Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with viruses that won't shift


  • This topic is locked This topic is locked
11 replies to this topic

#1 kickerconspiracy

kickerconspiracy

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 02 July 2012 - 01:05 PM

Hi.

MSE and Malwarebytes keep telling me I'm infected with VirTool:Win32/DelfInject.gen!BI and Worm:Win32/Ructo.p

Both programs have said that they're removed, but they pop up again after subsequent scans.

Please help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 PM

Posted 02 July 2012 - 03:08 PM

Hello kicker....

Let's try removing from Safe mode..And rerun MBAM ,MSE and ESET below. Let me know how it is after.


Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

<<><<><><><><><><><><><><><><><><><><><><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 02 July 2012 - 06:39 PM

Thanks for the response.

As directed I ran Malwarebytes and Microsoft Security Essentials which both came back clean. I then ran ESET which found 3 threats. I'll post the log below.


C:\ProgramData\K0ReX1H8.lnk a variant of Win32/Injector.SQE trojan cleaned by deleting - quarantined
C:\ProgramData\nbmAX8mjeiLx.cpl Win32/TrojanDownloader.Banload.RDL trojan cleaned by deleting - quarantined
C:\ProgramData\X2OUf5vsA6x.cpl a variant of Win32/TrojanDownloader.Banload.REO trojan cleaned by deleting - quarantined

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 PM

Posted 02 July 2012 - 08:33 PM

Hello ,these look to be the culprits. Injector are malware that has been obfuscated in order to hinder detection and/or removal. The loader is written in Delphi and the malicious code is stored encrypted.

A trojan downloader. A downloader trojan accesses remote websites in an attempt to download and install malicious or potentially unwanted software. Some downloader trojans target specific files on remote websites while others may target a specific URL that points to a website containing exploit code.
With this possibility lets check for exploitable apps.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.




Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




Now lets see if they dropped anything uglier.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 03 July 2012 - 04:32 AM

Thanks again for the response.

Results from Minibox:


MiniToolBox by Farbar Version: 25-06-2012
Ran by Scott (administrator) on 03-07-2012 at 10:22:06
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection 2 (Disconnected)
Intel® 82579V Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Scott-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 50-E5-49-4C-A2-70
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
Physical Address. . . . . . . . . : 50-E5-49-4C-A2-72
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::513b:2405:b4f4:c1f6%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 03 July 2012 10:19:23
Lease Expires . . . . . . . . . . : 04 July 2012 10:19:22
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 240182601
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-35-5B-F8-50-E5-49-4C-A2-72
DNS Servers . . . . . . . . . . . : 87.194.255.154
87.194.255.155
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{378F462C-F2A0-46E0-8EFC-3BA8B65198AE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:c2:2eae:a29e:e05b(Preferred)
Link-local IPv6 Address . . . . . : fe80::c2:2eae:a29e:e05b%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{6B3EE679-8E43-4AD7-B3F7-C9FB548D1E49}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dhr91o08xrgul.cloudfront.net
Address: 87.194.255.154

Name: google.com
Addresses: 2a00:1450:4009:808::1007
173.194.41.131
173.194.41.128
173.194.41.132
173.194.41.130
173.194.41.137
173.194.41.136
173.194.41.135
173.194.41.134
173.194.41.129
173.194.41.142
173.194.41.133


Pinging google.com [173.194.41.161] with 32 bytes of data:
Reply from 173.194.41.161: bytes=32 time=21ms TTL=56
Reply from 173.194.41.161: bytes=32 time=20ms TTL=56

Ping statistics for 173.194.41.161:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 21ms, Average = 20ms
Server: dhr91o08xrgul.cloudfront.net
Address: 87.194.255.154

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=204ms TTL=51
Reply from 72.30.38.140: bytes=32 time=176ms TTL=51

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 176ms, Maximum = 204ms, Average = 190ms
Server: dhr91o08xrgul.cloudfront.net
Address: 87.194.255.154

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...50 e5 49 4c a2 70 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
10...50 e5 49 4c a2 72 ......Intel® 82579V Gigabit Network Connection
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 276
192.168.0.5 255.255.255.255 On-link 192.168.0.5 276
192.168.0.255 255.255.255.255 On-link 192.168.0.5 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:5ef5:79fb:c2:2eae:a29e:e05b/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::c2:2eae:a29e:e05b/128
On-link
10 276 fe80::513b:2405:b4f4:c1f6/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/03/2012 00:37:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/02/2012 11:55:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/02/2012 08:18:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: TESV.exe, version: 1.6.89.0, time stamp: 0x4fc520a3
Faulting module name: TESV.exe, version: 1.6.89.0, time stamp: 0x4fc520a3
Exception code: 0x40000015
Fault offset: 0x007d1e44
Faulting process id: 0x1040
Faulting application start time: 0xTESV.exe0
Faulting application path: TESV.exe1
Faulting module path: TESV.exe2
Report Id: TESV.exe3

Error: (07/02/2012 00:20:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: thunderbird.exe, version: 13.0.1.4548, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0003319a
Faulting process id: 0xf5c
Faulting application start time: 0xthunderbird.exe0
Faulting application path: thunderbird.exe1
Faulting module path: thunderbird.exe2
Report Id: thunderbird.exe3

Error: (06/28/2012 11:09:28 AM) (Source: Application Hang) (User: )
Description: The program uTorrent.exe version 3.1.3.27207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1348

Start Time: 01cd5514aacfcd81

Termination Time: 10025

Application Path: C:\Program Files (x86)\uTorrent\uTorrent.exe

Report Id: 51742295-c109-11e1-a1b8-50e5494ca270

Error: (06/27/2012 01:09:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: iecleanup.exe, version: 9.0.8112.16421, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x000419d9
Faulting process id: 0xd28
Faulting application start time: 0xiecleanup.exe0
Faulting application path: iecleanup.exe1
Faulting module path: iecleanup.exe2
Report Id: iecleanup.exe3

Error: (06/27/2012 01:03:47 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/27/2012 01:03:47 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/27/2012 01:03:47 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/27/2012 01:03:47 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/03/2012 10:19:25 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mvs91xx

Error: (07/03/2012 10:18:39 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/03/2012 09:59:18 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mvs91xx

Error: (07/03/2012 00:37:25 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mvs91xx

Error: (07/03/2012 00:36:05 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/03/2012 00:36:05 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/03/2012 00:36:05 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/03/2012 00:33:59 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/03/2012 00:33:59 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/03/2012 00:33:59 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/03/2012 00:37:44 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scott\Desktop\esetsmartinstaller_enu.exe

Error: (07/02/2012 11:55:27 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Scott\Desktop\esetsmartinstaller_enu.exe

