Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows defender and firewall won't start

Started by Woes!! , Jun 28 2012 10:17 PM

  • Please log in to reply
18 replies to this topic

#1 Woes!!

Woes!!

    New Member

  • Members
  • Pip
  • 12 posts

Posted 28 June 2012 - 10:17 PM

Hi all,
So I recently got infected by a trojan and I couldn't start MS Security Essentials. So I panicked and downloaded the free version of avira and avast anti virus. I first ran avira and it told me that I was infected with the virus TR/ATRAPS.Gen2. After the scan, I put the virus under quarantine (the same virus was in multiple locations). Then I ran avast just to re-check and there were no viruses. So I removed avast (couldn't remove avira..need to check online for that). Then I uninstalled and re-installed security essentials. Now SE is running but windows firewall and defender are not :(

I searched online and came across a couple of solutions. This is what I did to try to get firewall and defender to run:

1. In services, 'Base Filtering Engine' was missing, so downloaded the registry key online and started the service
2. Downloaded the registry keys for both windows firewall and windows defender
3. Tried to start windows defender service manually from services.msc. This is the error message I obtained "Windows could not start the Windows Defender Service on Local Computer. Error 126: The specified module could not be found"
4. Similarly, when I try to start windows firewall manually, the error message is "Windows could not start the Windows Firewall on Local Computer. Fore more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 5." (Not sure how to go to the System Event Log, so cannot copy the log here :( )


I downloaded the SecurityCheck utility and pasting the output below:

Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 30
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



Please let me know how to resolve this. I am hoping this gets solved without having to install windows all over again.

Any help would be greatly appreciated

Edited by Woes!!, 28 June 2012 - 10:29 PM.

 

  • BC Ads
  • BleepingComputer.com

#2 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,366 posts
  • Gender:Male
  • Location:India

Posted 29 June 2012 - 01:24 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Woes!!

Woes!!

    New Member

  • Members
  • Pip
  • 12 posts

Posted 30 June 2012 - 08:14 PM

Hi,
Thanks for the reply. As requested, I have pasted the logs below:

TDSSkiller:

18:03:35.0915 1272 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
18:03:36.0383 1272 ============================================================
18:03:36.0383 1272 Current date / time: 2012/06/30 18:03:36.0383
18:03:36.0383 1272 SystemInfo:
18:03:36.0383 1272
18:03:36.0383 1272 OS Version: 6.1.7600 ServicePack: 0.0
18:03:36.0383 1272 Product type: Workstation
18:03:36.0383 1272 ComputerName: BHAIRAVI-PC
18:03:36.0383 1272 UserName: Bhairavi
18:03:36.0383 1272 Windows directory: C:\windows
18:03:36.0383 1272 System windows directory: C:\windows
18:03:36.0383 1272 Running under WOW64
18:03:36.0383 1272 Processor architecture: Intel x64
18:03:36.0383 1272 Number of processors: 4
18:03:36.0383 1272 Page size: 0x1000
18:03:36.0383 1272 Boot type: Normal boot
18:03:36.0383 1272 ============================================================
18:03:37.0553 1272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:03:37.0569 1272 ============================================================
18:03:37.0569 1272 \Device\Harddisk0\DR0:
18:03:37.0569 1272 MBR partitions:
18:03:37.0569 1272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:03:37.0569 1272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
18:03:37.0600 1272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
18:03:37.0600 1272 ============================================================
18:03:37.0647 1272 C: <-> \Device\Harddisk0\DR0\Partition1
18:03:37.0678 1272 D: <-> \Device\Harddisk0\DR0\Partition2
18:03:37.0678 1272 ============================================================
18:03:37.0678 1272 Initialize success
18:03:37.0678 1272 ============================================================
18:03:53.0286 1436 ============================================================
18:03:53.0286 1436 Scan started
18:03:53.0286 1436 Mode: Manual; TDLFS;
18:03:53.0286 1436 ============================================================
18:03:53.0801 1436 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
18:03:53.0832 1436 1394ohci - ok
18:03:53.0879 1436 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
18:03:53.0895 1436 ACPI - ok
18:03:53.0926 1436 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
18:03:53.0941 1436 AcpiPmi - ok
18:03:53.0988 1436 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
18:03:53.0988 1436 ACPIVPC - ok
18:03:54.0175 1436 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:54.0175 1436 AdobeFlashPlayerUpdateSvc - ok
18:03:54.0285 1436 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
18:03:54.0316 1436 adp94xx - ok
18:03:54.0394 1436 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
18:03:54.0425 1436 adpahci - ok
18:03:54.0456 1436 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
18:03:54.0472 1436 adpu320 - ok
18:03:54.0519 1436 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:03:54.0519 1436 AeLookupSvc - ok
18:03:54.0612 1436 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
18:03:54.0659 1436 AFD - ok
18:03:54.0706 1436 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
18:03:54.0706 1436 agp440 - ok
18:03:54.0753 1436 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:03:54.0753 1436 ALG - ok
18:03:54.0815 1436 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
18:03:54.0815 1436 aliide - ok
18:03:54.0815 1436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
18:03:54.0831 1436 amdide - ok
18:03:54.0862 1436 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
18:03:54.0877 1436 AmdK8 - ok
18:03:54.0893 1436 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
18:03:54.0893 1436 AmdPPM - ok
18:03:54.0955 1436 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\DRIVERS\amdsata.sys
18:03:54.0971 1436 amdsata - ok
18:03:55.0018 1436 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
18:03:55.0049 1436 amdsbs - ok
18:03:55.0080 1436 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\DRIVERS\amdxata.sys
18:03:55.0080 1436 amdxata - ok
18:03:55.0314 1436 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:03:55.0330 1436 AntiVirSchedulerService - ok
18:03:55.0408 1436 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:03:55.0423 1436 AntiVirService - ok
18:03:55.0486 1436 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
18:03:55.0501 1436 AppID - ok
18:03:55.0548 1436 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:03:55.0548 1436 AppIDSvc - ok
18:03:55.0564 1436 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
18:03:55.0564 1436 Appinfo - ok
18:03:55.0673 1436 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:03:55.0689 1436 Apple Mobile Device - ok
18:03:55.0735 1436 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
18:03:55.0751 1436 arc - ok
18:03:55.0767 1436 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
18:03:55.0782 1436 arcsas - ok
18:03:55.0907 1436 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:03:55.0923 1436 aspnet_state - ok
18:03:55.0954 1436 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:03:55.0954 1436 AsyncMac - ok
18:03:55.0985 1436 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
18:03:55.0985 1436 atapi - ok
18:03:56.0079 1436 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
18:03:56.0094 1436 AudioEndpointBuilder - ok
18:03:56.0110 1436 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
18:03:56.0125 1436 AudioSrv - ok
18:03:56.0172 1436 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\windows\system32\DRIVERS\avgntflt.sys
18:03:56.0188 1436 avgntflt - ok
18:03:56.0250 1436 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\windows\system32\DRIVERS\avipbb.sys
18:03:56.0250 1436 avipbb - ok
18:03:56.0297 1436 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
18:03:56.0297 1436 avkmgr - ok
18:03:56.0344 1436 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
18:03:56.0344 1436 AxInstSV - ok
18:03:56.0422 1436 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
18:03:56.0453 1436 b06bdrv - ok
18:03:56.0541 1436 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:03:56.0575 1436 b57nd60a - ok
18:03:56.0934 1436 BCM43XX (47b210f18d8a7762c508960c4e475fb0) C:\windows\system32\DRIVERS\bcmwl664.sys
18:03:56.0986 1436 BCM43XX - ok
18:03:57.0135 1436 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:03:57.0137 1436 BDESVC - ok
18:03:57.0216 1436 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:03:57.0224 1436 Beep - ok
18:03:57.0343 1436 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
18:03:57.0355 1436 BFE - ok
18:03:57.0448 1436 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
18:03:57.0466 1436 BITS - ok
18:03:57.0541 1436 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:03:57.0549 1436 blbdrive - ok
18:03:57.0656 1436 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:03:57.0674 1436 Bonjour Service - ok
18:03:57.0742 1436 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
18:03:57.0753 1436 bowser - ok
18:03:57.0781 1436 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
18:03:57.0786 1436 BrFiltLo - ok
18:03:57.0806 1436 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
18:03:57.0812 1436 BrFiltUp - ok
18:03:57.0851 1436 Bridge0 (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
18:03:57.0863 1436 Bridge0 - ok
18:03:57.0924 1436 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
18:03:57.0926 1436 Browser - ok
18:03:57.0977 1436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:03:58.0001 1436 Brserid - ok
18:03:58.0013 1436 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:03:58.0022 1436 BrSerWdm - ok
18:03:58.0034 1436 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:03:58.0074 1436 BrUsbMdm - ok
18:03:58.0081 1436 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:03:58.0095 1436 BrUsbSer - ok
18:03:58.0154 1436 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
18:03:58.0163 1436 BthEnum - ok
18:03:58.0178 1436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
18:03:58.0192 1436 BTHMODEM - ok
18:03:58.0208 1436 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
18:03:58.0220 1436 BthPan - ok
18:03:58.0296 1436 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
18:03:58.0321 1436 BTHPORT - ok
18:03:58.0372 1436 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:03:58.0374 1436 bthserv - ok
18:03:58.0409 1436 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
18:03:58.0420 1436 BTHUSB - ok
18:03:58.0473 1436 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\windows\system32\drivers\btusbflt.sys
18:03:58.0533 1436 btusbflt - ok
18:03:58.0585 1436 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\windows\system32\drivers\btwaudio.sys
18:03:58.0597 1436 btwaudio - ok
18:03:58.0626 1436 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\windows\system32\DRIVERS\btwavdt.sys
18:03:58.0637 1436 btwavdt - ok
18:03:58.0785 1436 btwdins (c73eb036bfc5a27b9cb87b29f7ed88c3) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
18:03:58.0814 1436 btwdins - ok
18:03:58.0846 1436 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
18:03:58.0856 1436 btwl2cap - ok
18:03:58.0875 1436 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\windows\system32\DRIVERS\btwrchid.sys
18:03:58.0887 1436 btwrchid - ok
18:03:58.0923 1436 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:03:58.0934 1436 cdfs - ok
18:03:58.0986 1436 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
18:03:59.0001 1436 cdrom - ok
18:03:59.0043 1436 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
18:03:59.0045 1436 CertPropSvc - ok
18:03:59.0091 1436 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
18:03:59.0103 1436 circlass - ok
18:03:59.0169 1436 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:03:59.0200 1436 CLFS - ok
18:03:59.0271 1436 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:03:59.0285 1436 clr_optimization_v2.0.50727_32 - ok
18:03:59.0322 1436 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:03:59.0334 1436 clr_optimization_v2.0.50727_64 - ok
18:03:59.0437 1436 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:03:59.0439 1436 clr_optimization_v4.0.30319_32 - ok
