Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible mal or virus attack


  • Please log in to reply
22 replies to this topic

#1 Aperson

Aperson

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 22 December 2012 - 11:10 AM

Hello, experts :)

Last week i downloaded conduit by mistake (Long story) and had a hard time trying to remove it. After removal , it was actually still re-directing google to conduit and i also had some tool-bar with adverts popping up all over my screen. I had to go to my google dashboard and de sync data. Also adwCleaner removed ad-block from my extensions but although i had previously (Manually) deleted the tool bar from Chrome, after AdwCleaner, ad-block was gone and tool bar had returned. Only a manual remove got rid and a reboot everything seemed fine.

From that day until now, i can not load livestream broadcasts and ad-block used to stop the adverts running at the opening of the live streams so i re installed ad-block because i was getting the adverts during streams . It has always worked fine but now it is like it is trying to block the advert but never loads.

After i run MacAfee, it found 2 virus's (Trojans) but they was not from conduit. The weird thing is, my PC has been acting strange. slowed down a lot and weirder still, i can load one site that has a livestream video with ad-block or without it.

I have tried everything thus far and there is nothing i can come up with but stranger still, it is doing it on my lap top as well. Same sites (DJ communities) same sort of streams. It is quite a new PC and i always keep it cleaned and monitor things after fresh installs, etc.


Anyone work out what may be wrong?

Win 7 64. Google Chrome.

Edited by bloopie, 22 December 2012 - 02:03 PM.
Mod Edit: Moved from Windows 7 to the more appropriate forum. ~bloopie


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:06 AM

Posted 22 December 2012 - 02:44 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply.

:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 Aperson

Aperson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 22 December 2012 - 06:16 PM

Ok, thank you. I am about to start these process now. Be back shortly .

#4 Aperson

Aperson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 22 December 2012 - 06:40 PM

Ok here is the logs and order:

TDSS Log:

23:17:02.0936 4400 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:17:03.0841 4400 ============================================================
23:17:03.0841 4400 Current date / time: 2012/12/22 23:17:03.0841
23:17:03.0841 4400 SystemInfo:
23:17:03.0841 4400
23:17:03.0841 4400 OS Version: 6.1.7601 ServicePack: 1.0
23:17:03.0841 4400 Product type: Workstation
23:17:03.0841 4400 ComputerName: HEATSEEQERZ-PC
23:17:03.0841 4400 UserName: Heatseeqerz
23:17:03.0841 4400 Windows directory: C:\Windows
23:17:03.0841 4400 System windows directory: C:\Windows
23:17:03.0841 4400 Running under WOW64
23:17:03.0841 4400 Processor architecture: Intel x64
23:17:03.0841 4400 Number of processors: 4
23:17:03.0841 4400 Page size: 0x1000
23:17:03.0841 4400 Boot type: Normal boot
23:17:03.0841 4400 ============================================================
23:17:05.0214 4400 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:17:05.0229 4400 Drive \Device\Harddisk2\DR2 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:17:05.0229 4400 ============================================================
23:17:05.0229 4400 \Device\Harddisk0\DR0:
23:17:05.0229 4400 MBR partitions:
23:17:05.0229 4400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x177000
23:17:05.0229 4400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18B000, BlocksNum 0x7457B000
23:17:05.0229 4400 \Device\Harddisk2\DR2:
23:17:05.0229 4400 MBR partitions:
23:17:05.0229 4400 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
23:17:05.0229 4400 ============================================================
23:17:05.0260 4400 C: <-> \Device\Harddisk0\DR0\Partition2
23:17:05.0260 4400 E: <-> \Device\Harddisk2\DR2\Partition1
23:17:05.0260 4400 ============================================================
23:17:05.0260 4400 Initialize success
23:17:05.0260 4400 ============================================================
23:17:07.0070 4788 ============================================================
23:17:07.0070 4788 Scan started
23:17:07.0070 4788 Mode: Manual;
23:17:07.0070 4788 ============================================================
23:17:08.0053 4788 ================ Scan system memory ========================
23:17:08.0053 4788 System memory - ok
23:17:08.0053 4788 ================ Scan services =============================
23:17:08.0178 4788 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:17:08.0224 4788 1394ohci - ok
23:17:08.0256 4788 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:17:08.0287 4788 ACPI - ok
23:17:08.0302 4788 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:17:08.0334 4788 AcpiPmi - ok
23:17:08.0443 4788 [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
23:17:08.0490 4788 AdobeActiveFileMonitor10.0 - ok
23:17:08.0552 4788 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:17:08.0614 4788 AdobeARMservice - ok
23:17:08.0708 4788 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:17:08.0708 4788 AdobeFlashPlayerUpdateSvc - ok
23:17:08.0739 4788 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:17:08.0755 4788 adp94xx - ok
23:17:08.0786 4788 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:17:08.0786 4788 adpahci - ok
23:17:08.0802 4788 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:17:08.0802 4788 adpu320 - ok
23:17:08.0833 4788 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:17:08.0833 4788 AeLookupSvc - ok
23:17:08.0864 4788 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:17:08.0911 4788 AFD - ok
23:17:08.0926 4788 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:17:08.0926 4788 agp440 - ok
23:17:08.0942 4788 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:17:08.0942 4788 ALG - ok
23:17:08.0958 4788 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:17:08.0973 4788 aliide - ok
23:17:08.0989 4788 [ 310F88A93C3B02E3D1F906FB57B9E01E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:17:09.0036 4788 AMD External Events Utility - ok
23:17:09.0051 4788 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:17:09.0051 4788 amdide - ok
23:17:09.0051 4788 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:17:09.0051 4788 AmdK8 - ok
23:17:09.0192 4788 [ 62DDF55680F8C53E4B8DDE4189ADA0B8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:17:09.0238 4788 amdkmdag - ok
23:17:09.0270 4788 [ 51F027DFFEDFB8D763FABFFA06B56E6D ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:17:09.0301 4788 amdkmdap - ok
23:17:09.0316 4788 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:17:09.0316 4788 AmdPPM - ok
23:17:09.0332 4788 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:17:09.0379 4788 amdsata - ok
23:17:09.0394 4788 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:17:09.0394 4788 amdsbs - ok
23:17:09.0410 4788 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:17:09.0441 4788 amdxata - ok
23:17:09.0457 4788 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:17:09.0488 4788 AppID - ok
23:17:09.0488 4788 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:17:09.0488 4788 AppIDSvc - ok
23:17:09.0504 4788 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:17:09.0504 4788 Appinfo - ok
23:17:09.0582 4788 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:17:09.0628 4788 Apple Mobile Device - ok
23:17:09.0675 4788 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:17:09.0675 4788 arc - ok
23:17:09.0691 4788 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:17:09.0691 4788 arcsas - ok
23:17:09.0769 4788 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:17:09.0847 4788 aspnet_state - ok
23:17:09.0862 4788 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:17:09.0862 4788 AsyncMac - ok
23:17:09.0894 4788 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:17:09.0894 4788 atapi - ok
23:17:09.0925 4788 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:17:09.0972 4788 AtiHDAudioService - ok
23:17:10.0003 4788 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:17:10.0034 4788 AudioEndpointBuilder - ok
23:17:10.0050 4788 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:17:10.0050 4788 AudioSrv - ok
23:17:10.0081 4788 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:17:10.0112 4788 AxInstSV - ok
23:17:10.0128 4788 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:17:10.0128 4788 b06bdrv - ok
23:17:10.0159 4788 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:17:10.0174 4788 b57nd60a - ok
23:17:10.0174 4788 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:17:10.0174 4788 BDESVC - ok
23:17:10.0190 4788 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:17:10.0190 4788 Beep - ok
23:17:10.0221 4788 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:17:10.0268 4788 BFE - ok
23:17:10.0299 4788 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:17:10.0346 4788 BITS - ok
23:17:10.0346 4788 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:17:10.0362 4788 blbdrive - ok
23:17:10.0408 4788 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:17:10.0471 4788 Bonjour Service - ok
23:17:10.0486 4788 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:17:10.0518 4788 bowser - ok
23:17:10.0518 4788 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:17:10.0518 4788 BrFiltLo - ok
23:17:10.0518 4788 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:17:10.0533 4788 BrFiltUp - ok
23:17:10.0549 4788 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:17:10.0549 4788 BridgeMP - ok
23:17:10.0580 4788 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:17:10.0611 4788 Browser - ok
23:17:10.0627 4788 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:17:10.0627 4788 Brserid - ok
23:17:10.0627 4788 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:17:10.0627 4788 BrSerWdm - ok
23:17:10.0627 4788 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:17:10.0642 4788 BrUsbMdm - ok
23:17:10.0642 4788 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:17:10.0642 4788 BrUsbSer - ok
23:17:10.0642 4788 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:17:10.0642 4788 BTHMODEM - ok
23:17:10.0674 4788 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:17:10.0674 4788 bthserv - ok
23:17:10.0705 4788 catchme - ok
23:17:10.0720 4788 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:17:10.0736 4788 cdfs - ok
23:17:10.0752 4788 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:17:10.0798 4788 cdrom - ok
23:17:10.0798 4788 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:17:10.0830 4788 CertPropSvc - ok
23:17:10.0845 4788 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\Windows\system32\drivers\cfwids.sys
23:17:10.0876 4788 cfwids - ok
23:17:10.0892 4788 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:17:10.0892 4788 circlass - ok
23:17:10.0939 4788 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:17:10.0954 4788 CLFS - ok
23:17:11.0017 4788 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:17:11.0017 4788 clr_optimization_v2.0.50727_32 - ok
23:17:11.0048 4788 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:17:11.0048 4788 clr_optimization_v2.0.50727_64 - ok
23:17:11.0095 4788 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:17:11.0188 4788 clr_optimization_v4.0.30319_32 - ok
23:17:11.0204 4788 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:17:11.0251 4788 clr_optimization_v4.0.30319_64 - ok
23:17:11.0251 4788 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:17:11.0251 4788 CmBatt - ok
23:17:11.0266 4788 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:17:11.0266 4788 cmdide - ok
23:17:11.0282 4788 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:17:11.0313 4788 CNG - ok
23:17:11.0344 4788 [ 5C855932E4DF00B1B6F5F6F57E82B6C5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
23:17:11.0407 4788 CnxtHdAudService - ok
23:17:11.0407 4788 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:17:11.0407 4788 Compbatt - ok
23:17:11.0438 4788 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:17:11.0469 4788 CompositeBus - ok
23:17:11.0469 4788 COMSysApp - ok
23:17:11.0485 4788 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:17:11.0485 4788 crcdisk - ok
23:17:11.0532 4788 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:17:11.0563 4788 CryptSvc - ok
23:17:11.0641 4788 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:17:11.0703 4788 cvhsvc - ok
23:17:11.0734 4788 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:17:11.0734 4788 DcomLaunch - ok
23:17:11.0766 4788 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:17:11.0781 4788 defragsvc - ok
23:17:11.0797 4788 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:17:11.0844 4788 DfsC - ok
23:17:11.0859 4788 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:17:11.0890 4788 Dhcp - ok
23:17:11.0906 4788 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:17:11.0906 4788 discache - ok
23:17:11.0922 4788 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:17:11.0937 4788 Disk - ok
23:17:11.0953 4788 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:17:11.0984 4788 Dnscache - ok
23:17:12.0015 4788 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:17:12.0046 4788 dot3svc - ok
23:17:12.0062 4788 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:17:12.0109 4788 DPS - ok
23:17:12.0140 4788 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:17:12.0140 4788 drmkaud - ok
23:17:12.0156 4788 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:17:12.0218 4788 DXGKrnl - ok
23:17:12.0234 4788 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:17:12.0234 4788 EapHost - ok
23:17:12.0296 4788 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:17:12.0374 4788 ebdrv - ok
23:17:12.0390 4788 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:17:12.0421 4788 EFS - ok
23:17:12.0499 4788 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:17:12.0624 4788 ehRecvr - ok
23:17:12.0670 4788 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:17:12.0670 4788 ehSched - ok