Error: (07/02/2012 08:18:07 PM) (Source: Application Error)(User: )
Description: TESV.exe1.6.89.04fc520a3TESV.exe1.6.89.04fc520a340000015007d1e44104001cd588373b4c10aC:\program files (x86)\steam\steamapps\common\skyrim\TESV.exeC:\program files (x86)\steam\steamapps\common\skyrim\TESV.exea6f59e7b-c47a-11e1-85f6-50e5494ca270

Error: (07/02/2012 00:20:27 PM) (Source: Application Error)(User: )
Description: thunderbird.exe13.0.1.45482a425e19ntdll.dll6.1.7601.177254ec49b8fc00000050003319af5c01cd58318fe20f05C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeC:\Windows\SysWOW64\ntdll.dllec30d4b0-c437-11e1-b820-50e5494ca270

Error: (06/28/2012 11:09:28 AM) (Source: Application Hang)(User: )
Description: uTorrent.exe3.1.3.27207134801cd5514aacfcd8110025C:\Program Files (x86)\uTorrent\uTorrent.exe51742295-c109-11e1-a1b8-50e5494ca270

Error: (06/27/2012 01:09:47 PM) (Source: Application Error)(User: )
Description: iecleanup.exe9.0.8112.164212a425e19ntdll.dll6.1.7601.177254ec49b8fc0000005000419d9d2801cd545cf5388ca9C:\Program Files (x86)\Internet Explorer\iecleanup.exeC:\Windows\SysWOW64\ntdll.dllfc7cfec7-c050-11e1-a79c-50e5494ca270

Error: (06/27/2012 01:03:47 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (06/27/2012 01:03:47 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/27/2012 01:03:47 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/27/2012 01:03:47 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
aioscnnr (Version: 7.3.4.0)
Astroburn Lite (Version: 1.6.1.0168)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.4.4)
µTorrent (Version: 3.1.3)
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Batman: Arkham Asylum GOTY Edition
BOSS (Version: 2.0.0)
CCleaner (Version: 3.20)
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
DAEMON Tools Lite (Version: 4.45.4.0315)
Dead Island
Easy Tune 6 B12.0425.1 (Version: 1.00.0000)
essentials (Version: 6.0.14.0)
Google Chrome (Version: 20.0.1132.3)
Grand Theft Auto: Episodes from Liberty City
Intel® Management Engine Components (Version: 8.0.0.1351)
Intel® Network Connections 16.5.2.0 (Version: 16.5.2.0)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.4.225)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
K-Lite Codec Pack 8.6.0 (Full) (Version: 8.6.0)
Kodak AIO Printer (Version: 7.4.0.0)
KODAK AiO Software (Version: 7.4.5.40)
Legacy of Kain
Legacy of Kain Soul Reaver 2
Mass Effect™ 3 (Version: 1.03.0.0)
Max Payne 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4.5 Beta (Version: 4.5.50131)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Thunderbird 13.0.1 (x86 en-GB) (Version: 13.0.1)
Nexus Mod Manager (Version: 0.18.8)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
ON_OFF Charge B11.1102.1 (Version: 1.00.0001)
Origin (Version: 8.5.2.23)
PCSX2 - Playstation 2 Emulator
PreReq (Version: 6.2.3.0)
RAGE
Realtek High Definition Audio Driver (Version: 6.0.1.6602)
Rockstar Games Social Club (Version: 1.0.9.5)
Saints Row: The Third
Space Quest Collection
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
The Elder Scrolls V: Skyrim
The Witcher (Version: 1.00.0000)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.00 (64-bit) (Version: 4.00.0)

========================= Memory info: ===================================

Percentage of memory in use: 9%
Total physical RAM: 16345.79 MB
Available physical RAM: 14733.87 MB
Total Pagefile: 32689.76 MB
Available Pagefile: 31058.31 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.05 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.29 GB) (Free:678.26 GB) NTFS
2 Drive d: () (Fixed) (Total:465.75 GB) (Free:303.29 GB) NTFS
3 Drive e: (Dead Island) (CDROM) (Total:5.47 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\SCOTT-PC

Administrator ASPNET Guest
Mcx1-SCOTT-PC Scott UpdatusUser


**** End of log ****


TDSSKiller found nothing and did not ask for a reboot. Results:


10:24:17.0379 4468 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
10:24:17.0379 4468 UEFI system
10:24:17.0554 4468 ============================================================
10:24:17.0554 4468 Current date / time: 2012/07/03 10:24:17.0554
10:24:17.0554 4468 SystemInfo:
10:24:17.0554 4468
10:24:17.0554 4468 OS Version: 6.1.7601 ServicePack: 1.0
10:24:17.0554 4468 Product type: Workstation
10:24:17.0555 4468 ComputerName: SCOTT-PC
10:24:17.0555 4468 UserName: Scott
10:24:17.0555 4468 Windows directory: C:\Windows
10:24:17.0555 4468 System windows directory: C:\Windows
10:24:17.0555 4468 Running under WOW64
10:24:17.0555 4468 Processor architecture: Intel x64
10:24:17.0555 4468 Number of processors: 8
10:24:17.0555 4468 Page size: 0x1000
10:24:17.0555 4468 Boot type: Normal boot
10:24:17.0555 4468 ============================================================
10:24:19.0268 4468 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:24:19.0287 4468 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:24:19.0289 4468 ============================================================
10:24:19.0289 4468 \Device\Harddisk1\DR1:
10:24:19.0290 4468 GPT partitions:
10:24:19.0290 4468 \Device\Harddisk1\DR1\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {181BBE83-E4C2-4062-8734-DD7EF5E75718}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
10:24:19.0290 4468 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {06500310-5E0A-46E3-8D8E-C108F1156770}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
10:24:19.0290 4468 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FF8E99F3-D91A-49F5-B429-71B62D3E41C6}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x74694000
10:24:19.0290 4468 MBR partitions:
10:24:19.0290 4468 \Device\Harddisk0\DR0:
10:24:19.0290 4468 MBR partitions:
10:24:19.0290 4468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
10:24:19.0290 4468 ============================================================
10:24:19.0320 4468 C: <-> \Device\Harddisk1\DR1\Partition2
10:24:19.0341 4468 D: <-> \Device\Harddisk0\DR0\Partition0
10:24:19.0341 4468 ============================================================
10:24:19.0341 4468 Initialize success
10:24:19.0341 4468 ============================================================
10:24:39.0177 0172 ============================================================
10:24:39.0177 0172 Scan started
10:24:39.0177 0172 Mode: Manual; TDLFS;
10:24:39.0177 0172 ============================================================
10:24:40.0098 0172 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
10:24:40.0098 0172 1394ohci - ok
10:24:40.0129 0172 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:24:40.0129 0172 ACPI - ok
10:24:40.0129 0172 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:24:40.0129 0172 AcpiPmi - ok
10:24:40.0191 0172 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:24:40.0191 0172 AdobeARMservice - ok
10:24:40.0300 0172 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:24:40.0300 0172 AdobeFlashPlayerUpdateSvc - ok
10:24:40.0363 0172 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:24:40.0363 0172 adp94xx - ok
10:24:40.0394 0172 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:24:40.0394 0172 adpahci - ok
10:24:40.0410 0172 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:24:40.0425 0172 adpu320 - ok
10:24:40.0441 0172 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:24:40.0441 0172 AeLookupSvc - ok
10:24:40.0488 0172 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:24:40.0503 0172 AFD - ok
10:24:40.0519 0172 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:24:40.0519 0172 agp440 - ok
10:24:40.0534 0172 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:24:40.0534 0172 ALG - ok
10:24:40.0550 0172 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:24:40.0550 0172 aliide - ok
10:24:40.0566 0172 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:24:40.0566 0172 amdide - ok
10:24:40.0597 0172 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:24:40.0597 0172 AmdK8 - ok
10:24:40.0597 0172 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:24:40.0597 0172 AmdPPM - ok
10:24:40.0612 0172 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:24:40.0612 0172 amdsata - ok
10:24:40.0644 0172 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:24:40.0644 0172 amdsbs - ok
10:24:40.0644 0172 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:24:40.0644 0172 amdxata - ok
10:24:40.0690 0172 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:24:40.0690 0172 AppID - ok
10:24:40.0706 0172 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:24:40.0706 0172 AppIDSvc - ok
10:24:40.0706 0172 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:24:40.0706 0172 Appinfo - ok
10:24:40.0737 0172 AppleCharger (ba957e7acd2b44fa3b01faa64f6a9060) C:\Windows\system32\DRIVERS\AppleCharger.sys
10:24:40.0737 0172 AppleCharger - ok
10:24:40.0753 0172 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
10:24:40.0846 0172 AppleChargerSrv - ok
10:24:40.0878 0172 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:24:40.0878 0172 arc - ok
10:24:40.0893 0172 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:24:40.0893 0172 arcsas - ok
10:24:40.0924 0172 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:24:40.0924 0172 AsyncMac - ok
10:24:40.0940 0172 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:24:40.0940 0172 atapi - ok
10:24:40.0971 0172 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
10:24:40.0971 0172 atksgt - ok
10:24:41.0018 0172 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:24:41.0034 0172 AudioEndpointBuilder - ok
10:24:41.0034 0172 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:24:41.0034 0172 AudioSrv - ok
10:24:41.0065 0172 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:24:41.0065 0172 AxInstSV - ok
10:24:41.0112 0172 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:24:41.0112 0172 b06bdrv - ok
10:24:41.0143 0172 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:24:41.0143 0172 b57nd60a - ok
10:24:41.0190 0172 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:24:41.0190 0172 BDESVC - ok
10:24:41.0190 0172 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:24:41.0190 0172 Beep - ok
10:24:41.0252 0172 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:24:41.0252 0172 BFE - ok
10:24:41.0314 0172 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:24:41.0330 0172 BITS - ok
10:24:41.0377 0172 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:24:41.0377 0172 blbdrive - ok
10:24:41.0392 0172 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:24:41.0392 0172 bowser - ok
10:24:41.0408 0172 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:24:41.0408 0172 BrFiltLo - ok
10:24:41.0408 0172 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:24:41.0408 0172 BrFiltUp - ok
10:24:41.0439 0172 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:24:41.0439 0172 Browser - ok
10:24:41.0470 0172 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:24:41.0470 0172 Brserid - ok
10:24:41.0486 0172 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:24:41.0486 0172 BrSerWdm - ok
10:24:41.0486 0172 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:24:41.0502 0172 BrUsbMdm - ok
10:24:41.0517 0172 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:24:41.0517 0172 BrUsbSer - ok
10:24:41.0548 0172 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:24:41.0548 0172 BTHMODEM - ok
10:24:41.0564 0172 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:24:41.0564 0172 bthserv - ok
10:24:41.0595 0172 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:24:41.0595 0172 cdfs - ok
10:24:41.0626 0172 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:24:41.0626 0172 cdrom - ok
10:24:41.0658 0172 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:24:41.0658 0172 CertPropSvc - ok
10:24:41.0673 0172 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:24:41.0673 0172 circlass - ok
10:24:41.0704 0172 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:24:41.0704 0172 CLFS - ok
10:24:41.0751 0172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:24:41.0751 0172 clr_optimization_v2.0.50727_32 - ok
10:24:41.0782 0172 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:24:41.0782 0172 clr_optimization_v2.0.50727_64 - ok
10:24:41.0845 0172 clr_optimization_v4.0.30319_32 (f53e15a89675b7489fabe74f2091568e) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:24:41.0892 0172 clr_optimization_v4.0.30319_32 - ok
10:24:41.0907 0172 clr_optimization_v4.0.30319_64 (101d397632b9007df13e9a957ea68e04) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:24:41.0907 0172 clr_optimization_v4.0.30319_64 - ok
10:24:41.0923 0172 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:24:41.0923 0172 CmBatt - ok
10:24:41.0938 0172 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:24:41.0938 0172 cmdide - ok
10:24:41.0985 0172 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:24:41.0985 0172 CNG - ok
10:24:42.0001 0172 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:24:42.0001 0172 Compbatt - ok
10:24:42.0016 0172 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:24:42.0016 0172 CompositeBus - ok
10:24:42.0016 0172 COMSysApp - ok
10:24:42.0032 0172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:24:42.0032 0172 crcdisk - ok
10:24:42.0048 0172 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:24:42.0048 0172 CryptSvc - ok