18:03:59.0497 1436 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:03:59.0501 1436 clr_optimization_v4.0.30319_64 - ok
18:03:59.0548 1436 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:03:59.0553 1436 CmBatt - ok
18:03:59.0567 1436 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
18:03:59.0574 1436 cmdide - ok
18:03:59.0649 1436 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
18:03:59.0675 1436 CNG - ok
18:03:59.0777 1436 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys
18:03:59.0803 1436 CnxtHdAudService - ok
18:03:59.0873 1436 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
18:03:59.0880 1436 Compbatt - ok
18:03:59.0907 1436 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
18:03:59.0917 1436 CompositeBus - ok
18:03:59.0937 1436 COMSysApp - ok
18:03:59.0960 1436 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
18:03:59.0969 1436 crcdisk - ok
18:04:00.0032 1436 CryptSvc (f02786b66375292e58c8777082d4396d) C:\windows\system32\cryptsvc.dll
18:04:00.0037 1436 CryptSvc - ok
18:04:00.0114 1436 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
18:04:00.0125 1436 DcomLaunch - ok
18:04:00.0173 1436 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:04:00.0178 1436 defragsvc - ok
18:04:00.0206 1436 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
18:04:00.0217 1436 DfsC - ok
18:04:00.0272 1436 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
18:04:00.0278 1436 Dhcp - ok
18:04:00.0306 1436 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:04:00.0316 1436 discache - ok
18:04:00.0359 1436 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
18:04:00.0370 1436 Disk - ok
18:04:00.0406 1436 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
18:04:00.0409 1436 Dnscache - ok
18:04:00.0467 1436 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
18:04:00.0472 1436 dot3svc - ok
18:04:00.0510 1436 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
18:04:00.0513 1436 DPS - ok
18:04:00.0555 1436 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:04:00.0560 1436 drmkaud - ok
18:04:00.0673 1436 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
18:04:00.0699 1436 DXGKrnl - ok
18:04:00.0747 1436 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:04:00.0750 1436 EapHost - ok
18:04:01.0049 1436 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
18:04:01.0160 1436 ebdrv - ok
18:04:01.0270 1436 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
18:04:01.0272 1436 EFS - ok
18:04:01.0381 1436 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
18:04:01.0393 1436 ehRecvr - ok
18:04:01.0449 1436 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:04:01.0452 1436 ehSched - ok
18:04:01.0577 1436 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
18:04:01.0637 1436 elxstor - ok
18:04:01.0650 1436 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
18:04:01.0659 1436 ErrDev - ok
18:04:01.0759 1436 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:04:01.0781 1436 EventSystem - ok
18:04:01.0834 1436 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:04:01.0850 1436 exfat - ok
18:04:01.0885 1436 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:04:01.0901 1436 fastfat - ok
18:04:01.0991 1436 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
18:04:02.0004 1436 Fax - ok
18:04:02.0038 1436 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
18:04:02.0046 1436 fdc - ok
18:04:02.0081 1436 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:04:02.0082 1436 fdPHost - ok
18:04:02.0124 1436 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:04:02.0127 1436 FDResPub - ok
18:04:02.0157 1436 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:04:02.0168 1436 FileInfo - ok
18:04:02.0178 1436 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:04:02.0186 1436 Filetrace - ok
18:04:02.0229 1436 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
18:04:02.0237 1436 flpydisk - ok
18:04:02.0275 1436 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
18:04:02.0298 1436 FltMgr - ok
18:04:02.0420 1436 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
18:04:02.0462 1436 FontCache - ok
18:04:02.0525 1436 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:04:02.0536 1436 FontCache3.0.0.0 - ok
18:04:02.0600 1436 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:04:02.0611 1436 FsDepends - ok
18:04:02.0647 1436 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
18:04:02.0653 1436 Fs_Rec - ok
18:04:02.0706 1436 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
18:04:02.0728 1436 fvevol - ok
18:04:02.0765 1436 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
18:04:02.0777 1436 gagp30kx - ok
18:04:02.0812 1436 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:04:02.0820 1436 GEARAspiWDM - ok
18:04:02.0904 1436 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
18:04:02.0918 1436 gpsvc - ok
18:04:03.0040 1436 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:04:03.0042 1436 gupdate - ok
18:04:03.0064 1436 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:04:03.0066 1436 gupdatem - ok
18:04:03.0117 1436 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:04:03.0141 1436 gusvc - ok
18:04:03.0170 1436 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:04:03.0181 1436 hcw85cir - ok
18:04:03.0231 1436 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
18:04:03.0254 1436 HdAudAddService - ok
18:04:03.0289 1436 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:04:03.0291 1436 HDAudBus - ok
18:04:03.0327 1436 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
18:04:03.0336 1436 HECIx64 - ok
18:04:03.0360 1436 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
18:04:03.0367 1436 HidBatt - ok
18:04:03.0387 1436 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
18:04:03.0398 1436 HidBth - ok
18:04:03.0501 1436 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
18:04:03.0512 1436 HidIr - ok
18:04:03.0542 1436 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
18:04:03.0544 1436 hidserv - ok
18:04:03.0619 1436 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
18:04:03.0627 1436 HidUsb - ok
18:04:03.0709 1436 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
18:04:03.0712 1436 hkmsvc - ok
18:04:03.0779 1436 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
18:04:03.0784 1436 HomeGroupListener - ok
18:04:03.0837 1436 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
18:04:03.0843 1436 HomeGroupProvider - ok
18:04:03.0963 1436 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
18:04:04.0000 1436 HpSAMD - ok
18:04:04.0081 1436 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
18:04:04.0133 1436 HTTP - ok
18:04:04.0165 1436 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
18:04:04.0171 1436 hwpolicy - ok
18:04:04.0227 1436 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:04:04.0241 1436 i8042prt - ok
18:04:04.0364 1436 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
18:04:04.0371 1436 iaStor - ok
18:04:04.0456 1436 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:04:04.0457 1436 IAStorDataMgrSvc - ok
18:04:04.0546 1436 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\DRIVERS\iaStorV.sys
18:04:04.0565 1436 iaStorV - ok
18:04:04.0845 1436 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:04:04.0900 1436 idsvc - ok
18:04:06.0103 1436 igfx (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdkmd64.sys
18:04:06.0358 1436 igfx - ok
18:04:06.0443 1436 IGRS (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
18:04:06.0454 1436 IGRS - ok
18:04:06.0585 1436 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
18:04:06.0595 1436 iirsp - ok
18:04:06.0694 1436 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
18:04:06.0709 1436 IKEEXT - ok
18:04:06.0777 1436 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
18:04:06.0787 1436 Impcd - ok
18:04:07.0112 1436 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
18:04:07.0151 1436 IntcDAud - ok
18:04:07.0217 1436 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
18:04:07.0225 1436 intelide - ok
18:04:07.0254 1436 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:04:07.0255 1436 intelppm - ok
18:04:07.0296 1436 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:04:07.0299 1436 IPBusEnum - ok
18:04:07.0314 1436 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:04:07.0327 1436 IpFilterDriver - ok
18:04:07.0337 1436 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
18:04:07.0350 1436 IPMIDRV - ok
18:04:07.0368 1436 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:04:07.0380 1436 IPNAT - ok
18:04:07.0633 1436 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
18:04:07.0671 1436 iPod Service - ok
18:04:07.0718 1436 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:04:07.0725 1436 IRENUM - ok
18:04:07.0749 1436 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
18:04:07.0759 1436 isapnp - ok
18:04:07.0796 1436 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
18:04:07.0853 1436 iScsiPrt - ok
18:04:07.0918 1436 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
18:04:07.0942 1436 k57nd60a - ok
18:04:07.0978 1436 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:04:07.0988 1436 kbdclass - ok
18:04:08.0047 1436 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
18:04:08.0056 1436 kbdhid - ok
18:04:08.0092 1436 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:04:08.0095 1436 KeyIso - ok
18:04:08.0117 1436 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
18:04:08.0130 1436 KSecDD - ok
18:04:08.0201 1436 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
18:04:08.0216 1436 KSecPkg - ok
18:04:08.0328 1436 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:04:08.0354 1436 ksthunk - ok
18:04:08.0426 1436 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:04:08.0518 1436 KtmRm - ok
18:04:08.0585 1436 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\system32\srvsvc.dll
18:04:08.0592 1436 LanmanServer - ok
18:04:08.0628 1436 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
18:04:08.0634 1436 LanmanWorkstation - ok
