:32:32.0780 3204 FileInfo - ok
18:32:32.0795 3204 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:32:32.0826 3204 Filetrace - ok
18:32:32.0826 3204 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:32:32.0842 3204 flpydisk - ok
18:32:32.0858 3204 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:32:32.0873 3204 FltMgr - ok
18:32:32.0904 3204 [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:32:32.0920 3204 FontCache - ok
18:32:32.0951 3204 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:32:32.0951 3204 FontCache3.0.0.0 - ok
18:32:32.0967 3204 [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:32:32.0967 3204 FsDepends - ok
18:32:32.0982 3204 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:32:32.0998 3204 Fs_Rec - ok
18:32:33.0029 3204 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:32:33.0045 3204 fvevol - ok
18:32:33.0045 3204 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:32:33.0060 3204 gagp30kx - ok
18:32:33.0092 3204 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:32:33.0123 3204 gpsvc - ok
18:32:33.0154 3204 [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:32:33.0170 3204 gusvc - ok
18:32:33.0170 3204 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:32:33.0185 3204 hcw85cir - ok
18:32:33.0216 3204 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:32:33.0232 3204 HdAudAddService - ok
18:32:33.0232 3204 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:32:33.0248 3204 HDAudBus - ok
18:32:33.0294 3204 [ D319A833EC173AD83C67885B3ED6C71C ] HealthAlertsSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:33.0326 3204 HealthAlertsSvc - ok
18:32:33.0326 3204 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:32:33.0357 3204 HidBatt - ok
18:32:33.0357 3204 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:32:33.0372 3204 HidBth - ok
18:32:33.0372 3204 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:32:33.0388 3204 HidIr - ok
18:32:33.0404 3204 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
18:32:33.0435 3204 hidserv - ok
18:32:33.0466 3204 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:32:33.0497 3204 HidUsb - ok
18:32:33.0528 3204 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:32:33.0575 3204 hkmsvc - ok
18:32:33.0606 3204 [ D3A6BCD0047EE7923C2C3960C4CDCA4D ] HMD             C:\Windows\system32\DRIVERS\hmd.sys
18:32:33.0606 3204 HMD - ok
18:32:33.0638 3204 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:32:33.0653 3204 HomeGroupListener - ok
18:32:33.0653 3204 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:32:33.0669 3204 HomeGroupProvider - ok
18:32:33.0716 3204 [ BA09645B01CF9778FBD01A7B082CCA3C ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:32:33.0731 3204 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:32:33.0731 3204 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:32:33.0747 3204 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:32:33.0762 3204 HpSAMD - ok
18:32:33.0794 3204 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:32:33.0825 3204 HTTP - ok
18:32:33.0856 3204 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:32:33.0856 3204 hwpolicy - ok
18:32:33.0887 3204 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:32:33.0887 3204 i8042prt - ok
18:32:33.0903 3204 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:32:33.0918 3204 iaStorV - ok
18:32:33.0950 3204 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:32:33.0981 3204 idsvc - ok
18:32:33.0981 3204 IEEtwCollectorService - ok
18:32:33.0996 3204 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:32:33.0996 3204 iirsp - ok
18:32:34.0028 3204 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:32:34.0043 3204 IKEEXT - ok
18:32:34.0059 3204 [ D319A833EC173AD83C67885B3ED6C71C ] initMonitor     C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:34.0059 3204 initMonitor - ok
18:32:34.0137 3204 [ E551BB77E7D436380139977124BDFF62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:32:34.0199 3204 IntcAzAudAddService - ok
18:32:34.0215 3204 [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:32:34.0215 3204 intelide - ok
18:32:34.0230 3204 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:32:34.0230 3204 intelppm - ok
18:32:34.0246 3204 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:32:34.0277 3204 IPBusEnum - ok
18:32:34.0293 3204 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:32:34.0324 3204 IpFilterDriver - ok
18:32:34.0355 3204 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:32:34.0386 3204 iphlpsvc - ok
18:32:34.0402 3204 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:32:34.0418 3204 IPMIDRV - ok
18:32:34.0418 3204 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:32:34.0449 3204 IPNAT - ok
18:32:34.0464 3204 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:32:34.0480 3204 IRENUM - ok
18:32:34.0496 3204 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:32:34.0511 3204 isapnp - ok
18:32:34.0511 3204 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:32:34.0527 3204 iScsiPrt - ok
18:32:34.0542 3204 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:32:34.0558 3204 kbdclass - ok
18:32:34.0558 3204 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:32:34.0574 3204 kbdhid - ok
18:32:34.0574 3204 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
18:32:34.0589 3204 KeyIso - ok
18:32:34.0605 3204 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:32:34.0620 3204 KSecDD - ok
18:32:34.0652 3204 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:32:34.0652 3204 KSecPkg - ok
18:32:34.0667 3204 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:32:34.0698 3204 ksthunk - ok
18:32:34.0714 3204 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:32:34.0745 3204 KtmRm - ok
18:32:34.0745 3204 [ F11FF47203538DD145FAF56A4DAF5D75 ] LANConfig       C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
18:32:34.0761 3204 LANConfig - ok
18:32:34.0776 3204 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:32:34.0808 3204 LanmanServer - ok
18:32:34.0808 3204 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:32:34.0839 3204 LanmanWorkstation - ok
18:32:34.0854 3204 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
18:32:34.0854 3204 LicCtrlService ( UnsignedFile.Multi.Generic ) - warning
18:32:34.0854 3204 LicCtrlService - detected UnsignedFile.Multi.Generic (1)
18:32:34.0901 3204 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:32:34.0901 3204 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:32:34.0901 3204 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:32:34.0917 3204 [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:32:34.0964 3204 lltdio - ok
18:32:34.0979 3204 [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:32:35.0010 3204 lltdsvc - ok
18:32:35.0026 3204 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:32:35.0057 3204 lmhosts - ok
18:32:35.0073 3204 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:32:35.0073 3204 LSI_FC - ok
18:32:35.0088 3204 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:32:35.0104 3204 LSI_SAS - ok
18:32:35.0104 3204 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:32:35.0120 3204 LSI_SAS2 - ok
18:32:35.0135 3204 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:32:35.0135 3204 LSI_SCSI - ok
18:32:35.0151 3204 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:32:35.0182 3204 luafv - ok
18:32:35.0213 3204 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:32:35.0213 3204 Mcx2Svc - ok
18:32:35.0260 3204 [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:32:35.0276 3204 MDM - ok
18:32:35.0291 3204 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:32:35.0307 3204 megasas - ok
18:32:35.0322 3204 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:32:35.0322 3204 MegaSR - ok
18:32:35.0338 3204 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:32:35.0369 3204 MMCSS - ok
18:32:35.0385 3204 [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:32:35.0416 3204 Modem - ok
18:32:35.0432 3204 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:32:35.0447 3204 monitor - ok
18:32:35.0463 3204 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
18:32:35.0478 3204 mouclass - ok
18:32:35.0494 3204 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:32:35.0494 3204 mouhid - ok
18:32:35.0510 3204 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:32:35.0525 3204 mountmgr - ok
18:32:35.0541 3204 [ AEE4E9CC59CDEB55B1ECB0E596E796BE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:32:35.0556 3204 MozillaMaintenance - ok
18:32:35.0572 3204 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:32:35.0588 3204 mpio - ok
18:32:35.0603 3204 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:32:35.0634 3204 mpsdrv - ok
18:32:35.0666 3204 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:32:35.0728 3204 MpsSvc - ok
18:32:35.0744 3204 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:32:35.0759 3204 MRxDAV - ok
18:32:35.0775 3204 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:32:35.0790 3204 mrxsmb - ok
18:32:35.0822 3204 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:32:35.0822 3204 mrxsmb10 - ok
18:32:35.0853 3204 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:32:35.0868 3204 mrxsmb20 - ok
18:32:35.0884 3204 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:32:35.0884 3204 msahci - ok
18:32:35.0900 3204 [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:32:35.0915 3204 msdsm - ok
