Jump to content

Google redirect / Mydomainadvisor.com problem


sp1234

Recommended Posts

Hello,

I've been having this problem, where I am not able to go to www.google.com using Chrome. It goes to "www.google.com/search.php" and displays the following message on the page: "Google 404. That’s an error. The requested URL /search.php was not found on this server. That’s all we know." The tab says " Error 404 (Not Found)!!1 ". When you load Chrome (Google is my home page), it very briefly gives a heading on the tab saying "Welcome to mydomainadvisor.com" before it goes to the "" Error 404 (Not Found)!!1 " message.

Weird thing is that I am able to access google.com from Mozilla and Internet explorer. Also, Google searches work fine from the address bar on Chrome. I haven't noticed this with other websites like yahoo.com, bing.com, cnn.com etc. I have read quite a few posts on this issue on this forum and others, to know that this is likely a real issue, and I'm afraid it could get worse/ my passwords and other data could get stolen... now the only problem is I don't know how to get rid of this :)

I have tried to scan using Malwarebytes Anti-Malware, Spybot, and Adaware (before I unistalled it recently). I have also scanned the whole system using Symantec. I am attaching the most recent Malwarebytes and HiJackThis logs in advance, to speed up the process.

I would appreaciate your help in guiding me through this process!... Many thanks in advance!

SP

***************

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.17.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Saurabh :: SAURABHP [administrator]

2/17/2012 11:36:12 AM

mbam-log-2012-02-17 (11-36-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219905

Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

*************

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:31:04 AM, on 2/17/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\TpShocks.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

C:\Program Files\Memeo\AutoBackup\InstantBackup.exe

C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Memeo\Memeo Send\MemeoSend.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE

C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP

\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870

-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft

\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:

\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files

\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:

\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar

\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP

\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-

df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS

\PIconStartup.exe"

O4 - HKLM\..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software

\launcher.exe" /startup

O4 - HKLM\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

/start

O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application

Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader

\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --

silent --no_ui

O4 - HKLM\..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe --silent

O4 - HKLM\..\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard

\MemeoLauncher.exe --silent --no_ui

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support

\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update

\jusched.exe"

O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync

\IntuitSyncManager.exe startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [Google Update] "C:\Users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe"

/c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User

'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User

'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK

SERVICE')

O4 - Startup: Dropbox.lnk = Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr

\acrotray.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin

\hpqtra08.exe

O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect

\IntuitDataProtect.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit

\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks

2012\QBW32.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows

\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad

\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad

\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-

C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:

\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-

C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 -

{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software

\btsendto_ie.htm

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo

\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}

- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files

\PlotSoft\PDFill\DownloadPDF.exe

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live

\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live

\wlidnsp.dll

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) -

https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files\Intuit

\QuickBooks 2012\HelpAsyncPluggableProtocol.dll

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files

\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live

\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad

\Bluetooth Software\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files

\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad

\Utilities\DOZESVC.EXE

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program

Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program

Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files

\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr

\iviRegMgr.exe

O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files

\LENOVO\HOTKEY\CAMMUTE.exe

O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files

\LENOVO\HOTKEY\MICMUTE.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) -

Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a

\webserver\bin\win32\matlabserver.exe

O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup

\MemeoBackgroundService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows

\system32\nvvsvc.exe

O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities

\PWMDBSVC.EXE

O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks

\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files

\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit

\DataProtect\QBIDPService.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program

Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:

\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files

\Seagate\Seagate Dashboard\SeagateDashboardService.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files

\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System

Update\SUService.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:

\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer

\Version5\TeamViewer_Service.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer

\Version6\TeamViewer_Service.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files

\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows

\System32\TPHDEXLG.exe

O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO

\HOTKEY\TPHKSVC.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost

\TurboBoost.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and

Recovery\rrservice.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel

Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--

End of file - 18553 bytes

Link to post
Share on other sites

Hi MrC,

Thanks for your response and your help! I am attaching the DDS.txt and Attach.txt files below, as you suggested. Do let me know what I should do next.

thanks,

SP

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Saurabh at 22:39:20 on 2012-02-17

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3060.1701 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k NetworkService

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Windows\system32\Dwm.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\TpShocks.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

C:\Program Files\Memeo\AutoBackup\InstantBackup.exe

C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Memeo\Memeo Send\MemeoSend.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE

C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Lenovo\Access Connections\AcSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://lenovo.msn.com

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie

\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Google Update] "c:\users\saurabh\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui

mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent

mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\users\saurabh\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\saurabh\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039}\7416C6C65737 : DhcpNameServer = 192.168.15.1

TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039}\A4847457563747E65647 : DhcpNameServer = 128.220.1.75 162.129.253.134

TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039}\F46796371627965637 : DhcpNameServer = 192.168.2.1 68.87.64.150 68.87.75.198

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\0653317f.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\saurabh\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-20 24304]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-12-9 13480]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-20 132456]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2009-12-9 54632]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-12-9 44984]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-2-20 48640]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-12-16 2477304]

R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-12-9 62904]

R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]

R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-2-20 126080]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-20 29472]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-2-20 214696]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-20 125696]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-2-20 66664]

R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-22 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]

S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-2-20 75112]

S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]

S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-29 99768]

.

=============== Created Last 30 ================

.

2012-02-17 23:44:43 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd41c75b-7ae7-476d-ad88-b459a7c60f33}\mpengine.dll

2012-02-16 08:06:18 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-02-16 06:24:46 388096 ----a-r- c:\users\saurabh\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-02-16 06:24:45 -------- d-----w- c:\program files\Trend Micro

2012-02-16 05:56:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-02-16 05:56:00 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-16 05:46:33 -------- d-----w- c:\users\saurabh\appdata\roaming\Malwarebytes

2012-02-16 05:46:30 -------- d-----w- c:\programdata\Malwarebytes

2012-02-16 05:46:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-16 05:46:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-16 03:29:32 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 03:28:39 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 03:27:59 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-01 17:09:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2012-02-01 17:09:42 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2012-02-01 17:09:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2012-02-01 17:09:41 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2012-02-01 17:09:41 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2012-02-01 17:09:40 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe

2012-02-01 17:09:37 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2012-02-01 17:09:37 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-02-01 17:09:37 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-02-01 17:09:37 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-02-01 15:04:16 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll

2012-02-01 15:03:26 -------- d-----w- c:\program files\common files\xing shared

2012-02-01 15:02:52 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2012-02-01 15:02:22 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

2012-01-31 20:06:02 -------- d-----w- c:\program files\One-Click Export

2012-01-25 23:32:14 -------- d-----w- c:\users\saurabh\appdata\local\Intuit_Inc

2012-01-25 15:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

==================== Find3M ====================

.

2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll

2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-12 20:10:17 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-11-23 18:12:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: ST950042 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: >>UNKNOWN [0x8323E000]<< >>UNKNOWN [0x8BA00000]<< >>UNKNOWN [0x8BBDD000]<< >>UNKNOWN [0x8B62D000]<< >>UNKNOWN [0x83207000]<< >>UNKNOWN [0x8B82C000]<<

_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Harddisk0\DR0[0x88258AA0]

\Driver\Disk[0x88257C98] -> IRP_MJ_CREATE -> 0x8BA0439F

3 [0x8BA0459E] -> ntkrnlpa!IofCallDriver[0x8327552A] -> [0x866E8B90]

\Driver\ACPI[0x85950E58] -> IRP_MJ_CREATE -> 0x8B6364CC

5 [0x8B6363D4] -> ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Ide\IAAStorageDevice-1[0x866D4028]

\Driver\iaStor[0x8592FF38] -> IRP_MJ_CREATE -> 0x8B852B26

kernel: MBR read successfully

_asm { JMP 0x10; }

user & kernel MBR OK

copy of MBR has been found in sector 9 !

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 22:41:55.60 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/9/2010 3:07:04 PM

System Uptime: 2/17/2012 10:15:10 AM (12 hours ago)

.

Motherboard: LENOVO | | 43142PU

Processor: Intel® Core i5 CPU M 540 @ 2.53GHz | None | 1190/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 455 GiB total, 149.73 GiB free.

E: is CDROM ()

Q: is FIXED (NTFS) - 10 GiB total, 3.352 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP312: 2/3/2012 9:18:27 AM - Windows Update

RP313: 2/5/2012 3:01:03 AM - Windows Update

RP314: 2/8/2012 9:36:22 AM - Windows Update

RP315: 2/14/2012 12:11:43 PM - Windows Update

RP316: 2/16/2012 1:23:16 AM - Installed HiJackThis

RP317: 2/16/2012 3:02:02 AM - Windows Update

RP318: 2/16/2012 3:34:48 PM - Removed Ad-Aware

RP319: 2/16/2012 11:12:54 PM - Removed Ad-Aware

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

32 Bit HP CIO Components Installer

7-Zip 9.20

Access Help

Adobe Acrobat 6.0 Professional

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader 9.4.6

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AT&T Service Activation

Avidemux 2.5

Bing Bar

Bing Bar Platform

Bonjour

BufferChm

Burn.Now 4.5

Business Contact Manager for Outlook 2007 SP2

Client Security - Password Manager

Conexant 20585 SmartAudio HD

Copy

Corel Burn.Now Lenovo Edition

Corel DVD MovieFactory 7

Corel DVD MovieFactory 7 Lenovo Edition

Create Recovery Media

D3DX10

Destinations

DeviceDiscovery

Direct DiscRecorder

Disable AMT Profile Synchronization Pop-up for Windows Vista/7

DJ_AIO_03_F4200_Software_Min

Dropbox

DVD Decrypter (Remove Only)

DVD Shrink 3.2

EndNote 8.0.2

F4200

FEMLAB 3.1

Google Chrome

Google Talk Plugin

GPBaseService2

GPL Ghostscript 8.64

HiJackThis

HP Customer Participation Program 13.0

HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

iCloud

ImageJ 1.45s

ImgBurn

Integrated Camera Driver Installer Package Ver.1.1.0.17

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® PROSet/Wireless WiFi Software

Intel® Turbo Boost Technology Driver

Intel® Turbo Boost Technology Monitor

InterVideo WinDVD 8

iSEEK AnswerWorks English Runtime

ISI ResearchSoft - Export Helper

iTunes

Java Auto Updater

Java 6 Update 29

Juniper Networks Network Connect 6.5.0

Juniper Networks Network Connect 7.0.0

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Junk Mail filter update

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Lenovo Warranty Information

Lenovo Welcome

LiveUpdate 3.3 (Symantec Corporation)

Macromedia FreeHand 10

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Mathematica 5.2

MATLAB R2006a

Memeo Instant Backup

Memeo Send

Memeo Share

Mesh Runtime

Message Center Plus

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.0

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Research AutoCollage Touch 2009

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework 2.0 Core Components (x86) ENU

Microsoft Sync Framework 2.0 Provider Services (x86) ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2005 Tools for Office Runtime

Mobile Broadband Connect

MobileMe Control Panel

Mozilla Firefox 10.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MyPhoneExplorer

NVIDIA Drivers

NVIDIA nView Desktop Manager

On Screen Display

One-Click Export

PDF Settings

PDFill PDF Editor with FREE Writer and Free Tools

Picasa 3

PrimoPDF -- by Nitro PDF Software

QuickBooks

QuickBooks Pro 2012

QuickTime

Rapport

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

Rescue and Recovery

RICOH R5U230 Media Driver ver.2.06.02.02

Scan

Seagate Dashboard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Shop for HP Supplies

Skype Click to Call

Skype™ 5.5

SmartWebPrinting

SolutionCenter

Sony Ericsson Device Data

Sony Ericsson Drivers

Sony Ericsson PC Suite

Spotify

Spybot - Search & Destroy

Status

Symantec Endpoint Protection

SyncToy 2.1 (x86)

System Update

Tansee iPhone Transfer SMS

TeamViewer 5

TeamViewer 6

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Integration Setup

ThinkPad Modem Adapter

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Fingerprint Software

Toolbox

TrayApp

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Service

Verizon Wireless Mobile Broadband Self Activation

Watermark Image software version 1.9.9.7

WebReg

Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Driver Package - Intel (e1kexpress) Net (12/01/2009 11.5.7.0)

Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)

Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)

Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)

Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)

Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)

Windows Essentials Media Codec Pack 3.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wolfram Notebook Indexer 1.1

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

2/17/2012 9:47:08 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

2/17/2012 9:46:21 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

2/17/2012 10:19:59 AM, Error: Service Control Manager [7034] - The MATLAB Server service terminated unexpectedly. It has done this 1 time(s).