23:17:12.0686 4788 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:17:12.0702 4788 elxstor - ok
23:17:12.0702 4788 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:17:12.0702 4788 ErrDev - ok
23:17:12.0717 4788 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:17:12.0733 4788 EventSystem - ok
23:17:12.0733 4788 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:17:12.0748 4788 exfat - ok
23:17:12.0748 4788 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:17:12.0764 4788 fastfat - ok
23:17:12.0795 4788 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:17:12.0842 4788 Fax - ok
23:17:12.0842 4788 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
23:17:12.0842 4788 fdc - ok
23:17:12.0858 4788 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:17:12.0858 4788 fdPHost - ok
23:17:12.0858 4788 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:17:12.0858 4788 FDResPub - ok
23:17:12.0873 4788 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:17:12.0873 4788 FileInfo - ok
23:17:12.0889 4788 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:17:12.0889 4788 Filetrace - ok
23:17:12.0889 4788 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:17:12.0889 4788 flpydisk - ok
23:17:12.0904 4788 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:17:12.0936 4788 FltMgr - ok
23:17:12.0951 4788 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:17:12.0982 4788 FontCache - ok
23:17:13.0014 4788 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:17:13.0060 4788 FontCache3.0.0.0 - ok
23:17:13.0076 4788 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:17:13.0092 4788 FsDepends - ok
23:17:13.0107 4788 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:17:13.0154 4788 Fs_Rec - ok
23:17:13.0170 4788 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:17:13.0201 4788 fvevol - ok
23:17:13.0216 4788 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:17:13.0232 4788 gagp30kx - ok
23:17:13.0248 4788 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:17:13.0310 4788 gpsvc - ok
23:17:13.0326 4788 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:17:13.0326 4788 hcw85cir - ok
23:17:13.0341 4788 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:17:13.0388 4788 HDAudBus - ok
23:17:13.0388 4788 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:17:13.0388 4788 HidBatt - ok
23:17:13.0404 4788 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:17:13.0404 4788 HidBth - ok
23:17:13.0435 4788 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:17:13.0450 4788 HidIr - ok
23:17:13.0466 4788 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:17:13.0466 4788 hidserv - ok
23:17:13.0482 4788 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:17:13.0528 4788 HidUsb - ok
23:17:13.0575 4788 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
23:17:13.0622 4788 HipShieldK - ok
23:17:13.0638 4788 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:17:13.0653 4788 hkmsvc - ok
23:17:13.0669 4788 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:17:13.0700 4788 HomeGroupListener - ok
23:17:13.0716 4788 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:17:13.0762 4788 HomeGroupProvider - ok
23:17:13.0778 4788 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:17:13.0809 4788 HpSAMD - ok
23:17:13.0856 4788 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:17:13.0887 4788 HTTP - ok
23:17:13.0903 4788 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:17:13.0918 4788 hwpolicy - ok
23:17:13.0950 4788 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:17:13.0950 4788 i8042prt - ok
23:17:13.0996 4788 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:17:14.0043 4788 iaStorV - ok
23:17:14.0090 4788 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:17:14.0137 4788 idsvc - ok
23:17:14.0152 4788 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:17:14.0152 4788 iirsp - ok
23:17:14.0184 4788 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:17:14.0230 4788 IKEEXT - ok
23:17:14.0246 4788 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:17:14.0246 4788 intelide - ok
23:17:14.0262 4788 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:17:14.0277 4788 intelppm - ok
23:17:14.0293 4788 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:17:14.0293 4788 IPBusEnum - ok
23:17:14.0324 4788 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:17:14.0371 4788 IpFilterDriver - ok
23:17:14.0402 4788 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:17:14.0449 4788 iphlpsvc - ok
23:17:14.0449 4788 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:17:14.0480 4788 IPMIDRV - ok
23:17:14.0480 4788 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:17:14.0496 4788 IPNAT - ok
23:17:14.0496 4788 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:17:14.0511 4788 IRENUM - ok
23:17:14.0511 4788 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:17:14.0527 4788 isapnp - ok
23:17:14.0542 4788 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:17:14.0589 4788 iScsiPrt - ok
23:17:14.0605 4788 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:17:14.0605 4788 kbdclass - ok
23:17:14.0636 4788 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:17:14.0667 4788 kbdhid - ok
23:17:14.0667 4788 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:17:14.0667 4788 KeyIso - ok
23:17:14.0683 4788 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:17:14.0714 4788 KSecDD - ok
23:17:14.0730 4788 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:17:14.0761 4788 KSecPkg - ok
23:17:14.0776 4788 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:17:14.0776 4788 ksthunk - ok
23:17:14.0792 4788 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:17:14.0808 4788 KtmRm - ok
23:17:14.0854 4788 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:17:14.0901 4788 LanmanServer - ok
23:17:14.0917 4788 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:17:14.0932 4788 LanmanWorkstation - ok
23:17:14.0964 4788 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:17:14.0964 4788 lltdio - ok
23:17:14.0995 4788 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:17:15.0010 4788 lltdsvc - ok
23:17:15.0010 4788 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:17:15.0010 4788 lmhosts - ok
23:17:15.0042 4788 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:17:15.0042 4788 LSI_FC - ok
23:17:15.0057 4788 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:17:15.0057 4788 LSI_SAS - ok
23:17:15.0073 4788 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:17:15.0073 4788 LSI_SAS2 - ok
23:17:15.0104 4788 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:17:15.0104 4788 LSI_SCSI - ok
23:17:15.0120 4788 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:17:15.0120 4788 luafv - ok
23:17:15.0166 4788 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys
23:17:15.0198 4788 ManyCam - ok
23:17:15.0260 4788 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
23:17:15.0322 4788 McAWFwk - ok
23:17:15.0369 4788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:17:15.0400 4788 McMPFSvc - ok
23:17:15.0416 4788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:17:15.0416 4788 mcmscsvc - ok
23:17:15.0416 4788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:17:15.0416 4788 McNaiAnn - ok
23:17:15.0432 4788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:17:15.0432 4788 McNASvc - ok
23:17:15.0447 4788 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
23:17:15.0510 4788 McODS - ok
23:17:15.0510 4788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:17:15.0510 4788 McOobeSv - ok
23:17:15.0510 4788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
23:17:15.0510 4788 McProxy - ok
23:17:15.0541 4788 [ 9BBCECBE3FE5AF5958A770DC512D0473 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:17:15.0588 4788 McShield - ok
23:17:15.0619 4788 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:17:15.0650 4788 Mcx2Svc - ok
23:17:15.0666 4788 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:17:15.0666 4788 megasas - ok
23:17:15.0697 4788 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:17:15.0697 4788 MegaSR - ok
23:17:15.0712 4788 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:17:15.0759 4788 MEIx64 - ok
23:17:15.0775 4788 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
23:17:15.0806 4788 mfeapfk - ok
23:17:15.0822 4788 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
23:17:15.0868 4788 mfeavfk - ok
23:17:15.0884 4788 mfeavfk01 - ok
23:17:15.0900 4788 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:17:15.0946 4788 mfefire - ok
23:17:15.0962 4788 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
23:17:16.0009 4788 mfefirek - ok
23:17:16.0024 4788 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
23:17:16.0071 4788 mfehidk - ok
23:17:16.0071 4788 [ B5B96149BE124092F577DE54EC7D4D65 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
23:17:16.0102 4788 mferkdet - ok
23:17:16.0134 4788 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\Windows\system32\mfevtps.exe
23:17:16.0165 4788 mfevtp - ok
23:17:16.0180 4788 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
23:17:16.0212 4788 mfewfpk - ok
23:17:16.0243 4788 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:17:16.0243 4788 MMCSS - ok
23:17:16.0258 4788 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:17:16.0258 4788 Modem - ok
23:17:16.0274 4788 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:17:16.0274 4788 monitor - ok
23:17:16.0305 4788 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:17:16.0305 4788 mouclass - ok
23:17:16.0336 4788 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:17:16.0336 4788 mouhid - ok
23:17:16.0368 4788 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:17:16.0414 4788 mountmgr - ok
23:17:16.0414 4788 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:17:16.0446 4788 mpio - ok
23:17:16.0461 4788 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:17:16.0477 4788 mpsdrv - ok
23:17:16.0492 4788 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:17:16.0555 4788 MpsSvc - ok
23:17:16.0570 4788 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:17:16.0602 4788 MRxDAV - ok
23:17:16.0648 4788 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:17:16.0680 4788 mrxsmb - ok
23:17:16.0680 4788 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:17:16.0711 4788 mrxsmb10 - ok
23:17:16.0726 4788 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:17:16.0758 4788 mrxsmb20 - ok
23:17:16.0773 4788 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:17:16.0804 4788 msahci - ok
23:17:16.0820 4788 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:17:16.0851 4788 msdsm - ok
23:17:16.0867 4788 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:17:16.0882 4788 MSDTC - ok
23:17:16.0898 4788 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:17:16.0898 4788 Msfs - ok
23:17:16.0914 4788 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:17:16.0914 4788 mshidkmdf - ok
23:17:16.0945 4788 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:17:16.0945 4788 msisadrv - ok
23:17:16.0992 4788 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:17:16.0992 4788 MSiSCSI - ok
23:17:16.0992 4788 msiserver - ok
23:17:17.0007 4788 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:17:17.0007 4788 MSK80Service - ok
23:17:17.0038 4788 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:17:17.0054 4788 MSKSSRV - ok
23:17:17.0070 4788 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:17:17.0070 4788 MSPCLOCK - ok
23:17:17.0070 4788 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:17:17.0070 4788 MSPQM - ok
23:17:17.0085 4788 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:17:17.0116 4788 MsRPC - ok
23:17:17.0132 4788 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:17:17.0132 4788 mssmbios - ok
23:17:17.0132 4788 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:17:17.0132 4788 MSTEE - ok