18:32:35.0931 3204 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:32:35.0946 3204 MSDTC - ok
18:32:35.0962 3204 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:32:35.0993 3204 Msfs - ok
18:32:35.0993 3204 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:32:36.0024 3204 mshidkmdf - ok
18:32:36.0040 3204 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:32:36.0056 3204 msisadrv - ok
18:32:36.0071 3204 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:32:36.0102 3204 MSiSCSI - ok
18:32:36.0102 3204 msiserver - ok
18:32:36.0118 3204 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:32:36.0149 3204 MSKSSRV - ok
18:32:36.0165 3204 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:32:36.0180 3204 MSPCLOCK - ok
18:32:36.0196 3204 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:32:36.0227 3204 MSPQM - ok
18:32:36.0258 3204 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:32:36.0274 3204 MsRPC - ok
18:32:36.0290 3204 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:32:36.0305 3204 mssmbios - ok
18:32:36.0321 3204 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:32:36.0336 3204 MSTEE - ok
18:32:36.0352 3204 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:32:36.0368 3204 MTConfig - ok
18:32:36.0383 3204 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:32:36.0383 3204 Mup - ok
18:32:36.0414 3204 [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:32:36.0446 3204 napagent - ok
18:32:36.0461 3204 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:32:36.0477 3204 NativeWifiP - ok
18:32:36.0524 3204 [ E59AFB64C2F6E0C99350E1C944C75088 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
18:32:36.0555 3204 NAUpdate - ok
18:32:36.0586 3204 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:32:36.0602 3204 NDIS - ok
18:32:36.0617 3204 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:32:36.0648 3204 NdisCap - ok
18:32:36.0648 3204 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:32:36.0680 3204 NdisTapi - ok
18:32:36.0695 3204 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:32:36.0726 3204 Ndisuio - ok
18:32:36.0742 3204 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:32:36.0773 3204 NdisWan - ok
18:32:36.0804 3204 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:32:36.0820 3204 NDProxy - ok
18:32:36.0836 3204 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:32:36.0851 3204 NetBIOS - ok
18:32:36.0882 3204 [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:32:36.0914 3204 NetBT - ok
18:32:36.0929 3204 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
18:32:36.0945 3204 Netlogon - ok
18:32:36.0960 3204 [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:32:36.0992 3204 Netman - ok
18:32:37.0023 3204 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:37.0054 3204 NetMsmqActivator - ok
18:32:37.0054 3204 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:37.0070 3204 NetPipeActivator - ok
18:32:37.0085 3204 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:32:37.0132 3204 netprofm - ok
18:32:37.0132 3204 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:37.0132 3204 NetTcpActivator - ok
18:32:37.0148 3204 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:37.0148 3204 NetTcpPortSharing - ok
18:32:37.0163 3204 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:32:37.0163 3204 nfrd960 - ok
18:32:37.0194 3204 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:32:37.0226 3204 NlaSvc - ok
18:32:37.0226 3204 [ D319A833EC173AD83C67885B3ED6C71C ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:37.0241 3204 NotificationsProviderSvc - ok
18:32:37.0257 3204 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:32:37.0272 3204 Npfs - ok
18:32:37.0288 3204 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:32:37.0319 3204 nsi - ok
18:32:37.0319 3204 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:32:37.0350 3204 nsiproxy - ok
18:32:37.0413 3204 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:32:37.0460 3204 Ntfs - ok
18:32:37.0460 3204 [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:32:37.0491 3204 Null - ok
18:32:37.0662 3204 [ E71E299FF15390E585BACF2C18F55078 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:32:37.0818 3204 nvlddmkm - ok
18:32:37.0834 3204 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:32:37.0850 3204 nvraid - ok
18:32:37.0865 3204 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:32:37.0881 3204 nvstor - ok
18:32:37.0912 3204 [ 415695F5A54E91E869EEBFEA261361A6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:32:37.0928 3204 nvsvc - ok
18:32:37.0974 3204 [ AA130938A27BB80A8B6438EF83232275 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:32:38.0021 3204 nvUpdatusService - ok
18:32:38.0037 3204 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:32:38.0084 3204 nv_agp - ok
18:32:38.0099 3204 [ CE1EE08EF492FC0D1EF7718CC5D07A26 ] NxDrv           C:\Windows\system32\DRIVERS\NxDrv.sys
18:32:38.0115 3204 NxDrv - ok
18:32:38.0130 3204 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:32:38.0146 3204 ohci1394 - ok
18:32:38.0162 3204 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:32:38.0177 3204 ose - ok
18:32:38.0193 3204 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:32:38.0208 3204 p2pimsvc - ok
18:32:38.0224 3204 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:32:38.0240 3204 p2psvc - ok
18:32:38.0271 3204 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:32:38.0286 3204 Parport - ok
18:32:38.0302 3204 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:32:38.0318 3204 partmgr - ok
18:32:38.0318 3204 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:32:38.0333 3204 PcaSvc - ok
18:32:38.0349 3204 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:32:38.0364 3204 pci - ok
18:32:38.0364 3204 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:32:38.0380 3204 pciide - ok
18:32:38.0396 3204 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:32:38.0396 3204 pcmcia - ok
18:32:38.0411 3204 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:32:38.0411 3204 pcw - ok
18:32:38.0427 3204 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:32:38.0505 3204 PEAUTH - ok
18:32:38.0520 3204 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:32:38.0552 3204 PeerDistSvc - ok
18:32:38.0598 3204 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:32:38.0630 3204 PerfHost - ok
18:32:38.0676 3204 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:32:38.0739 3204 pla - ok
18:32:38.0770 3204 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:32:38.0786 3204 PlugPlay - ok
18:32:38.0786 3204 PnkBstrA - ok
18:32:38.0801 3204 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:32:38.0801 3204 PNRPAutoReg - ok
18:32:38.0817 3204 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:32:38.0832 3204 PNRPsvc - ok
18:32:38.0848 3204 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:32:38.0879 3204 PolicyAgent - ok
18:32:38.0910 3204 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:32:38.0942 3204 Power - ok
18:32:38.0957 3204 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:32:38.0988 3204 PptpMiniport - ok
18:32:38.0988 3204 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:32:39.0004 3204 Processor - ok
18:32:39.0020 3204 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
18:32:39.0051 3204 ProfSvc - ok
18:32:39.0051 3204 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
18:32:39.0066 3204 ProtectedStorage - ok
18:32:39.0066 3204 [ D319A833EC173AD83C67885B3ED6C71C ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:39.0082 3204 providers_system - ok
18:32:39.0113 3204 [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:32:39.0129 3204 Psched - ok
18:32:39.0160 3204 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:32:39.0191 3204 ql2300 - ok
18:32:39.0191 3204 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:32:39.0207 3204 ql40xx - ok
18:32:39.0222 3204 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:32:39.0238 3204 QWAVE - ok
18:32:39.0254 3204 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:32:39.0269 3204 QWAVEdrv - ok
18:32:39.0269 3204 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:32:39.0300 3204 RasAcd - ok
18:32:39.0316 3204 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:32:39.0347 3204 RasAgileVpn - ok
18:32:39.0363 3204 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:32:39.0394 3204 RasAuto - ok
18:32:39.0410 3204 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:32:39.0441 3204 Rasl2tp - ok
18:32:39.0456 3204 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:32:39.0503 3204 RasMan - ok
18:32:39.0519 3204 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:32:39.0550 3204 RasPppoe - ok
18:32:39.0550 3204 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:32:39.0581 3204 RasSstp - ok
18:32:39.0597 3204 [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:32:39.0628 3204 rdbss - ok
18:32:39.0628 3204 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:32:39.0644 3204 rdpbus - ok
18:32:39.0644 3204 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:32:39.0675 3204 RDPCDD - ok
18:32:39.0706 3204 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:32:39.0706 3204 RDPDR - ok
18:32:39.0706 3204 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:32:39.0737 3204 RDPENCDD - ok
18:32:39.0753 3204 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:32:39.0768 3204 RDPREFMP - ok