2/16/2012 2:14:34 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "002314123820" to identify the interface for which

initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address.

If neither the MAC address nor the GUID were available, the string represents a cluster device name.

2/16/2012 12:45:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server:

{000C101C-0000-0000-C000-000000000046}

2/16/2012 11:36:45 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.164.132.97. The computer with the IP address

10.164.133.156 did not allow the name to be claimed by this computer.

2/16/2012 1:13:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The

dependency service or group failed to start.

2/15/2012 6:14:57 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Netman service.

2/15/2012 5:43:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WANHUA-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.

2/15/2012 4:50:06 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SABSAN-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.

2/15/2012 4:41:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCOTT-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced.

2/15/2012 4:21:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer POSEIDON that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced.

2/15/2012 4:06:35 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PETER-XPS that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.

2/15/2012 3:55:34 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WEN-HP that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced.

2/15/2012 3:49:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SKYNET that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced.

2/15/2012 3:16:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRYSOPHYLAX that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66. The master browser is stopping or an election is being forced.

2/15/2012 11:04:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:

{9E175B6D-F52A-11D8-B9A5-505054503030}

2/15/2012 11:04:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:

{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/15/2012 11:04:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the

server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/15/2012 11:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the

server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/15/2012 11:03:17 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

2/15/2012 11:03:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl lenovo.smi RapportKELL SPBBCDrv

spldr SRTSP SRTSPX SYMTDI TPPWRIF Wanarpv6

2/15/2012 1:20:39 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

2/14/2012 5:51:55 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer YUANFENG-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667. The master browser is stopping or an election is being forced.

2/14/2012 5:48:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PIYUSH-LAPTOP that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6. The master browser is stopping or an election is being forced.

2/14/2012 5:46:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JHU-0439F46ABA4 that believes that it is the master browser for

the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6. The master browser is stopping or an election is being forced.

2/14/2012 5:44:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SEABASS-LAPTOP that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D. The master browser is stopping or an election is being forced.

2/14/2012 5:40:04 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TREE that believes that it is the master browser for the domain on

transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502039}. The master browser is stopping or an election is being forced.

2/14/2012 5:36:27 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GROVER that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced.

2/14/2012 5:32:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer 0B726C703E9A49E that believes that it is the master browser for

the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6. The master browser is stopping or an election is being forced.

2/14/2012 5:29:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ALEXIS-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.

2/14/2012 5:28:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GUY-PC that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced.

2/14/2012 5:27:09 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NOW_IBM that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced.

2/14/2012 5:24:07 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KHAN-PC that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced.

2/14/2012 5:21:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KONEKO_BASU that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667. The master browser is stopping or an election is being forced.

2/14/2012 5:18:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ADITA-STUDIOPC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D. The master browser is stopping or an election is being forced.

2/14/2012 5:13:05 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MIA-THINK that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.

2/14/2012 5:11:23 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TUTKUN-THINK that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66. The master browser is stopping or an election is being forced.

2/14/2012 5:10:47 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ACLAYTON-LAPTOP that believes that it is the master browser for

the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6. The master browser is stopping or an election is being forced.

2/14/2012 5:08:24 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHEW-PC that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced.

2/14/2012 5:02:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MATTHEWKERR-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D. The master browser is stopping or an election is being forced.

2/14/2012 4:53:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SSOCT-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced.

2/14/2012 4:48:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RICHARD-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675. The master browser is stopping or an election is being forced.

2/14/2012 4:46:18 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ROSEBUD that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced.

2/13/2012 9:26:10 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the TeamViewer6 service.

2/13/2012 8:55:58 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

2/11/2012 11:02:25 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

2/10/2012 7:15:11 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KARLO-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced.

2/10/2012 7:03:50 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

.

==== End Of File ===========================

Link to post
Share on other sites

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

------------------------------------

Then.........

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

Thanks... Here are the two reports:

RogueKiller report

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User: Saurabh [Admin rights]

Mode: Scan -- Date: 02/18/2012 10:13:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[88] : NtCreateThreadEx @ 0x834AF1E4 -> HOOKED (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys @ 0x8B7E4640)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++

--- User ---

[MBR] 5aa5bdfcefaf57595edf98cffb5afe78

[bSP] 94b1f9633b95fd44dc9b4d7b0c3cc8f9 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

********************************************

TDSSKiller Report

10:14:07.0600 1840 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

10:14:08.0646 1840 ============================================================

10:14:08.0895 1840 Current date / time: 2012/02/18 10:14:08.0646

10:14:08.0895 1840 SystemInfo:

10:14:08.0895 1840

10:14:08.0895 1840 OS Version: 6.1.7601 ServicePack: 1.0

10:14:08.0895 1840 Product type: Workstation

10:14:08.0895 1840 ComputerName: SAURABHP

10:14:08.0895 1840 UserName: Saurabh

10:14:08.0895 1840 Windows directory: C:\Windows

10:14:08.0895 1840 System windows directory: C:\Windows

10:14:08.0895 1840 Processor architecture: Intel x86

10:14:08.0895 1840 Number of processors: 4

10:14:08.0895 1840 Page size: 0x1000

10:14:08.0895 1840 Boot type: Normal boot

10:14:08.0895 1840 ============================================================

10:14:10.0627 1840 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize:

0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags

0x00000050

10:14:10.0627 1840 \Device\Harddisk0\DR0:

10:14:10.0627 1840 MBR used

10:14:10.0627 1840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800,

BlocksNum 0x258000

10:14:10.0627 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800,

BlocksNum 0x38DA4FF8

10:14:10.0627 1840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FFD800,

BlocksNum 0x1388000

10:14:10.0814 1840 Initialize success

10:14:10.0814 1840 ============================================================

10:14:38.0223 10884 ============================================================

10:14:38.0223 10884 Scan started

10:14:38.0223 10884 Mode: Manual; SigCheck; TDLFS;

10:14:38.0223 10884 ============================================================

10:14:42.0513 10884 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows

\system32\drivers\1394ohci.sys

10:14:42.0654 10884 1394ohci - ok

10:14:42.0716 10884 5U877 (a3ac25d2c9eeb18384a88deb392c355d) C:\Windows

\system32\DRIVERS\5U877.sys

10:14:42.0810 10884 5U877 - ok

10:14:42.0888 10884 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows

\system32\drivers\ACPI.sys

10:14:42.0934 10884 ACPI - ok

10:14:42.0997 10884 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows

\system32\drivers\acpipmi.sys

10:14:43.0075 10884 AcpiPmi - ok

10:14:43.0168 10884 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows

\system32\DRIVERS\adp94xx.sys

10:14:43.0246 10884 adp94xx - ok

10:14:43.0293 10884 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows

\system32\DRIVERS\adpahci.sys

10:14:43.0340 10884 adpahci - ok

10:14:43.0387 10884 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows

\system32\DRIVERS\adpu320.sys

10:14:43.0434 10884 adpu320 - ok

10:14:43.0527 10884 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows

\system32\drivers\afd.sys

10:14:43.0605 10884 AFD - ok

10:14:43.0683 10884 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows

\system32\drivers\agp440.sys

10:14:43.0730 10884 agp440 - ok

10:14:43.0792 10884 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows

\system32\DRIVERS\djsvs.sys

10:14:43.0839 10884 aic78xx - ok

10:14:43.0902 10884 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows

\system32\drivers\aliide.sys

10:14:43.0948 10884 aliide - ok

10:14:43.0980 10884 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows

\system32\drivers\amdagp.sys

10:14:44.0026 10884 amdagp - ok

10:14:44.0058 10884 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows

\system32\drivers\amdide.sys

10:14:44.0104 10884 amdide - ok

10:14:44.0136 10884 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows

\system32\DRIVERS\amdk8.sys

10:14:44.0463 10884 AmdK8 - ok

10:14:44.0962 10884 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows

\system32\DRIVERS\amdppm.sys

10:14:45.0009 10884 AmdPPM - ok

10:14:45.0087 10884 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows

\system32\drivers\amdsata.sys

10:14:45.0134 10884 amdsata - ok

10:14:45.0181 10884 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows

\system32\DRIVERS\amdsbs.sys

10:14:45.0243 10884 amdsbs - ok

10:14:45.0274 10884 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows

\system32\drivers\amdxata.sys

10:14:45.0306 10884 amdxata - ok

10:14:45.0352 10884 AppID (aea177f783e20150ace5383ee368da19) C:\Windows

\system32\drivers\appid.sys

10:14:45.0493 10884 AppID - ok

10:14:45.0602 10884 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows

\system32\DRIVERS\arc.sys

10:14:45.0649 10884 arc - ok

10:14:45.0680 10884 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows

\system32\DRIVERS\arcsas.sys

10:14:45.0727 10884 arcsas - ok

10:14:45.0805 10884 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows

\system32\DRIVERS\asyncmac.sys

10:14:45.0898 10884 AsyncMac - ok

10:14:45.0976 10884 atapi (338c86357871c167a96ab976519bf59e) C:\Windows

\system32\drivers\atapi.sys

10:14:46.0023 10884 atapi - ok

10:14:46.0070 10884 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows

\system32\DRIVERS\bxvbdx.sys

10:14:46.0195 10884 b06bdrv - ok

10:14:46.0226 10884 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows

\system32\DRIVERS\b57nd60x.sys

10:14:46.0304 10884 b57nd60x - ok

10:14:46.0366 10884 Beep (505506526a9d467307b3c393dedaf858) C:\Windows

\system32\drivers\Beep.sys

10:14:46.0429 10884 Beep - ok

10:14:46.0476 10884 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows

\system32\DRIVERS\blbdrive.sys

10:14:46.0522 10884 blbdrive - ok

10:14:46.0585 10884 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows

\system32\DRIVERS\bowser.sys

10:14:46.0632 10884 bowser - ok

10:14:46.0663 10884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows

\system32\DRIVERS\BrFiltLo.sys

10:14:46.0850 10884 BrFiltLo - ok

10:14:47.0599 10884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows

\system32\DRIVERS\BrFiltUp.sys

10:14:47.0724 10884 BrFiltUp - ok

10:14:47.0770 10884 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows

\System32\Drivers\Brserid.sys

10:14:47.0911 10884 Brserid - ok

10:14:47.0942 10884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows

\System32\Drivers\BrSerWdm.sys

10:14:48.0004 10884 BrSerWdm - ok

10:14:48.0036 10884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows

\System32\Drivers\BrUsbMdm.sys

10:14:48.0098 10884 BrUsbMdm - ok

10:14:48.0145 10884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows

\System32\Drivers\BrUsbSer.sys

10:14:48.0207 10884 BrUsbSer - ok

10:14:48.0301 10884 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows

\system32\drivers\BthEnum.sys

10:14:48.0332 10884 BthEnum - ok

10:14:48.0363 10884 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows

\system32\DRIVERS\bthmodem.sys

10:14:48.0410 10884 BTHMODEM - ok

10:14:48.0441 10884 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows

\system32\DRIVERS\bthpan.sys

10:14:48.0504 10884 BthPan - ok

10:14:48.0582 10884 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows

\System32\Drivers\BTHport.sys

10:14:48.0644 10884 BTHPORT - ok

10:14:48.0722 10884 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows

\System32\Drivers\BTHUSB.sys

10:14:48.0753 10884 BTHUSB - ok

10:14:48.0831 10884 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows

\system32\drivers\btwaudio.sys

10:14:48.0894 10884 btwaudio - ok

10:14:48.0940 10884 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows

\system32\drivers\btwavdt.sys

10:14:48.0956 10884 btwavdt - ok

10:14:49.0003 10884 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows

\system32\DRIVERS\btwl2cap.sys

10:14:49.0034 10884 btwl2cap - ok

10:14:49.0065 10884 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows

\system32\DRIVERS\btwrchid.sys

10:14:49.0081 10884 btwrchid - ok

10:14:49.0159 10884 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows

\system32\DRIVERS\cdfs.sys

10:14:49.0237 10884 cdfs - ok

10:14:50.0079 10884 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows

\system32\drivers\cdrom.sys

10:14:50.0157 10884 cdrom - ok

10:14:50.0204 10884 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows

\system32\DRIVERS\circlass.sys

10:14:50.0298 10884 circlass - ok

10:14:50.0344 10884 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows

\system32\CLFS.sys

10:14:50.0391 10884 CLFS - ok

10:14:50.0454 10884 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows

\system32\DRIVERS\CmBatt.sys

10:14:50.0485 10884 CmBatt - ok

10:14:50.0547 10884 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows

\system32\drivers\cmdide.sys

10:14:50.0594 10884 cmdide - ok

10:14:50.0672 10884 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows

\system32\Drivers\cng.sys

10:14:50.0734 10884 CNG - ok

10:14:50.0797 10884 CnxtHdAudService (cdc46f169ddb1a00110a026a61f2792f) C:\Windows

