Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security/Firewall/Updates not working


  • Please log in to reply
10 replies to this topic

#1 alekhkhanna

alekhkhanna

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 23 July 2012 - 06:16 AM

Hey,
Newbie here. I recently got infected with Security Shield 2012 by visiting DellaAdventures website (please don't go there ! :P). Also my system was shutting down automatically very minute.
Followed the guides here and here and all seems well now. Thanks a lot BleepingComputers !
Still I feel my PC isn't as fast as before. Startup takes a longer time (I'm running an Intel 320 series SSD) than before and it seems a bit slower in general. Also, I cannot get the Windows Firewall/Security Center/Automatic Updates to work !

Attaching FSS(FSS.txt), MiniToolbox(Results.txt) and SecurityCheck(Checkup.txt) reports. All softwares were downloaded from the links I found on other threads of this forum. Please help me solve these issues !

TIA.

Attachments:

Attached File  checkup.txt   869bytes   1 downloads
Attached File  FSS.txt   4.38KB   1 downloads

Attached File  Result.txt   27.59KB   0 downloads

Edited by Orange Blossom, 23 July 2012 - 06:55 AM.
Moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:06 PM

Posted 23 July 2012 - 07:01 AM

Lets make sure the system is clean before fixing the services


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 alekhkhanna

alekhkhanna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 23 July 2012 - 09:07 AM

TDSS log:


18:00:26.0964 5876 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
18:00:27.0713 5876 ============================================================
18:00:27.0713 5876 Current date / time: 2012/07/23 18:00:27.0713
18:00:27.0713 5876 SystemInfo:
18:00:27.0713 5876
18:00:27.0713 5876 OS Version: 6.1.7601 ServicePack: 1.0
18:00:27.0713 5876 Product type: Workstation
18:00:27.0713 5876 ComputerName: ALEKHKHANNA-PC
18:00:27.0713 5876 UserName: Alekh Khanna
18:00:27.0713 5876 Windows directory: C:\Windows
18:00:27.0713 5876 System windows directory: C:\Windows
18:00:27.0713 5876 Processor architecture: Intel x86
18:00:27.0713 5876 Number of processors: 2
18:00:27.0713 5876 Page size: 0x1000
18:00:27.0713 5876 Boot type: Normal boot
18:00:27.0713 5876 ============================================================
18:00:28.0587 5876 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:00:28.0680 5876 ============================================================
18:00:28.0680 5876 \Device\Harddisk0\DR0:
18:00:28.0680 5876 MBR partitions:
18:00:28.0680 5876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:00:28.0680 5876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
18:00:28.0680 5876 ============================================================
18:00:28.0680 5876 C: <-> \Device\Harddisk0\DR0\Partition1
18:00:28.0680 5876 ============================================================
18:00:28.0680 5876 Initialize success
18:00:28.0680 5876 ============================================================
18:00:50.0442 5924 ============================================================
18:00:50.0442 5924 Scan started
18:00:50.0442 5924 Mode: Manual; TDLFS;
18:00:50.0442 5924 ============================================================
18:00:50.0645 5924 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:00:50.0645 5924 1394ohci - ok
18:00:50.0661 5924 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:00:50.0661 5924 ACPI - ok
18:00:50.0676 5924 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:00:50.0676 5924 AcpiPmi - ok
18:00:50.0692 5924 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:00:50.0692 5924 AdobeARMservice - ok
18:00:50.0707 5924 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
18:00:50.0723 5924 adp94xx - ok
18:00:50.0739 5924 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
18:00:50.0739 5924 adpahci - ok
18:00:50.0754 5924 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
18:00:50.0754 5924 adpu320 - ok
18:00:50.0770 5924 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:00:50.0770 5924 AeLookupSvc - ok
18:00:50.0785 5924 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:00:50.0785 5924 AFD - ok
18:00:50.0801 5924 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:00:50.0801 5924 agp440 - ok
18:00:50.0817 5924 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
18:00:50.0817 5924 aic78xx - ok
18:00:50.0832 5924 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:00:50.0832 5924 ALG - ok
18:00:50.0848 5924 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:00:50.0848 5924 aliide - ok
18:00:50.0848 5924 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:00:50.0848 5924 amdagp - ok
18:00:50.0863 5924 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:00:50.0863 5924 amdide - ok
18:00:50.0879 5924 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
18:00:50.0879 5924 AmdK8 - ok
18:00:50.0879 5924 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
18:00:50.0879 5924 AmdPPM - ok
18:00:50.0895 5924 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:00:50.0895 5924 amdsata - ok
18:00:50.0910 5924 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
18:00:50.0910 5924 amdsbs - ok
18:00:50.0910 5924 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:00:50.0910 5924 amdxata - ok
18:00:50.0926 5924 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:00:50.0926 5924 AppID - ok
18:00:50.0941 5924 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:00:50.0941 5924 AppIDSvc - ok
18:00:50.0941 5924 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:00:50.0941 5924 Appinfo - ok
18:00:50.0957 5924 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:00:50.0957 5924 Apple Mobile Device - ok
18:00:50.0973 5924 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:00:50.0988 5924 AppMgmt - ok
18:00:51.0004 5924 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
18:00:51.0004 5924 arc - ok
18:00:51.0004 5924 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
18:00:51.0019 5924 arcsas - ok
18:00:51.0019 5924 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:00:51.0019 5924 AsyncMac - ok
18:00:51.0019 5924 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:00:51.0035 5924 atapi - ok
18:00:51.0051 5924 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:00:51.0051 5924 AudioEndpointBuilder - ok
18:00:51.0066 5924 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:00:51.0066 5924 Audiosrv - ok
18:00:51.0082 5924 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:00:51.0082 5924 AxInstSV - ok
18:00:51.0097 5924 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
18:00:51.0113 5924 b06bdrv - ok
18:00:51.0129 5924 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:00:51.0129 5924 b57nd60x - ok
18:00:51.0144 5924 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:00:51.0144 5924 BDESVC - ok
18:00:51.0144 5924 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:00:51.0144 5924 Beep - ok
18:00:51.0175 5924 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:00:51.0175 5924 BFE - ok
18:00:51.0191 5924 BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
18:00:51.0207 5924 BingDesktopUpdate - ok
18:00:51.0207 5924 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:00:51.0207 5924 blbdrive - ok
18:00:51.0222 5924 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:00:51.0238 5924 Bonjour Service - ok
18:00:51.0238 5924 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:00:51.0238 5924 bowser - ok
18:00:51.0253 5924 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
18:00:51.0253 5924 BrFiltLo - ok
18:00:51.0253 5924 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
18:00:51.0253 5924 BrFiltUp - ok
18:00:51.0269 5924 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:00:51.0269 5924 Browser - ok
18:00:51.0285 5924 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:00:51.0300 5924 Brserid - ok
18:00:51.0300 5924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:00:51.0300 5924 BrSerWdm - ok
18:00:51.0316 5924 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:00:51.0316 5924 BrUsbMdm - ok
18:00:51.0316 5924 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:00:51.0316 5924 BrUsbSer - ok
18:00:51.0331 5924 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
18:00:51.0331 5924 BthEnum - ok
18:00:51.0331 5924 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:00:51.0347 5924 BTHMODEM - ok
18:00:51.0347 5924 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
18:00:51.0363 5924 BthPan - ok
18:00:51.0378 5924 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
18:00:51.0378 5924 BTHPORT - ok
18:00:51.0394 5924 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:00:51.0394 5924 bthserv - ok
18:00:51.0394 5924 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
18:00:51.0394 5924 BTHUSB - ok
18:00:51.0409 5924 CATmobile (9de83b1bec7cd3408a371eff973eb159) C:\Program Files\T-Mobile\webConnect Manager\conappssvc.exe
18:00:51.0409 5924 CATmobile - ok
18:00:51.0425 5924 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:00:51.0425 5924 cdfs - ok
18:00:51.0441 5924 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:00:51.0441 5924 cdrom - ok
18:00:51.0456 5924 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:00:51.0456 5924 CertPropSvc - ok
18:00:51.0472 5924 Change Modem Device Service (dce71aff23661db0bc0ae096cdcd23f7) C:\ProgramData\ChgService.exe
18:00:51.0519 5924 Change Modem Device Service - ok
18:00:51.0519 5924 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
18:00:51.0519 5924 circlass - ok
18:00:51.0534 5924 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:00:51.0534 5924 CLFS - ok
18:00:51.0550 5924 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:00:51.0550 5924 clr_optimization_v2.0.50727_32 - ok
18:00:51.0565 5924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:00:51.0581 5924 clr_optimization_v4.0.30319_32 - ok
18:00:51.0581 5924 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:00:51.0581 5924 CmBatt - ok
18:00:51.0581 5924 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:00:51.0597 5924 cmdide - ok
18:00:51.0612 5924 cmnsusbser (ce0d4eac1cd08ecf5fb9eab4b1e403c7) C:\Windows\system32\DRIVERS\cmnsusbser.sys
18:00:51.0612 5924 cmnsusbser - ok
18:00:51.0628 5924 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:00:51.0628 5924 CNG - ok
18:00:51.0643 5924 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:00:51.0643 5924 Compbatt - ok
18:00:51.0643 5924 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:00:51.0643 5924 CompositeBus - ok
18:00:51.0659 5924 COMSysApp - ok
18:00:51.0659 5924 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
18:00:51.0675 5924 cpudrv - ok
18:00:51.0690 5924 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
18:00:51.0690 5924 cpuz135 - ok
18:00:51.0690 5924 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
18:00:51.0690 5924 crcdisk - ok
18:00:51.0706 5924 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
18:00:51.0721 5924 CryptSvc - ok
18:00:51.0737 5924 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:00:51.0737 5924 CSC - ok
18:00:51.0768 5924 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
18:00:51.0768 5924 CscService - ok
18:00:51.0784 5924 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:00:51.0799 5924 DcomLaunch - ok
18:00:51.0815 5924 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:00:51.0815 5924 defragsvc - ok
18:00:51.0831 5924 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:00:51.0831 5924 DfsC - ok
18:00:51.0831 5924 dgderdrv - ok
18:00:51.0846 5924 dg_ssudbus (f9f31a9f2a8c0dd0ceb6e380bf0985d4) C:\Windows\system32\DRIVERS\ssudbus.sys
18:00:51.0862 5924 dg_ssudbus - ok
18:00:51.0877 5924 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:00:51.0877 5924 Dhcp - ok
18:00:51.0877 5924 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:00:51.0893 5924 discache - ok
18:00:51.0893 5924 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
18:00:51.0893 5924 Disk - ok
18:00:51.0909 5924 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
18:00:51.0909 5924 dmvsc - ok
18:00:51.0924 5924 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:00:51.0924 5924 Dnscache - ok
18:00:51.0940 5924 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:00:51.0955 5924 dot3svc - ok
18:00:51.0971 5924 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:00:51.0971 5924 DPS - ok
18:00:51.0971 5924 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:00:51.0971 5924 drmkaud - ok
18:00:52.0002 5924 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:00:52.0018 5924 DXGKrnl - ok
18:00:52.0018 5924 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:00:52.0018 5924 EapHost - ok
18:00:52.0111 5924 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
18:00:52.0143 5924 ebdrv - ok
18:00:52.0205 5924 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:00:52.0205 5924 EFS - ok
18:00:52.0221 5924 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:00:52.0267 5924 ehRecvr - ok
18:00:52.0283 5924 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:00:52.0314 5924 ehSched - ok
18:00:52.0345 5924 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
18:00:52.0345 5924 elxstor - ok
18:00:52.0345 5924 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:00:52.0345 5924 ErrDev - ok