18:32:39.0784 3204 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:32:39.0800 3204 RDPWD - ok
18:32:39.0815 3204 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:32:39.0831 3204 rdyboost - ok
18:32:39.0846 3204 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:32:39.0878 3204 RemoteAccess - ok
18:32:39.0893 3204 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:32:39.0924 3204 RemoteRegistry - ok
18:32:39.0940 3204 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:32:39.0971 3204 RpcEptMapper - ok
18:32:39.0987 3204 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:32:39.0987 3204 RpcLocator - ok
18:32:40.0018 3204 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
18:32:40.0049 3204 RpcSs - ok
18:32:40.0049 3204 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:32:40.0080 3204 rspndr - ok
18:32:40.0096 3204 [ 68DD0457D18FCCEF7384AE84022F0C86 ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
18:32:40.0112 3204 RTL8023x64 - ok
18:32:40.0143 3204 [ 130DD683DCC902F47A4AC35201D07E2F ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:32:40.0158 3204 RTL8167 - ok
18:32:40.0190 3204 [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:32:40.0190 3204 s3cap - ok
18:32:40.0205 3204 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
18:32:40.0221 3204 SamSs - ok
18:32:40.0236 3204 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:32:40.0252 3204 SASDIFSV - ok
18:32:40.0252 3204 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:32:40.0268 3204 SASKUTIL - ok
18:32:40.0283 3204 [ AD7231A60287E71E6D754264D55F3386 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
18:32:40.0299 3204 SbieDrv - ok
18:32:40.0314 3204 [ A9E1788755F2E37E5FC37A8D56845C92 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
18:32:40.0330 3204 SbieSvc - ok
18:32:40.0346 3204 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:32:40.0361 3204 sbp2port - ok
18:32:40.0392 3204 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:32:40.0439 3204 SCardSvr - ok
18:32:40.0470 3204 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:32:40.0502 3204 scfilter - ok
18:32:40.0564 3204 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:32:40.0611 3204 Schedule - ok
18:32:40.0642 3204 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:32:40.0673 3204 SCPolicySvc - ok
18:32:40.0689 3204 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:32:40.0704 3204 SDRSVC - ok
18:32:40.0720 3204 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:32:40.0751 3204 secdrv - ok
18:32:40.0767 3204 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:32:40.0798 3204 seclogon - ok
18:32:40.0814 3204 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
18:32:40.0845 3204 SENS - ok
18:32:40.0845 3204 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:32:40.0860 3204 SensrSvc - ok
18:32:40.0860 3204 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:32:40.0876 3204 Serenum - ok
18:32:40.0892 3204 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:32:40.0892 3204 Serial - ok
18:32:40.0907 3204 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:32:40.0923 3204 sermouse - ok
18:32:40.0938 3204 [ 2E70B053A90C040F8BFC28E75C0E4153 ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
18:32:40.0954 3204 ServiceProviderRegistry - ok
18:32:40.0970 3204 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:32:41.0001 3204 SessionEnv - ok
18:32:41.0032 3204 [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:32:41.0048 3204 sffdisk - ok
18:32:41.0063 3204 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:32:41.0063 3204 sffp_mmc - ok
18:32:41.0079 3204 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:32:41.0094 3204 sffp_sd - ok
18:32:41.0110 3204 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:32:41.0110 3204 sfloppy - ok
18:32:41.0141 3204 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:32:41.0172 3204 SharedAccess - ok
18:32:41.0188 3204 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:32:41.0219 3204 ShellHWDetection - ok
18:32:41.0235 3204 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:32:41.0250 3204 SiSRaid2 - ok
18:32:41.0266 3204 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:32:41.0266 3204 SiSRaid4 - ok
18:32:41.0282 3204 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:32:41.0313 3204 Smb - ok
18:32:41.0328 3204 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:32:41.0344 3204 SNMPTRAP - ok
18:32:41.0344 3204 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:32:41.0360 3204 spldr - ok
18:32:41.0391 3204 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
18:32:41.0422 3204 Spooler - ok
18:32:41.0484 3204 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:32:41.0547 3204 sppsvc - ok
18:32:41.0562 3204 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:32:41.0594 3204 sppuinotify - ok
18:32:41.0594 3204 [ D319A833EC173AD83C67885B3ED6C71C ] SqmProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:41.0609 3204 SqmProviderSvc - ok
18:32:41.0625 3204 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:32:41.0640 3204 srv - ok
18:32:41.0672 3204 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:32:41.0672 3204 srv2 - ok
18:32:41.0703 3204 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:32:41.0703 3204 srvnet - ok
18:32:41.0734 3204 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:32:41.0765 3204 SSDPSRV - ok
18:32:41.0781 3204 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:32:41.0812 3204 SstpSvc - ok
18:32:41.0843 3204 [ A9D26626BEADF5A0641BF6B5095EF309 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:32:41.0890 3204 Stereo Service - ok
18:32:41.0906 3204 [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:32:41.0921 3204 stexstor - ok
18:32:41.0952 3204 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:32:41.0984 3204 stisvc - ok
18:32:42.0015 3204 [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:32:42.0030 3204 storflt - ok
18:32:42.0046 3204 [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
18:32:42.0062 3204 StorSvc - ok
18:32:42.0077 3204 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:32:42.0077 3204 storvsc - ok
18:32:42.0093 3204 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:32:42.0093 3204 swenum - ok
18:32:42.0108 3204 [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:32:42.0140 3204 swprv - ok
18:32:42.0171 3204 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:32:42.0218 3204 SysMain - ok
18:32:42.0218 3204 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:32:42.0249 3204 TabletInputService - ok
18:32:42.0249 3204 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:32:42.0296 3204 TapiSrv - ok
18:32:42.0296 3204 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:32:42.0327 3204 TBS - ok
18:32:42.0389 3204 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:32:42.0436 3204 Tcpip - ok
18:32:42.0452 3204 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:32:42.0483 3204 TCPIP6 - ok
18:32:42.0514 3204 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:32:42.0545 3204 tcpipreg - ok
18:32:42.0545 3204 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:32:42.0561 3204 TDPIPE - ok
18:32:42.0576 3204 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:32:42.0592 3204 TDTCP - ok
18:32:42.0608 3204 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:32:42.0623 3204 tdx - ok
18:32:42.0717 3204 [ 2B29FD3AF7B4FEB272CD1F6EEC8FE4BA ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
18:32:42.0795 3204 TeamViewer9 - ok
18:32:42.0795 3204 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:32:42.0810 3204 TermDD - ok
18:32:42.0826 3204 [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:32:42.0857 3204 TermService - ok
18:32:42.0857 3204 [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:32:42.0888 3204 Themes - ok
18:32:42.0888 3204 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:32:42.0920 3204 THREADORDER - ok
18:32:42.0935 3204 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:32:42.0966 3204 TrkWks - ok
18:32:43.0013 3204 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:32:43.0060 3204 TrustedInstaller - ok
18:32:43.0091 3204 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:32:43.0091 3204 tssecsrv - ok
18:32:43.0107 3204 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:32:43.0122 3204 TsUsbFlt - ok
18:32:43.0138 3204 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:32:43.0169 3204 tunnel - ok
18:32:43.0185 3204 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:32:43.0200 3204 uagp35 - ok
18:32:43.0216 3204 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:32:43.0247 3204 udfs - ok
18:32:43.0278 3204 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:32:43.0294 3204 UI0Detect - ok
18:32:43.0294 3204 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:32:43.0310 3204 uliagpkx - ok
18:32:43.0325 3204 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:32:43.0341 3204 umbus - ok
18:32:43.0356 3204 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:32:43.0372 3204 UmPass - ok
18:32:43.0372 3204 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
18:32:43.0388 3204 UmRdpService - ok
18:32:43.0403 3204 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:32:43.0434 3204 upnphost - ok
18:32:43.0450 3204 [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:32:43.0466 3204 usbccgp - ok