18:04:08.0759 1436 Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
18:04:08.0857 1436 Lenovo ReadyComm AppSvc - ok
18:04:08.0934 1436 Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
18:04:09.0018 1436 Lenovo ReadyComm ConnSvc - ok
18:04:09.0090 1436 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:04:09.0098 1436 lltdio - ok
18:04:09.0177 1436 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:04:09.0194 1436 lltdsvc - ok
18:04:09.0214 1436 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:04:09.0217 1436 lmhosts - ok
18:04:09.0307 1436 LMS (1e2f802846eb944e0333efee7c9532a8) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:04:09.0323 1436 LMS - ok
18:04:09.0370 1436 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
18:04:09.0381 1436 LSI_FC - ok
18:04:09.0401 1436 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
18:04:09.0412 1436 LSI_SAS - ok
18:04:09.0452 1436 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
18:04:09.0464 1436 LSI_SAS2 - ok
18:04:09.0480 1436 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
18:04:09.0491 1436 LSI_SCSI - ok
18:04:09.0530 1436 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:04:09.0542 1436 luafv - ok
18:04:09.0594 1436 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
18:04:09.0600 1436 MBAMProtector - ok
18:04:09.0713 1436 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:04:09.0738 1436 MBAMService - ok
18:04:09.0773 1436 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
18:04:09.0785 1436 Mcx2Svc - ok
18:04:09.0811 1436 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
18:04:09.0821 1436 megasas - ok
18:04:09.0863 1436 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
18:04:09.0880 1436 MegaSR - ok
18:04:09.0953 1436 Microsoft SharePoint Workspace Audit Service - ok
18:04:09.0996 1436 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:04:10.0000 1436 MMCSS - ok
18:04:10.0050 1436 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:04:10.0058 1436 Modem - ok
18:04:10.0096 1436 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:04:10.0098 1436 monitor - ok
18:04:10.0129 1436 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:04:10.0139 1436 mouclass - ok
18:04:10.0169 1436 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:04:10.0178 1436 mouhid - ok
18:04:10.0202 1436 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
18:04:10.0214 1436 mountmgr - ok
18:04:10.0284 1436 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
18:04:10.0299 1436 MpFilter - ok
18:04:10.0339 1436 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
18:04:10.0355 1436 mpio - ok
18:04:10.0382 1436 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:04:10.0392 1436 mpsdrv - ok
18:04:10.0512 1436 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
18:04:10.0528 1436 MpsSvc - ok
18:04:10.0575 1436 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
18:04:10.0592 1436 MRxDAV - ok
18:04:10.0638 1436 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
18:04:10.0656 1436 mrxsmb - ok
18:04:10.0703 1436 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:04:10.0726 1436 mrxsmb10 - ok
18:04:10.0753 1436 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:04:10.0773 1436 mrxsmb20 - ok
18:04:10.0813 1436 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
18:04:10.0849 1436 msahci - ok
18:04:10.0880 1436 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
18:04:10.0880 1436 msdsm - ok
18:04:10.0927 1436 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:04:10.0943 1436 MSDTC - ok
18:04:10.0989 1436 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:04:10.0989 1436 Msfs - ok
18:04:11.0021 1436 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:04:11.0021 1436 mshidkmdf - ok
18:04:11.0036 1436 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
18:04:11.0036 1436 msisadrv - ok
18:04:11.0114 1436 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:04:11.0395 1436 MSiSCSI - ok
18:04:11.0411 1436 msiserver - ok
18:04:11.0473 1436 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:04:11.0473 1436 MSKSSRV - ok
18:04:11.0598 1436 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:04:11.0613 1436 MsMpSvc - ok
18:04:11.0676 1436 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:04:11.0676 1436 MSPCLOCK - ok
18:04:11.0707 1436 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:04:11.0723 1436 MSPQM - ok
18:04:11.0816 1436 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
18:04:11.0832 1436 MsRPC - ok
18:04:11.0863 1436 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:04:11.0863 1436 mssmbios - ok
18:04:11.0894 1436 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:04:11.0894 1436 MSTEE - ok
18:04:11.0910 1436 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
18:04:11.0910 1436 MTConfig - ok
18:04:11.0941 1436 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:04:11.0941 1436 Mup - ok
18:04:12.0035 1436 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
18:04:12.0035 1436 napagent - ok
18:04:12.0113 1436 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:04:12.0144 1436 NativeWifiP - ok
18:04:12.0253 1436 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
18:04:12.0269 1436 NDIS - ok
18:04:12.0315 1436 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:04:12.0315 1436 NdisCap - ok
18:04:12.0362 1436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:04:12.0362 1436 NdisTapi - ok
18:04:12.0436 1436 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
18:04:12.0454 1436 Ndisuio - ok
18:04:12.0506 1436 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
18:04:12.0524 1436 NdisWan - ok
18:04:12.0557 1436 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
18:04:12.0566 1436 NDProxy - ok
18:04:12.0608 1436 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:04:12.0616 1436 NetBIOS - ok
18:04:12.0662 1436 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
18:04:12.0681 1436 NetBT - ok
18:04:12.0715 1436 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:04:12.0718 1436 Netlogon - ok
18:04:12.0809 1436 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:04:12.0817 1436 Netman - ok
18:04:13.0736 1436 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:13.0830 1436 NetMsmqActivator - ok
18:04:13.0845 1436 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:13.0845 1436 NetPipeActivator - ok
18:04:13.0908 1436 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:04:13.0923 1436 netprofm - ok
18:04:13.0939 1436 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:13.0939 1436 NetTcpActivator - ok
18:04:13.0939 1436 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:04:13.0939 1436 NetTcpPortSharing - ok
18:04:14.0469 1436 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
18:04:14.0735 1436 netw5v64 - ok
18:04:14.0891 1436 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
18:04:14.0906 1436 nfrd960 - ok
18:04:14.0953 1436 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
18:04:14.0953 1436 NisDrv - ok
18:04:15.0187 1436 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:04:15.0218 1436 NisSrv - ok
18:04:15.0312 1436 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
18:04:15.0327 1436 NlaSvc - ok
18:04:15.0374 1436 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:04:15.0390 1436 Npfs - ok
18:04:15.0437 1436 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:04:15.0452 1436 nsi - ok
18:04:15.0483 1436 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:04:15.0483 1436 nsiproxy - ok
18:04:15.0893 1436 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
18:04:15.0993 1436 Ntfs - ok
18:04:16.0163 1436 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:04:16.0173 1436 Null - ok
18:04:16.0223 1436 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\DRIVERS\nvraid.sys
18:04:16.0243 1436 nvraid - ok
18:04:16.0293 1436 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\DRIVERS\nvstor.sys
18:04:16.0303 1436 nvstor - ok
18:04:16.0353 1436 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
18:04:16.0363 1436 nv_agp - ok
18:04:16.0433 1436 Oasis2Service (f5a3015dafc7ae80fc43f36558a19ba5) C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
18:04:16.0443 1436 Oasis2Service - ok
18:04:16.0473 1436 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
18:04:16.0483 1436 ohci1394 - ok
18:04:16.0563 1436 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:04:16.0583 1436 ose - ok
18:04:17.0030 1436 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:04:17.0295 1436 osppsvc - ok
18:04:17.0451 1436 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:04:17.0482 1436 p2pimsvc - ok
18:04:17.0591 1436 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:04:17.0591 1436 p2psvc - ok
18:04:17.0669 1436 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
18:04:17.0685 1436 Parport - ok
18:04:17.0732 1436 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
18:04:17.0732 1436 partmgr - ok
18:04:17.0779 1436 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:04:17.0794 1436 PcaSvc - ok
18:04:17.0825 1436 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
18:04:17.0841 1436 pci - ok
18:04:17.0857 1436 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
18:04:17.0857 1436 pciide - ok
18:04:17.0888 1436 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
18:04:17.0903 1436 pcmcia - ok
18:04:17.0919 1436 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:04:17.0935 1436 pcw - ok
18:04:17.0997 1436 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:04:18.0028 1436 PEAUTH - ok
18:04:18.0106 1436 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:04:18.0122 1436 PerfHost - ok
18:04:18.0247 1436 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
18:04:18.0278 1436 pla - ok
18:04:18.0340 1436 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
18:04:18.0340 1436 PlugPlay - ok
18:04:18.0371 1436 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:04:18.0371 1436 PNRPAutoReg - ok
18:04:18.0434 1436 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:04:18.0434 1436 PNRPsvc - ok