23:17:17.0148 4788 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:17:17.0148 4788 MTConfig - ok
23:17:17.0163 4788 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:17:17.0179 4788 Mup - ok
23:17:17.0194 4788 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:17:17.0226 4788 napagent - ok
23:17:17.0241 4788 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:17:17.0241 4788 NativeWifiP - ok
23:17:17.0288 4788 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:17:17.0350 4788 NDIS - ok
23:17:17.0366 4788 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:17:17.0366 4788 NdisCap - ok
23:17:17.0397 4788 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:17:17.0397 4788 NdisTapi - ok
23:17:17.0413 4788 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:17:17.0444 4788 Ndisuio - ok
23:17:17.0475 4788 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:17:17.0506 4788 NdisWan - ok
23:17:17.0522 4788 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:17:17.0569 4788 NDProxy - ok
23:17:17.0600 4788 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:17:17.0600 4788 NetBIOS - ok
23:17:17.0616 4788 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:17:17.0647 4788 NetBT - ok
23:17:17.0647 4788 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:17:17.0647 4788 Netlogon - ok
23:17:17.0678 4788 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:17:17.0725 4788 Netman - ok
23:17:17.0740 4788 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:17:17.0818 4788 NetMsmqActivator - ok
23:17:17.0818 4788 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:17:17.0818 4788 NetPipeActivator - ok
23:17:17.0865 4788 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:17:17.0881 4788 netprofm - ok
23:17:17.0881 4788 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:17:17.0881 4788 NetTcpActivator - ok
23:17:17.0881 4788 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:17:17.0881 4788 NetTcpPortSharing - ok
23:17:17.0912 4788 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:17:17.0912 4788 nfrd960 - ok
23:17:17.0959 4788 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:17:17.0990 4788 NlaSvc - ok
23:17:18.0068 4788 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
23:17:18.0115 4788 NOBU - ok
23:17:18.0130 4788 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:17:18.0130 4788 Npfs - ok
23:17:18.0130 4788 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:17:18.0130 4788 nsi - ok
23:17:18.0146 4788 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:17:18.0146 4788 nsiproxy - ok
23:17:18.0208 4788 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:17:18.0286 4788 Ntfs - ok
23:17:18.0286 4788 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:17:18.0302 4788 Null - ok
23:17:18.0318 4788 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:17:18.0349 4788 nvraid - ok
23:17:18.0364 4788 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:17:18.0396 4788 nvstor - ok
23:17:18.0411 4788 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:17:18.0411 4788 nv_agp - ok
23:17:18.0427 4788 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:17:18.0427 4788 ohci1394 - ok
23:17:18.0474 4788 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:17:18.0520 4788 ose - ok
23:17:18.0645 4788 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:17:18.0770 4788 osppsvc - ok
23:17:18.0801 4788 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:17:18.0801 4788 p2pimsvc - ok
23:17:18.0817 4788 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:17:18.0832 4788 p2psvc - ok
23:17:18.0832 4788 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
23:17:18.0832 4788 Parport - ok
23:17:18.0848 4788 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:17:18.0879 4788 partmgr - ok
23:17:18.0895 4788 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:17:18.0895 4788 PcaSvc - ok
23:17:18.0926 4788 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:17:18.0957 4788 pci - ok
23:17:18.0973 4788 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:17:18.0988 4788 pciide - ok
23:17:18.0988 4788 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:17:18.0988 4788 pcmcia - ok
23:17:19.0004 4788 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:17:19.0004 4788 pcw - ok
23:17:19.0020 4788 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:17:19.0035 4788 PEAUTH - ok
23:17:19.0082 4788 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:17:19.0098 4788 PerfHost - ok
23:17:19.0144 4788 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:17:19.0191 4788 pla - ok
23:17:19.0238 4788 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:17:19.0285 4788 PlugPlay - ok
23:17:19.0300 4788 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:17:19.0300 4788 PNRPAutoReg - ok
23:17:19.0316 4788 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:17:19.0316 4788 PNRPsvc - ok
23:17:19.0347 4788 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:17:19.0378 4788 PolicyAgent - ok
23:17:19.0394 4788 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:17:19.0394 4788 Power - ok
23:17:19.0441 4788 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:17:19.0488 4788 PptpMiniport - ok
23:17:19.0503 4788 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:17:19.0503 4788 Processor - ok
23:17:19.0534 4788 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:17:19.0550 4788 ProfSvc - ok
23:17:19.0581 4788 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:17:19.0581 4788 ProtectedStorage - ok
23:17:19.0581 4788 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:17:19.0612 4788 Psched - ok
23:17:19.0659 4788 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:17:19.0722 4788 PxHlpa64 - ok
23:17:19.0753 4788 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:17:19.0800 4788 ql2300 - ok
23:17:19.0800 4788 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:17:19.0815 4788 ql40xx - ok
23:17:19.0862 4788 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:17:19.0862 4788 QWAVE - ok
23:17:19.0878 4788 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:17:19.0878 4788 QWAVEdrv - ok
23:17:19.0893 4788 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:17:19.0893 4788 RasAcd - ok
23:17:19.0924 4788 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:17:19.0924 4788 RasAgileVpn - ok
23:17:19.0924 4788 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:17:19.0940 4788 RasAuto - ok
23:17:19.0956 4788 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:17:19.0987 4788 Rasl2tp - ok
23:17:20.0002 4788 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:17:20.0018 4788 RasMan - ok
23:17:20.0034 4788 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:17:20.0034 4788 RasPppoe - ok
23:17:20.0034 4788 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:17:20.0049 4788 RasSstp - ok
23:17:20.0049 4788 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:17:20.0080 4788 rdbss - ok
23:17:20.0080 4788 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:17:20.0096 4788 rdpbus - ok
23:17:20.0112 4788 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:17:20.0112 4788 RDPCDD - ok
23:17:20.0112 4788 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:17:20.0127 4788 RDPENCDD - ok
23:17:20.0143 4788 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:17:20.0143 4788 RDPREFMP - ok
23:17:20.0158 4788 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:17:20.0205 4788 RDPWD - ok
23:17:20.0221 4788 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:17:20.0268 4788 rdyboost - ok
23:17:20.0283 4788 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:17:20.0283 4788 RemoteAccess - ok
23:17:20.0283 4788 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:17:20.0299 4788 RemoteRegistry - ok
23:17:20.0299 4788 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:17:20.0314 4788 RpcEptMapper - ok
23:17:20.0330 4788 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:17:20.0330 4788 RpcLocator - ok
23:17:20.0346 4788 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:17:20.0346 4788 RpcSs - ok
23:17:20.0361 4788 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:17:20.0361 4788 rspndr - ok
23:17:20.0392 4788 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:17:20.0439 4788 RTL8167 - ok
23:17:20.0455 4788 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:17:20.0455 4788 SamSs - ok
23:17:20.0455 4788 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:17:20.0502 4788 sbp2port - ok
23:17:20.0517 4788 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:17:20.0533 4788 SCardSvr - ok
23:17:20.0548 4788 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:17:20.0595 4788 scfilter - ok
23:17:20.0642 4788 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:17:20.0689 4788 Schedule - ok
23:17:20.0704 4788 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:17:20.0704 4788 SCPolicySvc - ok
23:17:20.0720 4788 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:17:20.0751 4788 SDRSVC - ok
23:17:20.0767 4788 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:17:20.0767 4788 secdrv - ok
23:17:20.0767 4788 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:17:20.0798 4788 seclogon - ok
23:17:20.0798 4788 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:17:20.0814 4788 SENS - ok
23:17:20.0829 4788 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:17:20.0829 4788 SensrSvc - ok
23:17:20.0845 4788 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
23:17:20.0845 4788 Serenum - ok
23:17:20.0876 4788 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
23:17:20.0876 4788 Serial - ok
23:17:20.0892 4788 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:17:20.0892 4788 sermouse - ok
23:17:20.0907 4788 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:17:20.0938 4788 SessionEnv - ok
23:17:20.0938 4788 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:17:20.0938 4788 sffdisk - ok
23:17:20.0954 4788 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:17:20.0954 4788 sffp_mmc - ok
23:17:20.0954 4788 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:17:20.0985 4788 sffp_sd - ok
23:17:20.0985 4788 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:17:20.0985 4788 sfloppy - ok
23:17:21.0032 4788 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:17:21.0094 4788 Sftfs - ok
23:17:21.0172 4788 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:17:21.0219 4788 sftlist - ok
23:17:21.0235 4788 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:17:21.0266 4788 Sftplay - ok
23:17:21.0266 4788 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:17:21.0297 4788 Sftredir - ok
23:17:21.0344 4788 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:17:21.0375 4788 Sftvol - ok
23:17:21.0391 4788 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:17:21.0438 4788 sftvsa - ok
23:17:21.0469 4788 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:17:21.0469 4788 SharedAccess - ok
23:17:21.0500 4788 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:17:21.0531 4788 ShellHWDetection - ok
23:17:21.0547 4788 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:17:21.0547 4788 SiSRaid2 - ok
23:17:21.0562 4788 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:17:21.0578 4788 SiSRaid4 - ok
23:17:21.0594 4788 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:17:21.0594 4788 Smb - ok
23:17:21.0625 4788 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:17:21.0625 4788 SNMPTRAP - ok
23:17:21.0672 4788 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:17:21.0672 4788 spldr - ok
23:17:21.0718 4788 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:17:21.0765 4788 Spooler - ok
23:17:21.0859 4788 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:17:21.0906 4788 sppsvc - ok
23:17:21.0937 4788 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:17:21.0952 4788 sppuinotify - ok