18:00:52.0377 5924 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:00:52.0377 5924 EventSystem - ok
18:00:52.0392 5924 ewusbnet (7c18a6c99f4119d361a5ca028e788648) C:\Windows\system32\DRIVERS\ewusbnet.sys
18:00:52.0408 5924 ewusbnet - ok
18:00:52.0423 5924 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:00:52.0423 5924 exfat - ok
18:00:52.0439 5924 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:00:52.0439 5924 fastfat - ok
18:00:52.0455 5924 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:00:52.0470 5924 Fax - ok
18:00:52.0470 5924 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
18:00:52.0470 5924 fdc - ok
18:00:52.0486 5924 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:00:52.0486 5924 fdPHost - ok
18:00:52.0486 5924 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:00:52.0486 5924 FDResPub - ok
18:00:52.0501 5924 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:00:52.0501 5924 FileInfo - ok
18:00:52.0517 5924 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:00:52.0517 5924 Filetrace - ok
18:00:52.0517 5924 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
18:00:52.0517 5924 flpydisk - ok
18:00:52.0533 5924 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:00:52.0548 5924 FltMgr - ok
18:00:52.0564 5924 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:00:52.0579 5924 FontCache - ok
18:00:52.0595 5924 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:00:52.0595 5924 FontCache3.0.0.0 - ok
18:00:52.0595 5924 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:00:52.0611 5924 FsDepends - ok
18:00:52.0611 5924 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:00:52.0611 5924 Fs_Rec - ok
18:00:52.0626 5924 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:00:52.0626 5924 fvevol - ok
18:00:52.0642 5924 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
18:00:52.0642 5924 gagp30kx - ok
18:00:52.0657 5924 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:00:52.0657 5924 GEARAspiWDM - ok
18:00:52.0673 5924 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:00:52.0689 5924 gpsvc - ok
18:00:52.0689 5924 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:00:52.0704 5924 hcw85cir - ok
18:00:52.0720 5924 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:00:52.0720 5924 HdAudAddService - ok
18:00:52.0735 5924 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:00:52.0735 5924 HDAudBus - ok
18:00:52.0735 5924 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
18:00:52.0751 5924 HidBatt - ok
18:00:52.0751 5924 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:00:52.0767 5924 HidBth - ok
18:00:52.0767 5924 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
18:00:52.0767 5924 HidIr - ok
18:00:52.0782 5924 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:00:52.0782 5924 hidserv - ok
18:00:52.0798 5924 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:00:52.0798 5924 HidUsb - ok
18:00:52.0798 5924 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:00:52.0813 5924 hkmsvc - ok
18:00:52.0829 5924 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:00:52.0829 5924 HomeGroupListener - ok
18:00:52.0845 5924 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:00:52.0845 5924 HomeGroupProvider - ok
18:00:52.0860 5924 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
18:00:52.0860 5924 HpqRemHid - ok
18:00:52.0860 5924 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:00:52.0876 5924 HpSAMD - ok
18:00:52.0891 5924 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:00:52.0891 5924 HTTP - ok
18:00:52.0907 5924 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:00:52.0907 5924 hwdatacard - ok
18:00:52.0923 5924 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:00:52.0923 5924 hwpolicy - ok
18:00:52.0938 5924 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
18:00:52.0938 5924 hwusbdev - ok
18:00:52.0954 5924 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:00:52.0954 5924 i8042prt - ok
18:00:52.0969 5924 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:00:52.0969 5924 iaStorV - ok
18:00:52.0985 5924 IDMWFP (abdb3c09f68292f0eb9c81855c0e47b5) C:\Windows\system32\DRIVERS\idmwfp.sys
18:00:52.0985 5924 IDMWFP - ok
18:00:53.0016 5924 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:00:53.0032 5924 idsvc - ok
18:00:53.0047 5924 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
18:00:53.0047 5924 iirsp - ok
18:00:53.0063 5924 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:00:53.0079 5924 IKEEXT - ok
18:00:53.0141 5924 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
18:00:53.0157 5924 IntcAzAudAddService - ok
18:00:53.0203 5924 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:00:53.0203 5924 intelide - ok
18:00:53.0219 5924 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:00:53.0219 5924 intelppm - ok
18:00:53.0235 5924 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:00:53.0235 5924 IPBusEnum - ok
18:00:53.0250 5924 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:00:53.0250 5924 IpFilterDriver - ok
18:00:53.0266 5924 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:00:53.0266 5924 IPMIDRV - ok
18:00:53.0266 5924 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:00:53.0281 5924 IPNAT - ok
18:00:53.0313 5924 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:00:53.0313 5924 iPod Service - ok
18:00:53.0328 5924 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:00:53.0328 5924 IRENUM - ok
18:00:53.0328 5924 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:00:53.0328 5924 isapnp - ok
18:00:53.0344 5924 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:00:53.0344 5924 iScsiPrt - ok
18:00:53.0359 5924 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:00:53.0359 5924 kbdclass - ok
18:00:53.0375 5924 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:00:53.0375 5924 kbdhid - ok
18:00:53.0375 5924 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:00:53.0375 5924 KeyIso - ok
18:00:53.0391 5924 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:00:53.0406 5924 KSecDD - ok
18:00:53.0406 5924 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:00:53.0406 5924 KSecPkg - ok
18:00:53.0422 5924 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:00:53.0437 5924 KtmRm - ok
18:00:53.0453 5924 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:00:53.0453 5924 LanmanServer - ok
18:00:53.0469 5924 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:00:53.0469 5924 LanmanWorkstation - ok
18:00:53.0484 5924 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:00:53.0484 5924 lltdio - ok
18:00:53.0500 5924 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:00:53.0500 5924 lltdsvc - ok
18:00:53.0515 5924 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:00:53.0515 5924 lmhosts - ok
18:00:53.0531 5924 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
18:00:53.0531 5924 LSI_FC - ok
18:00:53.0547 5924 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
18:00:53.0547 5924 LSI_SAS - ok
18:00:53.0562 5924 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
18:00:53.0562 5924 LSI_SAS2 - ok
18:00:53.0578 5924 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
18:00:53.0578 5924 LSI_SCSI - ok
18:00:53.0593 5924 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:00:53.0609 5924 luafv - ok
18:00:53.0609 5924 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:00:53.0625 5924 Mcx2Svc - ok
18:00:53.0625 5924 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
18:00:53.0625 5924 megasas - ok
18:00:53.0640 5924 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
18:00:53.0656 5924 MegaSR - ok
18:00:53.0656 5924 Microsoft SharePoint Workspace Audit Service - ok
18:00:53.0671 5924 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:00:53.0671 5924 MMCSS - ok
18:00:53.0687 5924 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:00:53.0687 5924 Modem - ok
18:00:53.0687 5924 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
18:00:53.0687 5924 MODEMCSA - ok
18:00:53.0703 5924 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:00:53.0703 5924 monitor - ok
18:00:53.0703 5924 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:00:53.0703 5924 mouclass - ok
18:00:53.0718 5924 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:00:53.0718 5924 mouhid - ok
18:00:53.0734 5924 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:00:53.0734 5924 mountmgr - ok
18:00:53.0749 5924 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
18:00:53.0749 5924 MpFilter - ok
18:00:53.0765 5924 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:00:53.0765 5924 mpio - ok
18:00:53.0781 5924 MpKslee9880fc (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62F60BFF-3420-4B0D-88A0-61D295B7809D}\MpKslee9880fc.sys
18:00:53.0781 5924 MpKslee9880fc - ok
18:00:53.0781 5924 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:00:53.0781 5924 mpsdrv - ok
18:00:53.0812 5924 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:00:53.0827 5924 MpsSvc - ok
18:00:53.0843 5924 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:00:53.0843 5924 MRxDAV - ok
18:00:53.0859 5924 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:00:53.0859 5924 mrxsmb - ok
18:00:53.0874 5924 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:00:53.0874 5924 mrxsmb10 - ok
18:00:53.0890 5924 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:00:53.0890 5924 mrxsmb20 - ok
18:00:53.0890 5924 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:00:53.0905 5924 msahci - ok
18:00:53.0905 5924 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:00:53.0905 5924 msdsm - ok
18:00:53.0937 5924 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:00:53.0937 5924 MSDTC - ok
18:00:53.0937 5924 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:00:53.0952 5924 Msfs - ok
18:00:53.0952 5924 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:00:53.0952 5924 mshidkmdf - ok
18:00:53.0952 5924 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:00:53.0968 5924 msisadrv - ok
18:00:53.0968 5924 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:00:53.0968 5924 MSiSCSI - ok
18:00:53.0983 5924 msiserver - ok
18:00:53.0983 5924 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:00:53.0983 5924 MSKSSRV - ok
18:00:53.0999 5924 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:00:53.0999 5924 MsMpSvc - ok
18:00:53.0999 5924 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:00:53.0999 5924 MSPCLOCK - ok
18:00:54.0015 5924 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:00:54.0015 5924 MSPQM - ok
18:00:54.0030 5924 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:00:54.0030 5924 MsRPC - ok
18:00:54.0046 5924 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:00:54.0046 5924 mssmbios - ok
18:00:54.0046 5924 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:00:54.0046 5924 MSTEE - ok
18:00:54.0046 5924 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
18:00:54.0061 5924 MTConfig - ok
18:00:54.0077 5924 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:00:54.0077 5924 Mup - ok
18:00:54.0093 5924 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:00:54.0093 5924 napagent - ok
18:00:54.0124 5924 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:00:54.0124 5924 NativeWifiP - ok
18:00:54.0155 5924 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:00:54.0155 5924 NDIS - ok
18:00:54.0171 5924 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:00:54.0171 5924 NdisCap - ok
18:00:54.0171 5924 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:00:54.0171 5924 NdisTapi - ok
18:00:54.0186 5924 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:00:54.0186 5924 Ndisuio - ok
18:00:54.0202 5924 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:00:54.0202 5924 NdisWan - ok
18:00:54.0202 5924 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:00:54.0202 5924 NDProxy - ok