10:24:42.0094 0172 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:24:42.0094 0172 DcomLaunch - ok
10:24:42.0141 0172 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:24:42.0141 0172 defragsvc - ok
10:24:42.0172 0172 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:24:42.0172 0172 DfsC - ok
10:24:42.0188 0172 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:24:42.0204 0172 Dhcp - ok
10:24:42.0219 0172 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:24:42.0219 0172 discache - ok
10:24:42.0250 0172 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:24:42.0250 0172 Disk - ok
10:24:42.0282 0172 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:24:42.0297 0172 Dnscache - ok
10:24:42.0328 0172 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:24:42.0328 0172 dot3svc - ok
10:24:42.0360 0172 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:24:42.0360 0172 DPS - ok
10:24:42.0375 0172 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:24:42.0375 0172 drmkaud - ok
10:24:42.0406 0172 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:24:42.0406 0172 dtsoftbus01 - ok
10:24:42.0469 0172 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:24:42.0469 0172 DXGKrnl - ok
10:24:42.0516 0172 e1cexpress (eafcb4551836ff44ee775ceddfa7a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys
10:24:42.0516 0172 e1cexpress - ok
10:24:42.0547 0172 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:24:42.0547 0172 EapHost - ok
10:24:42.0703 0172 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:24:42.0734 0172 ebdrv - ok
10:24:42.0812 0172 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:24:42.0812 0172 EFS - ok
10:24:42.0890 0172 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:24:42.0890 0172 ehRecvr - ok
10:24:42.0906 0172 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:24:42.0906 0172 ehSched - ok
10:24:42.0968 0172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:24:42.0968 0172 elxstor - ok
10:24:42.0984 0172 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:24:42.0984 0172 ErrDev - ok
10:24:43.0015 0172 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
10:24:43.0030 0172 etdrv - ok
10:24:43.0062 0172 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:24:43.0062 0172 EventSystem - ok
10:24:43.0093 0172 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:24:43.0093 0172 exfat - ok
10:24:43.0108 0172 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:24:43.0108 0172 fastfat - ok
10:24:43.0171 0172 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:24:43.0171 0172 Fax - ok
10:24:43.0171 0172 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:24:43.0171 0172 fdc - ok
10:24:43.0186 0172 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:24:43.0186 0172 fdPHost - ok
10:24:43.0186 0172 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:24:43.0186 0172 FDResPub - ok
10:24:43.0202 0172 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:24:43.0202 0172 FileInfo - ok
10:24:43.0218 0172 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:24:43.0218 0172 Filetrace - ok
10:24:43.0233 0172 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:24:43.0233 0172 flpydisk - ok
10:24:43.0264 0172 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:24:43.0280 0172 FltMgr - ok
10:24:43.0342 0172 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:24:43.0358 0172 FontCache - ok
10:24:43.0405 0172 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:24:43.0405 0172 FontCache3.0.0.0 - ok
10:24:43.0420 0172 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:24:43.0420 0172 FsDepends - ok
10:24:43.0436 0172 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:24:43.0436 0172 Fs_Rec - ok
10:24:43.0483 0172 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:24:43.0483 0172 fvevol - ok
10:24:43.0498 0172 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:24:43.0498 0172 gagp30kx - ok
10:24:43.0530 0172 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
10:24:43.0545 0172 gdrv - ok
10:24:43.0592 0172 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:24:43.0592 0172 gpsvc - ok
10:24:43.0623 0172 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
10:24:43.0654 0172 GVTDrv64 - ok
10:24:43.0670 0172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:24:43.0670 0172 hcw85cir - ok
10:24:43.0717 0172 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:24:43.0717 0172 HdAudAddService - ok
10:24:43.0748 0172 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:24:43.0748 0172 HDAudBus - ok
10:24:43.0748 0172 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:24:43.0764 0172 HidBatt - ok
10:24:43.0779 0172 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:24:43.0779 0172 HidBth - ok
10:24:43.0795 0172 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:24:43.0795 0172 HidIr - ok
10:24:43.0826 0172 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:24:43.0826 0172 hidserv - ok
10:24:43.0826 0172 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:24:43.0826 0172 HidUsb - ok
10:24:43.0857 0172 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:24:43.0857 0172 hkmsvc - ok
10:24:43.0873 0172 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:24:43.0888 0172 HomeGroupListener - ok
10:24:43.0904 0172 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:24:43.0904 0172 HomeGroupProvider - ok
10:24:43.0935 0172 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:24:43.0935 0172 HpSAMD - ok
10:24:43.0998 0172 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:24:43.0998 0172 HTTP - ok
10:24:44.0013 0172 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:24:44.0013 0172 hwpolicy - ok
10:24:44.0060 0172 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:24:44.0060 0172 i8042prt - ok
10:24:44.0122 0172 iaStor (c224331a54571c8c9162f7714400bbbd) C:\Windows\system32\DRIVERS\iaStor.sys
10:24:44.0122 0172 iaStor - ok
10:24:44.0185 0172 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:24:44.0185 0172 iaStorV - ok
10:24:44.0232 0172 ICCS (33d4d4a24791587e83f7ee05a446fb7e) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
10:24:44.0247 0172 ICCS - ok
10:24:44.0278 0172 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:24:44.0278 0172 IDriverT - ok
10:24:44.0388 0172 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:24:44.0388 0172 idsvc - ok
10:24:44.0481 0172 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:24:44.0481 0172 iirsp - ok
10:24:44.0544 0172 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:24:44.0544 0172 IKEEXT - ok
10:24:44.0746 0172 IntcAzAudAddService (5f6a3ea5bd7ca861863a3a06cecc115c) C:\Windows\system32\drivers\RTKVHD64.sys
10:24:44.0762 0172 IntcAzAudAddService - ok
10:24:44.0840 0172 Intel® Capability Licensing Service Interface (2d66067c7a8a0112156bcd1c0baa7042) C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:24:44.0840 0172 Intel® Capability Licensing Service Interface - ok
10:24:44.0902 0172 Intel® PROSet Monitoring Service (d7b978f4504d3da95a21002863d0e7ee) C:\Windows\system32\IProsetMonitor.exe
10:24:44.0918 0172 Intel® PROSet Monitoring Service - ok
10:24:44.0934 0172 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:24:44.0934 0172 intelide - ok
10:24:44.0965 0172 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:24:44.0965 0172 intelppm - ok
10:24:44.0996 0172 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:24:44.0996 0172 IPBusEnum - ok
10:24:45.0012 0172 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:24:45.0012 0172 IpFilterDriver - ok
10:24:45.0058 0172 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:24:45.0074 0172 iphlpsvc - ok
10:24:45.0074 0172 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:24:45.0074 0172 IPMIDRV - ok
10:24:45.0090 0172 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:24:45.0090 0172 IPNAT - ok
10:24:45.0105 0172 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:24:45.0105 0172 IRENUM - ok
10:24:45.0136 0172 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:24:45.0136 0172 isapnp - ok
10:24:45.0152 0172 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:24:45.0152 0172 iScsiPrt - ok
10:24:45.0230 0172 iusb3hcs (b2381712638b0b714d0eeab9a1f7c640) C:\Windows\system32\DRIVERS\iusb3hcs.sys
10:24:45.0246 0172 iusb3hcs - ok
10:24:45.0277 0172 iusb3hub (fd2c6457232e95c014dad21debc64867) C:\Windows\system32\DRIVERS\iusb3hub.sys
10:24:45.0277 0172 iusb3hub - ok
10:24:45.0339 0172 iusb3xhc (f6a2b5d030be7edf8adc12c9a40825a8) C:\Windows\system32\DRIVERS\iusb3xhc.sys
10:24:45.0339 0172 iusb3xhc - ok
10:24:45.0432 0172 jhi_service (166fc0b36842135bc2d3c32df70ed0d6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
10:24:45.0433 0172 jhi_service - ok
10:24:45.0456 0172 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:24:45.0457 0172 kbdclass - ok
10:24:45.0465 0172 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:24:45.0465 0172 kbdhid - ok
10:24:45.0483 0172 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:24:45.0483 0172 KeyIso - ok
10:24:45.0580 0172 Kodak AiO Network Discovery Service (221b2f551a4990056866ec73d21d3f96) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
10:24:45.0698 0172 Kodak AiO Network Discovery Service - ok
10:24:45.0727 0172 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:24:45.0728 0172 KSecDD - ok
10:24:45.0742 0172 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:24:45.0743 0172 KSecPkg - ok