23:17:21.0984 4788 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:17:22.0030 4788 srv - ok
23:17:22.0046 4788 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:17:22.0077 4788 srv2 - ok
23:17:22.0077 4788 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:17:22.0108 4788 srvnet - ok
23:17:22.0140 4788 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:17:22.0140 4788 SSDPSRV - ok
23:17:22.0155 4788 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:17:22.0155 4788 SstpSvc - ok
23:17:22.0202 4788 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
23:17:22.0249 4788 ss_bbus - ok
23:17:22.0280 4788 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
23:17:22.0311 4788 ss_bmdfl - ok
23:17:22.0358 4788 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
23:17:22.0389 4788 ss_bmdm - ok
23:17:22.0420 4788 Steam Client Service - ok
23:17:22.0452 4788 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:17:22.0452 4788 stexstor - ok
23:17:22.0483 4788 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:17:22.0545 4788 stisvc - ok
23:17:22.0561 4788 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:17:22.0561 4788 swenum - ok
23:17:22.0592 4788 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:17:22.0623 4788 swprv - ok
23:17:22.0686 4788 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:17:22.0779 4788 SysMain - ok
23:17:22.0810 4788 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:17:22.0904 4788 TabletInputService - ok
23:17:22.0982 4788 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:17:23.0029 4788 TapiSrv - ok
23:17:23.0044 4788 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:17:23.0044 4788 TBS - ok
23:17:23.0107 4788 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:17:23.0185 4788 Tcpip - ok
23:17:23.0216 4788 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:17:23.0216 4788 TCPIP6 - ok
23:17:23.0247 4788 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:17:23.0294 4788 tcpipreg - ok
23:17:23.0310 4788 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:17:23.0310 4788 TDPIPE - ok
23:17:23.0341 4788 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:17:23.0372 4788 TDTCP - ok
23:17:23.0388 4788 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:17:23.0403 4788 tdx - ok
23:17:23.0419 4788 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:17:23.0450 4788 TermDD - ok
23:17:23.0466 4788 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:17:23.0512 4788 TermService - ok
23:17:23.0528 4788 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:17:23.0528 4788 Themes - ok
23:17:23.0559 4788 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:17:23.0559 4788 THREADORDER - ok
23:17:23.0606 4788 [ 853B56A43008DFFB78D240E792CCD38B ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
23:17:23.0653 4788 Tpkd - ok
23:17:23.0668 4788 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:17:23.0668 4788 TrkWks - ok
23:17:23.0715 4788 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:17:23.0762 4788 TrustedInstaller - ok
23:17:23.0762 4788 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:17:23.0793 4788 tssecsrv - ok
23:17:23.0824 4788 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:17:23.0871 4788 TsUsbFlt - ok
23:17:23.0918 4788 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:17:23.0965 4788 TsUsbGD - ok
23:17:23.0996 4788 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:17:24.0043 4788 tunnel - ok
23:17:24.0058 4788 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:17:24.0058 4788 uagp35 - ok
23:17:24.0090 4788 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:17:24.0121 4788 udfs - ok
23:17:24.0136 4788 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:17:24.0136 4788 UI0Detect - ok
23:17:24.0168 4788 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:17:24.0168 4788 uliagpkx - ok
23:17:24.0183 4788 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:17:24.0230 4788 umbus - ok
23:17:24.0230 4788 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:17:24.0246 4788 UmPass - ok
23:17:24.0246 4788 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:17:24.0261 4788 upnphost - ok
23:17:24.0292 4788 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:17:24.0324 4788 usbaudio - ok
23:17:24.0339 4788 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:17:24.0386 4788 usbccgp - ok
23:17:24.0386 4788 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:17:24.0402 4788 usbcir - ok
23:17:24.0417 4788 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:17:24.0448 4788 usbehci - ok
23:17:24.0448 4788 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:17:24.0480 4788 usbhub - ok
23:17:24.0495 4788 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:17:24.0526 4788 usbohci - ok
23:17:24.0542 4788 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:17:24.0542 4788 usbprint - ok
23:17:24.0558 4788 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:17:24.0589 4788 USBSTOR - ok
23:17:24.0620 4788 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:17:24.0667 4788 usbuhci - ok
23:17:24.0698 4788 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:17:24.0729 4788 usbvideo - ok
23:17:24.0745 4788 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:17:24.0745 4788 UxSms - ok
23:17:24.0760 4788 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:17:24.0760 4788 VaultSvc - ok
23:17:24.0760 4788 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:17:24.0776 4788 vdrvroot - ok
23:17:24.0807 4788 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:17:24.0854 4788 vds - ok
23:17:24.0870 4788 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:17:24.0870 4788 vga - ok
23:17:24.0885 4788 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:17:24.0885 4788 VgaSave - ok
23:17:24.0901 4788 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:17:24.0932 4788 vhdmp - ok
23:17:24.0932 4788 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:17:24.0932 4788 viaide - ok
23:17:24.0948 4788 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:17:24.0979 4788 volmgr - ok
23:17:24.0994 4788 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:17:25.0026 4788 volmgrx - ok
23:17:25.0041 4788 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:17:25.0072 4788 volsnap - ok
23:17:25.0088 4788 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:17:25.0088 4788 vsmraid - ok
23:17:25.0135 4788 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:17:25.0182 4788 VSS - ok
23:17:25.0197 4788 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:17:25.0197 4788 vwifibus - ok
23:17:25.0244 4788 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:17:25.0260 4788 W32Time - ok
23:17:25.0260 4788 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:17:25.0260 4788 WacomPen - ok
23:17:25.0291 4788 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:17:25.0338 4788 WANARP - ok
23:17:25.0353 4788 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:17:25.0353 4788 Wanarpv6 - ok
23:17:25.0400 4788 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:17:25.0462 4788 WatAdminSvc - ok
23:17:25.0509 4788 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:17:25.0572 4788 wbengine - ok
23:17:25.0603 4788 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:17:25.0603 4788 WbioSrvc - ok
23:17:25.0634 4788 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:17:25.0634 4788 wcncsvc - ok
23:17:25.0650 4788 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:17:25.0650 4788 WcsPlugInService - ok
23:17:25.0681 4788 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
23:17:25.0681 4788 Wd - ok
23:17:25.0712 4788 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:17:25.0774 4788 Wdf01000 - ok
23:17:25.0821 4788 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:17:25.0821 4788 WdiServiceHost - ok
23:17:25.0821 4788 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:17:25.0837 4788 WdiSystemHost - ok
23:17:25.0837 4788 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:17:25.0868 4788 WebClient - ok
23:17:25.0868 4788 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:17:25.0884 4788 Wecsvc - ok
23:17:25.0884 4788 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:17:25.0899 4788 wercplsupport - ok
23:17:25.0915 4788 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:17:25.0930 4788 WerSvc - ok
23:17:25.0946 4788 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:17:25.0946 4788 WfpLwf - ok
23:17:25.0962 4788 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:17:25.0962 4788 WIMMount - ok
23:17:25.0993 4788 WinDefend - ok
23:17:25.0993 4788 WinHttpAutoProxySvc - ok
23:17:26.0024 4788 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:17:26.0024 4788 Winmgmt - ok
23:17:26.0086 4788 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:17:26.0149 4788 WinRM - ok
23:17:26.0196 4788 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:17:26.0211 4788 Wlansvc - ok
23:17:26.0242 4788 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:17:26.0289 4788 wlcrasvc - ok
23:17:26.0336 4788 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:17:26.0367 4788 wlidsvc - ok
23:17:26.0367 4788 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:17:26.0367 4788 WmiAcpi - ok
23:17:26.0383 4788 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:17:26.0383 4788 wmiApSrv - ok
23:17:26.0398 4788 WMPNetworkSvc - ok
23:17:26.0398 4788 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:17:26.0414 4788 WPCSvc - ok
23:17:26.0430 4788 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:17:26.0445 4788 WPDBusEnum - ok
23:17:26.0461 4788 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:17:26.0461 4788 ws2ifsl - ok
23:17:26.0476 4788 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:17:26.0476 4788 wscsvc - ok
23:17:26.0476 4788 WSearch - ok
23:17:26.0539 4788 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:17:26.0586 4788 wuauserv - ok
23:17:26.0632 4788 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:17:26.0664 4788 WudfPf - ok
23:17:26.0695 4788 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:17:26.0726 4788 WUDFRd - ok
23:17:26.0742 4788 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:17:26.0773 4788 wudfsvc - ok
23:17:26.0788 4788 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:17:26.0788 4788 WwanSvc - ok
23:17:26.0804 4788 ================ Scan global ===============================
23:17:26.0820 4788 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:17:26.0866 4788 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:17:26.0913 4788 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:17:26.0929 4788 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:17:26.0960 4788 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:17:26.0960 4788 [Global] - ok
23:17:26.0960 4788 ================ Scan MBR ==================================
23:17:26.0976 4788 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:17:27.0147 4788 \Device\Harddisk0\DR0 - ok
23:17:27.0147 4788 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
23:17:27.0678 4788 \Device\Harddisk2\DR2 - ok
23:17:27.0678 4788 ================ Scan VBR ==================================
23:17:27.0678 4788 [ FE29C47175477626AFCD46E5314171E9 ] \Device\Harddisk0\DR0\Partition1
23:17:27.0678 4788 \Device\Harddisk0\DR0\Partition1 - ok
23:17:27.0693 4788 [ D32B4FF7040589B3627B61BE22C09903 ] \Device\Harddisk0\DR0\Partition2
23:17:27.0693 4788 \Device\Harddisk0\DR0\Partition2 - ok
23:17:27.0693 4788 [ C91C56E8D49FE3AB2B88A347371945B5 ] \Device\Harddisk2\DR2\Partition1
23:17:27.0693 4788 \Device\Harddisk2\DR2\Partition1 - ok
23:17:27.0693 4788 ============================================================
23:17:27.0693 4788 Scan finished
23:17:27.0693 4788 ============================================================
23:17:27.0709 2008 Detected object count: 0
23:17:27.0709 2008 Actual detected object count: 0
23:18:07.0224 1044 Deinitialize success