\system32\drivers\CHDRT32.sys

10:14:50.0890 10884 CnxtHdAudService - ok

10:14:50.0953 10884 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows

\system32\DRIVERS\compbatt.sys

10:14:50.0984 10884 Compbatt - ok

10:14:51.0062 10884 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows

\system32\drivers\CompositeBus.sys

10:14:51.0109 10884 CompositeBus - ok

10:14:51.0156 10884 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows

\system32\DRIVERS\crcdisk.sys

10:14:51.0202 10884 crcdisk - ok

10:14:51.0280 10884 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows

\system32\drivers\csc.sys

10:14:51.0358 10884 CSC - ok

10:14:51.0452 10884 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows

\system32\Drivers\dfsc.sys

10:14:51.0514 10884 DfsC - ok

10:14:51.0546 10884 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows

\system32\drivers\discache.sys

10:14:51.0624 10884 discache - ok

10:14:51.0686 10884 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows

\system32\DRIVERS\disk.sys

10:14:51.0717 10884 Disk - ok

10:14:51.0795 10884 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows

\system32\DRIVERS\Dot4.sys

10:14:52.0029 10884 Dot4 - ok

10:14:52.0653 10884 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows

\system32\drivers\Dot4Prt.sys

10:14:52.0716 10884 Dot4Print - ok

10:14:52.0809 10884 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows

\system32\DRIVERS\dot4usb.sys

10:14:52.0856 10884 dot4usb - ok

10:14:52.0918 10884 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\Windows

\system32\DRIVERS\DozeHDD.sys

10:14:52.0950 10884 DozeHDD - ok

10:14:52.0981 10884 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows

\system32\drivers\drmkaud.sys

10:14:53.0043 10884 drmkaud - ok

10:14:53.0090 10884 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows

\system32\DRIVERS\dsNcAdpt.sys

10:14:53.0184 10884 dsNcAdpt - ok

10:14:53.0262 10884 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows

\System32\drivers\dxgkrnl.sys

10:14:53.0324 10884 DXGKrnl - ok

10:14:53.0386 10884 e1kexpress (62d5e04c7cf9d4c69d99f3e0f75bb2cf) C:\Windows

\system32\DRIVERS\e1k6232.sys

10:14:53.0418 10884 e1kexpress - ok

10:14:53.0527 10884 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows

\system32\DRIVERS\evbdx.sys

10:14:53.0730 10884 ebdrv - ok

10:14:53.0839 10884 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files

\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

10:14:53.0917 10884 eeCtrl - ok

10:14:53.0979 10884 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows

\system32\DRIVERS\elxstor.sys

10:14:54.0042 10884 elxstor - ok

10:14:54.0120 10884 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files

\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys

10:14:54.0151 10884 EraserUtilDrv11122 - ok

10:14:54.0213 10884 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows

\system32\drivers\errdev.sys

10:14:54.0276 10884 ErrDev - ok

10:14:54.0354 10884 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows

\system32\drivers\exfat.sys

10:14:54.0447 10884 exfat - ok

10:14:55.0149 10884 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows

\system32\drivers\fastfat.sys

10:14:55.0274 10884 fastfat - ok

10:14:55.0321 10884 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows

\system32\DRIVERS\fdc.sys

10:14:55.0383 10884 fdc - ok

10:14:55.0430 10884 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows

\system32\drivers\fileinfo.sys

10:14:55.0461 10884 FileInfo - ok

10:14:55.0492 10884 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows

\system32\drivers\filetrace.sys

10:14:55.0570 10884 Filetrace - ok

10:14:55.0617 10884 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows

\system32\DRIVERS\flpydisk.sys

10:14:55.0742 10884 flpydisk - ok

10:14:55.0804 10884 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows

\system32\drivers\fltmgr.sys

10:14:55.0836 10884 FltMgr - ok

10:14:55.0882 10884 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows

\system32\drivers\FsDepends.sys

10:14:55.0914 10884 FsDepends - ok

10:14:55.0992 10884 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows

\system32\DRIVERS\fssfltr.sys

10:14:56.0038 10884 fssfltr - ok

10:14:56.0085 10884 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows

\system32\drivers\Fs_Rec.sys

10:14:56.0116 10884 Fs_Rec - ok

10:14:56.0272 10884 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows

\system32\DRIVERS\fvevol.sys

10:14:56.0319 10884 fvevol - ok

10:14:56.0366 10884 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows

\system32\DRIVERS\gagp30kx.sys

10:14:56.0413 10884 gagp30kx - ok

10:14:56.0475 10884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows

\system32\DRIVERS\GEARAspiWDM.sys

10:14:56.0506 10884 GEARAspiWDM - ok

10:14:56.0584 10884 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows

\system32\drivers\hcw85cir.sys

10:14:56.0662 10884 hcw85cir - ok

10:14:56.0740 10884 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows

\system32\drivers\HdAudio.sys

10:14:56.0818 10884 HdAudAddService - ok

10:14:56.0896 10884 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows

\system32\drivers\HDAudBus.sys

10:14:57.0068 10884 HDAudBus - ok

10:14:57.0770 10884 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows

\system32\DRIVERS\HECI.sys

10:14:57.0895 10884 HECI - ok

10:14:57.0926 10884 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows

\system32\DRIVERS\HidBatt.sys

10:14:57.0988 10884 HidBatt - ok

10:14:58.0020 10884 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows

\system32\DRIVERS\hidbth.sys

10:14:58.0066 10884 HidBth - ok

10:14:58.0129 10884 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows

\system32\DRIVERS\hidir.sys

10:14:58.0191 10884 HidIr - ok

10:14:58.0269 10884 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows

\system32\drivers\hidusb.sys

10:14:58.0332 10884 HidUsb - ok

10:14:58.0410 10884 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows

\system32\drivers\HpSAMD.sys

10:14:58.0456 10884 HpSAMD - ok

10:14:58.0550 10884 HSF_DPV (c761b4a8391f5e47f7c51a691ce773f4) C:\Windows

\system32\DRIVERS\HSX_DPV.sys

10:14:58.0659 10884 HSF_DPV - ok

10:14:58.0690 10884 HSXHWAZL (50b42ef358a2e5363be6b77138a22391) C:\Windows

\system32\DRIVERS\HSXHWAZL.sys

10:14:58.0753 10884 HSXHWAZL - ok

10:14:58.0815 10884 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows

\system32\drivers\HTTP.sys

10:14:58.0924 10884 HTTP - ok

10:14:58.0987 10884 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows

\system32\drivers\hwpolicy.sys

10:14:59.0018 10884 hwpolicy - ok

10:14:59.0096 10884 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows

\system32\drivers\i8042prt.sys

10:14:59.0143 10884 i8042prt - ok

10:14:59.0190 10884 iaStor (edf5ecc965faaa533d35e02f47b9132e) C:\Windows

\system32\DRIVERS\iaStor.sys

10:14:59.0236 10884 iaStor - ok

10:14:59.0314 10884 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows

\system32\drivers\iaStorV.sys

10:14:59.0439 10884 iaStorV - ok

10:15:00.0250 10884 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\Windows