10:24:45.0770 0172 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:24:45.0770 0172 ksthunk - ok
10:24:45.0802 0172 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:24:45.0805 0172 KtmRm - ok
10:24:45.0857 0172 L1C (b8040d3b97b16b89701e31a17353856c) C:\Windows\system32\DRIVERS\L1C62x64.sys
10:24:45.0858 0172 L1C - ok
10:24:46.0008 0172 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:24:46.0041 0172 LanmanServer - ok
10:24:46.0107 0172 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:24:46.0122 0172 LanmanWorkstation - ok
10:24:46.0212 0172 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
10:24:46.0213 0172 lirsgt - ok
10:24:46.0233 0172 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:24:46.0234 0172 lltdio - ok
10:24:46.0281 0172 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:24:46.0284 0172 lltdsvc - ok
10:24:46.0315 0172 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:24:46.0316 0172 lmhosts - ok
10:24:46.0438 0172 LMS (c56e64ba70dc822b84d100a6f8d690d3) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:24:46.0441 0172 LMS - ok
10:24:46.0505 0172 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:24:46.0506 0172 LSI_FC - ok
10:24:46.0529 0172 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:24:46.0530 0172 LSI_SAS - ok
10:24:46.0560 0172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:24:46.0562 0172 LSI_SAS2 - ok
10:24:46.0593 0172 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:24:46.0594 0172 LSI_SCSI - ok
10:24:46.0638 0172 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:24:46.0639 0172 luafv - ok
10:24:46.0697 0172 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
10:24:46.0698 0172 MBfilt - ok
10:24:46.0739 0172 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:24:46.0741 0172 Mcx2Svc - ok
10:24:46.0751 0172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:24:46.0753 0172 megasas - ok
10:24:46.0822 0172 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:24:46.0825 0172 MegaSR - ok
10:24:46.0934 0172 MEIx64 (6b01b7414a105b9e51652089a03027cf) C:\Windows\system32\DRIVERS\HECIx64.sys
10:24:46.0934 0172 MEIx64 - ok
10:24:46.0984 0172 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:24:46.0985 0172 MMCSS - ok
10:24:46.0996 0172 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:24:46.0997 0172 Modem - ok
10:24:47.0085 0172 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:24:47.0085 0172 monitor - ok
10:24:47.0109 0172 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:24:47.0109 0172 mouclass - ok
10:24:47.0132 0172 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:24:47.0132 0172 mouhid - ok
10:24:47.0157 0172 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:24:47.0157 0172 mountmgr - ok
10:24:47.0190 0172 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
10:24:47.0192 0172 MpFilter - ok
10:24:47.0206 0172 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:24:47.0208 0172 mpio - ok
10:24:47.0221 0172 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:24:47.0222 0172 mpsdrv - ok
10:24:47.0281 0172 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:24:47.0288 0172 MpsSvc - ok
10:24:47.0307 0172 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:24:47.0308 0172 MRxDAV - ok
10:24:47.0333 0172 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:24:47.0334 0172 mrxsmb - ok
10:24:47.0360 0172 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:24:47.0362 0172 mrxsmb10 - ok
10:24:47.0389 0172 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:24:47.0391 0172 mrxsmb20 - ok
10:24:47.0408 0172 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:24:47.0409 0172 msahci - ok
10:24:47.0430 0172 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:24:47.0432 0172 msdsm - ok
10:24:47.0451 0172 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:24:47.0453 0172 MSDTC - ok
10:24:47.0474 0172 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:24:47.0475 0172 Msfs - ok
10:24:47.0480 0172 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:24:47.0480 0172 mshidkmdf - ok
10:24:47.0493 0172 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:24:47.0493 0172 msisadrv - ok
10:24:47.0512 0172 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:24:47.0514 0172 MSiSCSI - ok
10:24:47.0515 0172 msiserver - ok
10:24:47.0534 0172 MSI_MSIBIOS_010507 - ok
10:24:47.0553 0172 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:24:47.0554 0172 MSKSSRV - ok
10:24:47.0597 0172 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:24:47.0597 0172 MsMpSvc - ok
10:24:47.0610 0172 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:24:47.0611 0172 MSPCLOCK - ok
10:24:47.0612 0172 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:24:47.0612 0172 MSPQM - ok
10:24:47.0652 0172 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:24:47.0655 0172 MsRPC - ok
10:24:47.0681 0172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:24:47.0681 0172 mssmbios - ok
10:24:47.0687 0172 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:24:47.0688 0172 MSTEE - ok
10:24:47.0699 0172 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:24:47.0700 0172 MTConfig - ok
10:24:47.0724 0172 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:24:47.0724 0172 Mup - ok
10:24:47.0734 0172 mvs91xx - ok
10:24:47.0772 0172 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:24:47.0776 0172 napagent - ok
10:24:47.0801 0172 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:24:47.0804 0172 NativeWifiP - ok
10:24:47.0877 0172 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:24:47.0884 0172 NDIS - ok
10:24:47.0896 0172 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:24:47.0897 0172 NdisCap - ok
10:24:47.0923 0172 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:24:47.0923 0172 NdisTapi - ok
10:24:47.0935 0172 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:24:47.0935 0172 Ndisuio - ok
10:24:47.0950 0172 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:24:47.0952 0172 NdisWan - ok
10:24:47.0969 0172 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:24:47.0969 0172 NDProxy - ok
10:24:47.0995 0172 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:24:47.0995 0172 NetBIOS - ok
10:24:48.0022 0172 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:24:48.0024 0172 NetBT - ok
10:24:48.0041 0172 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:24:48.0041 0172 Netlogon - ok
10:24:48.0078 0172 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:24:48.0081 0172 Netman - ok
10:24:48.0159 0172 NetMsmqActivator (7e9228c814c0d0b551af9a114b7e0b16) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:24:48.0173 0172 NetMsmqActivator - ok
10:24:48.0175 0172 NetPipeActivator (7e9228c814c0d0b551af9a114b7e0b16) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:24:48.0175 0172 NetPipeActivator - ok
10:24:48.0207 0172 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:24:48.0211 0172 netprofm - ok
10:24:48.0217 0172 NetTcpActivator (7e9228c814c0d0b551af9a114b7e0b16) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:24:48.0218 0172 NetTcpActivator - ok
10:24:48.0219 0172 NetTcpPortSharing (7e9228c814c0d0b551af9a114b7e0b16) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:24:48.0219 0172 NetTcpPortSharing - ok
10:24:48.0316 0172 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:24:48.0317 0172 nfrd960 - ok
10:24:48.0379 0172 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:24:48.0380 0172 NisDrv - ok
10:24:48.0446 0172 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:24:48.0449 0172 NisSrv - ok
10:24:48.0513 0172 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:24:48.0515 0172 NlaSvc - ok
10:24:48.0535 0172 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:24:48.0536 0172 Npfs - ok
10:24:48.0554 0172 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:24:48.0556 0172 nsi - ok
10:24:48.0583 0172 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:24:48.0585 0172 nsiproxy - ok
10:24:48.0703 0172 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:24:48.0716 0172 Ntfs - ok
10:24:48.0768 0172 NTIOLib_1_0_4 - ok
10:24:48.0854 0172 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:24:48.0855 0172 Null - ok
10:24:48.0938 0172 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
10:24:48.0939 0172 NVHDA - ok
10:24:49.0874 0172 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:24:49.0911 0172 nvlddmkm - ok
10:24:50.0047 0172 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:24:50.0049 0172 nvraid - ok
10:24:50.0087 0172 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:24:50.0089 0172 nvstor - ok
10:24:50.0235 0172 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
10:24:50.0245 0172 nvsvc - ok
10:24:50.0427 0172 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:24:50.0437 0172 nvUpdatusService - ok
10:24:50.0542 0172 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:24:50.0544 0172 nv_agp - ok
10:24:50.0567 0172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:24:50.0568 0172 ohci1394 - ok
10:24:50.0615 0172 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:24:50.0619 0172 p2pimsvc - ok
10:24:50.0679 0172 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:24:50.0683 0172 p2psvc - ok
10:24:50.0721 0172 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:24:50.0722 0172 Parport - ok
10:24:50.0783 0172 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:24:50.0784 0172 partmgr - ok