Security Check log:

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 37
Java version out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


FSS Log:

Farbar Service Scanner Version: 10-12-2012
Ran by Heatseeqerz (administrator) on 22-12-2012 at 23:30:55
Running from "C:\Users\Heatseeqerz\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

And finally, Tollbox Log:


MiniToolBox by Farbar Version: 25-11-2012
Ran by Heatseeqerz (administrator) on 22-12-2012 at 23:35:42
Running from "C:\Users\Heatseeqerz\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Heatseeqerz-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : D0-67-E5-28-FF-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::98c8:4c80:5180:e457%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 December 2012 20:57:15
Lease Expires . . . . . . . . . . : 23 December 2012 20:57:15
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 248539109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-62-6C-6C-D0-67-E5-28-FF-EF
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:4a3:2fe9:a524:3c93(Preferred)
Link-local IPv6 Address . . . . . : fe80::4a3:2fe9:a524:3c93%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: SkyRouter.Home
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:808::1003
173.194.41.133
173.194.41.134
173.194.41.135
173.194.41.136
173.194.41.137
173.194.41.142
173.194.41.128
173.194.41.129
173.194.41.130
173.194.41.131
173.194.41.132


Pinging google.com [173.194.41.133] with 32 bytes of data:
Reply from 173.194.41.133: bytes=32 time=62ms TTL=57
Reply from 173.194.41.133: bytes=32 time=30ms TTL=57

Ping statistics for 173.194.41.133:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 62ms, Average = 46ms
Server: SkyRouter.Home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=221ms TTL=54
Reply from 72.30.38.140: bytes=32 time=188ms TTL=54

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 188ms, Maximum = 221ms, Average = 204ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...d0 67 e5 28 ff ef ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:5ef5:79fb:4a3:2fe9:a524:3c93/128
On-link
11 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::4a3:2fe9:a524:3c93/128
On-link
11 276 fe80::98c8:4c80:5180:e457/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/22/2012 08:58:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2012 10:38:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2012 10:37:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2012 10:36:42 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/21/2012 10:36:42 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/21/2012 10:36:42 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/21/2012 10:36:42 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (12/21/2012 10:36:40 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/21/2012 10:36:40 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/21/2012 10:36:40 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (12/22/2012 08:57:16 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (12/22/2012 08:57:16 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

Error: (12/22/2012 08:56:23 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/22/2012 10:36:32 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%1053

Error: (12/22/2012 10:36:32 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

Error: (12/22/2012 01:17:16 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/21/2012 10:37:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (12/21/2012 10:37:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (12/21/2012 10:36:42 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/21/2012 10:36:42 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.


Microsoft Office Sessions:
=========================
Error: (12/22/2012 08:58:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2012 10:38:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2012 10:37:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2012 10:36:42 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/21/2012 10:36:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/21/2012 10:36:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/21/2012 10:36:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/21/2012 10:36:40 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/21/2012 10:36:40 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/21/2012 10:36:40 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt


CodeIntegrity Errors:
===================================
Date: 2012-10-16 01:38:23.184
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-10-16 01:38:23.168
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe AIR (Version: 3.4.0.2540)
Adobe Flash Media Live Encoder 3.2 (Version: 3.2.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Photoshop Elements 10 (Version: 10.0)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
AMD APP SDK Runtime (Version: 2.4.650.9)
Apple Mobile Device Support (Version: 5.2.0.6)
ASIO4ALL (Version: 2.10)
Assassin's Creed (Version: 1.02)
ATI AVIVO64 Codecs (Version: 11.6.0.10628)
ATI Catalyst Install Manager (Version: 3.0.829.0)
BitTorrent (Version: 7.6.1)
Blio (Version: 2.3.7140)
Blue Cat's Chorus VST-x64 4.01 (Version: 4.01)
Blue Cat's Flanger VST-x64 3.01 (Version: 3.01)
Blue Cat's Freeware Pack VST-x64 2.01 (Version: 2.01)
Blue Cat's FreqAnalyst VST-x64 2.01 (Version: 2.01)
Blue Cat's Gain Suite VST-x64 3.01 (Version: 3.01)
Blue Cat's Phaser VST-x64 3.01 (Version: 3.01)
Blue Cat's Triple EQ VST-x64 4.01 (Version: 4.01)
Bonjour (Version: 3.0.0.10)
Broomstick Bass 1.0.0
Camel Audio Camel Phat VST v3.15
Camel Audio Camel Space VST v1.15
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0628.2340.40663)
Catalyst Control Center InstallProxy (Version: 2011.0628.2340.40663)
Catalyst Control Center Localization All (Version: 2011.0628.2340.40663)
ccc-utility64 (Version: 2011.0628.2340.40663)
CCC Help Chinese Standard (Version: 2011.0628.2339.40663)
CCC Help Chinese Traditional (Version: 2011.0628.2339.40663)
CCC Help Czech (Version: 2011.0628.2339.40663)
CCC Help Danish (Version: 2011.0628.2339.40663)
CCC Help Dutch (Version: 2011.0628.2339.40663)
CCC Help English (Version: 2011.0628.2339.40663)
CCC Help Finnish (Version: 2011.0628.2339.40663)
CCC Help French (Version: 2011.0628.2339.40663)
CCC Help German (Version: 2011.0628.2339.40663)
CCC Help Greek (Version: 2011.0628.2339.40663)
CCC Help Hungarian (Version: 2011.0628.2339.40663)
CCC Help Italian (Version: 2011.0628.2339.40663)
CCC Help Japanese (Version: 2011.0628.2339.40663)
CCC Help Korean (Version: 2011.0628.2339.40663)
CCC Help Norwegian (Version: 2011.0628.2339.40663)
CCC Help Polish (Version: 2011.0628.2339.40663)
CCC Help Portuguese (Version: 2011.0628.2339.40663)
CCC Help Russian (Version: 2011.0628.2339.40663)
CCC Help Spanish (Version: 2011.0628.2339.40663)
CCC Help Swedish (Version: 2011.0628.2339.40663)
CCC Help Thai (Version: 2011.0628.2339.40663)
CCC Help Turkish (Version: 2011.0628.2339.40663)
CCleaner (Version: 3.21)
Conexant HD Audio (Version: 8.50.4.0)
Contrôle ActiveX Windows Live Mesh pour connexions ŕ distance (Version: 15.4.5722.2)
CyberLink PowerDVD 9.5 (Version: 9.5.1.4418)
D3DX10 (Version: 15.4.2368.0902)
Dailymotion Mass Uploader (Version: 0.1.1)
Dell DataSafe Online (Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell MusicStage (Version: 1.5.201.0)
Dell PhotoStage (Version: 1.5.0.65)
Dell Stage (Version: 1.5.201.0)
Dell VideoStage (Version: 1.2.0.1712)
DiversionFX Computer Music Edition version 1.0 (Version: 1.0)
Dropbox (Version: 1.6.9)
DS-Monkey Audio Source 1.00
Elements 10 Organizer (Version: 10.0)
FL Studio 10
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 23.0.1271.97)
Intel A/V Codecs V2.0
iZotope Alloy 2 (Version: 2.01)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 15.4.3502.0922)
Loomer Cumulus
Max Payne
McAfee SecurityCenter (Version: 11.6.443)
MeldaProduction MMultiBandGranular64 7
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
Native Instruments Kontakt 5 (Version: 5.0.1.5371)
Native Instruments Massive (Version: 1.1.5.1967)
Native Instruments Traktor 2 (Version: 2.0.1.10169)
Ohm Force - Ohmicide RTAS
OpenMPT 1.20 (Version: 1.20.02.00)
PCM Native Reverb VST Plug-in
PCM Native Reverb VST Plug-in (Version: 1.0.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PSE10 STI Installer (Version: 10.0)
Rob Papen Albino 3
Sample Modeling Mr. Sax T
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Shared C Run-time for x64 (Version: 10.0.0)
Sonalksis Plug-Ins for Windows 3.00
Sonitex STX-1260 v1.0
SONiVOX DVI Afro-Cuban Percussion
SONiVOX DVI Atsia Percussion
SONiVOX DVI Taylor Acoustic Guitar
Soundforum Synth
Steam (Version: 1.0.0.0)
Sylenth1 VSTclub Edition v2.2.1.1
Tom Clancy's Splinter Cell Conviction (Version: 1.00.000)
TubeOhm Pure-PoneV1_6
Ubisoft Game Launcher (Version: 1.0.0.0)
UninstallTpkdx64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
WaveLab 6 (Version: 6.1.1.353)
Waves Diamond Bundle v5.0
Waves L3 v5.2
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip 15.0 (Version: 15.0.9302)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Zinio Reader 4 (Version: 4.2.4164)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 4078.64 MB
Available physical RAM: 3014.24 MB
Total Pagefile: 8155.48 MB
Available Pagefile: 6407.94 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.02 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:930.74 GB) (Free:598.51 GB) NTFS
2 Drive d: (FM260) (CDROM) (Total:3.48 GB) (Free:0 GB) UDF
3 Drive e: (exstan) (Fixed) (Total:37.25 GB) (Free:1.17 GB) NTFS

========================= Users: ========================================

User accounts for \\HEATSEEQERZ-PC

Administrator Guest Heatseeqerz

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

14-12-2012 19:16:30 Installed SpyHunter
14-12-2012 19:45:37 Removed SpyHunter
18-12-2012 08:53:56 Windows Update
21-12-2012 10:09:08 Windows Update
21-12-2012 18:35:21 Windows Update

**** End of log ****


Here is in hope we can solve whatever the issue is. And Thank you for the assistance so far.

#5 Aperson

Aperson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 23 December 2012 - 08:18 AM

I also forgot to ad that i have not found any real significant change during the process. And the strange issue with Livestream is still happening. I feel the issue is inside google Chrome itself. As it can sync with other computers i use and sign in with, one can assume the issue effecting my lap top as well, to be Chrome related. Though i have run un sync twice now, unless it has got in through network which i doubt because although the issues are a little strange, it is hardly tantamount to any usual virus activity. More quite like some file has been corrupted somehow or perhaps none of these things. But at least an elimination of various possibilities will give me a better idea of what to do next.

Thanks...

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:06 AM

Posted 23 December 2012 - 09:30 AM

Hi

Please do the following next:

:step1:

Going over your logs I noticed that you have Bittorrent installed.
  • Avoid peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • P2p programs share a directory or set of directories on your computer to the world. Anyone can type in a search, and potentially download something from your computer. This makes the machine an open web server -- massively increasing the attack surface of the machine.
  • To reduce the risk of infection avoid using any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Bittorrent, however that choice is up to you.

If you choose to remove these programs, you can do so via:

  • Click the "Windows Orb" button - Posted Image.
  • Click Control Panel then Programs and Features..

If you wish to keep it, please do not use it until your computer is cleaned.


:step2:

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step3:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step4:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step5:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 Aperson

Aperson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 23 December 2012 - 02:07 PM

Hello. I have run malware bytes and have log. However, the instructions for the online scan are ambiguous . I do not see a EST olline scan tab as you have shown in this post. Further; the instructions to disable Macafee do not do that. There is no right click to "Exit" the only way to turn off, is to manually open the interface ant turn if each aspect individually on by one. Or i can select to turn of anti virus. It has Firwall and email scanner, etc and each need to be turned off individually.

Also, i have no idea if i am running an online scan or downloading and EXE here. If i click "RUN online scan" it says :

Internet browser support
You are trying to launch ESET Online Scanner in a different browser than Internet Explorer. Please agree to the download of ESET Smart Installer - an application which installs and launches ESET Online Scanner in a separate window. At the end of the scan, there will be an option to uninstall ESET Online Scanner and all its components.
To download ESET Smart Installer click the link below.
esetsmartinstaller_enu.exe
After successful installation of ESET Smart Installer is ESET Online Scanner launched in a new window.