18:04:18.0512 1436 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
18:04:18.0543 1436 PolicyAgent - ok
18:04:18.0590 1436 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:04:18.0605 1436 Power - ok
18:04:18.0668 1436 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
18:04:18.0683 1436 PptpMiniport - ok
18:04:18.0699 1436 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
18:04:18.0715 1436 Processor - ok
18:04:18.0824 1436 ProfSvc (97293447431311c06703368ad0f6c4be) C:\windows\system32\profsvc.dll
18:04:18.0824 1436 ProfSvc - ok
18:04:18.0871 1436 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:04:18.0871 1436 ProtectedStorage - ok
18:04:18.0917 1436 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
18:04:18.0933 1436 Psched - ok
18:04:18.0933 1436 PS_MDP - ok
18:04:19.0105 1436 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
18:04:19.0198 1436 ql2300 - ok
18:04:19.0385 1436 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
18:04:19.0401 1436 ql40xx - ok
18:04:19.0495 1436 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:04:19.0495 1436 QWAVE - ok
18:04:19.0526 1436 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:04:19.0526 1436 QWAVEdrv - ok
18:04:19.0541 1436 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:04:19.0557 1436 RasAcd - ok
18:04:19.0604 1436 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:04:19.0619 1436 RasAgileVpn - ok
18:04:19.0697 1436 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:04:19.0697 1436 RasAuto - ok
18:04:19.0744 1436 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
18:04:19.0760 1436 Rasl2tp - ok
18:04:19.0853 1436 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
18:04:19.0853 1436 RasMan - ok
18:04:19.0916 1436 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:04:19.0931 1436 RasPppoe - ok
18:04:19.0978 1436 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:04:19.0994 1436 RasSstp - ok
18:04:20.0025 1436 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
18:04:20.0056 1436 rdbss - ok
18:04:20.0072 1436 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
18:04:20.0087 1436 rdpbus - ok
18:04:20.0103 1436 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:04:20.0119 1436 RDPCDD - ok
18:04:20.0134 1436 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:04:20.0134 1436 RDPENCDD - ok
18:04:20.0150 1436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:04:20.0150 1436 RDPREFMP - ok
18:04:20.0212 1436 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\windows\system32\drivers\RDPWD.sys
18:04:20.0228 1436 RDPWD - ok
18:04:20.0306 1436 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
18:04:20.0321 1436 rdyboost - ok
18:04:20.0321 1436 ReadyComm.DirectRouter - ok
18:04:20.0384 1436 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:04:20.0384 1436 RemoteAccess - ok
18:04:20.0431 1436 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:04:20.0431 1436 RemoteRegistry - ok
18:04:20.0462 1436 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
18:04:20.0493 1436 RFCOMM - ok
18:04:20.0524 1436 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:04:20.0540 1436 RpcEptMapper - ok
18:04:20.0571 1436 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:04:20.0571 1436 RpcLocator - ok
18:04:20.0649 1436 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
18:04:20.0649 1436 RpcSs - ok
18:04:20.0696 1436 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:04:20.0696 1436 rspndr - ok
18:04:20.0758 1436 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\windows\system32\Drivers\RtsUStor.sys
18:04:20.0758 1436 RSUSBSTOR - ok
18:04:20.0821 1436 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\windows\system32\DRIVERS\Rt64win7.sys
18:04:20.0836 1436 RTL8167 - ok
18:04:20.0867 1436 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:04:20.0867 1436 SamSs - ok
18:04:20.0899 1436 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
18:04:20.0914 1436 sbp2port - ok
18:04:20.0945 1436 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:04:20.0961 1436 SCardSvr - ok
18:04:20.0992 1436 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
18:04:20.0992 1436 scfilter - ok
18:04:21.0117 1436 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
18:04:21.0148 1436 Schedule - ok
18:04:21.0195 1436 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
18:04:21.0195 1436 SCPolicySvc - ok
18:04:21.0242 1436 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
18:04:21.0257 1436 SDRSVC - ok
18:04:21.0304 1436 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:04:21.0320 1436 secdrv - ok
18:04:21.0335 1436 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
18:04:21.0351 1436 seclogon - ok
18:04:21.0367 1436 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
18:04:21.0382 1436 SENS - ok
18:04:21.0398 1436 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:04:21.0398 1436 SensrSvc - ok
18:04:21.0445 1436 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
18:04:21.0460 1436 Serenum - ok
18:04:21.0507 1436 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
18:04:21.0523 1436 Serial - ok
18:04:21.0523 1436 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
18:04:21.0538 1436 sermouse - ok
18:04:21.0632 1436 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
18:04:21.0632 1436 SessionEnv - ok
18:04:21.0647 1436 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
18:04:21.0647 1436 sffdisk - ok
18:04:21.0663 1436 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
18:04:21.0663 1436 sffp_mmc - ok
18:04:21.0679 1436 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
18:04:21.0694 1436 sffp_sd - ok
18:04:21.0710 1436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
18:04:21.0710 1436 sfloppy - ok
18:04:21.0772 1436 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
18:04:21.0772 1436 ShellHWDetection - ok
18:04:21.0803 1436 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
18:04:21.0803 1436 SiSRaid2 - ok
18:04:21.0835 1436 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
18:04:21.0850 1436 SiSRaid4 - ok
18:04:21.0975 1436 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:04:22.0069 1436 SkypeUpdate - ok
18:04:22.0131 1436 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:04:22.0131 1436 Smb - ok
18:04:22.0193 1436 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:04:22.0193 1436 SNMPTRAP - ok
18:04:22.0225 1436 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:04:22.0240 1436 spldr - ok
18:04:22.0303 1436 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
18:04:22.0318 1436 Spooler - ok
18:04:22.0677 1436 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
18:04:22.0771 1436 sppsvc - ok
18:04:22.0895 1436 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:04:22.0911 1436 sppuinotify - ok
18:04:23.0005 1436 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
18:04:23.0051 1436 srv - ok
18:04:23.0129 1436 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
18:04:23.0176 1436 srv2 - ok
18:04:23.0223 1436 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
18:04:23.0239 1436 srvnet - ok
18:04:23.0301 1436 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:04:23.0301 1436 SSDPSRV - ok
18:04:23.0332 1436 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:04:23.0348 1436 SstpSvc - ok
18:04:23.0363 1436 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
18:04:23.0395 1436 stexstor - ok
18:04:23.0519 1436 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
18:04:23.0535 1436 stisvc - ok
18:04:23.0597 1436 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:04:23.0597 1436 swenum - ok
18:04:23.0660 1436 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:04:23.0675 1436 swprv - ok
18:04:23.0863 1436 SynTP (9cc358db30588251bb074e0be2289a0c) C:\windows\system32\DRIVERS\SynTP.sys
18:04:23.0894 1436 SynTP - ok
18:04:24.0190 1436 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
18:04:24.0253 1436 SysMain - ok
18:04:24.0362 1436 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
18:04:24.0362 1436 TabletInputService - ok
18:04:24.0409 1436 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
18:04:24.0409 1436 TapiSrv - ok
18:04:24.0440 1436 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:04:24.0440 1436 TBS - ok
18:04:24.0689 1436 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
18:04:24.0736 1436 Tcpip - ok
18:04:25.0126 1436 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
18:04:25.0157 1436 TCPIP6 - ok
18:04:25.0282 1436 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
18:04:25.0282 1436 tcpipreg - ok
18:04:25.0329 1436 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:04:25.0329 1436 TDPIPE - ok
18:04:25.0376 1436 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
18:04:25.0376 1436 TDTCP - ok
18:04:25.0454 1436 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
18:04:25.0469 1436 tdx - ok
18:04:25.0516 1436 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
18:04:25.0516 1436 TermDD - ok
18:04:25.0641 1436 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
18:04:25.0641 1436 TermService - ok
18:04:25.0672 1436 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:04:25.0672 1436 Themes - ok
18:04:25.0703 1436 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:04:25.0719 1436 THREADORDER - ok
18:04:25.0750 1436 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:04:25.0750 1436 TrkWks - ok
18:04:25.0828 1436 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
18:04:25.0828 1436 TrustedInstaller - ok
18:04:25.0875 1436 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
18:04:25.0891 1436 tssecsrv - ok
18:04:25.0937 1436 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
18:04:25.0953 1436 tunnel - ok
18:04:25.0984 1436 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
18:04:26.0000 1436 uagp35 - ok
18:04:26.0031 1436 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
18:04:26.0047 1436 udfs - ok
18:04:26.0094 1436 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:04:26.0094 1436 UI0Detect - ok
18:04:26.0126 1436 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