10:24:50.0803 0172 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:24:50.0805 0172 PcaSvc - ok
10:24:50.0883 0172 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:24:50.0884 0172 pci - ok
10:24:50.0902 0172 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:24:50.0904 0172 pciide - ok
10:24:50.0931 0172 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:24:50.0940 0172 pcmcia - ok
10:24:50.0969 0172 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:24:50.0969 0172 pcw - ok
10:24:51.0040 0172 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:24:51.0045 0172 PEAUTH - ok
10:24:51.0132 0172 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:24:51.0133 0172 PerfHost - ok
10:24:51.0260 0172 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:24:51.0272 0172 pla - ok
10:24:51.0356 0172 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:24:51.0360 0172 PlugPlay - ok
10:24:51.0412 0172 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:24:51.0414 0172 PNRPAutoReg - ok
10:24:51.0455 0172 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:24:51.0457 0172 PNRPsvc - ok
10:24:51.0522 0172 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:24:51.0527 0172 PolicyAgent - ok
10:24:51.0574 0172 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:24:51.0576 0172 Power - ok
10:24:51.0671 0172 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:24:51.0672 0172 PptpMiniport - ok
10:24:51.0691 0172 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:24:51.0692 0172 Processor - ok
10:24:51.0765 0172 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:24:51.0767 0172 ProfSvc - ok
10:24:51.0791 0172 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:24:51.0791 0172 ProtectedStorage - ok
10:24:51.0838 0172 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:24:51.0840 0172 Psched - ok
10:24:51.0991 0172 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:24:52.0005 0172 ql2300 - ok
10:24:52.0152 0172 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:24:52.0154 0172 ql40xx - ok
10:24:52.0208 0172 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:24:52.0210 0172 QWAVE - ok
10:24:52.0220 0172 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:24:52.0221 0172 QWAVEdrv - ok
10:24:52.0229 0172 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:24:52.0230 0172 RasAcd - ok
10:24:52.0284 0172 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:24:52.0285 0172 RasAgileVpn - ok
10:24:52.0296 0172 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:24:52.0297 0172 RasAuto - ok
10:24:52.0344 0172 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:24:52.0345 0172 Rasl2tp - ok
10:24:52.0372 0172 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:24:52.0375 0172 RasMan - ok
10:24:52.0408 0172 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:24:52.0409 0172 RasPppoe - ok
10:24:52.0447 0172 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:24:52.0448 0172 RasSstp - ok
10:24:52.0489 0172 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:24:52.0491 0172 rdbss - ok
10:24:52.0515 0172 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:24:52.0516 0172 rdpbus - ok
10:24:52.0537 0172 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:24:52.0537 0172 RDPCDD - ok
10:24:52.0592 0172 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:24:52.0592 0172 RDPENCDD - ok
10:24:52.0621 0172 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:24:52.0623 0172 RDPREFMP - ok
10:24:52.0675 0172 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:24:52.0677 0172 RDPWD - ok
10:24:52.0722 0172 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:24:52.0723 0172 rdyboost - ok
10:24:52.0756 0172 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:24:52.0758 0172 RemoteAccess - ok
10:24:52.0786 0172 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:24:52.0788 0172 RemoteRegistry - ok
10:24:52.0812 0172 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:24:52.0814 0172 RpcEptMapper - ok
10:24:52.0814 0172 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:24:52.0814 0172 RpcLocator - ok
10:24:52.0908 0172 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:24:52.0908 0172 RpcSs - ok
10:24:52.0954 0172 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:24:52.0970 0172 rspndr - ok
10:24:53.0001 0172 SaiKCB02 (9ba340de049d0fe4ded0a5689eceb8e1) C:\Windows\system32\DRIVERS\SaiKCB02.sys
10:24:53.0001 0172 SaiKCB02 - ok
10:24:53.0032 0172 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:24:53.0032 0172 SamSs - ok
10:24:53.0048 0172 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:24:53.0048 0172 sbp2port - ok
10:24:53.0064 0172 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:24:53.0064 0172 SCardSvr - ok
10:24:53.0095 0172 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:24:53.0095 0172 scfilter - ok
10:24:53.0157 0172 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:24:53.0157 0172 Schedule - ok
10:24:53.0173 0172 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:24:53.0173 0172 SCPolicySvc - ok
10:24:53.0204 0172 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:24:53.0204 0172 SDRSVC - ok
10:24:53.0251 0172 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:24:53.0251 0172 secdrv - ok
10:24:53.0266 0172 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:24:53.0266 0172 seclogon - ok
10:24:53.0282 0172 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:24:53.0282 0172 SENS - ok
10:24:53.0298 0172 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:24:53.0298 0172 SensrSvc - ok
10:24:53.0298 0172 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:24:53.0298 0172 Serenum - ok
10:24:53.0329 0172 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:24:53.0329 0172 Serial - ok
10:24:53.0344 0172 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:24:53.0344 0172 sermouse - ok
10:24:53.0360 0172 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:24:53.0360 0172 SessionEnv - ok
10:24:53.0376 0172 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:24:53.0376 0172 sffdisk - ok
10:24:53.0376 0172 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:24:53.0376 0172 sffp_mmc - ok
10:24:53.0376 0172 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:24:53.0376 0172 sffp_sd - ok
10:24:53.0376 0172 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:24:53.0376 0172 sfloppy - ok
10:24:53.0422 0172 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:24:53.0422 0172 SharedAccess - ok
10:24:53.0454 0172 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:24:53.0469 0172 ShellHWDetection - ok
10:24:53.0485 0172 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:24:53.0485 0172 SiSRaid2 - ok
10:24:53.0516 0172 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:24:53.0516 0172 SiSRaid4 - ok
10:24:53.0532 0172 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:24:53.0532 0172 Smb - ok
10:24:53.0547 0172 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:24:53.0547 0172 SNMPTRAP - ok
10:24:53.0563 0172 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:24:53.0563 0172 spldr - ok
10:24:53.0594 0172 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:24:53.0610 0172 Spooler - ok
10:24:53.0781 0172 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:24:53.0812 0172 sppsvc - ok
10:24:53.0875 0172 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:24:53.0875 0172 sppuinotify - ok
10:24:53.0937 0172 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:24:53.0937 0172 srv - ok
10:24:53.0968 0172 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:24:53.0968 0172 srv2 - ok
10:24:53.0984 0172 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:24:53.0984 0172 srvnet - ok
10:24:54.0015 0172 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:24:54.0015 0172 SSDPSRV - ok
10:24:54.0031 0172 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:24:54.0031 0172 SstpSvc - ok
10:24:54.0046 0172 Steam Client Service - ok
10:24:54.0124 0172 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:24:54.0124 0172 Stereo Service - ok
10:24:54.0140 0172 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:24:54.0140 0172 stexstor - ok
10:24:54.0171 0172 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:24:54.0171 0172 StillCam - ok
10:24:54.0218 0172 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:24:54.0218 0172 stisvc - ok
10:24:54.0234 0172 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:24:54.0234 0172 swenum - ok
10:24:54.0312 0172 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:24:54.0312 0172 swprv - ok
10:24:54.0468 0172 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:24:54.0483 0172 SysMain - ok
10:24:54.0577 0172 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:24:54.0577 0172 TabletInputService - ok
10:24:54.0624 0172 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:24:54.0639 0172 TapiSrv - ok
10:24:54.0670 0172 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:24:54.0670 0172 TBS - ok
10:24:54.0842 0172 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:24:54.0858 0172 Tcpip - ok
10:24:55.0045 0172 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:24:55.0045 0172 TCPIP6 - ok
10:24:55.0123 0172 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:24:55.0123 0172 tcpipreg - ok
10:24:55.0154 0172 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:24:55.0154 0172 TDPIPE - ok