\system32\DRIVERS\ibmpmdrv.sys

10:15:00.0282 10884 IBMPMDRV - ok

10:15:00.0422 10884 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows

\system32\DRIVERS\igdkmd32.sys

10:15:00.0718 10884 igfx - ok

10:15:00.0765 10884 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows

\system32\DRIVERS\iirsp.sys

10:15:00.0812 10884 iirsp - ok

10:15:00.0874 10884 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows

\system32\DRIVERS\Impcd.sys

10:15:00.0921 10884 Impcd - ok

10:15:00.0999 10884 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows

\system32\drivers\intelide.sys

10:15:01.0046 10884 intelide - ok

10:15:01.0077 10884 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows

\system32\DRIVERS\intelppm.sys

10:15:01.0124 10884 intelppm - ok

10:15:01.0171 10884 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows

\system32\DRIVERS\ipfltdrv.sys

10:15:01.0249 10884 IpFilterDriver - ok

10:15:01.0311 10884 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows

\system32\drivers\IPMIDrv.sys

10:15:01.0374 10884 IPMIDRV - ok

10:15:01.0420 10884 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows

\system32\drivers\ipnat.sys

10:15:01.0514 10884 IPNAT - ok

10:15:01.0576 10884 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows

\system32\drivers\irenum.sys

10:15:01.0639 10884 IRENUM - ok

10:15:01.0717 10884 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows

\system32\drivers\isapnp.sys

10:15:01.0764 10884 isapnp - ok

10:15:01.0810 10884 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows

\system32\drivers\msiscsi.sys

10:15:01.0873 10884 iScsiPrt - ok

10:15:01.0935 10884 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows

\system32\drivers\kbdclass.sys

10:15:01.0966 10884 kbdclass - ok

10:15:02.0809 10884 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows

\system32\drivers\kbdhid.sys

10:15:02.0840 10884 kbdhid - ok

10:15:02.0965 10884 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows

\system32\Drivers\ksecdd.sys

10:15:02.0996 10884 KSecDD - ok

10:15:03.0027 10884 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows

\system32\Drivers\ksecpkg.sys

10:15:03.0074 10884 KSecPkg - ok

10:15:03.0136 10884 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows

\system32\DRIVERS\smiif32.sys

10:15:03.0153 10884 lenovo.smi - ok

10:15:03.0231 10884 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows

\system32\DRIVERS\lltdio.sys

10:15:03.0309 10884 lltdio - ok

10:15:03.0356 10884 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows

\system32\DRIVERS\lsi_fc.sys

10:15:03.0403 10884 LSI_FC - ok

10:15:03.0434 10884 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows

\system32\DRIVERS\lsi_sas.sys

10:15:03.0481 10884 LSI_SAS - ok

10:15:03.0496 10884 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows

\system32\DRIVERS\lsi_sas2.sys

10:15:03.0543 10884 LSI_SAS2 - ok

10:15:03.0559 10884 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows

\system32\DRIVERS\lsi_scsi.sys

10:15:03.0605 10884 LSI_SCSI - ok

10:15:03.0621 10884 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows

\system32\drivers\luafv.sys

10:15:03.0715 10884 luafv - ok

10:15:03.0777 10884 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows

\system32\DRIVERS\mdmxsdk.sys

10:15:03.0808 10884 mdmxsdk - ok

10:15:03.0839 10884 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows

\system32\DRIVERS\megasas.sys

10:15:03.0871 10884 megasas - ok

10:15:03.0902 10884 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows

\system32\DRIVERS\MegaSR.sys

10:15:03.0964 10884 MegaSR - ok

10:15:03.0995 10884 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows

\system32\drivers\modem.sys

10:15:04.0089 10884 Modem - ok

10:15:04.0136 10884 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows

\system32\DRIVERS\monitor.sys

10:15:04.0199 10884 monitor - ok

10:15:04.0277 10884 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows

\system32\drivers\mouclass.sys

10:15:04.0308 10884 mouclass - ok

10:15:04.0324 10884 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows

\system32\DRIVERS\mouhid.sys

10:15:04.0355 10884 mouhid - ok

10:15:04.0418 10884 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows

\system32\drivers\mountmgr.sys

10:15:04.0449 10884 mountmgr - ok

10:15:04.0496 10884 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows

\system32\drivers\mpio.sys

10:15:04.0542 10884 mpio - ok

10:15:05.0291 10884 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows

\system32\drivers\mpsdrv.sys

10:15:05.0369 10884 mpsdrv - ok

10:15:05.0416 10884 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows

\system32\drivers\mrxdav.sys

10:15:05.0510 10884 MRxDAV - ok

10:15:05.0556 10884 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows

\system32\DRIVERS\mrxsmb.sys

10:15:05.0619 10884 mrxsmb - ok

10:15:05.0666 10884 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows

\system32\DRIVERS\mrxsmb10.sys

10:15:05.0712 10884 mrxsmb10 - ok

10:15:05.0728 10884 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows

\system32\DRIVERS\mrxsmb20.sys

10:15:05.0790 10884 mrxsmb20 - ok

10:15:05.0822 10884 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows

\system32\drivers\msahci.sys

10:15:05.0868 10884 msahci - ok

10:15:05.0915 10884 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows

\system32\drivers\msdsm.sys

10:15:05.0962 10884 msdsm - ok

10:15:06.0009 10884 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows

\system32\drivers\Msfs.sys

10:15:06.0071 10884 Msfs - ok

10:15:06.0102 10884 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows

\System32\drivers\mshidkmdf.sys

10:15:06.0165 10884 mshidkmdf - ok

10:15:06.0180 10884 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows

\system32\drivers\msisadrv.sys

10:15:06.0212 10884 msisadrv - ok

10:15:06.0258 10884 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows

\system32\drivers\MSKSSRV.sys

10:15:06.0352 10884 MSKSSRV - ok

10:15:06.0383 10884 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows

\system32\drivers\MSPCLOCK.sys

10:15:06.0477 10884 MSPCLOCK - ok

10:15:06.0508 10884 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows

\system32\drivers\MSPQM.sys

10:15:06.0602 10884 MSPQM - ok

10:15:06.0633 10884 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows

\system32\drivers\MsRPC.sys

10:15:06.0664 10884 MsRPC - ok

10:15:06.0695 10884 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows

\system32\drivers\mssmbios.sys

10:15:06.0726 10884 mssmbios - ok

10:15:06.0773 10884 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows

\system32\drivers\MSTEE.sys

10:15:06.0867 10884 MSTEE - ok

10:15:06.0898 10884 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows

\system32\DRIVERS\MTConfig.sys

10:15:06.0960 10884 MTConfig - ok

10:15:06.0992 10884 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows

\system32\Drivers\mup.sys

10:15:07.0023 10884 Mup - ok

10:15:07.0226 10884 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows

\system32\DRIVERS\nwifi.sys

10:15:07.0756 10884 NativeWifiP - ok

10:15:08.0349 10884 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec

\DEFINI~1\VIRUSD~1\20120217.004\NAVENG.SYS

10:15:08.0380 10884 NAVENG - ok

10:15:08.0474 10884 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec

\DEFINI~1\VIRUSD~1\20120217.004\NAVEX15.SYS

10:15:08.0598 10884 NAVEX15 - ok

10:15:08.0692 10884 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows

\system32\drivers\ndis.sys

10:15:08.0770 10884 NDIS - ok

10:15:08.0817 10884 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows

\system32\DRIVERS\ndiscap.sys

10:15:08.0910 10884 NdisCap - ok

10:15:08.0957 10884 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows

\system32\DRIVERS\ndistapi.sys

10:15:09.0035 10884 NdisTapi - ok

10:15:09.0098 10884 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows

\system32\DRIVERS\ndisuio.sys

10:15:09.0176 10884 Ndisuio - ok

10:15:09.0222 10884 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows

\system32\DRIVERS\ndiswan.sys

10:15:09.0300 10884 NdisWan - ok

10:15:09.0378 10884 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows

\system32\drivers\NDProxy.sys

10:15:09.0441 10884 NDProxy - ok

10:15:09.0488 10884 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows

\system32\DRIVERS\netbios.sys

10:15:09.0581 10884 NetBIOS - ok

10:15:09.0659 10884 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows

\system32\DRIVERS\netbt.sys

10:15:09.0737 10884 NetBT - ok

10:15:10.0720 10884 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows

\system32\DRIVERS\NETw5s32.sys

10:15:11.0001 10884 NETw5s32 - ok

10:15:11.0141 10884 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows

\system32\DRIVERS\netw5v32.sys

10:15:11.0391 10884 netw5v32 - ok

10:15:11.0438 10884 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows

\system32\DRIVERS\nfrd960.sys

10:15:11.0484 10884 nfrd960 - ok

10:15:11.0531 10884 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows

\system32\drivers\Npfs.sys

10:15:11.0609 10884 Npfs - ok

10:15:11.0656 10884 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows

\system32\drivers\nsiproxy.sys

10:15:11.0718 10884 nsiproxy - ok

10:15:11.0812 10884 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows

\system32\drivers\Ntfs.sys

10:15:11.0890 10884 Ntfs - ok

10:15:11.0921 10884 Null (f9756a98d69098dca8945d62858a812c) C:\Windows

\system32\drivers\Null.sys

10:15:11.0999 10884 Null - ok

10:15:12.0062 10884 NVHDA (8571011b62ce0207fa1dc95d88308f1d) C:\Windows

\system32\drivers\nvhda32v.sys

10:15:12.0077 10884 NVHDA - ok

10:15:12.0327 10884 nvlddmkm (6672d9a10fb3e42623f2bcff38bb31d9) C:\Windows

\system32\DRIVERS\nvlddmkm.sys

10:15:13.0029 10884 nvlddmkm - ok

10:15:13.0388 10884 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows

\system32\drivers\nvraid.sys

10:15:13.0466 10884 nvraid - ok

10:15:13.0512 10884 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows

\system32\drivers\nvstor.sys

10:15:13.0559 10884 nvstor - ok

10:15:13.0606 10884 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows

\system32\drivers\nv_agp.sys

10:15:13.0653 10884 nv_agp - ok

10:15:13.0700 10884 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows

\system32\drivers\ohci1394.sys

10:15:13.0762 10884 ohci1394 - ok

10:15:13.0840 10884 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows

\system32\DRIVERS\parport.sys

10:15:13.0902 10884 Parport - ok

10:15:13.0980 10884 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows

\system32\drivers\partmgr.sys

10:15:14.0012 10884 partmgr - ok

10:15:14.0043 10884 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows

\system32\DRIVERS\parvdm.sys

10:15:14.0105 10884 Parvdm - ok

10:15:14.0199 10884 PCDSRVC{3037D694-FD904ACA-06000000}_0 (a88f42ad20418620d08a13ad1a70c083)

c:\program files\pc-doctor\pcdsrvc.pkms

10:15:14.0573 10884 PCDSRVC{3037D694-FD904ACA-06000000}_0 - ok

10:15:14.0620 10884 PCDSRVC{C4B36920-79E24793-06000000}_0 (a88f42ad20418620d08a13ad1a70c083)

c:\progra~1\pc-doc~1\pcdsrvc.pkms

10:15:14.0651 10884 PCDSRVC{C4B36920-79E24793-06000000}_0 - ok

10:15:14.0745 10884 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows

\system32\drivers\pci.sys

10:15:14.0792 10884 pci - ok

10:15:14.0823 10884 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows

\system32\drivers\pciide.sys

10:15:14.0870 10884 pciide - ok

10:15:14.0916 10884 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows

\system32\DRIVERS\pcmcia.sys

10:15:14.0979 10884 pcmcia - ok

10:15:15.0759 10884 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows

\system32\drivers\pcw.sys

10:15:15.0790 10884 pcw - ok

10:15:15.0852 10884 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows

\system32\drivers\peauth.sys

10:15:15.0962 10884 PEAUTH - ok

10:15:16.0118 10884 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows

\system32\DRIVERS\point32.sys

10:15:16.0149 10884 Point32 - ok

10:15:16.0211 10884 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows

\system32\DRIVERS\raspptp.sys

10:15:16.0305 10884 PptpMiniport - ok

10:15:16.0352 10884 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows

\system32\DRIVERS\processr.sys

10:15:16.0398 10884 Processor - ok

10:15:16.0461 10884 psadd (72de205cd4006dc45b1401859c506679) C:\Windows

\system32\DRIVERS\psadd.sys

10:15:16.0492 10884 psadd - ok

10:15:16.0539 10884 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows

\system32\DRIVERS\pacer.sys

10:15:16.0632 10884 Psched - ok

10:15:16.0726 10884 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows

\system32\DRIVERS\ql2300.sys

10:15:16.0866 10884 ql2300 - ok

10:15:16.0913 10884 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows

\system32\DRIVERS\ql40xx.sys

10:15:17.0085 10884 ql40xx - ok

10:15:17.0132 10884 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows

\system32\drivers\qwavedrv.sys

10:15:17.0210 10884 QWAVEdrv - ok

10:15:17.0381 10884 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData

\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys

10:15:17.0428 10884 RapportCerberus_34302 - ok

10:15:18.0130 10884 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files

\Trusteer\Rapport\bin\RapportEI.sys

10:15:18.0270 10884 RapportEI - ok

10:15:18.0364 10884 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata

\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys

10:15:18.0411 10884 RapportIaso - ok

10:15:18.0504 10884 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\Windows