Do i simply download the EXE and run the scan from that after turning of the basic Macafee AV ?

Thanks..

#8 Aperson

Aperson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 23 December 2012 - 05:12 PM

Ok, we found 12 threats from the online scan.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Heatseeqerz :: HEATSEEQERZ-PC [administrator]

Protection: Enabled

23/12/2012 16:59:21
mbam-log-2012-12-23 (18-38-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 513036
Time elapsed: 1 hour(s), 38 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Heatseeqerz\Downloads\Albino.VSTi.v3.0.2.\Rob.Papen.Albino.VSTi.v3.0.2.\Albino3Installer302.exe (Trojan.Dropper) -> No action taken.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.

(end)


Virus scan result:

C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
C:\Users\Heatseeqerz\Desktop\Downloads\Adobe PhotoShop Elements 10.rar BAT/HostsChanger.A application deleted - quarantined
C:\Users\Heatseeqerz\Desktop\Downloads\Adobe PhotoShop Elements 10\Adobe PhotoShop Elements 10\ [CS5] v2.0.bat BAT/HostsChanger.A application cleaned by deleting - quarantined
C:\Users\Heatseeqerz\Downloads\FL Studio 10.0.9c Producer Edition Final key \flstudio_10.0.9c.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Heatseeqerz\Downloads\Loops\WinZip165Multi-language.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Users\Heatseeqerz\Downloads\New MUSIC MIXING\Afreecodec_downloader_For_SONAR.exe a variant of Win32/BSDownloader application cleaned by deleting - quarantined
C:\Users\Heatseeqerz\Downloads\New MUSIC MIXING\Best_Service_Chris_Hein_Horns_Compact_KONTAKT_(PC_MacOSX)_2012_downloader_119.exe probably a variant of Win32/ExpressFiles application cleaned by deleting - quarantined
C:\Users\Heatseeqerz\Downloads\Tech Vibez\studio_10.6_beta.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\cOPY OF dOCUMENTS\Downloads\Studio.Edition.v10.0.0\Studio.Edition.v10.0.0\studio_10.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\Dell-1\BestRemovalTool_Setup.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined
E:\Downloads3\Downloads\Downloads\RegistryCleanerFree-2.2.7.8.Setup.exe a variant of Win32/Adware.RealRegistryCleaner application cleaned by deleting - quarantined
E:\INSTALL-NEW\Downloads\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined

I Note: Many of these are legit files and are or once was housed on E drive (And another external drive i have) which are from my old PC as most of what i have on this new PC is legit except for splinter Cell and photoshop which no longer works now anyway. However i had no idea these two was infected. Is it likely that the other majority of files was infected while in the external drives - or my last PC which happen to become unusable at one point and i had to format the whole drive before i sold it on. It seems likely that a bad infection spread to many files because, like i say. Many of these are legit files. Even Demos and betas downloaded from the maker sites! Anyway, here is the final Reports:

awdCleaner:


# AdwCleaner v2.101 - Logfile created 12/23/2012 at 21:49:43
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Heatseeqerz - HEATSEEQERZ-PC
# Boot Mode : Normal
# Running from : C:\Users\Heatseeqerz\Desktop\AdwCleaner (1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Heatseeqerz\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Heatseeqerz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1454 octets] - [14/12/2012 19:51:59]
AdwCleaner[R2].txt - [917 octets] - [23/12/2012 21:49:43]
AdwCleaner[S1].txt - [1572 octets] - [14/12/2012 19:52:47]

########## EOF - C:\AdwCleaner[R2].txt - [1036 octets] ##########

I am about to reboot and i will report back how the PC is running shortly.

Thanks so far.

#9 Aperson

Aperson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 23 December 2012 - 05:22 PM

I think the last adwcleaner file is one from a previous scan i did to remove conduit. If i can find the last one i will post that.



Ok, i searched but can not find it. I need to clean up now i assume?

The PC still seems strange to me and the Livestream issue still exits. This is a massive site and has Premium Livestream account , yet after the advert has run, i get a blanc black screen with no live show.

Have a look what i mean yourself: http://www.radio4by4.com/Live/House/tabid/1261/Default.aspx the issue is not related to the site because it is just a player linked from livestream the same as one may link youtube on a web page, except with livestream we have a user and pass to braodcast live radio shows direct to that screen you see. Yet i can get all shows from a site that is housed on radio4by4 called Livegrooves and i can not get 2 other sites that are all the same (DJ Communities) even recorded FLV files will not play back from the library for me and THIS is proof that something is wrong on my PC and that it is also happening on the lap top says Google Chrome is at fault but it is doing it with Internet explorer, too :(

Maybe i need to re install Google? As stated, this is happening on my lap top as well.

Edited by Aperson, 24 December 2012 - 03:09 PM.


#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:06 AM

Posted 24 December 2012 - 03:54 PM

Hi

Lets tackle each obstacle one at a time:

:step1:

I see you have version 11 of McAfee Security Centre installed according to earlier logs you provided.

Try the below and let me know how it went your next reply:

To disable VirusScan

1) Double-click the taskbar icon to open SecurityCenter

2) Click Virus and Spyware Protection

3) Click Real-Time Scanning

4) Turn off and tell it for how long you wish it to remain that way.

Edited by dev00790, 24 December 2012 - 03:54 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 Aperson

Aperson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 24 December 2012 - 04:15 PM

Hello Dev. I did that and same results after it. The repeated that but disabled adblock and still no video.

Here is an image from inside my livestream studio where i have an account. Note the video screen? Weel, there is a play and pause button and they are flickering and can not be clicked at all. This is a set a selected from the library of recorded live sets. One can cue them to play on the website or just watch from there or download them. I would assume some sort of filter or file is needed to watch them but all you need is flash and if i did not have this fully working, how come i CAN watch FLV streams from Livegrooves.com but no other site that is using the SAME livestream process and studio. I am a member of them all and can go into the studio on all of them. They are all the same thing.

It does not make sense to me at all.

Posted Image

Edited by Aperson, 24 December 2012 - 04:26 PM.


#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:06 AM

Posted 24 December 2012 - 04:23 PM

Hi

Currently we're trying to disable McAfee temporarily so that it less likely to interfere with ESET scan.

We'll look into the video problem you mentioned later.

Do the instructions I gave not allow you to disable McAfee Security centre? - If this is the case at which point?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 Aperson

Aperson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 24 December 2012 - 04:28 PM

I did disable Mcafee when i run the ESNET scan the first time. You can not disable Macafee completely. You have to turn each component off one by one.

Edited by Aperson, 24 December 2012 - 04:30 PM.


#14 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:06 AM

Posted 24 December 2012 - 04:46 PM

Ok, as you say you managed to disable McAfee before running the ESET scan earlier, and the ESET scan seemed to work fine (a typical log was produced) we'll treat that as not an issue.

Next:

:step1:

Please rerun MBAM as per step 2 of my earlier post here - this is since "No action taken" for 2 entries is on the earlier MBAM log.

Post the full contents of the latest MBAM log in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#15 Aperson

Aperson
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 27 December 2012 - 09:56 AM

Hello Dev. Trust you had a Good Christmas break.

Here is the report from MBAM:


Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.24.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Heatseeqerz :: HEATSEEQERZ-PC [administrator]

Protection: Enabled

26/12/2012 09:56:51
mbam-log-2012-12-26 (09-56-51).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 512579
Time elapsed: 1 hour(s), 36 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users