18:00:54.0217 5924 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:00:54.0217 5924 NetBIOS - ok
18:00:54.0233 5924 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:00:54.0233 5924 NetBT - ok
18:00:54.0249 5924 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:00:54.0249 5924 Netlogon - ok
18:00:54.0264 5924 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:00:54.0264 5924 Netman - ok
18:00:54.0280 5924 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:00:54.0295 5924 netprofm - ok
18:00:54.0311 5924 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:00:54.0311 5924 NetTcpPortSharing - ok
18:00:54.0420 5924 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
18:00:54.0467 5924 netw5v32 - ok
18:00:54.0670 5924 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
18:00:54.0732 5924 NETwLv32 - ok
18:00:54.0795 5924 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
18:00:54.0795 5924 nfrd960 - ok
18:00:54.0795 5924 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:00:54.0795 5924 NisDrv - ok
18:00:54.0810 5924 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:00:54.0810 5924 NisSrv - ok
18:00:54.0826 5924 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:00:54.0841 5924 NlaSvc - ok
18:00:54.0841 5924 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:00:54.0841 5924 Npfs - ok
18:00:54.0857 5924 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:00:54.0857 5924 nsi - ok
18:00:54.0857 5924 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:00:54.0857 5924 nsiproxy - ok
18:00:54.0904 5924 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:00:54.0919 5924 Ntfs - ok
18:00:54.0919 5924 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:00:54.0935 5924 Null - ok
18:00:55.0200 5924 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:00:55.0263 5924 nvlddmkm - ok
18:00:55.0309 5924 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:00:55.0325 5924 nvraid - ok
18:00:55.0325 5924 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:00:55.0325 5924 nvstor - ok
18:00:55.0372 5924 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
18:00:55.0372 5924 nvsvc - ok
18:00:55.0450 5924 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:00:55.0465 5924 nvUpdatusService - ok
18:00:55.0528 5924 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:00:55.0528 5924 nv_agp - ok
18:00:55.0543 5924 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:00:55.0543 5924 ohci1394 - ok
18:00:55.0559 5924 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:00:55.0559 5924 ose - ok
18:00:55.0684 5924 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:00:55.0731 5924 osppsvc - ok
18:00:55.0793 5924 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:00:55.0793 5924 p2pimsvc - ok
18:00:55.0809 5924 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:00:55.0824 5924 p2psvc - ok
18:00:55.0840 5924 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
18:00:55.0840 5924 Parport - ok
18:00:55.0840 5924 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
18:00:55.0855 5924 partmgr - ok
18:00:55.0855 5924 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
18:00:55.0855 5924 Parvdm - ok
18:00:55.0871 5924 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:00:55.0871 5924 PcaSvc - ok
18:00:55.0887 5924 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:00:55.0887 5924 pci - ok
18:00:55.0902 5924 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:00:55.0902 5924 pciide - ok
18:00:55.0918 5924 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
18:00:55.0918 5924 pcmcia - ok
18:00:55.0918 5924 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
18:00:55.0933 5924 PCTINDIS5 - ok
18:00:55.0933 5924 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:00:55.0933 5924 pcw - ok
18:00:55.0965 5924 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:00:55.0965 5924 PEAUTH - ok
18:00:56.0011 5924 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
18:00:56.0027 5924 PeerDistSvc - ok
18:00:56.0089 5924 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:00:56.0105 5924 pla - ok
18:00:56.0152 5924 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:00:56.0167 5924 PlugPlay - ok
18:00:56.0167 5924 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:00:56.0167 5924 PNRPAutoReg - ok
18:00:56.0183 5924 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:00:56.0199 5924 PNRPsvc - ok
18:00:56.0214 5924 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:00:56.0214 5924 PolicyAgent - ok
18:00:56.0230 5924 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:00:56.0245 5924 Power - ok
18:00:56.0245 5924 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:00:56.0245 5924 PptpMiniport - ok
18:00:56.0261 5924 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
18:00:56.0261 5924 Processor - ok
18:00:56.0277 5924 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
18:00:56.0277 5924 ProfSvc - ok
18:00:56.0292 5924 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:00:56.0292 5924 ProtectedStorage - ok
18:00:56.0308 5924 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:00:56.0308 5924 Psched - ok
18:00:56.0355 5924 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
18:00:56.0370 5924 ql2300 - ok
18:00:56.0417 5924 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
18:00:56.0417 5924 ql40xx - ok
18:00:56.0433 5924 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:00:56.0448 5924 QWAVE - ok
18:00:56.0448 5924 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:00:56.0448 5924 QWAVEdrv - ok
18:00:56.0448 5924 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:00:56.0464 5924 RasAcd - ok
18:00:56.0464 5924 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:00:56.0464 5924 RasAgileVpn - ok
18:00:56.0479 5924 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:00:56.0479 5924 RasAuto - ok
18:00:56.0495 5924 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:00:56.0495 5924 Rasl2tp - ok
18:00:56.0526 5924 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:00:56.0526 5924 RasMan - ok
18:00:56.0526 5924 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:00:56.0542 5924 RasPppoe - ok
18:00:56.0557 5924 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:00:56.0557 5924 RasSstp - ok
18:00:56.0573 5924 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:00:56.0573 5924 rdbss - ok
18:00:56.0589 5924 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:00:56.0589 5924 rdpbus - ok
18:00:56.0589 5924 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:00:56.0589 5924 RDPCDD - ok
18:00:56.0620 5924 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:00:56.0620 5924 RDPDR - ok
18:00:56.0620 5924 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:00:56.0620 5924 RDPENCDD - ok
18:00:56.0635 5924 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:00:56.0635 5924 RDPREFMP - ok
18:00:56.0635 5924 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
18:00:56.0651 5924 RdpVideoMiniport - ok
18:00:56.0667 5924 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
18:00:56.0667 5924 RDPWD - ok
18:00:56.0682 5924 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:00:56.0682 5924 rdyboost - ok
18:00:56.0698 5924 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:00:56.0698 5924 RemoteAccess - ok
18:00:56.0713 5924 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:00:56.0713 5924 RemoteRegistry - ok
18:00:56.0745 5924 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
18:00:56.0745 5924 RFCOMM - ok
18:00:56.0745 5924 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
18:00:56.0745 5924 rismxdp - ok
18:00:56.0760 5924 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:00:56.0760 5924 RpcEptMapper - ok
18:00:56.0760 5924 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:00:56.0776 5924 RpcLocator - ok
18:00:56.0791 5924 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:00:56.0791 5924 RpcSs - ok
18:00:56.0807 5924 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:00:56.0807 5924 rspndr - ok
18:00:56.0823 5924 RTL8167 (52a5332b280a2e80a92abcd2140a62e8) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:00:56.0823 5924 RTL8167 - ok
18:00:56.0823 5924 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:00:56.0823 5924 s3cap - ok
18:00:56.0838 5924 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:00:56.0838 5924 SamSs - ok
18:00:56.0854 5924 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:00:56.0854 5924 sbp2port - ok
18:00:56.0869 5924 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:00:56.0869 5924 SCardSvr - ok
18:00:56.0885 5924 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:00:56.0885 5924 scfilter - ok
18:00:56.0901 5924 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:00:56.0916 5924 Schedule - ok
18:00:56.0932 5924 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:00:56.0932 5924 SCPolicySvc - ok
18:00:56.0947 5924 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\DRIVERS\sdbus.sys
18:00:56.0947 5924 sdbus - ok
18:00:56.0963 5924 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:00:56.0963 5924 SDRSVC - ok
18:00:56.0979 5924 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:00:56.0979 5924 secdrv - ok
18:00:56.0979 5924 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:00:56.0979 5924 seclogon - ok
18:00:56.0994 5924 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:00:56.0994 5924 SENS - ok
18:00:57.0010 5924 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:00:57.0010 5924 SensrSvc - ok
18:00:57.0010 5924 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
18:00:57.0025 5924 Serenum - ok
18:00:57.0025 5924 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
18:00:57.0025 5924 Serial - ok
18:00:57.0041 5924 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
18:00:57.0041 5924 sermouse - ok
18:00:57.0057 5924 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:00:57.0072 5924 SessionEnv - ok
18:00:57.0072 5924 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:00:57.0072 5924 sffdisk - ok
18:00:57.0088 5924 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:00:57.0088 5924 sffp_mmc - ok
18:00:57.0088 5924 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:00:57.0088 5924 sffp_sd - ok
18:00:57.0088 5924 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
18:00:57.0103 5924 sfloppy - ok
18:00:57.0119 5924 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:00:57.0119 5924 ShellHWDetection - ok
18:00:57.0135 5924 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:00:57.0135 5924 sisagp - ok
18:00:57.0150 5924 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
18:00:57.0150 5924 SiSRaid2 - ok
18:00:57.0166 5924 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
18:00:57.0166 5924 SiSRaid4 - ok
18:00:57.0181 5924 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:00:57.0181 5924 Smb - ok
18:00:57.0213 5924 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
18:00:57.0228 5924 smserial - ok
18:00:57.0244 5924 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:00:57.0244 5924 SNMPTRAP - ok
18:00:57.0259 5924 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:00:57.0259 5924 spldr - ok
18:00:57.0275 5924 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:00:57.0275 5924 Spooler - ok
18:00:57.0369 5924 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:00:57.0400 5924 sppsvc - ok
18:00:57.0462 5924 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:00:57.0462 5924 sppuinotify - ok
18:00:57.0478 5924 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:00:57.0478 5924 srv - ok
18:00:57.0509 5924 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:00:57.0509 5924 srv2 - ok
18:00:57.0509 5924 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:00:57.0509 5924 srvnet - ok
18:00:57.0525 5924 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:00:57.0540 5924 SSDPSRV - ok