\system32\Drivers\RapportKELL.sys

10:15:18.0582 10884 RapportKELL - ok

10:15:18.0754 10884 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files

\Trusteer\Rapport\bin\RapportPG.sys

10:15:18.0816 10884 RapportPG - ok

10:15:18.0863 10884 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows

\system32\DRIVERS\rasacd.sys

10:15:18.0957 10884 RasAcd - ok

10:15:19.0019 10884 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows

\system32\DRIVERS\AgileVpn.sys

10:15:19.0097 10884 RasAgileVpn - ok

10:15:19.0144 10884 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows

\system32\DRIVERS\rasl2tp.sys

10:15:19.0238 10884 Rasl2tp - ok

10:15:19.0284 10884 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows

\system32\DRIVERS\raspppoe.sys

10:15:19.0378 10884 RasPppoe - ok

10:15:19.0409 10884 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows

\system32\DRIVERS\rassstp.sys

10:15:19.0503 10884 RasSstp - ok

10:15:19.0581 10884 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows

\system32\DRIVERS\rdbss.sys

10:15:19.0643 10884 rdbss - ok

10:15:19.0674 10884 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows

\system32\DRIVERS\rdpbus.sys

10:15:19.0721 10884 rdpbus - ok

10:15:19.0768 10884 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows

\system32\DRIVERS\RDPCDD.sys

10:15:19.0846 10884 RDPCDD - ok

10:15:19.0908 10884 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows

\system32\drivers\rdpdr.sys

10:15:19.0986 10884 RDPDR - ok

10:15:20.0018 10884 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows

\system32\drivers\rdpencdd.sys

10:15:20.0236 10884 RDPENCDD - ok

10:15:20.0798 10884 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows

\system32\drivers\rdprefmp.sys

10:15:20.0891 10884 RDPREFMP - ok

10:15:20.0938 10884 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows

\system32\drivers\RDPWD.sys

10:15:21.0032 10884 RDPWD - ok

10:15:21.0125 10884 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows

\system32\drivers\rdyboost.sys

10:15:21.0172 10884 rdyboost - ok

10:15:21.0219 10884 regi (001b4278407f4303efc902a2b16f2453) C:\Windows

\system32\drivers\regi.sys

10:15:21.0250 10884 regi - ok

10:15:21.0312 10884 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows

\system32\DRIVERS\rfcomm.sys

10:15:21.0344 10884 RFCOMM - ok

10:15:21.0406 10884 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows

\system32\DRIVERS\rimspe86.sys

10:15:21.0468 10884 rimspci - ok

10:15:21.0531 10884 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows

\system32\DRIVERS\rspndr.sys

10:15:21.0593 10884 rspndr - ok

10:15:21.0671 10884 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows

\system32\DRIVERS\s125bus.sys

10:15:21.0749 10884 s125bus - ok

10:15:21.0827 10884 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows

\system32\DRIVERS\s125mdfl.sys

10:15:21.0874 10884 s125mdfl - ok

10:15:21.0905 10884 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows

\system32\DRIVERS\s125mdm.sys

10:15:21.0952 10884 s125mdm - ok

10:15:22.0030 10884 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows

\system32\DRIVERS\s125mgmt.sys

10:15:22.0077 10884 s125mgmt - ok

10:15:22.0108 10884 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows

\system32\DRIVERS\s125obex.sys

10:15:22.0155 10884 s125obex - ok

10:15:22.0217 10884 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows

\system32\drivers\vms3cap.sys

10:15:22.0280 10884 s3cap - ok

10:15:22.0342 10884 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows

\system32\drivers\sbp2port.sys

10:15:22.0389 10884 sbp2port - ok

10:15:22.0467 10884 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows

\system32\DRIVERS\scfilter.sys

10:15:22.0529 10884 scfilter - ok

10:15:23.0418 10884 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows

\system32\drivers\sdbus.sys

10:15:23.0465 10884 sdbus - ok

10:15:23.0512 10884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows

\system32\drivers\secdrv.sys

10:15:23.0590 10884 secdrv - ok

10:15:23.0668 10884 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows

\system32\DRIVERS\serenum.sys

10:15:23.0730 10884 Serenum - ok

10:15:23.0918 10884 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows

\system32\DRIVERS\serial.sys

10:15:23.0980 10884 Serial - ok

10:15:24.0074 10884 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows

\system32\DRIVERS\sermouse.sys

10:15:24.0136 10884 sermouse - ok

10:15:24.0214 10884 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows

\system32\drivers\sffdisk.sys

10:15:24.0276 10884 sffdisk - ok

10:15:24.0308 10884 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows

\system32\drivers\sffp_mmc.sys

10:15:24.0354 10884 sffp_mmc - ok

10:15:24.0401 10884 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows

\system32\drivers\sffp_sd.sys

10:15:24.0464 10884 sffp_sd - ok

10:15:24.0526 10884 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows

\system32\DRIVERS\sfloppy.sys

10:15:24.0573 10884 sfloppy - ok

10:15:24.0620 10884 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows

\system32\DRIVERS\Apsx86.sys

10:15:24.0651 10884 Shockprf - ok

10:15:24.0682 10884 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows

\system32\drivers\sisagp.sys

10:15:24.0729 10884 sisagp - ok

10:15:24.0776 10884 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows

\system32\DRIVERS\SiSRaid2.sys

10:15:24.0807 10884 SiSRaid2 - ok

10:15:24.0854 10884 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows

\system32\DRIVERS\sisraid4.sys

10:15:24.0900 10884 SiSRaid4 - ok

10:15:24.0947 10884 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows

\system32\DRIVERS\smb.sys

10:15:25.0025 10884 Smb - ok

10:15:25.0088 10884 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files

\ThinkVantage Fingerprint Software\smihlp.sys

10:15:25.0119 10884 smihlp - ok

10:15:25.0977 10884 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files

\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

10:15:26.0039 10884 SPBBCDrv - ok

10:15:26.0070 10884 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows

\system32\drivers\spldr.sys

10:15:26.0102 10884 spldr - ok

10:15:26.0148 10884 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows

\system32\Drivers\SRTSP.SYS

10:15:26.0195 10884 SRTSP - ok

10:15:26.0226 10884 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows

\system32\Drivers\SRTSPL.SYS

10:15:26.0289 10884 SRTSPL - ok

10:15:26.0320 10884 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows

\system32\Drivers\SRTSPX.SYS

10:15:26.0351 10884 SRTSPX - ok

10:15:26.0414 10884 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows

\system32\DRIVERS\srv.sys

10:15:26.0507 10884 srv - ok

10:15:26.0585 10884 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows

\system32\DRIVERS\srv2.sys

10:15:26.0648 10884 srv2 - ok

10:15:26.0726 10884 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows

\system32\DRIVERS\VSTAZL3.SYS

10:15:26.0804 10884 SrvHsfHDA - ok

10:15:26.0866 10884 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows

\system32\DRIVERS\VSTDPV3.SYS

10:15:27.0007 10884 SrvHsfV92 - ok

10:15:27.0069 10884 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows

\system32\DRIVERS\VSTCNXT3.SYS

10:15:27.0163 10884 SrvHsfWinac - ok

10:15:27.0225 10884 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows

\system32\DRIVERS\srvnet.sys

10:15:27.0287 10884 srvnet - ok

10:15:27.0350 10884 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows

\system32\DRIVERS\stexstor.sys

10:15:27.0381 10884 stexstor - ok

10:15:27.0459 10884 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows

\system32\drivers\vmstorfl.sys

10:15:27.0490 10884 storflt - ok

10:15:27.0537 10884 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows

\system32\drivers\storvsc.sys

10:15:27.0584 10884 storvsc - ok

10:15:27.0662 10884 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows

\system32\drivers\swenum.sys

10:15:27.0693 10884 swenum - ok

10:15:28.0504 10884 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows

\system32\Drivers\SYMEVENT.SYS

10:15:28.0551 10884 SymEvent - ok

10:15:28.0613 10884 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows

\System32\Drivers\SYMREDRV.SYS

10:15:28.0660 10884 SYMREDRV - ok

10:15:28.0691 10884 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows

\System32\Drivers\SYMTDI.SYS

10:15:28.0723 10884 SYMTDI - ok

10:15:28.0785 10884 SynTP (bd8e7f87de409a745a132a8812de5a96) C:\Windows

\system32\DRIVERS\SynTP.sys

10:15:28.0816 10884 SynTP - ok

10:15:28.0863 10884 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows

\SYSTEM32\Drivers\SysPlant.sys

10:15:28.0910 10884 SysPlant - ok

10:15:29.0035 10884 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows

\system32\drivers\tcpip.sys

10:15:29.0128 10884 Tcpip - ok

10:15:29.0206 10884 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows

\system32\DRIVERS\tcpip.sys

10:15:29.0269 10884 TCPIP6 - ok

10:15:29.0331 10884 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows

\system32\drivers\tcpipreg.sys

10:15:29.0409 10884 tcpipreg - ok

10:15:29.0471 10884 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows

\system32\drivers\tdpipe.sys

10:15:29.0565 10884 TDPIPE - ok

10:15:29.0627 10884 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows

\system32\drivers\tdtcp.sys

10:15:29.0705 10884 TDTCP - ok

10:15:29.0783 10884 tdx (b459575348c20e8121d6039da063c704) C:\Windows

\system32\DRIVERS\tdx.sys

10:15:29.0861 10884 tdx - ok

10:15:29.0971 10884 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows

\system32\DRIVERS\teefer2.sys

10:15:30.0002 10884 Teefer2 - ok

10:15:30.0064 10884 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows

\system32\drivers\termdd.sys

10:15:30.0095 10884 TermDD - ok

10:15:30.0158 10884 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows

\system32\DRIVERS\ApsHM86.sys

10:15:30.0189 10884 TPDIGIMN - ok

10:15:30.0267 10884 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows

\system32\drivers\tpm.sys

10:15:30.0298 10884 TPM - ok

10:15:31.0109 10884 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows

\system32\drivers\Tppwr32v.sys

10:15:31.0141 10884 TPPWRIF - ok

10:15:31.0219 10884 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows

\system32\DRIVERS\tssecsrv.sys

10:15:31.0281 10884 tssecsrv - ok

10:15:31.0375 10884 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows

\system32\drivers\tsusbflt.sys

10:15:31.0468 10884 TsUsbFlt - ok

10:15:31.0546 10884 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows

\system32\DRIVERS\tunnel.sys

10:15:31.0640 10884 tunnel - ok

10:15:31.0702 10884 TurboB (c0847edcccef8d4f5354e82ec9e90159) C:\Windows

\system32\DRIVERS\TurboB.sys

10:15:31.0733 10884 TurboB - ok

10:15:31.0780 10884 TVTI2C (3078906e991f29305e8066911153717e) C:\Windows

\system32\DRIVERS\Tvti2c.sys

10:15:31.0811 10884 TVTI2C - ok

10:15:31.0874 10884 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows

\system32\DRIVERS\uagp35.sys

10:15:31.0921 10884 uagp35 - ok

10:15:31.0983 10884 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows

\system32\DRIVERS\udfs.sys

10:15:32.0092 10884 udfs - ok

10:15:32.0170 10884 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows

\system32\drivers\uliagpkx.sys

10:15:32.0217 10884 uliagpkx - ok

10:15:32.0311 10884 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows

\system32\drivers\umbus.sys

10:15:32.0342 10884 umbus - ok

10:15:32.0373 10884 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows

\system32\DRIVERS\umpass.sys

10:15:32.0420 10884 UmPass - ok

10:15:32.0498 10884 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows

\system32\Drivers\usbaapl.sys

10:15:32.0591 10884 USBAAPL - ok

10:15:32.0654 10884 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows

\system32\DRIVERS\usbccgp.sys

10:15:32.0716 10884 usbccgp - ok

10:15:32.0763 10884 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows

\system32\drivers\usbcir.sys

10:15:32.0810 10884 usbcir - ok

10:15:32.0981 10884 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows

\system32\drivers\usbehci.sys

10:15:33.0527 10884 usbehci - ok

10:15:33.0699 10884 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows

\system32\DRIVERS\usbhub.sys

10:15:33.0761 10884 usbhub - ok

10:15:33.0824 10884 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows

\system32\drivers\usbohci.sys

10:15:33.0886 10884 usbohci - ok

10:15:33.0949 10884 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows

\system32\DRIVERS\usbprint.sys

10:15:33.0995 10884 usbprint - ok

10:15:34.0151 10884 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows

\system32\DRIVERS\usbscan.sys

10:15:34.0229 10884 usbscan - ok

10:15:34.0292 10884 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows

\system32\DRIVERS\USBSTOR.SYS

10:15:34.0385 10884 USBSTOR - ok

10:15:34.0432 10884 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows

\system32\drivers\usbuhci.sys

10:15:34.0495 10884 usbuhci - ok

10:15:34.0557 10884 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows

\System32\Drivers\usbvideo.sys

10:15:34.0604 10884 usbvideo - ok

10:15:34.0682 10884 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows

\system32\drivers\vdrvroot.sys

10:15:34.0713 10884 vdrvroot - ok

10:15:34.0760 10884 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows

\system32\DRIVERS\vgapnp.sys

10:15:34.0838 10884 vga - ok

10:15:34.0869 10884 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows

\System32\drivers\vga.sys

10:15:34.0963 10884 VgaSave - ok

10:15:35.0041 10884 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows

\system32\drivers\vhdmp.sys

10:15:35.0087 10884 vhdmp - ok

10:15:35.0165 10884 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows

\system32\drivers\viaagp.sys

10:15:35.0212 10884 viaagp - ok

10:15:35.0259 10884 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows

\system32\DRIVERS\viac7.sys

10:15:35.0321 10884 ViaC7 - ok

10:15:35.0399 10884 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows

\system32\drivers\viaide.sys

10:15:35.0431 10884 viaide - ok

10:15:36.0226 10884 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows

\system32\drivers\vmbus.sys

10:15:36.0273 10884 vmbus - ok

10:15:36.0304 10884 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows

\system32\drivers\VMBusHID.sys

10:15:36.0367 10884 VMBusHID - ok

10:15:36.0413 10884 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows

\system32\drivers\volmgr.sys

10:15:36.0445 10884 volmgr - ok

10:15:36.0476 10884 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows

\system32\drivers\volmgrx.sys

10:15:36.0523 10884 volmgrx - ok

10:15:36.0569 10884 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows

\system32\drivers\volsnap.sys

10:15:36.0616 10884 volsnap - ok

10:15:36.0663 10884 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows

\system32\DRIVERS\vsmraid.sys

10:15:36.0710 10884 vsmraid - ok

10:15:36.0741 10884 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows

\system32\DRIVERS\vwifibus.sys

10:15:36.0803 10884 vwifibus - ok

10:15:36.0866 10884 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows

\system32\DRIVERS\vwififlt.sys

10:15:36.0913 10884 vwififlt - ok

10:15:36.0944 10884 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows

\system32\DRIVERS\vwifimp.sys

10:15:36.0975 10884 vwifimp - ok

10:15:37.0022 10884 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows

\system32\DRIVERS\wacompen.sys

10:15:37.0069 10884 WacomPen - ok

10:15:37.0131 10884 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows

\system32\DRIVERS\wanarp.sys

10:15:37.0209 10884 WANARP - ok

10:15:37.0209 10884 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows

\system32\DRIVERS\wanarp.sys

10:15:37.0287 10884 Wanarpv6 - ok

10:15:37.0349 10884 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows

\system32\DRIVERS\wd.sys

10:15:37.0396 10884 Wd - ok

10:15:37.0443 10884 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows

\system32\drivers\Wdf01000.sys

10:15:37.0490 10884 Wdf01000 - ok

10:15:37.0552 10884 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows

\system32\DRIVERS\wfplwf.sys

10:15:37.0615 10884 WfpLwf - ok

10:15:37.0661 10884 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows

\system32\drivers\wimmount.sys

10:15:37.0693 10884 WIMMount - ok

10:15:37.0771 10884 winachsf (253a9c2df9a2a7b3b23146014959f2cd) C:\Windows

\system32\DRIVERS\HSX_CNXT.sys

10:15:37.0833 10884 winachsf - ok

10:15:37.0942 10884 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows

\system32\DRIVERS\WinUSB.sys

10:15:38.0098 10884 WinUsb - ok

10:15:38.0847 10884 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows

\system32\drivers\wmiacpi.sys

10:15:38.0894 10884 WmiAcpi - ok

10:15:38.0972 10884 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows

\system32\drivers\wpsdrvnt.sys

10:15:39.0003 10884 WPS - ok

10:15:39.0050 10884 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows

\system32\drivers\WpsHelper.sys

10:15:39.0081 10884 WpsHelper - ok

10:15:39.0128 10884 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows

\system32\drivers\ws2ifsl.sys

10:15:39.0237 10884 ws2ifsl - ok

10:15:39.0315 10884 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows

\system32\drivers\WudfPf.sys

10:15:39.0409 10884 WudfPf - ok

10:15:39.0471 10884 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows

\system32\DRIVERS\WUDFRd.sys

10:15:39.0549 10884 WUDFRd - ok

10:15:39.0611 10884 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows

\system32\DRIVERS\XAudio32.sys

10:15:39.0643 10884 XAudio - ok

10:15:39.0689 10884 MBR (0x1B8) (bca79969e5e06eef18fcb13b6cfadd95) \Device\Harddisk0\DR0