18:32:43.0481 3204 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:32:43.0497 3204 usbcir - ok
18:32:43.0512 3204 [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:32:43.0528 3204 usbehci - ok
18:32:43.0544 3204 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
18:32:43.0559 3204 usbfilter - ok
18:32:43.0559 3204 [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:32:43.0575 3204 usbhub - ok
18:32:43.0590 3204 [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:32:43.0606 3204 usbohci - ok
18:32:43.0606 3204 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:32:43.0622 3204 usbprint - ok
18:32:43.0637 3204 [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:32:43.0653 3204 usbscan - ok
18:32:43.0668 3204 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:32:43.0684 3204 USBSTOR - ok
18:32:43.0700 3204 [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:32:43.0700 3204 usbuhci - ok
18:32:43.0715 3204 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:32:43.0746 3204 UxSms - ok
18:32:43.0746 3204 [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
18:32:43.0762 3204 VaultSvc - ok
18:32:43.0778 3204 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:32:43.0778 3204 vdrvroot - ok
18:32:43.0809 3204 [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:32:43.0840 3204 vds - ok
18:32:43.0840 3204 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:32:43.0856 3204 vga - ok
18:32:43.0871 3204 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:32:43.0902 3204 VgaSave - ok
18:32:43.0902 3204 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:32:43.0918 3204 vhdmp - ok
18:32:43.0949 3204 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:32:43.0965 3204 viaide - ok
18:32:43.0980 3204 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:32:43.0996 3204 vmbus - ok
18:32:44.0012 3204 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:32:44.0027 3204 VMBusHID - ok
18:32:44.0027 3204 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:32:44.0043 3204 volmgr - ok
18:32:44.0074 3204 [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:32:44.0090 3204 volmgrx - ok
18:32:44.0105 3204 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:32:44.0121 3204 volsnap - ok
18:32:44.0152 3204 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:32:44.0152 3204 vsmraid - ok
18:32:44.0199 3204 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:32:44.0230 3204 VSS - ok
18:32:44.0246 3204 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:32:44.0261 3204 vwifibus - ok
18:32:44.0277 3204 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:32:44.0308 3204 W32Time - ok
18:32:44.0324 3204 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:32:44.0339 3204 WacomPen - ok
18:32:44.0355 3204 [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:32:44.0370 3204 WANARP - ok
18:32:44.0386 3204 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:32:44.0402 3204 Wanarpv6 - ok
18:32:44.0448 3204 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:32:44.0495 3204 WatAdminSvc - ok
18:32:44.0526 3204 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:32:44.0558 3204 wbengine - ok
18:32:44.0573 3204 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:32:44.0589 3204 WbioSrvc - ok
18:32:44.0620 3204 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:32:44.0636 3204 wcncsvc - ok
18:32:44.0651 3204 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:32:44.0667 3204 WcsPlugInService - ok
18:32:44.0667 3204 [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:32:44.0682 3204 Wd - ok
18:32:44.0714 3204 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:32:44.0729 3204 Wdf01000 - ok
18:32:44.0745 3204 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:32:44.0760 3204 WdiServiceHost - ok
18:32:44.0760 3204 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:32:44.0776 3204 WdiSystemHost - ok
18:32:44.0807 3204 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:32:44.0823 3204 WebClient - ok
18:32:44.0838 3204 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:32:44.0870 3204 Wecsvc - ok
18:32:44.0885 3204 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:32:44.0916 3204 wercplsupport - ok
18:32:44.0916 3204 [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:32:44.0948 3204 WerSvc - ok
18:32:44.0963 3204 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:32:44.0979 3204 WfpLwf - ok
18:32:45.0010 3204 [ 090A1AB6E47626592B78AFDF7DCFBC9F ] WhsMcClient     C:\Program Files\Windows Server\Bin\WhsMcClient.exe
18:32:45.0010 3204 WhsMcClient - ok
18:32:45.0026 3204 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:32:45.0041 3204 WIMMount - ok
18:32:45.0057 3204 WinDefend - ok
18:32:45.0072 3204 WinHttpAutoProxySvc - ok
18:32:45.0119 3204 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:32:45.0166 3204 Winmgmt - ok
18:32:45.0197 3204 [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:32:45.0244 3204 WinRM - ok
18:32:45.0291 3204 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:32:45.0306 3204 Wlansvc - ok
18:32:45.0322 3204 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:32:45.0338 3204 WmiAcpi - ok
18:32:45.0353 3204 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:32:45.0353 3204 wmiApSrv - ok
18:32:45.0369 3204 WMPNetworkSvc - ok
18:32:45.0384 3204 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:32:45.0400 3204 WPCSvc - ok
18:32:45.0416 3204 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:32:45.0431 3204 WPDBusEnum - ok
18:32:45.0462 3204 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:32:45.0509 3204 ws2ifsl - ok
18:32:45.0525 3204 [ AAA0F5CDE4D5C357A65E14DF793FDA81 ] WSConnectorUpdate C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
18:32:45.0540 3204 WSConnectorUpdate - ok
18:32:45.0540 3204 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
18:32:45.0572 3204 wscsvc - ok
18:32:45.0587 3204 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:32:45.0603 3204 WSDPrintDevice - ok
18:32:45.0603 3204 WSearch - ok
18:32:45.0618 3204 [ D319A833EC173AD83C67885B3ED6C71C ] WSS_ComputerBackupProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
18:32:45.0618 3204 WSS_ComputerBackupProviderSvc - ok
18:32:45.0650 3204 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:32:45.0696 3204 wuauserv - ok
18:32:45.0728 3204 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:32:45.0759 3204 WudfPf - ok
18:32:45.0759 3204 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:32:45.0790 3204 WUDFRd - ok
18:32:45.0821 3204 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:32:45.0852 3204 wudfsvc - ok
18:32:45.0852 3204 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:32:45.0868 3204 WwanSvc - ok
18:32:45.0884 3204 ================ Scan global ===============================
18:32:45.0899 3204 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:32:45.0930 3204 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
18:32:45.0962 3204 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
18:32:45.0993 3204 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:32:46.0024 3204 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:32:46.0024 3204 [Global] - ok
18:32:46.0024 3204 ================ Scan MBR ==================================
18:32:46.0024 3204 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:32:46.0211 3204 \Device\Harddisk1\DR1 - ok
18:32:46.0242 3204 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
18:32:46.0305 3204 \Device\Harddisk2\DR2 - ok
18:32:46.0320 3204 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
18:32:46.0976 3204 \Device\Harddisk3\DR3 - ok
18:32:47.0475 3204 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:32:47.0771 3204 \Device\Harddisk0\DR0 - ok
18:32:47.0771 3204 ================ Scan VBR ==================================
18:32:47.0787 3204 [ 1B2E109955F0A21A7AC826ED4805891F ] \Device\Harddisk1\DR1\Partition1
18:32:47.0787 3204 \Device\Harddisk1\DR1\Partition1 - ok
18:32:47.0787 3204 [ DD11F9A117EF0A3E60C8AB23A3F856A9 ] \Device\Harddisk1\DR1\Partition2
18:32:47.0787 3204 \Device\Harddisk1\DR1\Partition2 - ok
18:32:47.0802 3204 [ 0781ED599AA5DE17E7912B63E9D5508A ] \Device\Harddisk2\DR2\Partition1
18:32:47.0802 3204 \Device\Harddisk2\DR2\Partition1 - ok
18:32:47.0802 3204 [ AE5A6D5093033813582FDB5763FCDD90 ] \Device\Harddisk3\DR3\Partition1
18:32:47.0802 3204 \Device\Harddisk3\DR3\Partition1 - ok
18:32:47.0802 3204 [ 331B5935D6F88C03A70B7D797CFF01FE ] \Device\Harddisk0\DR0\Partition1
18:32:47.0818 3204 \Device\Harddisk0\DR0\Partition1 - ok
18:32:47.0818 3204 ============================================================
18:32:47.0818 3204 Scan finished
18:32:47.0818 3204 ============================================================
18:32:47.0818 3648 Detected object count: 4
18:32:47.0818 3648 Actual detected object count: 4
18:32:58.0613 3648 CFRMD ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:58.0613 3648 CFRMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:58.0613 3648 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:58.0613 3648 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:58.0629 3648 LicCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:58.0629 3648 LicCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:32:58.0629 3648 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:32:58.0629 3648 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:33:00.0579 1216 Deinitialize success