18:00:57.0540 5924 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:00:57.0556 5924 SstpSvc - ok
18:00:57.0556 5924 ssudmdm (e3d493bfb7cd108ec50b2f560c96367c) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:00:57.0556 5924 ssudmdm - ok
18:00:57.0571 5924 Steam Client Service - ok
18:00:57.0571 5924 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
18:00:57.0587 5924 stexstor - ok
18:00:57.0618 5924 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:00:57.0618 5924 StiSvc - ok
18:00:57.0634 5924 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:00:57.0634 5924 storflt - ok
18:00:57.0634 5924 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:00:57.0634 5924 storvsc - ok
18:00:57.0649 5924 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:00:57.0649 5924 swenum - ok
18:00:57.0665 5924 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:00:57.0665 5924 swprv - ok
18:00:57.0681 5924 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
18:00:57.0696 5924 Synth3dVsc - ok
18:00:57.0712 5924 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
18:00:57.0712 5924 SynTP - ok
18:00:57.0743 5924 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:00:57.0759 5924 SysMain - ok
18:00:57.0774 5924 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:00:57.0774 5924 TabletInputService - ok
18:00:57.0790 5924 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:00:57.0790 5924 TapiSrv - ok
18:00:57.0805 5924 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:00:57.0805 5924 TBS - ok
18:00:57.0868 5924 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
18:00:57.0868 5924 Tcpip - ok
18:00:57.0899 5924 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
18:00:57.0899 5924 TCPIP6 - ok
18:00:57.0915 5924 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:00:57.0915 5924 tcpipreg - ok
18:00:57.0930 5924 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:00:57.0930 5924 TDPIPE - ok
18:00:57.0930 5924 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:00:57.0930 5924 TDTCP - ok
18:00:57.0946 5924 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:00:57.0946 5924 tdx - ok
18:00:57.0961 5924 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
18:00:57.0961 5924 TermDD - ok
18:00:57.0977 5924 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
18:00:57.0977 5924 terminpt - ok
18:00:57.0993 5924 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:00:58.0008 5924 TermService - ok
18:00:58.0008 5924 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:00:58.0024 5924 Themes - ok
18:00:58.0024 5924 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:00:58.0024 5924 THREADORDER - ok
18:00:58.0039 5924 TMobileRcAppSvc (9927f6fd011700b0b27d5be213c9630e) C:\Program Files\T-Mobile\webConnect Manager\RcAppSvc.exe
18:00:58.0039 5924 TMobileRcAppSvc - ok
18:00:58.0055 5924 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:00:58.0071 5924 TrkWks - ok
18:00:58.0071 5924 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:00:58.0133 5924 TrustedInstaller - ok
18:00:58.0133 5924 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:00:58.0149 5924 tssecsrv - ok
18:00:58.0149 5924 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:00:58.0149 5924 TsUsbFlt - ok
18:00:58.0164 5924 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
18:00:58.0164 5924 TsUsbGD - ok
18:00:58.0180 5924 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
18:00:58.0180 5924 tsusbhub - ok
18:00:58.0195 5924 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:00:58.0195 5924 tunnel - ok
18:00:58.0211 5924 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
18:00:58.0211 5924 uagp35 - ok
18:00:58.0227 5924 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:00:58.0227 5924 udfs - ok
18:00:58.0242 5924 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:00:58.0242 5924 UI0Detect - ok
18:00:58.0258 5924 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:00:58.0258 5924 uliagpkx - ok
18:00:58.0273 5924 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
18:00:58.0273 5924 umbus - ok
18:00:58.0273 5924 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
18:00:58.0273 5924 UmPass - ok
18:00:58.0289 5924 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
18:00:58.0305 5924 UmRdpService - ok
18:00:58.0320 5924 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:00:58.0320 5924 upnphost - ok
18:00:58.0336 5924 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:00:58.0367 5924 USBAAPL - ok
18:00:58.0367 5924 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:00:58.0383 5924 usbccgp - ok
18:00:58.0383 5924 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:00:58.0398 5924 usbcir - ok
18:00:58.0398 5924 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:00:58.0398 5924 usbehci - ok
18:00:58.0414 5924 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:00:58.0414 5924 usbhub - ok
18:00:58.0429 5924 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:00:58.0429 5924 usbohci - ok
18:00:58.0429 5924 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:00:58.0429 5924 usbprint - ok
18:00:58.0445 5924 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:00:58.0445 5924 usbscan - ok
18:00:58.0461 5924 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:00:58.0461 5924 USBSTOR - ok
18:00:58.0461 5924 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:00:58.0461 5924 usbuhci - ok
18:00:58.0476 5924 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
18:00:58.0476 5924 usbvideo - ok
18:00:58.0492 5924 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
18:00:58.0492 5924 usb_rndisx - ok
18:00:58.0492 5924 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:00:58.0507 5924 UxSms - ok
18:00:58.0507 5924 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:00:58.0507 5924 VaultSvc - ok
18:00:58.0523 5924 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:00:58.0523 5924 vdrvroot - ok
18:00:58.0539 5924 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:00:58.0554 5924 vds - ok
18:00:58.0554 5924 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:00:58.0554 5924 vga - ok
18:00:58.0570 5924 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:00:58.0570 5924 VgaSave - ok
18:00:58.0570 5924 VGPU - ok
18:00:58.0585 5924 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:00:58.0585 5924 vhdmp - ok
18:00:58.0601 5924 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:00:58.0601 5924 viaagp - ok
18:00:58.0617 5924 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
18:00:58.0617 5924 ViaC7 - ok
18:00:58.0632 5924 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:00:58.0632 5924 viaide - ok
18:00:58.0648 5924 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:00:58.0648 5924 vmbus - ok
18:00:58.0663 5924 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:00:58.0663 5924 VMBusHID - ok
18:00:58.0663 5924 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:00:58.0663 5924 volmgr - ok
18:00:58.0695 5924 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:00:58.0695 5924 volmgrx - ok
18:00:58.0710 5924 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:00:58.0710 5924 volsnap - ok
18:00:58.0726 5924 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
18:00:58.0726 5924 vsmraid - ok
18:00:58.0773 5924 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:00:58.0788 5924 VSS - ok
18:00:58.0788 5924 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:00:58.0788 5924 vwifibus - ok
18:00:58.0804 5924 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:00:58.0819 5924 W32Time - ok
18:00:58.0819 5924 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
18:00:58.0819 5924 WacomPen - ok
18:00:58.0835 5924 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:00:58.0835 5924 WANARP - ok
18:00:58.0851 5924 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:00:58.0851 5924 Wanarpv6 - ok
18:00:58.0882 5924 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:00:58.0897 5924 wbengine - ok
18:00:58.0913 5924 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:00:58.0913 5924 WbioSrvc - ok
18:00:58.0944 5924 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:00:58.0944 5924 wcncsvc - ok
18:00:58.0944 5924 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:00:58.0960 5924 WcsPlugInService - ok
18:00:58.0960 5924 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
18:00:58.0960 5924 Wd - ok
18:00:58.0991 5924 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:00:58.0991 5924 Wdf01000 - ok
18:00:59.0007 5924 wdf_usb (65412dd50f40dca2e84e0ea5d10fd7af) C:\Windows\system32\DRIVERS\usb2ser.sys
18:00:59.0007 5924 wdf_usb - ok
18:00:59.0022 5924 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:00:59.0022 5924 WdiServiceHost - ok
18:00:59.0022 5924 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:00:59.0022 5924 WdiSystemHost - ok
18:00:59.0038 5924 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:00:59.0038 5924 WebClient - ok
18:00:59.0053 5924 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:00:59.0053 5924 Wecsvc - ok
18:00:59.0069 5924 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:00:59.0069 5924 wercplsupport - ok
18:00:59.0085 5924 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:00:59.0085 5924 WerSvc - ok
18:00:59.0085 5924 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:00:59.0085 5924 WfpLwf - ok
18:00:59.0100 5924 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:00:59.0100 5924 WIMMount - ok
18:00:59.0100 5924 WinHttpAutoProxySvc - ok
18:00:59.0131 5924 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:00:59.0163 5924 Winmgmt - ok
18:00:59.0209 5924 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:00:59.0225 5924 WinRM - ok
18:00:59.0241 5924 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:00:59.0241 5924 WinUsb - ok
18:00:59.0272 5924 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:00:59.0287 5924 Wlansvc - ok
18:00:59.0350 5924 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:00:59.0365 5924 wlidsvc - ok
18:00:59.0412 5924 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:00:59.0412 5924 WmiAcpi - ok
18:00:59.0443 5924 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:00:59.0475 5924 wmiApSrv - ok
18:00:59.0506 5924 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:00:59.0521 5924 WMPNetworkSvc - ok
18:00:59.0537 5924 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:00:59.0537 5924 WPCSvc - ok
18:00:59.0553 5924 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:00:59.0553 5924 WPDBusEnum - ok
18:00:59.0568 5924 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:00:59.0568 5924 ws2ifsl - ok
18:00:59.0568 5924 WSearch - ok
18:00:59.0584 5924 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:00:59.0599 5924 WudfPf - ok
18:00:59.0615 5924 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:00:59.0615 5924 WUDFRd - ok
18:00:59.0631 5924 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:00:59.0631 5924 wudfsvc - ok
18:00:59.0646 5924 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:00:59.0646 5924 WwanSvc - ok
18:00:59.0693 5924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:01:00.0021 5924 \Device\Harddisk0\DR0 - ok
18:01:00.0036 5924 Boot (0x1200) (8477835b346bb559136a8dbeb9bb97d5) \Device\Harddisk0\DR0\Partition0
18:01:00.0036 5924 \Device\Harddisk0\DR0\Partition0 - ok
18:01:00.0036 5924 Boot (0x1200) (36f8fb5e0e817ce3c5918c2f3e5d2103) \Device\Harddisk0\DR0\Partition1
18:01:00.0036 5924 \Device\Harddisk0\DR0\Partition1 - ok
18:01:00.0036 5924 ============================================================
18:01:00.0036 5924 Scan finished
18:01:00.0036 5924 ============================================================
18:01:00.0052 5916 Detected object count: 0
18:01:00.0052 5916 Actual detected object count: 0
18:01:19.0770 5864 Deinitialize success