10:15:39.0814 10884 \Device\Harddisk0\DR0 - ok

10:15:39.0845 10884 Boot (0x1200) (71f3f3285c94c0864d3c545a481368ca) \Device

\Harddisk0\DR0\Partition0

10:15:39.0861 10884 \Device\Harddisk0\DR0\Partition0 - ok

10:15:39.0877 10884 Boot (0x1200) (595da05ed7acb69af4dc5b5945dd195e) \Device

\Harddisk0\DR0\Partition1

10:15:39.0877 10884 \Device\Harddisk0\DR0\Partition1 - ok

10:15:39.0908 10884 Boot (0x1200) (c99903ee01c0351dee23f8139179fa93) \Device

\Harddisk0\DR0\Partition2

10:15:39.0908 10884 \Device\Harddisk0\DR0\Partition2 - ok

10:15:39.0908 10884 ============================================================

10:15:39.0908 10884 Scan finished

10:15:39.0908 10884 ============================================================

10:15:39.0923 1428 Detected object count: 0

10:15:39.0923 1428 Actual detected object count: 0

Link to post
Share on other sites

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Link to post
Share on other sites

Hi Mr. Charlie,

Sorry about the delayed response. I tried out the aswMBR file scan, but twice the computer crashed, and I got the Blue Screen. (I'm attaching one of the images from the BlureScreen). Also, attaching the brief messages from Windows... The program did not create an MBR dat file on the desktop, perhaps because the computer crashed. On one occasion, I stopped the program after about 30 mins, and am attaching the log from that scan.

Kindly suggest what I should do next.

thanks,

SP

Scan log from a scan which I stopped mid-way...

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software

Run date: 2012-02-18 13:39:22

-----------------------------

13:39:22.558 OS Version: Windows 6.1.7601 Service Pack 1

13:39:22.558 Number of processors: 4 586 0x2502

13:39:22.558 ComputerName: SAURABHP UserName: Saurabh

13:39:26.989 Initialize success

13:39:35.304 AVAST engine defs: 12021800

13:39:38.626 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:39:38.626 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3

13:39:38.642 Disk 0 MBR read successfully

13:39:38.658 Disk 0 MBR scan

13:39:38.658 Disk 0 unknown MBR code

13:39:38.798 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048

13:39:39.001 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648

13:39:39.282 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072

13:39:39.516 Disk 0 scanning sectors +976771072

13:39:39.672 Disk 0 scanning C:\Windows\system32\drivers

13:40:29.515 Service scanning

13:41:33.726 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32

13:41:36.222 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32

13:41:49.467 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32

13:41:49.576 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32

13:41:51.729 Modules scanning

13:42:24.052 Disk 0 trace - called modules:

13:42:24.130 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys

13:42:24.146 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8825ba00]

13:42:24.177 3 CLASSPNP.SYS[8bdcf59e] -> nt!IofCallDriver -> [0x866d8c10]

13:42:24.193 5 ACPI.sys[8b6933d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866d4028]

13:42:26.595 AVAST engine scan C:\Windows

13:43:07.420 AVAST engine scan C:\Windows\system32

13:53:24.541 AVAST engine scan C:\Windows\system32\drivers

13:54:03.339 AVAST engine scan C:\Users\Saurabh

14:36:59.180 Disk 0 MBR has been saved successfully to "C:\Users\Saurabh\Desktop\temp_files\virus_removal\MBR.dat"

14:36:59.218 The log file has been saved successfully to "C:\Users\Saurabh\Desktop\temp_files\virus_removal\aswMBR_Feb18.txt"

Messages from Windows when the computer crashed..

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.256.48

Locale ID: 1033

Additional information about the problem:

BCCode: a

BCP1: 30394C54

BCP2: 00000002

BCP3: 00000000

BCP4: 832B79FC

OS Version: 6_1_7601

Service Pack: 1_0

Product: 256_1

Files that help describe the problem:

C:\Windows\Minidump\021812-74646-01.dmp

C:\Users\Saurabh\AppData\Local\Temp\WER-152943-0.sysdata.xml

%%%%%%%%%%%%%%%%

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.256.48

Locale ID: 1033

Additional information about the problem:

BCCode: be

BCP1: 8BC27764

BCP2: 03F15121

BCP3: 8DBD3CB0

BCP4: 0000000A

OS Version: 6_1_7601

Service Pack: 1_0

Product: 256_1

Files that help describe the problem:

C:\Windows\Minidump\021912-61604-01.dmp

C:\Users\Saurabh\AppData\Local\Temp\WER-165688-0.sysdata.xml

Blue Screen image is attached.

post-108471-0-09422800-1329674660.jpg

Link to post
Share on other sites

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

Looks like you have Symantec and Windows Defender running at the same time, if this is correct....

Please disable Windows Defender and only run Symantec:

http://windows.micro...ender-on-or-off

The blue screen is most likely from Symantec.

------------------

Please do this:

Download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.blee...al/MBRCheck.exe

http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

MrC

Link to post
Share on other sites

MrC,

Here is the log file from MBRCheck.exe. Kindly let me know what to do next...

thanks,

SP

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Professional

Windows Information: Service Pack 1 (build 7601), 32-bit

Base Board Manufacturer: LENOVO

BIOS Manufacturer: LENOVO

System Manufacturer: LENOVO

System Product Name: 43142PU

Logical Drives Mask: 0x00010014

Kernel Drivers (total 241):

0x8320A000 \SystemRoot\system32\ntkrnlpa.exe

0x8361C000 \SystemRoot\system32\halmacpi.dll

0x80BC5000 \SystemRoot\system32\kdcom.dll

0x8B40F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x8B494000 \SystemRoot\system32\PSHED.dll

0x8B4A5000 \SystemRoot\system32\BOOTVID.dll

0x8B4AD000 \SystemRoot\system32\CLFS.SYS

0x8B4EF000 \SystemRoot\system32\CI.dll

0x8B63B000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8B6AC000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8B6BA000 \SystemRoot\system32\drivers\ACPI.sys

0x8B702000 \SystemRoot\system32\drivers\WMILIB.SYS

0x8B70B000 \SystemRoot\system32\drivers\msisadrv.sys

0x8B713000 \SystemRoot\system32\drivers\pci.sys

0x8B73D000 \SystemRoot\system32\drivers\vdrvroot.sys

0x8B748000 \SystemRoot\System32\drivers\partmgr.sys

0x8B759000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x8B761000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x8B76C000 \SystemRoot\system32\drivers\volmgr.sys

0x8B77C000 \SystemRoot\System32\drivers\volmgrx.sys

0x8B7C7000 \SystemRoot\System32\drivers\mountmgr.sys

0x8B600000 \SystemRoot\system32\drivers\vmbus.sys

0x8B7DD000 \SystemRoot\system32\drivers\winhv.sys

0x8B81E000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x8B9D1000 \SystemRoot\system32\drivers\amdxata.sys

0x8B59A000 \SystemRoot\system32\drivers\fltmgr.sys

0x8B9DA000 \SystemRoot\system32\drivers\fileinfo.sys

0x8BA04000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8BB33000 \SystemRoot\System32\Drivers\msrpc.sys

0x8BB5E000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8BB71000 \SystemRoot\System32\Drivers\cng.sys

0x8BBCE000 \SystemRoot\System32\drivers\pcw.sys

0x8BBDC000 \SystemRoot\System32\DRIVERS\DozeHDD.sys

0x8BBE1000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8BC01000 \SystemRoot\system32\drivers\ndis.sys

0x8BCB8000 \SystemRoot\system32\drivers\NETIO.SYS

0x8BCF6000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8BE3F000 \SystemRoot\System32\drivers\tcpip.sys

0x8BF89000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8BFBA000 \SystemRoot\system32\drivers\vmstorfl.sys

0x8BE00000 \SystemRoot\system32\drivers\volsnap.sys

0x8BFC3000 \SystemRoot\System32\DRIVERS\ApsHM86.sys

0x8BFCC000 \SystemRoot\System32\Drivers\spldr.sys

0x8BD1B000 \SystemRoot\System32\drivers\rdyboost.sys

0x8BFD4000 \SystemRoot\System32\DRIVERS\Apsx86.sys

0x8BFF4000 \SystemRoot\System32\Drivers\RapportKELL.sys

0x8BD48000 \SystemRoot\System32\Drivers\mup.sys

0x8BD58000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8BD60000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8BD92000 \SystemRoot\system32\DRIVERS\disk.sys

0x8BDA3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x91BC8000 \SystemRoot\system32\drivers\cdrom.sys

0x92000000 \SystemRoot\System32\Drivers\SRTSP.SYS

0x921CA000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS

0x921EF000 \SystemRoot\System32\Drivers\SRTSPX.SYS

0x99C01000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys

0x99C37000 \SystemRoot\System32\Drivers\Null.SYS

0x99C3E000 \SystemRoot\System32\Drivers\Beep.SYS

0x99C45000 \SystemRoot\System32\drivers\vga.sys

0x99C51000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x99C72000 \SystemRoot\System32\drivers\watchdog.sys

0x99C7F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x99C87000 \SystemRoot\system32\drivers\rdpencdd.sys

0x99C8F000 \SystemRoot\system32\drivers\rdprefmp.sys

0x99C97000 \SystemRoot\System32\Drivers\Msfs.SYS

0x99CA2000 \SystemRoot\System32\Drivers\Npfs.SYS

0x99CB0000 \SystemRoot\system32\DRIVERS\tdx.sys

0x99CC7000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x99CD3000 \SystemRoot\System32\Drivers\SYMTDI.SYS

0x99D00000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys

0x99D0E000 \SystemRoot\system32\drivers\afd.sys

0x99D68000 \SystemRoot\System32\DRIVERS\netbt.sys

0x99D9A000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x99DA1000 \SystemRoot\system32\DRIVERS\pacer.sys

0x99DC0000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x99DD1000 \SystemRoot\system32\DRIVERS\netbios.sys

0x99DDF000 \SystemRoot\system32\DRIVERS\serial.sys

0x8BDD5000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x99DF9000 \SystemRoot\System32\drivers\Tppwr32v.sys

0x8BDE8000 \SystemRoot\system32\drivers\termdd.sys

0x9D00D000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

0x9D077000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x9D0B8000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

0x9D0DE000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

0x9D0EE000 \SystemRoot\system32\drivers\nsiproxy.sys

0x9D0F8000 \SystemRoot\system32\drivers\mssmbios.sys

0x9D102000 \SystemRoot\system32\DRIVERS\smiif32.sys

0x9D104000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0x9D162000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x9D180000 \SystemRoot\System32\drivers\discache.sys

0x9D18C000 \SystemRoot\system32\drivers\csc.sys

0x8B800000 \SystemRoot\System32\Drivers\dfsc.sys

0x9D1F0000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x8B5CE000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x8BBEA000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x9E401000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x9ED78000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x9D612000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x9D6C9000 \SystemRoot\System32\drivers\dxgmms1.sys

0x9D702000 \SystemRoot\system32\drivers\HDAudBus.sys

0x9D721000 \SystemRoot\system32\DRIVERS\HECI.sys

0x9D72C000 \SystemRoot\system32\DRIVERS\serenum.sys

0x9D736000 \SystemRoot\system32\DRIVERS\e1k6232.sys

0x9D76B000 \SystemRoot\system32\drivers\usbehci.sys

0x9D77A000 \SystemRoot\system32\drivers\USBPORT.SYS

0x9F20C000 \SystemRoot\system32\DRIVERS\NETw5s32.sys

0x9F7EB000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x9D7C5000 \SystemRoot\system32\drivers\sdbus.sys