#55
RKinner

Posted 17 April 2014 - 06:04 PM

Malware Expert

Expert
24,624 posts

Can you submit the following files to virustotal?

c:\windows\system32\DRIVERS\CFRMD.sys or c:\windows\SYSNATIVE\DRIVERS\CFRMD.sys
c:\windows\system32\Drivers\cypxdv10.sys or c:\windows\SYSNATIVE\Drivers\cypxdv10.sys

Easiest way to submit a file is to copy the path:

c:\windows\system32\DRIVERS\CFRMD.sys

Then
Go to virustotal.com with your browser. Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear. Hit Open and it should return to the main page with spoolsv.exe chosen. Click on Scan it. If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis. In that case click on View Last Analysis. If it doesn't know the file it will take a minute to query 46 different anti-virus companies. In either case, If the Detection ratio: is not 0 / 46 (or so the last number changes) then copy the Analysis page and paste it into the forum. You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.

I gave you both paths since I'm not sure which will work.

How is this one working now? There is still a Comodo driver or service per ComboFix:

S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]

We can let ComboFix remove it but I want to wait until I hear about the other two files in case we need to remove them too.

#56
majorlag

Posted 17 April 2014 - 06:48 PM

Member

Topic Starter
Member
70 posts

OK, no hits on the CFRMD file, and couldn't get the other one to upload--virustotal was giving connection errors or going to a blank screen.

Machine 1 seems to be running OK. I haven't tried reconnecting it to the network yet, still a little leery of that at this point.

#57
majorlag

Posted 17 April 2014 - 07:29 PM

Member

Topic Starter
Member
70 posts

Machine 3

OTL logs.