18:04:26.0141 1436 uliagpkx - ok
18:04:26.0172 1436 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
18:04:26.0172 1436 umbus - ok
18:04:26.0204 1436 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
18:04:26.0204 1436 UmPass - ok
18:04:26.0438 1436 UNS (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:04:26.0500 1436 UNS - ok
18:04:26.0656 1436 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:04:26.0656 1436 upnphost - ok
18:04:26.0718 1436 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
18:04:26.0750 1436 USBAAPL64 - ok
18:04:26.0781 1436 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
18:04:26.0796 1436 usbccgp - ok
18:04:26.0843 1436 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
18:04:26.0859 1436 usbcir - ok
18:04:26.0874 1436 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\DRIVERS\usbehci.sys
18:04:26.0890 1436 usbehci - ok
18:04:26.0952 1436 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
18:04:26.0984 1436 usbhub - ok
18:04:27.0015 1436 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\DRIVERS\usbohci.sys
18:04:27.0015 1436 usbohci - ok
18:04:27.0046 1436 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
18:04:27.0062 1436 usbprint - ok
18:04:27.0093 1436 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
18:04:27.0108 1436 usbscan - ok
18:04:27.0140 1436 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:04:27.0140 1436 USBSTOR - ok
18:04:27.0171 1436 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\DRIVERS\usbuhci.sys
18:04:27.0171 1436 usbuhci - ok
18:04:27.0233 1436 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
18:04:27.0249 1436 usbvideo - ok
18:04:27.0296 1436 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:04:27.0296 1436 UxSms - ok
18:04:27.0327 1436 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:04:27.0327 1436 VaultSvc - ok
18:04:27.0374 1436 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
18:04:27.0389 1436 vdrvroot - ok
18:04:27.0498 1436 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
18:04:27.0514 1436 vds - ok
18:04:27.0545 1436 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:04:27.0561 1436 vga - ok
18:04:27.0592 1436 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:04:27.0592 1436 VgaSave - ok
18:04:27.0623 1436 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
18:04:27.0639 1436 vhdmp - ok
18:04:27.0654 1436 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
18:04:27.0670 1436 viaide - ok
18:04:27.0701 1436 vm331avs (4d7427e0212d98cacb81c919e777b909) C:\windows\system32\Drivers\vm331avs.sys
18:04:27.0717 1436 vm331avs - ok
18:04:27.0732 1436 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
18:04:27.0748 1436 volmgr - ok
18:04:27.0795 1436 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
18:04:27.0810 1436 volmgrx - ok
18:04:27.0857 1436 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
18:04:27.0888 1436 volsnap - ok
18:04:27.0935 1436 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
18:04:27.0951 1436 vsmraid - ok
18:04:28.0107 1436 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
18:04:28.0154 1436 VSS - ok
18:04:28.0294 1436 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:04:28.0310 1436 vwifibus - ok
18:04:28.0325 1436 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:04:28.0325 1436 vwififlt - ok
18:04:28.0388 1436 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:04:28.0403 1436 W32Time - ok
18:04:28.0434 1436 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
18:04:28.0434 1436 WacomPen - ok
18:04:28.0497 1436 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
18:04:28.0512 1436 WANARP - ok
18:04:28.0544 1436 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
18:04:28.0544 1436 Wanarpv6 - ok
18:04:28.0684 1436 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:04:28.0762 1436 WatAdminSvc - ok
18:04:28.0918 1436 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
18:04:28.0965 1436 wbengine - ok
18:04:29.0152 1436 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:04:29.0152 1436 WbioSrvc - ok
18:04:29.0214 1436 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
18:04:29.0230 1436 wcncsvc - ok
18:04:29.0246 1436 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:04:29.0246 1436 WcsPlugInService - ok
18:04:29.0292 1436 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
18:04:29.0308 1436 Wd - ok
18:04:29.0339 1436 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
18:04:29.0355 1436 WDC_SAM - ok
18:04:29.0480 1436 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:04:29.0511 1436 Wdf01000 - ok
18:04:29.0542 1436 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:04:29.0558 1436 WdiServiceHost - ok
18:04:29.0558 1436 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:04:29.0573 1436 WdiSystemHost - ok
18:04:29.0604 1436 wdmirror (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
18:04:29.0604 1436 wdmirror - ok
18:04:29.0651 1436 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
18:04:29.0667 1436 WebClient - ok
18:04:29.0714 1436 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:04:29.0714 1436 Wecsvc - ok
18:04:29.0745 1436 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:04:29.0745 1436 wercplsupport - ok
18:04:29.0792 1436 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:04:29.0807 1436 WerSvc - ok
18:04:29.0838 1436 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:04:29.0854 1436 WfpLwf - ok
18:04:29.0901 1436 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
18:04:29.0916 1436 WimFltr - ok
18:04:29.0932 1436 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:04:29.0948 1436 WIMMount - ok
18:04:29.0994 1436 WinDefend - ok
18:04:30.0010 1436 WinHttpAutoProxySvc - ok
18:04:30.0088 1436 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:04:30.0088 1436 Winmgmt - ok
18:04:30.0275 1436 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
18:04:30.0338 1436 WinRM - ok
18:04:30.0540 1436 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
18:04:30.0540 1436 WinUsb - ok
18:04:30.0665 1436 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:04:30.0681 1436 Wlansvc - ok
18:04:30.0728 1436 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
18:04:30.0728 1436 WmiAcpi - ok
18:04:30.0806 1436 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:04:30.0806 1436 wmiApSrv - ok
18:04:30.0868 1436 WMPNetworkSvc - ok
18:04:30.0915 1436 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:04:30.0930 1436 WPCSvc - ok
18:04:30.0962 1436 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
18:04:30.0962 1436 WPDBusEnum - ok
18:04:30.0993 1436 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:04:30.0993 1436 ws2ifsl - ok
18:04:31.0071 1436 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
18:04:31.0071 1436 WSDPrintDevice - ok
18:04:31.0118 1436 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\windows\system32\DRIVERS\WSDScan.sys
18:04:31.0118 1436 WSDScan - ok
18:04:31.0133 1436 WSearch - ok
18:04:31.0196 1436 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
18:04:31.0211 1436 wsvd - ok
18:04:31.0430 1436 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
18:04:31.0570 1436 wuauserv - ok
18:04:31.0726 1436 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
18:04:31.0726 1436 WudfPf - ok
18:04:31.0773 1436 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
18:04:31.0788 1436 WUDFRd - ok
18:04:31.0835 1436 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
18:04:31.0835 1436 wudfsvc - ok
18:04:31.0866 1436 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:04:31.0882 1436 WwanSvc - ok
18:04:31.0929 1436 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:04:32.0303 1436 \Device\Harddisk0\DR0 - ok
18:04:32.0319 1436 Boot (0x1200) (58eec845c9f6d1d2f48e2c586218eecd) \Device\Harddisk0\DR0\Partition0
18:04:32.0319 1436 \Device\Harddisk0\DR0\Partition0 - ok
18:04:32.0350 1436 Boot (0x1200) (f4a1a768bc952bed2a1af1e2211d3217) \Device\Harddisk0\DR0\Partition1
18:04:32.0350 1436 \Device\Harddisk0\DR0\Partition1 - ok
18:04:32.0397 1436 Boot (0x1200) (bbdae44315036052e0b0c8f99088cc9d) \Device\Harddisk0\DR0\Partition2
18:04:32.0397 1436 \Device\Harddisk0\DR0\Partition2 - ok
18:04:32.0397 1436 ============================================================
18:04:32.0397 1436 Scan finished
18:04:32.0397 1436 ============================================================
18:04:32.0412 3772 Detected object count: 0
18:04:32.0412 3772 Actual detected object count: 0
18:10:59.0033 2744 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-30 18:56:30
-----------------------------
18:56:30.154 OS Version: Windows x64 6.1.7600
18:56:30.154 Number of processors: 4 586 0x2505
18:56:30.154 ComputerName: BHAIRAVI-PC UserName: Bhairavi
18:56:32.572 Initialize success
18:56:47.245 AVAST engine defs: 12063001
19:00:11.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:00:11.294 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:00:11.309 Disk 0 MBR read successfully
19:00:11.309 Disk 0 MBR scan
19:00:11.325 Disk 0 Windows 7 default MBR code
19:00:11.340 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
19:00:11.403 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
19:00:11.465 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
19:00:11.512 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
19:00:11.637 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
19:00:11.808 Disk 0 scanning C:\windows\system32\drivers
19:00:38.526 Service scanning
19:01:43.163 Modules scanning
19:01:43.693 Disk 0 trace - called modules:
19:01:43.693
19:01:45.690 AVAST engine scan C:\windows
19:01:53.771 AVAST engine scan C:\windows\system32
19:09:06.791 AVAST engine scan C:\windows\system32\drivers
19:09:28.210 AVAST engine scan C:\Users\Bhairavi
19:12:41.963 AVAST engine scan C:\ProgramData
19:14:35.954 Scan finished successfully
19:16:01.457 Disk 0 MBR has been saved successfully to "C:\Users\Bhairavi\Desktop\MBR.dat"
19:16:01.473 The log file has been saved successfully to "C:\Users\Bhairavi\Desktop\aswMBR.txt"