0x9D7DE000 \SystemRoot\system32\DRIVERS\rimspe86.sys

0x9ED7A000 \SystemRoot\system32\drivers\1394ohci.sys

0x9EDA7000 \SystemRoot\system32\drivers\i8042prt.sys

0x9D7F3000 \SystemRoot\system32\drivers\kbdclass.sys

0x9EDBF000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x9F7F5000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x9D600000 \SystemRoot\system32\drivers\mouclass.sys

0x9F200000 \SystemRoot\system32\drivers\tpm.sys

0x9F7F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x9F7FB000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys

0x9EDF6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xA1A0D000 \SystemRoot\system32\DRIVERS\Impcd.sys

0xA1A2C000 \SystemRoot\system32\drivers\wmiacpi.sys

0xA1A35000 \SystemRoot\system32\drivers\CompositeBus.sys

0xA1A42000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys

0xA1A4D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0xA1A5F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xA1A77000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xA1A82000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xA1AA4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xA1ABC000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xA1AD3000 \SystemRoot\system32\DRIVERS\rassstp.sys

0xA1AEA000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0xA1AF4000 \SystemRoot\system32\DRIVERS\psadd.sys

0xA1AFB000 \SystemRoot\system32\DRIVERS\Tvti2c.sys

0xA1B03000 \SystemRoot\system32\DRIVERS\teefer2.sys

0xA1B21000 \SystemRoot\system32\drivers\swenum.sys

0xA1B23000 \SystemRoot\system32\drivers\ks.sys

0xA1B57000 \SystemRoot\system32\drivers\umbus.sys

0xA1B65000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xA1BA9000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xA1BBA000 \SystemRoot\system32\drivers\nvhda32v.sys

0xA1BCD000 \SystemRoot\system32\drivers\portcls.sys

0xA183A000 \SystemRoot\system32\drivers\drmk.sys

0xA1853000 \SystemRoot\system32\drivers\CHDRT32.sys

0xA18CB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys

0xA200C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys

0xA210E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

0xA21C3000 \SystemRoot\system32\drivers\modem.sys

0xA21D0000 \SystemRoot\System32\Drivers\BTHUSB.sys

0xA1908000 \SystemRoot\System32\Drivers\bthport.sys

0xA21E2000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xA196C000 \SystemRoot\system32\DRIVERS\5U877.sys

0xA198B000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0xA1999000 \SystemRoot\System32\Drivers\crashdmp.sys

0x91A00000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0xA19A6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0xA19B7000 \SystemRoot\system32\DRIVERS\rfcomm.sys

0xA19DB000 \SystemRoot\system32\drivers\BthEnum.sys

0xA1800000 \SystemRoot\system32\DRIVERS\bthpan.sys

0xA181B000 \SystemRoot\system32\DRIVERS\bthmodem.sys

0xA3320000 \SystemRoot\System32\win32k.sys

0xA2000000 \SystemRoot\System32\drivers\Dxapi.sys

0xA3627000 \SystemRoot\system32\drivers\btwavdt.sys

0xA369A000 \SystemRoot\system32\DRIVERS\hidbth.sys

0xA36B5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xA36C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xA36CF000 \SystemRoot\system32\drivers\btwaudio.sys

0xA3750000 \SystemRoot\system32\DRIVERS\btwl2cap.sys

0xA375B000 \SystemRoot\system32\DRIVERS\btwrchid.sys

0xA3580000 \SystemRoot\System32\TSDDD.dll

0xA35B0000 \SystemRoot\System32\cdd.dll

0xA3200000 \SystemRoot\System32\ATMFD.DLL

0xA3780000 \SystemRoot\system32\drivers\luafv.sys

0xA379B000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

0xA379D000 \SystemRoot\system32\drivers\WudfPf.sys

0xA37B7000 \SystemRoot\system32\DRIVERS\WinUSB.sys

0xA37C0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xA37E1000 \SystemRoot\system32\DRIVERS\lltdio.sys

0xAC220000 \SystemRoot\system32\DRIVERS\nwifi.sys

0xAC266000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xAC276000 \SystemRoot\system32\DRIVERS\rspndr.sys

0xAC289000 \SystemRoot\system32\DRIVERS\TurboB.sys

0xAC290000 \SystemRoot\system32\drivers\HTTP.sys

0xAC315000 \SystemRoot\system32\DRIVERS\bowser.sys

0xAC32E000 \SystemRoot\System32\drivers\mpsdrv.sys

0xAC340000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xAC363000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xAC39E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xAC3D1000 \??\C:\Windows\system32\drivers\WpsHelper.sys

0xAC200000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0xAC209000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xB3631000 \SystemRoot\system32\drivers\peauth.sys

0xB36C8000 \SystemRoot\system32\drivers\regi.sys

0xB36CA000 \SystemRoot\System32\Drivers\secdrv.SYS

0xB36D4000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xB36F5000 \SystemRoot\System32\drivers\tcpipreg.sys

0xB3702000 \SystemRoot\system32\DRIVERS\XAudio32.sys

0xB370A000 \SystemRoot\System32\DRIVERS\srv2.sys

0xB375A000 \SystemRoot\System32\DRIVERS\srv.sys

0xB37AC000 \SystemRoot\System32\Drivers\SYMREDRV.SYS

0x9204A000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVEX15.SYS

0xB37E4000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVENG.SYS

0xC95D2000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xC95DB000 \??\c:\program files\pc-doctor\pcdsrvc.pkms

0xC95EA000 \SystemRoot\system32\DRIVERS\monitor.sys

0x77000000 \Windows\System32\ntdll.dll

0x48330000 \Windows\System32\smss.exe

0x77240000 \Windows\System32\apisetschema.dll

0x00300000 \Windows\System32\autochk.exe

0x763B0000 \Windows\System32\shell32.dll

0x76250000 \Windows\System32\ole32.dll

0x771A0000 \Windows\System32\clbcatq.dll

0x761D0000 \Windows\System32\comdlg32.dll

0x76140000 \Windows\System32\oleaut32.dll

0x77180000 \Windows\System32\sechost.dll

0x760F0000 \Windows\System32\gdi32.dll

0x75EF0000 \Windows\System32\iertutil.dll

0x75E90000 \Windows\System32\difxapi.dll

0x75E40000 \Windows\System32\Wldap32.dll

0x77170000 \Windows\System32\lpk.dll

0x75D90000 \Windows\System32\rpcrt4.dll

0x75CB0000 \Windows\System32\kernel32.dll

0x75C10000 \Windows\System32\advapi32.dll

0x75B40000 \Windows\System32\user32.dll

0x759A0000 \Windows\System32\setupapi.dll

0x77160000 \Windows\System32\psapi.dll

0x75960000 \Windows\System32\ws2_32.dll

0x77150000 \Windows\System32\nsi.dll

0x75940000 \Windows\System32\imm32.dll

0x758E0000 \Windows\System32\shlwapi.dll

0x757A0000 \Windows\System32\urlmon.dll

0x756A0000 \Windows\System32\wininet.dll

0x75670000 \Windows\System32\imagehlp.dll

0x77140000 \Windows\System32\normaliz.dll

0x755A0000 \Windows\System32\msctf.dll

0x754F0000 \Windows\System32\msvcrt.dll

0x75450000 \Windows\System32\usp10.dll

0x75430000 \Windows\System32\devobj.dll

0x753E0000 \Windows\System32\KernelBase.dll

0x753B0000 \Windows\System32\cfgmgr32.dll

0x75380000 \Windows\System32\wintrust.dll

0x752F0000 \Windows\System32\comctl32.dll

Processes (total 130):

0 System Idle Process

4 System

380 C:\Windows\System32\smss.exe

528 csrss.exe

604 csrss.exe

612 C:\Windows\System32\wininit.exe

664 C:\Windows\System32\services.exe

700 C:\Windows\System32\winlogon.exe

728 C:\Windows\System32\lsass.exe

740 C:\Windows\System32\lsm.exe

828 C:\Windows\System32\svchost.exe

896 C:\Windows\System32\ibmpmsvc.exe

936 C:\Windows\System32\nvvsvc.exe

976 C:\Windows\System32\svchost.exe

1060 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

1180 C:\Windows\System32\svchost.exe

1212 C:\Windows\System32\svchost.exe

1240 C:\Windows\System32\svchost.exe

1392 C:\Windows\System32\svchost.exe

1456 C:\Windows\System32\nvvsvc.exe

1540 WUDFHost.exe

1600 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

1700 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

1744 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

1840 C:\Windows\System32\spoolsv.exe

1712 C:\Windows\System32\svchost.exe

2100 C:\Windows\System32\svchost.exe

2144 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

2192 C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

2212 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

2300 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2548 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

2584 C:\Program Files\Bonjour\mDNSResponder.exe

2620 C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

2660 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

2688 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

2724 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

2788 C:\Windows\System32\svchost.exe

2832 C:\Program Files\Lenovo\HOTKEY\cammute.exe

2872 C:\Program Files\Lenovo\HOTKEY\micmute.exe

2936 C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

2992 C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe

3036 C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

3080 MATLAB.exe

3232 C:\Windows\System32\taskhost.exe

3348 C:\Windows\System32\dwm.exe

3412 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

3520 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

3824 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

3888 C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

3976 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

4000 C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

4036 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

4076 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

2024 C:\Windows\System32\svchost.exe

2388 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

3656 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

344 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

3536 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

1852 C:\Program Files\Lenovo\Access Connections\AcSvc.exe

1580 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

1860 unsecapp.exe

4108 WmiPrvSE.exe

4368 C:\Windows\System32\svchost.exe

4736 C:\Windows\System32\svchost.exe

5004 C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe

5024 WmiPrvSE.exe

5340 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

5364 C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe

5388 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

5408 C:\Windows\System32\TpShocks.exe

5536 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

5612 C:\Windows\System32\rundll32.exe

5620 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

5712 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

5788 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

5800 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

5936 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

6008 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

6084 C:\Program Files\Lenovo\ZOOM\TpScrex.exe

4200 C:\Program Files\Lenovo\Client Security Solution\password_manager.exe

4788 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

4568 C:\Windows\System32\SearchIndexer.exe

1352 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

1592 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

5236 C:\Windows\System32\svchost.exe

5512 C:\Program Files\iTunes\iTunesHelper.exe

3836 C:\Program Files\Memeo\Memeo Send\MemeoSend.exe

972 C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe

5204 C:\Program Files\Common Files\Java\Java Update\jusched.exe

4800 C:\Program Files\Memeo\AutoBackup\InstantBackup.exe

4124 C:\Program Files\iPod\bin\iPodService.exe

2032 C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

4668 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

4700 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

3216 C:\Program Files\Digital Line Detect\DLG.exe

4020 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

6148 C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

6524 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

6740 C:\Program Files\Common Files\Teleca Shared\Generic.exe

6868 C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE

6936 C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe

7076 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

7184 C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

7336 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

7952 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

8028 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

4188 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

8128 C:\Windows\System32\svchost.exe

7444 C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe

5696 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

2260 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

3804 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

5360 C:\Program Files\Lenovo\System Update\SUService.exe

3736 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

4852 C:\Program Files\Windows Media Player\wmpnetwk.exe

7140 C:\Windows\System32\svchost.exe

3764 C:\Windows\System32\taskhost.exe

4056 C:\Program Files\Real\RealPlayer\Update\realsched.exe

8748 C:\Windows\explorer.exe

3360 C:\Windows\System32\wlanext.exe

9816 C:\Windows\System32\conhost.exe

3120 C:\Windows\System32\svchost.exe

4904 C:\Windows\System32\audiodg.exe

4420 C:\Windows\System32\SearchProtocolHost.exe

1680 C:\Windows\System32\SearchFilterHost.exe

8548 C:\Users\Saurabh\Desktop\MBRCheck.exe

8316 C:\Windows\System32\conhost.exe

10192 C:\Windows\System32\dllhost.exe

8428 taskhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)

\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 64C8A6D0A0A7C08A8B7754F84FA77F4F4CF079F1

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

Link to post
Share on other sites

MrC,

The Results file from Listparts is attached. What do you think is the problem that is going on with regards to the malware/ virus?