10:24:55.0185 0172 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:24:55.0185 0172 TDTCP - ok
10:24:55.0263 0172 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:24:55.0263 0172 tdx - ok
10:24:55.0294 0172 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:24:55.0294 0172 TermDD - ok
10:24:55.0372 0172 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:24:55.0372 0172 TermService - ok
10:24:55.0435 0172 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:24:55.0435 0172 Themes - ok
10:24:55.0466 0172 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:24:55.0466 0172 THREADORDER - ok
10:24:55.0466 0172 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:24:55.0466 0172 TrkWks - ok
10:24:55.0513 0172 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:24:55.0513 0172 TrustedInstaller - ok
10:24:55.0544 0172 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:24:55.0544 0172 tssecsrv - ok
10:24:55.0544 0172 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:24:55.0544 0172 TsUsbFlt - ok
10:24:55.0591 0172 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:24:55.0591 0172 tunnel - ok
10:24:55.0606 0172 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:24:55.0606 0172 uagp35 - ok
10:24:55.0638 0172 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:24:55.0638 0172 udfs - ok
10:24:55.0653 0172 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:24:55.0669 0172 UI0Detect - ok
10:24:55.0684 0172 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:24:55.0684 0172 uliagpkx - ok
10:24:55.0700 0172 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:24:55.0700 0172 umbus - ok
10:24:55.0716 0172 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:24:55.0716 0172 UmPass - ok
10:24:55.0809 0172 UNS (0f9e1bc7e2bea1a4108ec9736cf0c2d9) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:24:55.0809 0172 UNS - ok
10:24:55.0840 0172 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:24:55.0840 0172 upnphost - ok
10:24:55.0856 0172 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:24:55.0856 0172 usbccgp - ok
10:24:55.0887 0172 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:24:55.0887 0172 usbcir - ok
10:24:55.0903 0172 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:24:55.0903 0172 usbehci - ok
10:24:55.0934 0172 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:24:55.0934 0172 usbhub - ok
10:24:55.0950 0172 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:24:55.0950 0172 usbohci - ok
10:24:55.0965 0172 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:24:55.0965 0172 usbprint - ok
10:24:55.0996 0172 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:24:55.0996 0172 USBSTOR - ok
10:24:56.0012 0172 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:24:56.0012 0172 usbuhci - ok
10:24:56.0028 0172 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:24:56.0028 0172 UxSms - ok
10:24:56.0043 0172 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:24:56.0043 0172 VaultSvc - ok
10:24:56.0074 0172 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:24:56.0074 0172 vdrvroot - ok
10:24:56.0121 0172 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:24:56.0121 0172 vds - ok
10:24:56.0137 0172 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:24:56.0137 0172 vga - ok
10:24:56.0152 0172 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:24:56.0152 0172 VgaSave - ok
10:24:56.0184 0172 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:24:56.0184 0172 vhdmp - ok
10:24:56.0184 0172 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:24:56.0199 0172 viaide - ok
10:24:56.0215 0172 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:24:56.0215 0172 volmgr - ok
10:24:56.0230 0172 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:24:56.0230 0172 volmgrx - ok
10:24:56.0277 0172 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:24:56.0277 0172 volsnap - ok
10:24:56.0340 0172 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:24:56.0340 0172 vsmraid - ok
10:24:56.0480 0172 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:24:56.0496 0172 VSS - ok
10:24:56.0605 0172 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:24:56.0605 0172 vwifibus - ok
10:24:56.0683 0172 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:24:56.0683 0172 W32Time - ok
10:24:56.0714 0172 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:24:56.0714 0172 WacomPen - ok
10:24:56.0792 0172 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:24:56.0792 0172 WANARP - ok
10:24:56.0792 0172 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:24:56.0792 0172 Wanarpv6 - ok
10:24:56.0948 0172 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:24:56.0964 0172 WatAdminSvc - ok
10:24:57.0073 0172 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:24:57.0073 0172 wbengine - ok
10:24:57.0166 0172 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:24:57.0166 0172 WbioSrvc - ok
10:24:57.0198 0172 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:24:57.0198 0172 wcncsvc - ok
10:24:57.0213 0172 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:24:57.0213 0172 WcsPlugInService - ok
10:24:57.0244 0172 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:24:57.0244 0172 Wd - ok
10:24:57.0276 0172 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:24:57.0291 0172 Wdf01000 - ok
10:24:57.0291 0172 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:24:57.0291 0172 WdiServiceHost - ok
10:24:57.0291 0172 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:24:57.0291 0172 WdiSystemHost - ok
10:24:57.0322 0172 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:24:57.0322 0172 WebClient - ok
10:24:57.0354 0172 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:24:57.0369 0172 Wecsvc - ok
10:24:57.0369 0172 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:24:57.0369 0172 wercplsupport - ok
10:24:57.0400 0172 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:24:57.0400 0172 WerSvc - ok
10:24:57.0432 0172 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:24:57.0432 0172 WfpLwf - ok
10:24:57.0447 0172 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:24:57.0447 0172 WIMMount - ok
10:24:57.0463 0172 WinDefend - ok
10:24:57.0463 0172 WinHttpAutoProxySvc - ok
10:24:57.0510 0172 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:24:57.0510 0172 Winmgmt - ok
10:24:57.0619 0172 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:24:57.0634 0172 WinRM - ok
10:24:57.0759 0172 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:24:57.0759 0172 WinUsb - ok
10:24:57.0822 0172 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:24:57.0837 0172 Wlansvc - ok
10:24:57.0993 0172 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:24:58.0009 0172 wlidsvc - ok
10:24:58.0087 0172 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:24:58.0087 0172 WmiAcpi - ok
10:24:58.0134 0172 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:24:58.0134 0172 wmiApSrv - ok
10:24:58.0165 0172 WMPNetworkSvc - ok
10:24:58.0196 0172 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:24:58.0196 0172 WPCSvc - ok
10:24:58.0212 0172 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:24:58.0212 0172 WPDBusEnum - ok
10:24:58.0227 0172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:24:58.0227 0172 ws2ifsl - ok
10:24:58.0258 0172 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:24:58.0258 0172 wscsvc - ok
10:24:58.0305 0172 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:24:58.0305 0172 WSDPrintDevice - ok
10:24:58.0305 0172 WSearch - ok
10:24:58.0492 0172 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:24:58.0508 0172 wuauserv - ok
10:24:58.0617 0172 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:24:58.0617 0172 WudfPf - ok
10:24:58.0664 0172 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:24:58.0664 0172 WUDFRd - ok
10:24:58.0695 0172 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:24:58.0695 0172 wudfsvc - ok
10:24:58.0726 0172 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:24:58.0726 0172 WwanSvc - ok
10:24:58.0836 0172 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
10:24:58.0836 0172 xnacc - ok
10:24:58.0898 0172 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
10:24:58.0898 0172 xusb21 - ok
10:24:58.0929 0172 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
10:24:59.0007 0172 \Device\Harddisk1\DR1 - ok
10:24:59.0007 0172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:24:59.0070 0172 \Device\Harddisk0\DR0 - ok
10:24:59.0085 0172 Boot (0x1200) (2fbd7bcb71055fa48fc1f1687420d99b) \Device\Harddisk1\DR1\Partition0
10:24:59.0085 0172 \Device\Harddisk1\DR1\Partition0 - ok
10:24:59.0085 0172 Boot (0x1200) (a1a1cc4ba4ae1c51fc0245e9b1587ffb) \Device\Harddisk1\DR1\Partition1
10:24:59.0085 0172 \Device\Harddisk1\DR1\Partition1 - ok
10:24:59.0101 0172 Boot (0x1200) (d9c65ca1a7cb385797b60660a23fbf86) \Device\Harddisk1\DR1\Partition2
10:24:59.0101 0172 \Device\Harddisk1\DR1\Partition2 - ok
10:24:59.0101 0172 Boot (0x1200) (7148c8d4c77e6bddc94b6a006ace4e3e) \Device\Harddisk0\DR0\Partition0
10:24:59.0101 0172 \Device\Harddisk0\DR0\Partition0 - ok
10:24:59.0101 0172 ============================================================
10:24:59.0101 0172 Scan finished
10:24:59.0101 0172 ============================================================
10:24:59.0101 0764 Detected object count: 0
10:24:59.0101 0764 Actual detected object count: 0