OTL logfile created on: 4/17/2014 8:53:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Windows Home Server 2011 Service Pack 1 (Version = 6.1.7601) - Type = NTServer
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 72.21% Memory free
7.93 Gb Paging File | 6.32 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 35.22 Gb Free Space | 58.70% Space Free | Partition Type: NTFS
Drive D: | 237.99 Gb Total Space | 168.34 Gb Free Space | 70.73% Space Free | Partition Type: NTFS
Drive E: | 1.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 298.09 Gb Total Space | 168.34 Gb Free Space | 56.47% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1175.94 Gb Free Space | 63.12% Space Free | Partition Type: NTFS
Drive H: | 536.08 Gb Total Space | 336.69 Gb Free Space | 62.81% Space Free | Partition Type: NTFS

Computer Name: OVERLORD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/06 18:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/05/08 15:17:54 | 001,954,544 | ---- | M] () -- C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe
PRC - [2013/05/08 15:17:48 | 000,082,144 | ---- | M] () -- C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
PRC - [2005/08/26 15:55:58 | 000,049,250 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.5.0_05\bin\javaw.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 18:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/10/03 16:08:56 | 001,642,496 | ---- | M] () [Auto | Running] -- C:\Program Files\StableBit\DrivePool\DrivePool.Service.exe -- (DrivePoolService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/03 00:07:26 | 000,041,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV:64bit: - [2012/11/03 00:07:22 | 000,882,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WSSBackup.exe -- (WSS_ComputerBackupSvc)
SRV:64bit: - [2012/11/03 00:07:21 | 000,076,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\MediaStreamingProvider.exe -- (whsmss)
SRV:64bit: - [2011/03/02 21:58:54 | 000,306,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\aaedge.dll -- (TSGateway)
SRV:64bit: - [2011/03/02 21:58:46 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RpcProxy\LBService.dll -- (RPCHTTPLBS)
SRV:64bit: - [2011/03/02 21:58:37 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2011/03/02 21:20:43 | 000,040,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SettingsProvider.exe -- (SettingsProvider)
SRV:64bit: - [2011/03/02 21:20:37 | 000,813,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\storageservice.exe -- (storageservice)
SRV:64bit: - [2011/03/02 21:20:33 | 000,025,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\UPnPDevice.exe -- (WSSUPnPDevice)
SRV:64bit: - [2009/07/13 21:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:64bit: - [2009/07/13 21:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV:64bit: - [2009/07/13 21:38:58 | 000,746,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\certsrv.exe -- (CertSvc)
SRV:64bit: - [2005/10/05 18:20:00 | 000,148,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Silicon Image\3114-W-A64-R SATARAID5\SATARaid5ConfigService.exe -- (SATARaid5 Config Service)
SRV - [2013/11/09 03:02:49 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/08 15:17:48 | 000,082,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HDD Regenerator\hrsrv.exe -- (hddrsrv)
SRV - [2011/03/02 21:59:01 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2011/03/02 21:59:01 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2011/03/02 21:59:01 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/28 15:50:14 | 000,345,680 | ---- | M] (Covecube Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\covefs.sys -- (CoveFS)
DRV:64bit: - [2013/09/25 11:53:18 | 000,053,328 | ---- | M] (Covecube Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covefs_disk.sys -- (CoveFSDisk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 21:58:36 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2011/03/02 21:57:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2011/03/02 21:57:39 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2011/03/02 21:57:39 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/11/24 13:47:16 | 000,329,256 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Si3114r5.sys -- (Si3114r5)
DRV:64bit: - [2006/10/18 14:20:00 | 000,010,240 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2004/11/01 11:23:00 | 000,015,872 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2013/07/04 05:48:52 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/HardAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/10/23 23:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/10/23 23:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\inf89x27.default\extensions
[2013/11/09 03:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/09 03:02:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/04/06 03:35:18 | 000,000,879 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.0.104 HUTSELL1-7 #Windows Server Added Entry#
O4:64bit: - HKLM..\Run: [StableBit DrivePool Notifications] C:\Program Files\StableBit\DrivePool\DrivePool.Notifications.exe (Covecube Inc.)
O4 - HKLM..\Run: [HDD Regenerator] C:\Program Files (x86)\HDD Regenerator\Shell.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/17 20:53:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2014/04/17 20:50:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/17 20:49:16 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 20:49:16 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/17 20:48:17 | 000,897,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/17 20:48:17 | 000,744,948 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/17 20:48:17 | 000,151,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/06 18:42:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/04/06 06:00:09 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\ShadowCopyVolume{0c3af03b-620f-4d0b-b0fa-78bbd74bb8f7}.job
[2014/04/06 06:00:04 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\ShadowCopyVolume{e9b9e349-3ba2-11e3-a0dc-806e6f6e6963}.job
[2014/04/06 06:00:02 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\ShadowCopyVolume{e9b9e348-3ba2-11e3-a0dc-806e6f6e6963}.job
[2014/04/06 03:35:18 | 000,000,879 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2014/04/06 03:35:18 | 000,000,879 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

========== Files Created - No Company Name ==========

========== ZeroAccess Check ==========

[2009/07/14 00:58:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/03/02 21:58:24 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B755D674

< End of report >

OTL Extras logfile created on: 4/17/2014 8:53:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Windows Home Server 2011 Service Pack 1 (Version = 6.1.7601) - Type = NTServer
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 72.21% Memory free
7.93 Gb Paging File | 6.32 Gb Available in Paging File | 79.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 35.22 Gb Free Space | 58.70% Space Free | Partition Type: NTFS
Drive D: | 237.99 Gb Total Space | 168.34 Gb Free Space | 70.73% Space Free | Partition Type: NTFS
Drive E: | 1.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 298.09 Gb Total Space | 168.34 Gb Free Space | 56.47% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1175.94 Gb Free Space | 63.12% Space Free | Partition Type: NTFS
Drive H: | 536.08 Gb Total Space | 336.69 Gb Free Space | 62.81% Space Free | Partition Type: NTFS