aswMBR log:


aswMBR version 0.9.9.1665 Copyrightę 2011 AVAST Software
Run date: 2012-07-23 18:01:46
-----------------------------
18:01:46.142 OS Version: Windows 6.1.7601 Service Pack 1
18:01:46.142 Number of processors: 2 586 0xF0D
18:01:46.142 ComputerName: ALEKHKHANNA-PC UserName: Alekh Khanna
18:01:46.423 Initialize success
18:11:25.202 AVAST engine defs: 12072301
18:11:47.105 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
18:11:47.105 Disk 0 Vendor: INTEL_SSDSA2CW080G3 4PC10362 Size: 76319MB BusType: 11
18:11:47.120 Disk 0 MBR read successfully
18:11:47.120 Disk 0 MBR scan
18:11:47.120 Disk 0 Windows 7 default MBR code
18:11:47.120 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:11:47.167 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
18:11:47.214 Disk 0 scanning sectors +156299264
18:11:47.261 Disk 0 scanning C:\aWindows\system32\drivers
18:11:58.773 Service scanning
18:12:08.414 Service MpKslee9880fc c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62F60BFF-3420-4B0D-88A0-61D295B7809D}\MpKslee9880fc.sys **LOCKED** 32
18:12:22.688 Modules scanning
18:12:28.133 Disk 0 trace - called modules:
18:12:28.647 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
18:12:28.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86572648]
18:12:28.647 3 CLASSPNP.SYS[8b5af59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x860f8030]
18:12:28.928 AVAST engine scan C:\Windows
18:12:31.050 AVAST engine scan C:\Windows\system32
18:15:24.649 AVAST engine scan C:\Windows\system32\drivers
18:15:37.878 AVAST engine scan C:\Users\Alekh Khanna
18:23:04.015 AVAST engine scan C:\ProgramData
18:23:18.648 Scan finished successfully
18:23:41.626 Disk 0 MBR has been saved successfully to "C:\Users\Alekh Khanna\Desktop\MBR.dat"
18:23:41.720 The log file has been saved successfully to "C:\Users\Alekh Khanna\Desktop\aswMBR.txt"