ESET Online Scanner:


C:\Users\Bhairavi\AppData\Local\{b285ed6f-4209-607d-4574-3e9c6e329ea6}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,366 posts
  • Gender:Male
  • Location:India

Posted 30 June 2012 - 08:16 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{b285ed6f-4209-607d-4574-3e9c6e329ea6}

Click on LOOK,post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all options

Click on "Scan".
Please copy and paste the log to your reply.

Edited by narenxp, 01 July 2012 - 04:20 AM.

#5 Woes!!

Woes!!

    New Member

  • Members
  • Pip
  • 12 posts

Posted 30 June 2012 - 10:01 PM

Hi,
Thanks for the quick reply. Pasting the logs from all the utilities requested:

malwarebytes anti malware
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bhairavi :: BHAIRAVI-PC [administrator]

Protection: Enabled

6/30/2012 9:38:15 PMa
mbam-log-2012-06-30 (21-38-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346934
Time elapsed: 1 hour(s), 6 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


systemlook

SystemLook 30.07.11 by jpshortstuff
Log created at 22:52 on 30/06/2012 by Bhairavi
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

Invalid Context: folderinfd

No Context: {b285ed6f-4209-607d-4574-3e9c6e329ea6}

-= EOF =-

mini toolbox

MiniToolBox by Farbar Version: 25-06-2012
Ran by Bhairavi (administrator) on 30-06-2012 at 22:46:28
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com

========================= IP Configuration: ================================

Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled mldversion=version2


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Bhairavi-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : 00-26-82-BB-C1-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4425:5ea6:dd2:5a0f%15(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 30, 2012 9:18:19 PM
Lease Expires . . . . . . . . . . : Saturday, July 07, 2012 10:32:11 PM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 369108610
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-F3-E4-1F-88-AE-1D-3C-A9-0A
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.brandeis.edu:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #9
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #10
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #12
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #11
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #13
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #14
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #15
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #16
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #17
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #18
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 27:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #19
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 28:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #20
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 29:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #21
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #22
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 31:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #23
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 32:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #24
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 33:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #25
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:4006:800::1005
173.194.43.34
173.194.43.40
173.194.43.33
173.194.43.39
173.194.43.35
173.194.43.37
173.194.43.32
173.194.43.46
173.194.43.36
173.194.43.41
173.194.43.38


Pinging google.com [74.125.226.200] with 32 bytes of data:
Reply from 74.125.226.200: bytes=32 time=37ms TTL=54
Reply from 74.125.226.200: bytes=32 time=40ms TTL=54

Ping statistics for 74.125.226.200:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 40ms, Average = 38ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=103ms TTL=50
Reply from 72.30.38.140: bytes=32 time=119ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 119ms, Average = 111ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 7ms, Average = 5ms
===========================================================================
Interface List
15...00 26 82 bb c1 eb ......Broadcom 802.11n Network Adapter
1...........................Software Loopback Interface 1
40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
22...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
23...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #8
24...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #9
25...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #10
27...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #12
26...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #11
28...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #13
29...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
30...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #15
31...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #16
32...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #17
33...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #18
34...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #19
35...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #20
36...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #21
37...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #22
38...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #23
39...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #24
41...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #25
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.3 25
10.0.0.0 255.255.255.0 On-link 10.0.0.3 281
10.0.0.3 255.255.255.255 On-link 10.0.0.3 281
10.0.0.255 255.255.255.255 On-link 10.0.0.3 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
15 281 fe80::/64 On-link
15 281 fe80::4425:5ea6:dd2:5a0f/128
On-link
1 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/30/2012 07:38:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/30/2012 07:38:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/30/2012 07:37:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/30/2012 07:37:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/30/2012 07:16:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/30/2012 07:16:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/30/2012 07:16:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/30/2012 07:16:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/30/2012 07:16:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/30/2012 06:56:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.


System errors:
=============
Error: (06/30/2012 09:21:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (06/30/2012 09:21:06 PM) (Source: Service Control Manager) (User: )
Description: The ReadyComm.DirectRouter service failed to start due to the following error:
%%2

Error: (06/30/2012 09:21:02 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/30/2012 09:19:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (06/30/2012 09:19:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (06/30/2012 09:19:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/30/2012 09:19:18 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/30/2012 09:19:18 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/30/2012 09:18:15 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (06/30/2012 09:17:19 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (06/30/2012 07:38:23 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 07:38:18 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 07:37:04 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 07:37:04 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 07:16:43 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 07:16:38 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 07:16:27 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 07:16:25 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 07:16:18 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 06:56:51 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Bhairavi\Downloads\esetsmartinstaller_enu.exe


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.3)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader 9.0.1 (Version: 9.0.1)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Canon MX410 series MP Drivers
CCleaner (Version: 3.19)
ComicRack v0.9.154 (Version: v0.9.154)
Conexant HD Audio (Version: 4.111.0.62)
CyberLink YouCam (Version: 3.0.2421a)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DiskAid 5.06 (Version: 5.06)
DivX Setup (Version: 2.6.1.5)
Energy Management (Version: 5.4.0.8)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Google Chrome (Version: 19.0.1084.56)
Google Talk Plugin (Version: 3.1.4.8140)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
IBM SPSS Statistics 19 (Version: 19.0.0)
iDailyDiary 3.81
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 7 Update 4 (64-bit) (Version: 7.0.40)
LastPass (uninstall only)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.100)
Lenovo DirectShare (Version: 1.0.1.38)
Lenovo EasyCamera (Version: 1.10.0415.1)
Lenovo OneKey Recovery (Version: 7.0.1230)
Lenovo ReadyComm 5 (Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobipocket Reader 6.2 (Version: 6.2.608)
Oasis2Service 1.0 (Version: 1.0.0)
Octoshape add-in for Adobe Flash Player
Onekey Theater (Version: 2.0.1.7)
Picasa 3 (Version: 3.8)
Power2Go (Version: 5.6.0.4809d4)
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30116)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.114)
Synaptics Pointing Device Driver (Version: 15.0.25.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VeriFace (Version: 3.6.0.1211)
VLC media player 2.0.1 (Version: 2.0.1)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (Version: 10/19/2009 5.4.0.1)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 3894.85 MB
Available physical RAM: 1498.23 MB
Total Pagefile: 7787.85 MB
Available Pagefile: 5487.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.94 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:421.81 GB) (Free:321.27 GB) NTFS
2 Drive d: (Lenovo) (Fixed) (Total:29 GB) (Free:18.73 GB) NTFS