Computer Name: OVERLORD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F61B0E3-8B05-4C72-85BC-4550CC86FEF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{13302CF3-2DF4-4BF4-99C4-677785747430}" = lport=139 | protocol=6 | dir=in | app=system |
"{14B4C835-BDC8-4B31-BF44-DDBF7F73671A}" = rport=139 | protocol=6 | dir=out | app=system |
"{1A14FA7A-8824-4AEA-A589-5944882B530D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{224B178E-E020-433B-B63E-B6AD99C6AF4E}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F062182-A1C6-41B0-839B-36E82E3DF01B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{31D937A6-14AA-4433-9670-429D5EF5FDCA}" = lport=6602 | protocol=6 | dir=in | svc=nettcpportsharing | name=windows server provider framework |
"{34AC7461-CAC2-493E-892A-DF6C433A79AB}" = rport=139 | protocol=6 | dir=out | app=system |
"{3655EEF7-BF20-4FFA-B617-4CF1E6C401B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CD63121-F4EF-44B5-83E5-C778CD41825F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E8EEB58-5A13-4879-81AF-0221B6E11B29}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EF0BD50-679D-40A5-8990-25053289D96F}" = lport=138 | protocol=17 | dir=in | app=system |
"{402AB419-988F-4246-A952-A6C3DEB0C0CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C42938A-E658-4501-A5E7-CD1897605511}" = lport=445 | protocol=6 | dir=in | app=system |
"{4FB87C11-9A04-4477-A429-6F74A9176359}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{60C3312B-3B5C-4A8E-872F-AD78BDD92F5C}" = lport=138 | protocol=17 | dir=in | app=system |
"{6530A181-BA55-4B6C-98BA-659B4EF5658E}" = lport=139 | protocol=6 | dir=in | app=system |
"{68B221FC-227A-4C46-92CD-F19E74F50C33}" = rport=138 | protocol=17 | dir=out | app=system |
"{70E86535-7D75-468B-9561-B2A23BF7CC28}" = lport=65500 | protocol=6 | dir=in | app=system |
"{744FCF97-436B-4626-95BC-6FBE10D87E5B}" = lport=137 | protocol=17 | dir=in | app=system |
"{81AB473B-2125-4E52-B3F5-075F861C752A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84282A0B-5827-4853-A310-1F5C9919C99A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{859533A6-0DC0-4123-9034-BF3EA7F48957}" = rport=137 | protocol=17 | dir=out | app=system |
"{97288EAE-F7E9-490C-80C2-1660C1880797}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9868381F-5935-4485-8D9F-1ADF8E33F32E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9BBD3C14-C42B-45C0-B7D2-D5B06EE1664C}" = lport=8912 | protocol=17 | dir=in | svc=networkinghelpersvc | name=windows server discovery |
"{A0333AAD-5A92-4091-BA22-49259FDEB8AB}" = lport=8912 | protocol=6 | dir=in | svc=wss_computerbackupsvc | name=windows server client computer backup |
"{A0D5FB94-8020-4723-97BA-7E972A9468DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5BD8DD7-37FE-4C83-A8A0-D6B44C522E5F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B659FEDA-E62F-489D-AA0E-7145B5ED2DF8}" = lport=137 | protocol=17 | dir=in | app=system |
"{B94DD539-1F41-4C0B-8BBF-839F965AA61F}" = lport=65520 | protocol=6 | dir=in | name=windows server mac web service |
"{C2A69A25-C0AB-46A2-9D39-7A755CA54B46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C33E7354-05C5-4104-8B1D-2CD065BB7E1A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5292BAF-FC37-408F-8C4E-D469BA7FEF0C}" = rport=445 | protocol=6 | dir=out | app=system |
"{D30F14A8-D1D2-482C-87E2-4D7A3C8B2138}" = lport=65510 | protocol=6 | dir=in | app=system |
"{D6DFE692-4557-4392-9960-2C66C3039B48}" = lport=445 | protocol=6 | dir=in | app=system |
"{DC7192C3-5062-41A8-AB4C-773AD579C758}" = rport=137 | protocol=17 | dir=out | app=system |
"{E51AAA52-E186-4097-939B-22330548A418}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCA3C7CB-6AB9-47E8-AEAA-D919DD3AB349}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FFB076B2-9BC5-43D6-91DB-EBD26D1B58AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19501926-477F-4D85-B820-8E779976B44E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32EC6AD7-5D73-49EF-B4EF-AC2FAA5EF856}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A29E392-BEAC-47AC-B18A-C3F0AD95E216}" = protocol=1 | dir=out | [email protected],-28544 |
"{478BA98C-8609-415A-8760-280FD1F93C71}" = protocol=6 | dir=out | app=system |
"{4AAED548-CB3C-4DD3-8E3C-CC4FAE3AE46A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4E26A691-9B97-4074-975F-542E3ED78941}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59B53EEA-A523-499A-82D1-C17690E8D223}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F544C2D-9693-4331-AB5B-5EBDB01285D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6F8BCAE8-1875-4C93-A2E5-BAB64599EBAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C499F1B-413A-40C0-9C17-310295A4ECC8}" = protocol=58 | dir=out | [email protected],-28546 |
"{876A737F-D280-4D5B-A753-4808CA3BC083}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8EC5B382-42F1-4379-AFED-A5C5F465F62C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9EFCD6D4-FE0D-4855-B105-3360F057BB15}" = protocol=6 | dir=in | app=c:\program files\stablebit\drivepool\drivepool.service.exe |
"{B1E33885-EFC5-408F-B36D-51F54B997FE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7171C77-084D-4857-B832-2B8354000523}" = protocol=58 | dir=out | [email protected],-28546 |
"{B84AC40F-F795-41B8-A356-47737B93C45A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA76A12C-352B-47B0-AA64-60386EB6BDA9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF341254-510F-4C89-BC6E-924C20C46A11}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DC6387AA-1DC2-45D8-B445-4124C3C2F435}" = protocol=17 | dir=in | app=c:\program files\stablebit\drivepool\drivepool.service.exe |
"{DC926794-4872-4053-B1C4-E5F6E589F244}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F19EAEB9-772C-46D3-A64F-446F6ED37F62}" = protocol=1 | dir=out | [email protected],-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{43053F4F-87D0-4459-A600-03896AC6F486}" = StableBit DrivePool (64 bit)
"{6E955221-1239-4B69-A955-9EA75F6B920C}" = 3114-W-A64-R SATARAID5
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{60e187bc-dad2-415f-a8b2-d415a3fcb248}" = StableBit DrivePool (64 bit)
"{CC5DA723-D428-40D1-B82B-21EB64B1273C}" = HDD Regenerator
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2014 7:00:31 AM | Computer Name = OVERLORD | Source = VSS | ID = 12289
Description =

Error - 2/4/2014 7:00:31 AM | Computer Name = OVERLORD | Source = VSS | ID = 7001
Description =

Error - 2/4/2014 2:00:34 PM | Computer Name = OVERLORD | Source = VSS | ID = 12289
Description =

Error - 2/4/2014 2:00:34 PM | Computer Name = OVERLORD | Source = VSS | ID = 7001
Description =

Error - 2/4/2014 8:49:30 PM | Computer Name = OVERLORD | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2/5/2014 7:05:56 AM | Computer Name = OVERLORD | Source = VSS | ID = 12289
Description =

Error - 2/5/2014 7:05:56 AM | Computer Name = OVERLORD | Source = VSS | ID = 7001
Description =

Error - 2/5/2014 2:00:36 PM | Computer Name = OVERLORD | Source = VSS | ID = 12289
Description =

Error - 2/5/2014 2:00:36 PM | Computer Name = OVERLORD | Source = VSS | ID = 7001
Description =

Error - 2/5/2014 3:56:13 PM | Computer Name = OVERLORD | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 3/30/2014 1:00:19 PM | Computer Name = OVERLORD | Source = volsnap | ID = 393218
Description = The shadow copy of volume H: could not be created because volume H:,
which is specified as the location for shadow copy storage, is not an NTFS volume
or an error was encountered while trying to determine the file system type of this
volume.

Error - 3/31/2014 6:00:13 AM | Computer Name = OVERLORD | Source = volsnap | ID = 393218
Description = The shadow copy of volume H: could not be created because volume H:,
which is specified as the location for shadow copy storage, is not an NTFS volume
or an error was encountered while trying to determine the file system type of this
volume.