ESET Online Scan log:


C:\Documents and Settings\Alekh Khanna\Desktop\InitialCFRootFlasher\files\zergRush Android/Exploit.Lotoor.AS trojan cleaned by deleting - quarantined
C:\Documents and Settings\Alekh Khanna\Downloads\Programs\unlockroot23-eng.exe a variant of Win32/Packed.VProtect.C application cleaned by deleting - quarantined
C:\Program Files\Unlockroot\unlockroot.exe a variant of Win32/Packed.VProtect.C application cleaned by deleting - quarantined


Also, MSE keeps on showing me notifications that some threats were cleaned. While checking logs, I accidently removed them :| , but AFAIR, there was one Trojan Sirefef.AH which kept on getting removed repeatedly by MSE.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:06 PM

Posted 23 July 2012 - 09:11 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 alekhkhanna

alekhkhanna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 23 July 2012 - 10:13 AM

Malwarebytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Alekh Khanna :: ALEKHKHANNA-PC [administrator]

7/23/2012 8:12:47 PM
mbam-log-2012-07-23 (20-12-47).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 311295
Time elapsed: 15 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Alekh Khanna\Downloads\Programs\VCDCutterSetup.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\a.txt (Worm.Traces) -> Quarantined and deleted successfully.

(end)




MiniTollbox log:

MiniToolBox by Farbar Version: 22-07-2012
Ran by Alekh Khanna (administrator) on 23-07-2012 at 20:20:38
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=172.171.147.1 publish=Yes
add address name="Local Area Connection" address=172.171.147.155 mask=255.255.255.0
add address name="Mobile Broadband Connection 3" address=192.168.170.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AlekhKhanna-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1E-37-70-1F-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-1C-BF-4E-73-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::176:1645:f7c7:ee63%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.43.82(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 23, 2012 5:58:46 PM
Lease Expires . . . . . . . . . . : Monday, July 23, 2012 9:20:31 PM
Default Gateway . . . . . . . . . : 192.168.43.1
DHCP Server . . . . . . . . . . . : 192.168.43.1
DHCPv6 IAID . . . . . . . . . . . : 218111167
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-23-13-D4-00-1B-24-E3-D5-23
DNS Servers . . . . . . . . . . . : 192.168.43.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-1B-24-E3-D5-23
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{905E857B-67D6-4A61-8CDC-A4C77AA7AEE1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.43.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 2404:6800:4007:803::1006


Pinging google.com [74.125.236.165] with 32 bytes of data:
Reply from 74.125.236.165: bytes=32 time=104ms TTL=54
Reply from 74.125.236.165: bytes=32 time=415ms TTL=54

Ping statistics for 74.125.236.165:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 104ms, Maximum = 415ms, Average = 259ms
Server: UnKnown
Address: 192.168.43.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=1173ms TTL=48
Reply from 98.139.183.24: bytes=32 time=1127ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1127ms, Maximum = 1173ms, Average = 1150ms
Server: UnKnown
Address: 192.168.43.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 1e 37 70 1f 19 ......Bluetooth Device (Personal Area Network)
12...00 1c bf 4e 73 b2 ......Intel® PRO/Wireless 3945ABG Network Connection
11...00 1b 24 e3 d5 23 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.82 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.43.0 255.255.255.0 On-link 192.168.43.82 281
192.168.43.82 255.255.255.255 On-link 192.168.43.82 281
192.168.43.255 255.255.255.255 On-link 192.168.43.82 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.43.82 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.43.82 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.171.147.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::176:1645:f7c7:ee63/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/23/2012 05:56:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 04:03:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 03:33:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 03:03:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 02:25:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.
.

Error: (07/23/2012 02:14:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.
.

Error: (07/23/2012 02:00:58 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
The remote procedure call failed.
.

Error: (07/23/2012 01:45:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.
.

Error: (07/23/2012 01:45:08 PM) (Source: Microsoft Security Client Setup) (User: AlekhKhanna-PC)AlekhKhanna-PC
Description: HRESULT:0x8004FF11
Description:Can't install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (07/23/2012 01:38:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.
.


System errors:
=============
Error: (07/23/2012 06:57:18 PM) (Source: Microsoft Antimalware) (User: )
Description: %Virus:Win32/Sirefef.R60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Virus:Win32/Sirefef.R603

Name: Virus:Win32/Sirefef.R

ID: 2147657890

Severity: %Virus:Win32/Sirefef.R600

Category: %Virus:Win32/Sirefef.R602

Path: 4.0.1526.02

Detection Origin: 4.0.1526.04

Detection Type: 4.0.1526.08

Detection Source: %Virus:Win32/Sirefef.R608

User: {A17D901A-AAD3-4F83-A307-EFD8904D5FDD}9

Process Name: %Virus:Win32/Sirefef.R609

Action: {A17D901A-AAD3-4F83-A307-EFD8904D5FDD}1

Action Status: {A17D901A-AAD3-4F83-A307-EFD8904D5FDD}8

Error Code: {A17D901A-AAD3-4F83-A307-EFD8904D5FDD}3

Error description: {A17D901A-AAD3-4F83-A307-EFD8904D5FDD}4

Signature Version: 2012-07-23T13:27:03.550Z1

Engine Version: 2012-07-23T13:27:03.550Z2

Error: (07/23/2012 06:35:11 PM) (Source: Microsoft Antimalware) (User: )
Description: %Virus:Win32/Sirefef.R60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Virus:Win32/Sirefef.R603

Name: Virus:Win32/Sirefef.R

ID: 2147657890

Severity: %Virus:Win32/Sirefef.R600

Category: %Virus:Win32/Sirefef.R602

Path: 4.0.1526.02

Detection Origin: 4.0.1526.04

Detection Type: 4.0.1526.08

Detection Source: %Virus:Win32/Sirefef.R608

User: {DF0CCD96-DA78-4FC9-AED4-FEF19C92F618}9

Process Name: %Virus:Win32/Sirefef.R609

Action: {DF0CCD96-DA78-4FC9-AED4-FEF19C92F618}1

Action Status: {DF0CCD96-DA78-4FC9-AED4-FEF19C92F618}8

Error Code: {DF0CCD96-DA78-4FC9-AED4-FEF19C92F618}3

Error description: {DF0CCD96-DA78-4FC9-AED4-FEF19C92F618}4

Signature Version: 2012-07-23T13:04:56.816Z1

Engine Version: 2012-07-23T13:04:56.816Z2

Error: (07/23/2012 05:58:47 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/23/2012 05:58:47 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/23/2012 05:54:57 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/23/2012 05:54:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (07/23/2012 04:02:45 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/23/2012 04:02:45 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/23/2012 04:01:28 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/23/2012 04:01:27 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.