Thanks,

SP

ListParts by Farbar

Ran by Saurabh on 21-02-2012 at 00:17:12

Windows 7 (X86)

Running From: C:\Users\Saurabh\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%

Total physical RAM: 3059.69 MB

Available physical RAM: 2025.55 MB

Total Pagefile: 6117.66 MB

Available Pagefile: 4236.65 MB

Total Virtual: 2047.88 MB

Available Virtual: 1960.38 MB

======================= Partitions =========================

1 Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:149.78 GB) NTFS ==>[system with boot

components (obtained from reading drive)]

3 Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.35 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1200 MB 1024 KB

Partition 2 Primary 454 GB 1201 MB

Partition 3 Primary 9 GB 455 GB

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 SYSTEM_DRV NTFS Partition 1200 MB Healthy System (partition with

boot components)

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Windows7_OS NTFS Partition 454 GB Healthy Boot

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 Q Lenovo_Reco NTFS Partition 9 GB Healthy

****** End Of Log ******

Link to post
Share on other sites

What do you think is the problem that is going on with regards to the malware/ virus?

This is a concern:

Disk trace:

called modules: >>UNKNOWN [0x8323E000]<< >>UNKNOWN [0x8BA00000]<< >>UNKNOWN [0x8BBDD000]<< >>UNKNOWN [0x8B62D000]<< >>UNKNOWN [0x83207000]<< >>UNKNOWN [0x8B82C000]<<

_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Harddisk0\DR0[0x88258AA0]

\Driver\Disk[0x88257C98] -> IRP_MJ_CREATE -> 0x8BA0439F

3 [0x8BA0459E] -> ntkrnlpa!IofCallDriver[0x8327552A] -> [0x866E8B90]

\Driver\ACPI[0x85950E58] -> IRP_MJ_CREATE -> 0x8B6364CC

5 [0x8B6363D4] -> ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Ide\IAAStorageDevice-1[0x866D4028]

\Driver\iaStor[0x8592FF38] -> IRP_MJ_CREATE -> 0x8B852B26

kernel: MBR read successfully

_asm { JMP 0x10; }

user & kernel MBR OK

copy of MBR has been found in sector 9 !

Warning: possible TDL3 rootkit infection !

Lets do this:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Hi MrC,

I am attaching the ComboFix log below. I am still observing the same issue with Chrome (it does not go to www.google.com and the tab says "Welcome to mydomainadvisor.com" etc).

A couple of days back (before I ran Combofix), the computer had restarted suddenly... I am also attaching one of the error messages that it showed...

thanks,

SP

COMBOFIX LOG

ComboFix 12-02-23.01 - Saurabh 02/24/2012 16:22:44.1.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3060.1972 [GMT -5:00]

Running from: c:\users\Saurabh\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\SET61CD.tmp

c:\windows\system32\SETAC30.tmp

Q:\AUTORUN.INF

.

.

((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))

.

.

2012-02-24 21:38 . 2012-02-24 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-24 21:38 . 2012-02-24 21:38 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-02-17 23:44 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD41C75B-7AE7-476D-AD88-B459A7C60F33}\mpengine.dll

2012-02-16 08:06 . 2012-02-16 08:06 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-02-16 06:24 . 2012-02-16 06:24 388096 ----a-r- c:\users\Saurabh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-16 06:24 . 2012-02-16 06:24 -------- d-----w- c:\program files\Trend Micro

2012-02-16 05:56 . 2012-02-17 06:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-02-16 05:56 . 2012-02-16 05:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-02-16 05:46 . 2012-02-16 05:46 -------- d-----w- c:\users\Saurabh\AppData\Roaming\Malwarebytes

2012-02-16 05:46 . 2012-02-16 05:46 -------- d-----w- c:\programdata\Malwarebytes

2012-02-16 05:46 . 2012-02-16 05:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-16 05:46 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-16 03:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 03:28 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 03:27 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-01 17:09 . 2012-02-01 17:09 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2012-02-01 17:09 . 2012-02-01 17:09 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll

2012-02-01 17:09 . 2012-02-01 17:09 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-02-01 17:09 . 2012-02-01 17:09 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe

2012-02-01 17:09 . 2012-02-01 17:09 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2012-02-01 17:09 . 2012-02-01 17:09 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe

2012-02-01 17:09 . 2012-02-01 17:09 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-02-01 17:09 . 2012-02-01 17:09 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-02-01 17:09 . 2012-02-01 17:09 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-02-01 17:09 . 2012-02-01 17:09 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-02-01 15:04 . 2012-02-01 15:04 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll

2012-02-01 15:03 . 2012-02-01 15:03 -------- d-----w- c:\program files\Common Files\xing shared

2012-02-01 15:02 . 2012-02-01 15:02 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll

2012-02-01 15:02 . 2012-02-01 15:02 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll

2012-01-31 20:06 . 2012-01-31 20:17 -------- d-----w- c:\program files\One-Click Export

2012-01-25 23:32 . 2012-01-25 23:32 -------- d-----w- c:\users\Saurabh\AppData\Local\Intuit_Inc

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 05:21 . 2010-03-09 22:06 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-25 15:16 . 2012-01-25 15:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-12-12 20:10 . 2011-12-12 20:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-02-01 17:09 . 2012-02-01 17:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]

"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]

"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-11-17 69568]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-08-17 55048]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]

"nwiz"="nwiz.exe" [2009-12-03 1657448]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-03 13838952]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-12-10 865640]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-12-16 115560]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]

"Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]

"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-01 296056]

.

c:\users\Saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 795936]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-20 50688]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-12-6 5904216]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2009-08-17 22:27 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MIXER8"=WnvMxr.dll

"WAVE8"=WnvWav32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]

R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]

R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-07 21520]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2009-12-10 24304]

S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2012-01-25 56208]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]

S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-01-25 71440]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-01-25 164112]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2009-12-10 132456]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]

S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-01-25 931640]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]

S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-11-16 62904]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-10-27 126080]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-01 214696]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-11 66664]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1143727864-1791916152-3031067532-1003Core.job

- c:\users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 22:08]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1143727864-1791916152-3031067532-1003UA.job

- c:\users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 22:08]

.

2012-02-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

.

2012-02-24 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 128.220.1.75 162.129.253.134

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll

FF - ProfilePath - c:\users\Saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\0653317f.default\

FF - prefs.js: browser.startup.homepage - about:home

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-Symantec Antvirus

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]

"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0]

"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(732)

c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

.

- - - - - - - > 'Explorer.exe'(5856)

c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\program files\Lenovo\Access Connections\ACDeskBand.dll

c:\program files\Lenovo\Access Connections\AcLocSettings.dll

c:\program files\Lenovo\Access Connections\AcSvcStub.dll

c:\program files\Lenovo\Access Connections\ACHelper.dll

c:\program files\ThinkPad\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe

c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Juniper Networks\Common Files\dsNcService.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Lenovo\Access Connections\AcSvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\taskhost.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\windows\system32\conhost.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe

c:\program files\ThinkPad\Bluetooth Software\btwdins.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\windows\system32\sppsvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-02-24 16:50:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-24 21:49

.

Pre-Run: 165,016,322,048 bytes free

Post-Run: 164,808,577,024 bytes free

.

- - End Of File - - 1E7669E54C408B84B7D9D9CD45BB4181

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

RESTART ERROR MESSAGE

PROBLEM:

NT Kernel _System has changed since the last time you used it. This could happen if you have updated it recently. Click Detail to see more information. Do you want to allow it to access the network?

Yes? No? Detail

Detailed information about NT Kernel _System and the connection it is trying to establish:

The executable has changed since the last time you used C:\Windows\system32\ntoskrnl.exe

File Version: 6.1.7601.17713

File Description: NT Kernel & System

File Path: C:\Windows\system32\ntoskrnl.exe

Digital Signature:

Process ID: 0x0 (Hexadecimal) 0 (Decimal)

Connection origin: remote initiated

Protocol: UDP

Local Address: 192.168.1.255

Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP)

Remote Name:

Remote Address: 192.168.1.6

Remote Port: 137

Ethernet packet details:

Ethernet II (Packet Length: 92)

Destination: ff-ff-ff-ff-ff-ff

Source: 00-13-02-3b-4a-7b

Type: IP (0x0800)

Internet Protocol

Version: 4

Header Length: 20 bytes

Flags:

.0.. = Don't fragment: Not set

..0. = More fragments: Not set

Fragment offset:0

Time to live: 128

Protocol: 0x11 (UDP - User Datagram Protocol)

Header checksum: 0xe36b (Correct)

Source: 192.168.1.6

Destination: 192.168.1.255

User Datagram Protocol

Source port: 21203200

Destination port: 35072

Length: 8

Checksum: 0xd638 (Correct)

Data (58 Bytes)

Binary dump of the packet:

0000: FF FF FF FF FF FF 00 13 : 02 3B 4A 7B 08 00 45 00 | .........;J{..E.

0010: 00 4E 4A 66 00 00 80 11 : 6B E3 C0 A8 01 06 C0 A8 | .NJf....k.......

0020: 01 FF 00 89 00 89 00 3A : 38 D6 D5 C4 01 10 00 01 | .......:8.......

0030: 00 00 00 00 00 00 20 46 : 45 46 44 45 44 45 4D 45 | ...... FEFDEDEME

0040: 4A 45 46 45 4F 46 45 43 : 41 43 41 43 41 43 41 43 | JEFEOFECACACACAC

0050: 41 43 41 43 41 41 41 00 : 00 20 00 01 | ACACAAA.. ..

THIS WAS THE PROBLEM SIGNATURE

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.256.48

Locale ID: 1033

Additional information about the problem:

BCCode: 9f

BCP1: 00000003

BCP2: 859F6760

BCP3: 83336AE0

BCP4: AE1CCBA8

OS Version: 6_1_7601

Service Pack: 1_0

Product: 256_1

Files that help describe the problem:

C:\Windows\Minidump\022312-54288-01.dmp

C:\Users\Saurabh\AppData\Local\Temp\WER-129090-0.sysdata.xml

Link to post
Share on other sites

Lets make sure you have the latest version of Chrome:

Open up Chrome > in the upper right corner click the wrench > scroll down to "About Google Chrome", if an update is available it will be installed.

The click on the wrench again and chose Tools Extensions, see if there's any suspicious items there.

Click on Clear Browser Data > clear it out.

The to the left go through Basics, Personal Stuff, etc. see if there's any thing suspicious.

-------------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

MrC,

I tried the changes you suggested with Chrome, and it seems like I can now go to Google.com from it. Do you think the virus/ malware has been taken care of?

I'm also attaching the log from OTL below. (Btw, after I started Symantec, it recognized Combofix as a Trojan and deleted/ quarantined it. Is this a problem, or should I let it go).

thanks,

SP

All processes killed

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 73974971 bytes

->Flash cache emptied: 2631 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Saurabh

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 696649697 bytes

->Java cache emptied: 467140 bytes

->FireFox cache emptied: 154111763 bytes

->Google Chrome cache emptied: 8362172 bytes

->Flash cache emptied: 239538 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 74165 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 891.00 mb

OTL by OldTimer - Version 3.2.33.2 log created on 02242012_210008

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\hsperfdata_SAURABHP$\3456 not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

(Btw, after I started Symantec, it recognized Combofix as a Trojan and deleted/ quarantined it. Is this a problem, or should I let it go).

No move it back to your desktop so we can properly uninstall it.

--------------------------------

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

---------------------------

Your Java is out of date, older versions are vulnerable to malware.

Go to your control panel > Java > Update Tab > Update Now.

BrowserJavaVersion: 1.6.0_29 <----should be 31

---------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

MrC,

I did the OTL and Java task.

I am unable to restore the Combofix file unfortunately. When I go to Symantec and go to the View Quanratine panel, there are two listings for it. When I ask it to restore the Combofix file (which it has labeled as a Trojan.ADH.2), it either does not do it or it briefly restores it and then wipes it out again.

Once I was able to restore it briefly by turning Symantec off, but when I tried to do the "Combofix /uninstall" command on run, it cannot find Combofix.

I also tried to re-run Combofix so that I can reinstall the program, and then uninstall it. Even though I had disabled Symantec, it still deleted the Combofix icon midway / towards the end of the process.

Please let me know if something can be done for this.

Also, I was wondering if there is a way to make this complete post thread private or delete it, in case there is any private information in the Logs?

Thank you so much again for your patient and knowledgeable help.

SP

Link to post
Share on other sites

Also, I was wondering if there is a way to make this complete post thread private or delete it, in case there is any private information in the Logs?

We can edit out any info that you want, it has to be done by a moderator....I suggest you contact by PM one if needed.

To clean up just do this:

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.