========================= Users: ========================================

User accounts for \\BHAIRAVI-PC

Administrator Bhairavi Guest


**** End of log ****




FSS

Farbar Service Scanner Version: 25-06-2012 01
Ran by Bhairavi (administrator) on 30-06-2012 at 22:50:42
Running from "C:\Users\Bhairavi\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 10:53] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 12:35] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 18:33] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,366 posts
  • Gender:Male
  • Location:India

Posted 01 July 2012 - 04:21 AM

Can you re run ASWMBR and SYSTEM LOOK and post the new logs

#7 Woes!!

Woes!!

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 July 2012 - 09:28 AM

Here you go!

aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 09:46:57
-----------------------------
09:46:57.233 OS Version: Windows x64 6.1.7600
09:46:57.233 Number of processors: 4 586 0x2505
09:46:57.233 ComputerName: BHAIRAVI-PC UserName: Bhairavi
09:46:58.559 Initialize successa
09:47:15.313 AVAST engine defs: 12063001
09:47:16.733 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:47:16.749 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:47:16.764 Disk 0 MBR read successfully
09:47:16.764 Disk 0 MBR scan
09:47:16.764 Disk 0 Windows 7 default MBR code
09:47:16.780 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
09:47:16.858 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
09:47:16.920 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
09:47:16.951 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
09:47:17.045 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
09:47:17.232 Disk 0 scanning C:\windows\system32\drivers
09:47:40.161 Service scanning
09:48:48.537 Modules scanning
09:48:49.067 Disk 0 trace - called modules:
09:48:49.114 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:48:49.114 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a99060]
09:48:49.129 3 CLASSPNP.SYS[fffff880018cf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004970050]
09:48:50.939 AVAST engine scan C:\windows
09:48:58.761 AVAST engine scan C:\windows\system32
09:56:59.880 AVAST engine scan C:\windows\system32\drivers
09:57:21.347 AVAST engine scan C:\Users\Bhairavi
10:01:34.512 AVAST engine scan C:\ProgramData
10:03:34.383 Scan finished successfully
10:23:55.465 Disk 0 MBR has been saved successfully to "C:\Users\Bhairavi\Desktop\MBR.dat"
10:23:55.606 The log file has been saved successfully to "C:\Users\Bhairavi\Desktop\aswMBR.txt"

SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 10:26 on 01/07/2012 by Bhairavi
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009]

24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-

servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19

13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{b285ed6f-4209-607d-4574-3e9c6e329ea6}"
C:\Users\Bhairavi\AppData\Local\{b285ed6f-4209-607d-4574-3e9c6e329ea6} d--hs-- [21:53 10/01/2012]
C:\Windows\Installer\{b285ed6f-4209-607d-4574-3e9c6e329ea6} d--hs-- [21:53 10/01/2012]

-= EOF =-

#8 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,366 posts
  • Gender:Male
  • Location:India

Posted 01 July 2012 - 09:49 AM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to
C:\Users\Bhairavi\AppData\Local\{b285ed6f-4209-607d-4574-3e9c6e329ea6}
C:\Windows\Installer\{b285ed6f-4209-607d-4574-3e9c6e329ea6}

delete both the folders

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#9 Woes!!

Woes!!

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 July 2012 - 11:16 AM

Hi,
Below is the FSS log. And btw, Windows firewall started but defender is still not getting started.


FSS Log:


Starting Repairs...
Start (7/1/2012 11:53:36 AM)

Repair WMI
Start (7/1/2012 11:53:36 AM)
Step 01/03 - Deleting WMI Repository...
Step 02/03 - Rebuilding WMI Repository...
Step 03/03 - Registering WMI...
Invalid Global Switch.

Invalid Global Switch.

Done (7/1/2012 11:55:31 AM)

Repair Windows Firewall
Start (7/1/2012 11:55:31 AM)
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Done (7/1/2012 11:55:46 AM)

Remove Policies Set By Infections
Start (7/1/2012 11:55:46 AM)
Done (7/1/2012 11:55:49 AM)

Repair Winsock & DNS Cache
Start (7/1/2012 11:55:49 AM)
Done (7/1/2012 11:55:59 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (7/1/2012 11:56:00 AM)
Total Repair Time: 00:02:24


...YOU MUST RESTART YOUR SYSTEM...

#10 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,366 posts
  • Gender:Male
  • Location:India

Posted 01 July 2012 - 11:20 AM

Please post the FSS log

#11 Woes!!

Woes!!

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 July 2012 - 01:06 PM

Oops! Sorry, posted the wrong log. Here you go!

Farbar Service Scanner Version: 25-06-2012 01
Ran by Bhairavi (administrator) on 01-07-2012 at 14:05:19
Running from "C:\Users\Bhairavi\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 10:53] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 12:35] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 18:33] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,366 posts
  • Gender:Male
  • Location:India

Posted 01 July 2012 - 01:11 PM

Press Windows+R key and type

notepad and click ok

Copy this script and paste it in notepad

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
  00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
  20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\
  00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00

Click on FILE-SAVE AS

Filename:defend.reg
Save as:All types

Launch the defend.reg file,click YES

Restart the PC and try to start windows defender service

Edited by narenxp, 01 July 2012 - 01:12 PM.

#13 Woes!!

Woes!!

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 July 2012 - 01:33 PM

Hey,
Windows defender started! Thanks a ton. But when I tried to scan the machine, I got an error message "The program's service has stopped. You can start the service manually or restart your computer, which will start the service. (Error code: 0x800106ba)"

Lemme try restarting. Thought I should post it before that. Thanks for all the help again :clapping: !!

#14 Woes!!

Woes!!

    New Member

  • Members
  • Pip
  • 12 posts

Posted 01 July 2012 - 01:44 PM

Hey,
I checked some other forum and it mentioned that windows defender is turned off if security essentials is turned on. Could that be the reason?

Just one more question, now that windows SE and windows firewall are up, can I remove the other anti-virus softwares/malware protections?

I've not checked my mail/fb/anything which requires a password for 2 days now. So just wondering if now my computer is completely clean and I can type in my password or if I need to do more checks.

Thanks a ton again.

#15 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,366 posts
  • Gender:Male
  • Location:India

Posted 01 July 2012 - 01:51 PM

Just now noticed that you have MSSE.You can ignore windows defender.Microsoft security essentials works as antivirus + antispyware

Windows firewall & MSSE should be enough

Better change your passwords as a safety precaution :thumbup2:

Download

Hosts fix

Run it

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

Edited by narenxp, 01 July 2012 - 01:52 PM.

Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·