Error - 3/31/2014 1:00:26 PM | Computer Name = OVERLORD | Source = volsnap | ID = 393218
Description = The shadow copy of volume H: could not be created because volume H:,
which is specified as the location for shadow copy storage, is not an NTFS volume
or an error was encountered while trying to determine the file system type of this
volume.

Error - 4/1/2014 1:04:17 AM | Computer Name = OVERLORD | Source = volsnap | ID = 393241
Description = The shadow copies of volume G: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 4/1/2014 6:00:19 AM | Computer Name = OVERLORD | Source = volsnap | ID = 393218
Description = The shadow copy of volume H: could not be created because volume H:,
which is specified as the location for shadow copy storage, is not an NTFS volume
or an error was encountered while trying to determine the file system type of this
volume.

Error - 4/1/2014 1:00:17 PM | Computer Name = OVERLORD | Source = volsnap | ID = 393218
Description = The shadow copy of volume H: could not be created because volume H:,
which is specified as the location for shadow copy storage, is not an NTFS volume
or an error was encountered while trying to determine the file system type of this
volume.

Error - 4/2/2014 6:00:16 AM | Computer Name = OVERLORD | Source = volsnap | ID = 393218
Description = The shadow copy of volume H: could not be created because volume H:,
which is specified as the location for shadow copy storage, is not an NTFS volume
or an error was encountered while trying to determine the file system type of this
volume.

Error - 4/2/2014 1:00:16 PM | Computer Name = OVERLORD | Source = volsnap | ID = 393218
Description = The shadow copy of volume H: could not be created because volume H:,
which is specified as the location for shadow copy storage, is not an NTFS volume
or an error was encountered while trying to determine the file system type of this
volume.

Error - 4/3/2014 6:00:42 AM | Computer Name = OVERLORD | Source = volsnap | ID = 393218
Description = The shadow copy of volume H: could not be created because volume H:,
which is specified as the location for shadow copy storage, is not an NTFS volume
or an error was encountered while trying to determine the file system type of this
volume.

Error - 4/3/2014 1:00:19 PM | Computer Name = OVERLORD | Source = volsnap | ID = 393218
Description = The shadow copy of volume H: could not be created because volume H:,
which is specified as the location for shadow copy storage, is not an NTFS volume
or an error was encountered while trying to determine the file system type of this
volume.

[ WSSG Events ]
Error - 11/12/2013 1:42:05 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370189
Description = The Windows Server Client Computer Backup Service received an abort
process message from HUTSELL1-7. Reason: 7.

Error - 11/12/2013 1:42:05 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370182
Description = Backup of HUTSELL1-7 D:\ did not succeed.

Error - 11/13/2013 1:40:43 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370189
Description = The Windows Server Client Computer Backup Service received an abort
process message from HUTSELL1-7. Reason: 7.

Error - 11/13/2013 1:40:43 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370182
Description = Backup of HUTSELL1-7 D:\ did not succeed.

Error - 11/13/2013 2:15:08 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370189
Description = The Windows Server Client Computer Backup Service received an abort
process message from HUTSELL1-7. Reason: 7.

Error - 11/13/2013 2:15:08 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370182
Description = Backup of HUTSELL1-7 D:\ did not succeed.

Error - 11/14/2013 1:46:02 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370189
Description = The Windows Server Client Computer Backup Service received an abort
process message from HUTSELL1-7. Reason: 3.

Error - 11/16/2013 2:44:08 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370189
Description = The Windows Server Client Computer Backup Service received an abort
process message from HUTSELL1-7. Reason: 7.

Error - 11/16/2013 2:44:08 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370182
Description = Backup of HUTSELL1-7 D:\ did not succeed.

Error - 2/14/2014 1:50:16 AM | Computer Name = OVERLORD | Source = Windows Server | ID = 268370182
Description = Backup of HUTSELL1-7 D:\ did not succeed.

< End of report >

#58
RKinner

Posted 17 April 2014 - 07:36 PM

Malware Expert

Expert
24,624 posts

You might want to do a disk check on H: I am seeing errors that say it is not happy.

Otherwise I don't see anything. You might run aswmbr, combofix and TDSSKiller like we did for the other one but I expect it's clean.

#59
majorlag

Posted 18 April 2014 - 07:08 PM

Member

Topic Starter
Member
70 posts

Machine 3

I suspect you're correct about this one and the overall cause of the troubles. Ran aswmbr, log below. ComboFix wouldn't run on the WHS2011 OS, TDSSKiller got no hits except in the paranoid mode, and nothing identified as TDSS.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-18 19:09:45
-----------------------------
19:09:45.084    OS Version: Windows x64 6.1.7601 Service Pack 1
19:09:45.084    Number of processors: 2 586 0x4303
19:09:45.084    ComputerName: OVERLORD UserName:
19:09:45.506    Initialize success
19:29:16.733    AVAST engine defs: 14041802
19:37:40.173    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
19:37:40.173    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
19:37:40.189    Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\Si3114r51Port4Path0Target0Lun0
19:37:40.189    Disk 1 Vendor:   Size: 305245MB BusType: 0
19:37:40.204    Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\Si3114r51Port4Path1Target0Lun0
19:37:40.204    Disk 2 Vendor:   Size: 305245MB BusType: 0
19:37:40.220    Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\Si3114r51Port4Path3Target0Lun0
19:37:40.220    Disk 3 Vendor:   Size: 305245MB BusType: 0
19:37:40.236    Disk 4 \Device\Harddisk4\DR4 -> \Device\0000005a
19:37:40.251    Disk 4 Vendor: ( Size: 2097152MB BusType: 10
19:37:40.361    Disk 0 MBR read successfully
19:37:40.376    Disk 0 MBR scan
19:37:40.392    Disk 0 Windows 7 default MBR code
19:37:40.407    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:37:40.439    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        61440 MB offset 206848
19:37:40.470    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       243703 MB offset 126035968
19:37:40.517    Disk 0 scanning C:\Windows\system32\drivers
19:37:49.439    Service scanning
19:38:13.611    Modules scanning
19:38:14.158    AVAST engine scan C:\Windows
19:38:16.001    AVAST engine scan C:\Windows\system32
19:41:26.784    AVAST engine scan C:\Windows\system32\drivers
19:41:35.643    AVAST engine scan C:\Users\Administrator
19:42:02.315    AVAST engine scan C:\ProgramData
19:42:13.815    Scan finished successfully
19:44:21.769    Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
19:44:21.785    The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#60
majorlag

Posted 18 April 2014 - 07:16 PM

Member

Topic Starter
Member
70 posts

RKinner,

Thank you so much for all your help and your time. I really appreciate your assistance in guiding me through the process, and for convincing me the machines are probably clean.

I believe the only unaddressed issue is the "junk" left over from Comodo on Machine 2, although that may not be an issue.

Thanks again for your help!

majorlag

PS Please PM me with your PP info, as I'd like to show a small token of my appreciation, if I may.