Results from aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 10:26:45
-----------------------------
10:26:45.879 OS Version: Windows x64 6.1.7601 Service Pack 1
10:26:45.879 Number of processors: 8 586 0x3A09
10:26:45.879 ComputerName: SCOTT-PC UserName: Scott
10:26:45.919 Initialze error 1
10:27:44.412 AVAST engine defs: 12070300
10:28:50.336 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
10:28:50.337 Disk 0 Vendor: Hitachi_HDT725050VLA360 V56OA7EA Size: 476940MB BusType: 11
10:28:50.337 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
10:28:50.338 Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 11
10:28:50.353 Disk 1 MBR read successfully
10:28:50.354 Disk 1 MBR scan
10:28:50.356 Disk 1 unknown MBR code
10:28:50.357 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1
10:28:50.360 Disk 1 scanning C:\Windows\system32\drivers
10:28:50.361 Service scanning
10:28:51.612 Modules scanning
10:28:51.613 Disk 1 trace - called modules:
10:28:51.619 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:28:51.621 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800d83e790]
10:28:51.623 3 CLASSPNP.SYS[fffff88001db443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800d620060]
10:28:51.625 AVAST engine scan C:\Windows
10:28:51.627 AVAST engine scan C:\Windows\system32
10:28:51.629 AVAST engine scan C:\Windows\system32\drivers
10:28:51.631 AVAST engine scan C:\Users\Scott
10:28:51.633 AVAST engine scan C:\ProgramData
10:28:51.635 Scan finished successfully
10:29:12.192 Disk 1 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
10:29:12.194 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 PM

Posted 03 July 2012 - 12:59 PM

Ok, looks good now I see two items one is,µTorrent, probably where you picked up the infectiion to start with.

the other is Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 03 July 2012 - 01:41 PM

Okay, that's done. What's next?

Thanks again for all your help.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 PM

Posted 03 July 2012 - 01:49 PM

That it kicker, good to go. If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 03 July 2012 - 02:41 PM

All done, but according to MSE I'm still infected.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 PM

Posted 03 July 2012 - 02:52 PM

Eats! If it's still seeing these ,Win32/DelfInject.gen!BI and Worm:Win32/Ructo.

Then we need to move and get a deeper look as they are reactivating.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 kickerconspiracy

kickerconspiracy
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 03 July 2012 - 03:02 PM

Firstly, thanks again for all the help.

I've done as you suggested and started a topic.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:03 PM

Posted 03 July 2012 - 07:32 PM

You're welcome! This will be reviewed as soon as possible and a reply will be made to the NEW topic.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users