Microsoft Office Sessions:
=========================
Error: (07/23/2012 05:56:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 04:03:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 03:33:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 03:03:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 02:25:57 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.

Error: (07/23/2012 02:14:45 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.

Error: (07/23/2012 02:00:58 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
The remote procedure call failed.

Error: (07/23/2012 01:45:39 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.

Error: (07/23/2012 01:45:08 PM) (Source: Microsoft Security Client Setup)(User: AlekhKhanna-PC)AlekhKhanna-PC
Description: HRESULT:0x8004FF11
Description:Can't install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (07/23/2012 01:38:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.


=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
7-Zip 9.20
Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Amazon Kindle
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Bing Desktop (Version: 1.0.45.0)
BitMeter
Bonjour (Version: 3.0.0.10)
Bullzip PDF Printer 7.2.0.1319 (Version: 7.2.0.1319)
Caldera - Batch image resize, rename and recode application by (Version: 1.1.0)
Caldera - Batch image resize, rename and recode application by CFE (Version: 1.1.0)
CCleaner (Version: 3.14)
CDisplay 1.8
CPUID CPU-Z 1.58
CrystalDiskInfo 4.0.3 (Version: 4.0.3)
CrystalDiskMark 3.0.1b (Version: 3.0.1b)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DestroyTwitter 2 (Version: 2.1.5)
DestroyTwitter 2 (Version: 2.1.5p2)
DiskAid 5.06 (Version: 5.06)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Flickr Uploadr 3.2.1
FlyteDownloadManager version 1.0.0.8 (Version: 1.0.0.8)
Google Talk (remove only)
GPL Ghostscript Lite 9.04
Graphic.ly (Version: 0.9.7)
HD Tune Pro 4.60
Intel® Solid-State Drive Toolbox (Version: 2.02.000)
Internet Download Manager
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (Version: 6.0.270)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MediaInfo 0.7.50 (Version: 0.7.50)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mimo (Version: 0.2.4)
Minilyrics
MMX352G 3G USB Manager version 5.490
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
MSVCRT (Version: 15.4.2862.0708)
Network Activity Indicator for Windows 7 (Version: 1.6)
Newzbin2 Client 1.0.0.345 (Version: 1.0.0.345)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Opera 11.64 (Version: 11.64.1403)
Rainmeter (Version: 2.2 r1116)
Realtek Ethernet Controller Driver (Version: 7.27.920.2010)
Realtek High Definition Audio Driver
RockMelt (Version: 0.16.91.478)
SABnzbd 0.6.15 (Version: 0.6.15)
Samsung Kies (Version: 2.3.1.12044_18)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.4.0)
SKTimeStamp (Version: 1.3.3)
Skype™ 5.5 (Version: 5.5.124)
SPlayer
SSDlife Pro (Version: 2.1.38)
StarToken (Version: 1.1.805)
Steam (Version: 1.0.0.0)
Sublight 3.0.0 (Version: 3.0.0)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
System Requirements Lab for Intel (Version: 4.4.24.0)
T-Mobile webConnect Manager (Version: 2.05.0016.0)
TeraCopy 2.2
The Off By One Web Browser
TinEyeClient (Version: 1.1)
Unity Web Player (Version: )
UnLock Root 2.31 (Version: 2.31)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VCD Cutter 1.0
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (Version: 12/06/2010 4.0.0000.00000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
ZoomIn Uploader 1.0.8

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 3070.43 MB
Available physical RAM: 1469.83 MB
Total Pagefile: 6138.71 MB
Available Pagefile: 4360.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.43 GB) (Free:3.34 GB) NTFS

========================= Users: ========================================

User accounts for \\ALEKHKHANNA-PC

Administrator Alekh Khanna Guest
UpdatusUser


**** End of log ****


FSS log:

Farbar Service Scanner Version: 22-07-2012
Ran by Alekh Khanna (administrator) on 23-07-2012 at 20:38:01
Running from "C:\Users\Alekh Khanna\Downloads\Programs"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



ADwCleaner log:

# AdwCleaner v1.703 - Logfile created 07/23/2012 at 20:38:55
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Alekh Khanna - ALEKHKHANNA-PC
# Running from : C:\Users\Alekh Khanna\Downloads\Programs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Opera v11.64.1403.0

File : C:\Users\Alekh Khanna\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1219 octets] - [23/07/2012 20:38:43]
AdwCleaner[S1].txt - [1160 octets] - [23/07/2012 20:38:55]

########## EOF - C:\AdwCleaner[S1].txt - [1288 octets] ##########






Edited by alekhkhanna, 23 July 2012 - 10:15 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:06 PM

Posted 23 July 2012 - 10:40 AM

Also, MSE keeps on showing me notifications that some threats were cleaned. While checking logs, I accidently removed them :| , but AFAIR, there was one Trojan Sirefef.AH which kept on getting removed repeatedly by MSE.


what location doesnt point to?

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log


Download
Sharedaccess
wscsvc
defender


Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#7 alekhkhanna

alekhkhanna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 23 July 2012 - 12:20 PM

SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:33 on 23/07/2012 by Alekh Khanna
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

-= EOF =-


FSS log (after running Repair_Windows):

Farbar Service Scanner Version: 22-07-2012
Ran by Alekh Khanna (administrator) on 23-07-2012 at 22:46:23
Running from "C:\Users\Alekh Khanna\Downloads\Programs"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




#8 alekhkhanna

alekhkhanna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 23 July 2012 - 12:21 PM


Also, MSE keeps on showing me notifications that some threats were cleaned. While checking logs, I accidently removed them :| , but AFAIR, there was one Trojan Sirefef.AH which kept on getting removed repeatedly by MSE.


what location doesnt point to?

Dunno as I mistakingly deleted the log. MSE notification haven't appeared since. I think it was the quarantined services.exe in FRST folder.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:06 PM

Posted 23 July 2012 - 08:30 PM

FRST? Who helped you using the tool? It seems you received 1 minute shutdown too(from your eventviewer log).Do not use FRST without an expert advice.

Download

wuauserv
BITS

Launch it ,click YES

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#10 alekhkhanna

alekhkhanna
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 PM

Posted 23 July 2012 - 10:14 PM

FRST? Who helped you using the tool? It seems you received 1 minute shutdown too(from your eventviewer log).Do not use FRST without an expert advice.

I used the tool because I was having the same problem as the guy on this thread (Security Shield 2012 + PC automatically restarting every min; shutdown -a also didn't help). I looked at the replies and the use of FRST in looking for rogue files. Also looked at how the fixlist (for FRST) was made for the user. Since I have a fair experience tinkering with Windows (been tweaking with stuff since Win ME :P), I was able to make a fixlist myself and ran it. Finally was able to boot into the PC without restarting. Then removed the SS 2012 by following the guide on BC Portal.
Surprsingly my first virus/malware attack in the past 10 years or so !

Anyways, thanks a lot Naren ! Appreciate the help. :D

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:06 PM

Posted 24 July 2012 - 01:07 AM

You're most welcome :)

Do not use fix given to others next time ,that may screw your PC




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users